Automatically created UNSAccountB or CSMUser do not inherit groups (4348417)

After upgrading Identity Manager from a lower version to 8.2 or higher, you may observe the property IsGroupAccount (whether an UNSAccountB and CSMUser can inherit groups) is no longer populated correctly by IT operating data or IT operating data mappings.

Therefore, automatically created UNSAccountB or CSMUser do not inherit groups or system entitlements via business or system roles.

With Identity Manager 8.2 the table UNSAccountB has four new attributes: IsGroupAccount_UNSGroupB, IsGroupAccount_UNSGroupB1, IsGroupAccount_UNSGroupB2, IsGroupAccount_UNSGroupB3 and table CSMUser was extended by:

IsGroupAccount_CSMGroup, IsGroupAccount_CSMGroup1, IsGroupAccount_CSMGroup2, IsGroupAccount_CSMGroup3.

Please note there is a functional change: IsGroupAccount_UNSGroupB@UNSAccountB takes over function of former column IsGroupAccount@UNSAccountB and IsGroupAccount@CSMUser takes over IsGroupAccount_CSMGroup@CSMUser. The values or the former columns were generated by an OR combination of the four new columns.

With that you need to (re)define your IT operating data mapping to no longer handle the former columns but IsGroupAccount_UNSGroupB and IsGroupAccount_CSMGroup.

There are two options available: upgrade or update to a newer version (e.g. 8.2 SP 1) or execute the following SQL script which will redefine the IT operating data mapping:

UNSGroupB

update TSBITData --IT operating data

       set UID_DialogColumnTarget = 'TSB-B871B45D47FC7D8C30747CACC4DC00FF'  --IsGroupAccount_UNSGroupB

       where UID_DialogColumnTarget = 'TSB-2AF4C12F1FEE421295E3D44D2E109A89'  --IsGroupAccount

update TSBITDataMapping --IT operating data mapping

       set UID_DialogColumn = 'TSB-B871B45D47FC7D8C30747CACC4DC00FF'    --IsGroupAccount_UNSGroupB

       where UID_DialogColumn = 'TSB-2AF4C12F1FEE421295E3D44D2E109A89'  --IsGroupAccount


CSMUser

update TSBITData --IT operating data

       set UID_DialogColumnTarget = 'CSM-BB96030147480C81E25984D4D0A71150'  --IsGroupAccount_CSMGroup@CSMUser

       where UID_DialogColumnTarget = 'CSM-54F48EF22A9A4D0EA3BDF9FD0B1C2C3C'  --IsGroupAccount@CSMUser

update TSBITDataMapping --IT operating data mapping

       set UID_DialogColumn = 'CSM-BB96030147480C81E25984D4D0A71150'  --IsGroupAccount_CSMGroup@CSMUser

       where UID_DialogColumn = 'CSM-54F48EF22A9A4D0EA3BDF9FD0B1C2C3C'  --IsGroupAccount@CSMUser