I'm using the new roles prov module 3.7. I have setup a Role which has
a Resource associated with it (This resource has an entitlement
associated with it).

So if I add a role to a user, the user gets the entitlement. So far so
good.

If I remove the role, the entitlement is removed. Still so far so
good.

Now if I add the role back to the user, the user has the entitlement.
But if I now go into the role definition, and remove the resource from
it, the role should not provision the entitlement to users.

So my question is, shouldn't the roles driver automatically remove the
entitlement from any previous users that inherited the entitlement from
the role we just updated ? And if not, how to we get the system to
reconcile this ?

Thanks.


--
feltham
------------------------------------------------------------------------
feltham's Profile: http://forums.novell.com/member.php?userid=38697
View this thread: http://forums.novell.com/showthread.php?t=389751