The entitlements format has changed for Identity Manager 4.0 and later. Pre-Identity Manager 4.0 the entitlement format is single valued. For Identity Manager 4.0 and later, the entitlement value is multivalued.
The following information explains when each type of entitlement format is supported:
Pre-Identity Manager 4.0 Environment: There are two different formats in the pre-Identity Manager 4.0 environments:
Not Using Role Mapping Administrator (pre-Identity Manager 3.6.1): These version of Identity Manager only support the legacy entitlement format. All granting agents assume the entitlement contains a single value. For a list of element agents, see Why Use Entitlements?.
Using Role Mapping Administrator: Driver supporting the Role Mapping Administrator can define a legacy format for structured parameters in the format of: <param>param1=value1|param2=value2|paramN=valueN</param>
The granting agents are instructed to use the structured format by the EntitlementConfiguration Resource object. The SAP User Management Fan-Out driver is the only driver that supported this format prior to Identity Manager 4.0.
Identity Manager 4.0 and later Environment: There are two different options that support the formats in Identity Manager 4.0 and later:
Using Role-Based Entitlements: Only the legacy format is supported with the Role-Based entitlements (RBE). All entitlements that are granted through RBE must set to legacy. Some reports are not available when using the legacy format. Reports joining and the granted entitlements against the actual state in the managed system do not work using the legacy format.
Not Using Role-Based Entitlements: The legacy and Identity Manager 4.0 and later formats are supported. Full reporting capabilities are available when the Identity Manager 4.0 and later format is used.
Mixed Pre-Identity Manager 4.0 and Identity Manager 4.0 and later Environments: If you have a mixed environment while you are doing migrations, the legacy format is the only supported entitlement format. All entitlements which are granted through RBE or pre-Identity Manager 4.0 agents, must be set to legacy. Some reports are not available when using the legacy format. Reports joining and the granted entitlements against the actual state in the managed system do not work using the legacy format.