Modify Resource

Initiates a request to the Roles Based Provisioning Module (RBPM) for modifying a Resource specified in the Resource Name field. The credentials provided in the ID and first <arg-password> are used for placing the request to the Identity Applications server. It uses the Identity Manager REST APIs which internally uses the OAuth2 protocol for authentication. The OSP client ID (osp-clientid) should be specified for authentication. The client password should be specified by the second <arg-password>. You can specify the additional optional arguments to the Resource creation request through the named <arg-string>'s.

Fields

User Application URL

Specify the URL of the User Application server hosting the Roles Based Provisioning module. Supports variable expansion. For more information, see Variable Selector.

Resource Name

Description of the resource name.

Authorized User DN

Specify the name of the user authorized to request the resource assignment in LDAP format. Supports variable expansion. For more information, see Variable Selector.

Password

Specify the authorized user password. You can enter a clear text password (not recommended) or use the Argument Builder to specify a Named Password.

OSP Client ID

Specify the client ID to authenticate to OSP. Supports variable expansion.

Timeout Value

Specify the number of milliseconds you want Identity Manager to try to establish a connection to the User Application server before timing out. The default value is 0.

Strings

(Optional) Specify additional argument strings for the Resource creation request. You can enter the strings manually or select the Edit the Strings icon to open the Named String Builder and specify the strings. For more information about the Named String Builder, see Named String Builder.

Example

The Modify Resource action supports the following string arguments:

String Name

Description

Description

A description of the reason for the request used for auditing and approval purposes if necessary.

Default: Request generated by policy

Approval Required

Specifies whether an approval is required for this resource assignment

Default: False

Entitlement DN

DN of the entitlement in LDAP format.

Revoke Definition

Fully Qualified LDAP DN of the Request definition for resource approval.

Revoke request Definition

Fully Qualified LDAP DN of the Request definition for revoking the resource.

Category Key

The category in which the resource should be created. For example, system, default, or both.

Owner

The owner of the resource in LDAP format.

Multiple owners are allowed for a resource. Specify multiple owners in a semi colon(;) separated list.

Grant Approver

The approver of the resource assignment in LDAP format.

Multiple approvers are allowed. Specify multiple approvers in a semi colon(;) separated list to form a serial approval process.

Grant Quorum

Minimum percentage of approvals required for modifying a resource.

Revoke Approver

Approver who has the rights for revoking a resource in LDAP format.

Leave this field blank if this is the same approver who granted the resource.

Multiple approvers are allowed to revoke a resource. Specify multiple approvers in a semi colon(;) separated list, which forms a serial approval process.

Revoke Quorum

Minimum percentage of approval required for revoking a resource.