-
Title
Excluding user from Management Policy prevents user from accessing other Management Policies -
Description
With multiple Management Policies configured in Password Manager, if a user is in a group that is excluded from a Management Policy but is also in a group that is included in a different Management Policy, the user is unable to search for themselves in the PMUser site.
Consider the following scenario as an example:
- There are two Management Policies configured: Policy A and Policy B
- The User is a member of Group 1 and Group 2
- Group 1 is configured as Included in Policy A
- Group 2 is configured as excluded in Policy B
In this scenario, the expected behavior is that the user should be searchable in the PMUser site and part of only Management Policy A. However, the user does not show up in the search as expected.
-
Cause
This issue has been identified as Product Defect 85627. -
Resolution
WORKAROUND
Do not exclude any groups where there may be user overlap with an included group. Rather, create unique groups to include in the Management Policy scopes that do not have any overlapping memberships.
STATUS
Waiting for fix in a future release of Password Manager.
-
Change Request
85627