[英]Cannot delete ITIM accounts
I am trying to delete the ITIM A/C created for a user, however it doesn't let me delete it, an error is displayed "following accounts cannot be deleted since they are governed by automatic provisioning policy".我正在尝试删除为用户创建的 ITIM A/C,但它不允许我删除它,显示错误“以下帐户无法删除,因为它们受自动配置策略管理”。
Please let me know what is the reason for it and how to correct it.请让我知道它的原因是什么以及如何纠正它。
The reason is that there is a Provisioning Policy defined in your environment with the following parameters :原因是您的环境中定义了具有以下参数的配置策略:
What the above mean is that there is a provisioning policy that says "All the users that have this role MUST have an ITIM account".上面的意思是有一个供应策略,它说“具有此角色的所有用户都必须拥有一个 ITIM 帐户”。 This is why you cannot manually delete the ITIM Account for that person.这就是您无法手动删除该人的 ITIM 帐户的原因。
It's not about correcting , but rather on figuring out what you want to achieve there.这不是要纠正,而是要弄清楚你想在那里实现什么。 You have several options but first you need to take a step back and understand the reason instead of just attempting to fix the symptom.您有多种选择,但首先您需要退后一步并了解原因,而不仅仅是尝试解决症状。 Why should this user not have an ITIM Account ?为什么这个用户不应该有 ITIM 帐户?
IF there is a role that gives him this account you need to figure out which role is that and remove the role from the person.如果有一个角色为他提供了此帐户,则您需要确定该角色是哪个角色并从该人中删除该角色。 Then, the Provisioning Policy enforcement will remove the ITIM Account ( oversimplifying here assuming there are no other PPs that apply to the person and have an ITIM Account as entitlement)然后,供应策略实施将删除 ITIM 帐户(假设没有其他适用于该人的 PP 并且拥有 ITIM 帐户作为权利,这里过于简单化)
If , on the other hand, the provisioning policy applies to everyone and you found out now that some of them should not have an account or that you should be able to remove accounts from them, you either need to make the provision option manual (this means everyone CAN have an account but they will need to request it or get it provisioned by someone/some process) or change the membership of the policy to a more exclusive role that contains only the persons who should have an ITIM Account.另一方面,如果供应策略适用于所有人,而您现在发现他们中的一些人不应该拥有帐户,或者您应该能够从中删除帐户,则您要么需要手动设置供应选项(这意味着每个人都可以拥有一个帐户,但他们需要请求它或由某人/某个进程提供它)或将策略的成员资格更改为仅包含应拥有 ITIM 帐户的人的更专有的角色。
EDIT编辑
You would need to go a little bit back and try to understand the notions of Provisioning Policies in the context of ITIM and RBAC in general.您需要回过头来尝试理解一般 ITIM 和 RBAC 上下文中的供应策略的概念。 This is not the place to analyze the topic :) However, shortly and for the question at hand这不是分析这个话题的地方:)但是,很快就手头的问题
Reason of not deleting account is automatic provisioning policy which is not allowing to delete itim account.不删除帐户的原因是自动配置策略不允许删除 itim 帐户。 Make the provisioning policy from automatic to manual then only it will allow deletion of accounts.将供应策略从自动设置为手动,然后才允许删除帐户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.