Hello All

I am in a bit of a bind. I am trying to come up with the best solution
for an issue I have been assigned to resolve. Please bear in mind
that I have inherited an IDM 2.0.1 environment and my IDM experience is
only about 1 yr with said system.

The issue is I have to make users a member of a group based on 3
attribute values. Any of the attributes have to be true (ORs)

isManager = TRUE
IDMOnlyHRCode = 1245
IDMOnlyStaffReports = TRUE

I Have a Group in GROUPS OU in the Identity Vault called;


The Filter for this loopback is

USERS (Publisher Ignore...Subscriber Sync)
isManager -> (Publisher Ignore...Subscriber Sync)
IDMOnlyHRCode -> (Publisher Ignore...Subscriber Sync)
IDMOnlyStaffReports -> (Publisher Ignore...Subscriber Sync)
Group Membership -> (Publisher Ignore...Subscriber Sync)
Security Equals -> (Publisher Ignore...Subscriber Sync)

In Event Transformation in Subscriber I have a Policy called;

"ADD to Staff Managers"

There are 3 Policies, they are identical except for the the attribute
criteria above (isManager one below);

<?xml version="1.0" encoding="UTF-8"?><policy>
<description>Join StaffManagers if isManager is TRUE</description>
<if-src-attr name="isManager" op="equal">TRUE</if-src-attr>
<do-set-dest-attr-value name="Group Membership">
<arg-value type="string">
<do-clone-op-attr dest-name="Security Equals" src-name="Group

BUT Nothing happens...The DS Traces do not indicate anything is wrong.
No warnings or errors. The group is not populated and the User who fits
the criteria does not get membership or security equivalent. I have
only the isManager Policy active right now to try to narrow down what is

I would appreciate any suggestions or corrections of my approach etc.


BTW, I have been asked a couple of times by people in these forums why
do I have the "IDMDude" moniker for my forum handles...it's what my boss
named me when he assigned me to work on IDM for the organization. Hope
to be able to change it to "OfficialIDMDude" when I get more experienced
at this...Like the Father LOL!