In the Designer front end tool, when attempting to change the password policy assigned to a column (e.g.Person.DIalogUserPassword) from default, for example “One Identity Manager password policy” to another password policy for example “Employee central password policy", the following error is shown:
The Designer front end tool displays the error, “You are not allowed to remove default objects or assignments.”, because there was an attempt to remove a default entry in QBMObjectHasPwdPolicy table.
This is because the following steps were attempted to change the assignment:
1. Remove the original assignment from the original password policy (e.g. Remove Person.DialogUserPassword from One Identity Manager password policy)
2. Add a new assignment of the column that was removed from the assignment in step 1 (e.g. Add Person.DialogUserPassword to Employee central password policy)
In carrying out the two steps above, Step 1 is actually removing a default assignment (e.g. removing an entry from QBMObjectHasPwdPolicy table) and this is not allowed by design.
The error is displayed while trying to perform step 2.
Instead of doing a removal followed by an add action on the column to Password polices, the correct practice is to perform a direct re-assignment which can be achieved using both the Designer and the Object Browser.
To use Designer, refer to the following:
1. Go to the One Identity Manager password policy and select the Assignments tab.
2. Select the assignment Person - Person DialogUserPassword and re-assign it to the password policy Password policy for central password of employee
3. Commit the changes to database in Designer.Done.
To use ObjectBrowser, refer to the following