Hello group,

I have setup where users may have several sponsored accounts (beside an individual) on a service, in ISIM (ISVG IM 10.0.2 FP4), 

each sponsored account is of different ownership type.

I would like some of them (some of ownership types) to live along with the user - when user is suspended, to have these accounts suspended as well, and same for restore. For other ownership types I would like to have them behave as they do by default - to stay as is, ignoring suspend/restore action on their owner.

Is there some simple way to achieve this, some property to be modified to make it works this way?

I know I can extend user suspend/restore operations to achieve this, but I would like to know if that can be avoided.

Thanks,

Mita

Sorry - this has to be done using the workflows - and there is a challenge here that I have not thought about before.

Normally when I solve these kind of problems in ISVG/IVIG I do it by adding metadata on the relevant entity - e.g. if this is something that is specific to a service I add attributes to the service, it is something that is OU specific I add attributes on the OU folder (does not need to be the person erparent - I prefer a flat design - but you can implement an empty OU tree structure that is referenced by a person attribute..) 

This way the handling in the workflow will be data driven and needed changes can be performed by the operational team without ITIM Administrator access.

Now - the data item here would either be the policy or the ownershiptype - the problem is that you cannot extend the policy with custom attributes nor easily get the policy in question in the workflow - the ownershiptype is not an extensible item either....

So - you will need some hard coding or some other data to drive your use case....

I have long time advocated to extend the provisioning policies so that you could have the enforcement specified on the entitlement level - that would together with a more flexible workflow implementation of the enforcement make your problem solvable very simple - but I have not been able to convince our product management to look into this yet...

HTH   

Hello group,

I have setup where users may have several sponsored accounts (beside an individual) on a service, in ISIM (ISVG IM 10.0.2 FP4), 

each sponsored account is of different ownership type.

I would like some of them (some of ownership types) to live along with the user - when user is suspended, to have these accounts suspended as well, and same for restore. For other ownership types I would like to have them behave as they do by default - to stay as is, ignoring suspend/restore action on their owner.

Is there some simple way to achieve this, some property to be modified to make it works this way?

I know I can extend user suspend/restore operations to achieve this, but I would like to know if that can be avoided.

Thanks,

Mita

Hi Franz,

Thank you for your reply.

I believe I can do this by extending person suspend / person restore operational workflows (list person's accounts, filter these that I would like to alter, and kick some operation - suspend or restore on them), but I was thinking there may be some property, eg. in enRole.properties, (similar to Correct Enforcement Exemption Handling properties), where I may describe what accounts I would like to follow person status on operation.

I believe it has nothing to do with policies - i just want to trigger account status change on person status change, like it is already happening with individual accounts.

Thanks,

Mita

Sorry - this has to be done using the workflows - and there is a challenge here that I have not thought about before.

Normally when I solve these kind of problems in ISVG/IVIG I do it by adding metadata on the relevant entity - e.g. if this is something that is specific to a service I add attributes to the service, it is something that is OU specific I add attributes on the OU folder (does not need to be the person erparent - I prefer a flat design - but you can implement an empty OU tree structure that is referenced by a person attribute..) 

This way the handling in the workflow will be data driven and needed changes can be performed by the operational team without ITIM Administrator access.

Now - the data item here would either be the policy or the ownershiptype - the problem is that you cannot extend the policy with custom attributes nor easily get the policy in question in the workflow - the ownershiptype is not an extensible item either....

So - you will need some hard coding or some other data to drive your use case....

I have long time advocated to extend the provisioning policies so that you could have the enforcement specified on the entitlement level - that would together with a more flexible workflow implementation of the enforcement make your problem solvable very simple - but I have not been able to convince our product management to look into this yet...

HTH   

Hello group,

I have setup where users may have several sponsored accounts (beside an individual) on a service, in ISIM (ISVG IM 10.0.2 FP4), 

each sponsored account is of different ownership type.

I would like some of them (some of ownership types) to live along with the user - when user is suspended, to have these accounts suspended as well, and same for restore. For other ownership types I would like to have them behave as they do by default - to stay as is, ignoring suspend/restore action on their owner.

Is there some simple way to achieve this, some property to be modified to make it works this way?

I know I can extend user suspend/restore operations to achieve this, but I would like to know if that can be avoided.

Thanks,

Mita