Configure Direct Permissions

The directPermissionObjectType configuration attribute contains list of various object types owned by the user. By default, the following direct permission object types are configured (you can change this list, as required):

• *LIB

• *MSGQ

• *FILE

• *PGM

• *CMD

• *MENU

• *AUTL

• *JOBQ

Important
Enabling direct permissions increases the aggregation time. You must correctly select and configure the direct permission object types.

The supported objects can be added or removed using REST API. For example, if the list has only the following object types, then these objects are aggregated as direct permission object types:

• *LIB

• *MSGQ

By default, the aggregation of direct permissions is not enabled.

Perform the following steps to enable direct permissions and their aggregation, for the account or the group schema of your IBM i connector:

Note
For more information on IdentityNow APIs, refer to Best Practices: IdentityNow REST API Authentication and IdentityNow REST API - Update Source (Partial) in the SailPoint Developer Community.

1. Use the listSources API to get the source ID.

2. Use the listSchemas API to get schema ID for the account or group schema for which you want to enable direct permissions.

3. Use the updateSchema API and enter the following content in body, with the sourceID and the schemaID in the header.

   {
   "op": "replace",
   "path": "/includePermissions",
   "value": true
   }