• State Not Answered
  • Replies 22 replies
  • Subscribers 66 subscribers
  • Views 545 views
  • Users 0 members are here
Options
Related

Workflow vs Deprovisioning Policy

allison.lethy
8 days ago

Hi there...

I am trying to determine the order of operations between a deprovisioning policy and a a workflow with deprovisioning activities.

Here is what I need to do.  I need to set the Home Drive and Home Path so that the Home Folder deprov policy assigns the manager access to the home folder.

If I manually add the home drive and path in the user record first, then deprov user - the manager gets access.  But if I try to set it via either calling (1) a PreDeprovision script in the policy object or (2) add the two attributes with values to 'Properties to be Updated'.... then the manager is not getting access to the home folder.  The results pane says the user doesn't have a home folder.

I can't use a workflow... because it looks like these don't kickoff until AFTER a deprov policy object.

Any help would be appreciated!

Thanks

Parents
  • 0 8 days ago

    Hello,

    This is configurable:

    Solution Title: Resolving a race condition between an Active Roles Policy and an Active Roles Approval Workflow
    Solution Number: 4338998
    Solution URL: https://support.oneidentity.com/kb/4338998 

    Setting the edsvaPrecedeWorkflowActivities boolean on the Workflow will change it so it runs first.

  • 0 8 days ago in reply to Terrance.Crombie

    I shouldn't need to use a workflow at all.  The Deprovisioning Policy Object offers the ability to set the values of attributes or call a script in the policy object to do so.
    Either way, I can get the home drive and home folder path set for the user object, but when it gets to the Home Folder policy rule (that is configured to give the manager read access)... the error states "User doesn't have a home folder".

    It's almost as when the policy sets the drive/path, it needs to be saved/applied before it process the Home Folder policy rule.  UGH!

Reply
  • 0 8 days ago in reply to Terrance.Crombie

    I shouldn't need to use a workflow at all.  The Deprovisioning Policy Object offers the ability to set the values of attributes or call a script in the policy object to do so.
    Either way, I can get the home drive and home folder path set for the user object, but when it gets to the Home Folder policy rule (that is configured to give the manager read access)... the error states "User doesn't have a home folder".

    It's almost as when the policy sets the drive/path, it needs to be saved/applied before it process the Home Folder policy rule.  UGH!

Children
No Data