IBM Security Verify

 View Only
  • 1.  Role names not unique

    Posted Wed January 19, 2022 05:06 AM
    Hi
    It is possible to create roles with duplicate names. I guess it is meant to be that way. What is the explanation?
    Is i possible to prevent duplicate role names?
    We're using ISIM 6.0.0.21.
    BR Carsten

    ------------------------------
    Carsten Jensen
    ATP
    +4530595704
    ------------------------------


  • 2.  RE: Role names not unique

    Posted Sat January 22, 2022 04:09 AM

    I suppose that it gives you the flexibility to create different roles in different OUs which grant same rights and it is not needed to set different names.

    It is possible due to unique object ids are used (erglobalid) to set the ISIM object relations, ie: users & roles, roles & provisioning policies, .... and so on. It is a good approach, for instance, when an object rename operations has to be done (it is really easy without reviewing the whole data model)

    The easier way to avoid this behaviour is to define errolename attribute like unique in the LDAP definition/schema, although there isn't doubt you are manipulating the ISIM infrastructure in a no supported way. On your own risk.



    ------------------------------
    Felipe Risalde Serrano
    Security Expert
    Banco de España
    ------------------------------