[midPoint] report "unassigned" entitlements
Markus Calmius
markus.calmius at proton.ch
Thu Jan 4 14:32:01 CET 2024
Hi,
is there a way to "highlight" or report when an account has i.e. a group-membership that is not assigned by midPoint.
So, what if an admin adds a user to a group directly in LDAP, what is the best way to find these, from midPoints point of view, "unassigned" entitlements?
I guess to somehow compare the associations with the assigned roles
I know I can set the <tolerant>-tag to false, and any out-of-midPoint/unassigned entitlements a user has would be removed the next import/reconciliation.
Before doing that, I'd like midPoint to do scheduled reports for a specific resource to see if there are any admins doing things they shouldn't.
TiA
Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240104/96ad2336/attachment.htm>
More information about the midPoint
mailing list