I suppose that it gives you the flexibility to create different roles in different OUs which grant same rights and it is not needed to set different names.
It is possible due to unique object ids are used (erglobalid) to set the ISIM object relations, ie: users & roles, roles & provisioning policies, .... and so on. It is a good approach, for instance, when an object rename operations has to be done (it is really easy without reviewing the whole data model)
The easier way to avoid this behaviour is to define errolename attribute like unique in the LDAP definition/schema, although there isn't doubt you are manipulating the ISIM infrastructure in a no supported way. On your own risk.
------------------------------
Felipe Risalde Serrano
Security Expert
Banco de España
------------------------------
Original Message:
Sent: Wed January 19, 2022 05:06 AM
From: Carsten Jensen
Subject: Role names not unique
Hi
It is possible to create roles with duplicate names. I guess it is meant to be that way. What is the explanation?
Is i possible to prevent duplicate role names?
We're using ISIM 6.0.0.21.
BR Carsten
------------------------------
Carsten Jensen
ATP
+4530595704
------------------------------