Propagating Role Changes
The Propagate Role Changes task manages updates to identities' entitlements when changes occur in the role model. Specifically, this task is necessary to manage removal of entitlements which are removed from role definitions, although it will propagate additions to role definitions as well.
Follow these steps to configure and use this task:
-
Click gear > Global Settings > IdentityIQ Configuration and click the Roles tab. Select Allow propagation of role changes. This turns on the creation of RoleChangeEvents, which record changes to the composition of any role. Be sure to save your changes.
-
Navigate to Setup > Tasks and choose New Task > Propagate Role Changes. This task can be configured to run policy checking as it updates identities' role and entitlement data to match the role changes. It can also be configured to run for limited time durations; when a number of minutes is specified, it will not start processing a new event when that number of minutes is reached, but it will process the current event to completion before terminating, even if that extends past the time limit.
-
Schedule the task to run on a regular basis, as appropriate for the installation's role model change volumes and role management preferences. Role changes are captured and propagated for the role on which the change occurred and for any role which inherits from or requires the changed role.