This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Populate dropdown menus using an ARS policy

Hi,

I'm looking for a way to update an ARS policy via a schedule. 

At the moment we populate dropdown menus in IAM Websites using onGetEffectivePolicy but it slows down accessing a user object (13 seconds to open). Adding the values to an ARS policy works perfectly (2-3 seconds to open) but these values need to be updated daily.

I found the following sample code but I think it is for an older version of ARS as it doesnt work. We are currently on 7.2.1.

https://www.quest.com/community/one-identity/active-roles/product-knowledge/w/wiki/47/powershell-update-property-generation-and-validation-policy-with-a-new-possible-value-list

Any ideas appreciated.

Justin

Parents
  • How is your current onGetEffectivePolicy function getting the values to place in the drop-down list? Are they statically set within the function or a Library Script or is it reading them from a source location (test file/database) and then setting them in the interface? Since they are updated daily, wasn't sure if you were editing the static values in the Active Roles script or updating an external source with the new values that the onGetEffectivePolicy function reads from.

    I too was having issues with the script that is posted on the link you provided, especially with the line that is initial setting the $rule variable and all the nested pipes. I have modified it a little to make it functional. I broke out some of the nested pipes into separate lines. I guess starting at line 10 is where you can update/replace the values for the drop-down list using a scheduled script that reads the values from an external source or update the static list manually.

Reply
  • How is your current onGetEffectivePolicy function getting the values to place in the drop-down list? Are they statically set within the function or a Library Script or is it reading them from a source location (test file/database) and then setting them in the interface? Since they are updated daily, wasn't sure if you were editing the static values in the Active Roles script or updating an external source with the new values that the onGetEffectivePolicy function reads from.

    I too was having issues with the script that is posted on the link you provided, especially with the line that is initial setting the $rule variable and all the nested pipes. I have modified it a little to make it functional. I broke out some of the nested pipes into separate lines. I guess starting at line 10 is where you can update/replace the values for the drop-down list using a scheduled script that reads the values from an external source or update the static list manually.

Children
  • ##----- get the policy object from ARS -----
    $obj = [ADSI]'EDMS://CN=ADSITest,CN=DevOps,CN=Administration,CN=Policies,CN=Configuration'
    ##----- Set this variable to the specific policy name within the Policy Object
    $PVGName = "Validates the 'Description' property values for 'User' objects"
    ##----- Type 35 is PVG policy and rule name = 2 is the setting for the drop-down list
    $PVGPolicy = $obj._NewEnum | where {$_.Type -eq 35 -and $_.Name -eq $PVGName}
    $PVGSetting = $PVGpolicy | where {$_.name -eq 2}
    ##----- convert the string to XML -----
    $xml = [xml]$PVGsetting.Value
    ##----- get possible values from the XML -----
    $values = $xml.PVGRules.PVRuleItem.value | %{$_.'#text'}
    ##----- add a new possible value and sort -----
    $values = $values + 'zzz' | sort
    ##----- update the XML with the new possible values -----
    $xml.PVGRules.PVRuleItem.InnerXML = $values | %{ '<value linkID="or" displayName="">' + $_ + '</value>' }
    ##----- get string with the new rule -----
    $rule = $xml.OuterXml
    ##----- update the PVG rule -----
    $PVGSetting.Value = $rule
    ##----- apply changes to ARS ------
    $obj.CommitChanges()
  • Richard,

    Thanks for that. The $rule part was where I struggling. I was kind of on the same track as what you implemented but wasn't seeing any daylight Slight smile

    Your script has given me some ideas to try. 

    btw the update for the various fields is done by reading from txt files on a unc share. 

    Justin