Scoping & Role Issue

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

8.4P1

Please share any images or screenshots, if relevant.

Attached

Share all details about your problem, including any error messages you may have received.

Team,

We are facing sign-in pop-up issue, The pop-up occurs when the child role and parent role are in different scopes. In such a case, when user tries to assign parent’s permitted role by selecting child role it throws “Unauthorized exception”. The problem here is that the user is in the child scope, so he is allowed only to access roles in the child scope. Now, due to inheritance the parent’s permitted role is seen by the child as well. The user can see the permitted role but is not allowed to access due to the scope.

Note: If we keep the child and parent in the same scope this issue will not occur but based on my requirement we cant make both (Parent and Child) in the same scope.

Anybody have any suggestions to fix the issue?

2

@harishabn Can u check if admins also having same issues ? i mean assign yourself to sysadmin then see.

3

No, admins(people who does have system admin access) were able submit the request.

4

try to add “OrganizationRoleAdministrator” to auditor as “InheritedCapabilities” and assign auditor to user. see if that works.

<InheritedCapabilities>

    <Reference class="sailpoint.object.Capability" name="OrganizationRoleAdministrator"/>

  </InheritedCapabilities>
5

Thanks for the reply!

We cant make any changes on Auditor capability.

Do we have any other ways to achieve this?