Changes in Solaris 10 Patch Access Policy

Similar Messages

• Patch Access Policy Change

  Solaris 10 x86 User Community
  As of November 29th, Sun will be changing its Solaris 10 patch access policy. Now that Solaris 10 is freely available, support services require the purchase of a Sun Service Plan.
  Under this new policy, access to patches is restricted. Security fixes and hardware driver updates are publicly available for free, but access to all other patches requires a Sun Service Plan.
  Please see
  http://www.sun.com/service/sunconnection/solaris10patches.html for available access options.
  Kayo Granillo
  Sun Microsystems

  Please see
  http://www.sun.com/service/sunconnection/solaris10patc
  hes.html for available access options.Isn't Patch Manager available only for Solaris 8/9?
  Does this mean that Sun isn't providing anything to automate patching for peope who wish to remain "anonymous"?

• OIM Access Policy OU Updates

  All,
  I am wondering if any you have encountered an issue in OIM where a user’s OU in AD does not change when a new access policy applies to the user with a new OU (the old access policy is no longer valid). I have noticed that child form attributes (groups) are updated with the values from the new access policy, but parent form values such as OU, are not updated.
  The access policies currently do have retrofit selected.
  I also have tried running the “Evaluate User Policies” task with no luck.
  If you have any insight as to how we might resolve or workaround this issue, it would be appreciated.
  Thanks,
  -Derek

  What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
  Deborah

• "Access Restrictions" change to "Access Policy"

  can someone tell me what happen to my router linksys e1200, after i update the firmware to the latest version "Access Restrictions" is change to "Access Policy". how can i revert it back to "Access Restrictions" do i need to downgrade the firmware? 
  Thanks!

  You updated it to the latest firmware. That’s how it works with the updated firmware. Is there any reason why you upgrade your router? It’s only recommended to update the router if needed if not then its not advisable to do so. Downgrading it to the old firmware version may have a chance to brick your router.

• ACS 5.3 Authorization problem with using Identity Groups in Access Policy Rule

  Hello guys, I am found a problem which I can't solve regarding authorization with using Identity Groups in Access Policy rule.
  ACS version: 5.3.0.40.6 (internal build B.839)
  I have very simple RADIUS Authorization rule which authorize user on behalf of right Identity Group.
  Requested Identity Group exist
  Testing user is created in Internal Users and has assigned requested Identity Group
  Radius Access Policy: 
  Authentication against Identity Store Sequence, where authorization server is external RSA SecurID device and additional attributes retrieval is configured from Internal Users.
  Authorization is very simple – One Rule with only one Condition which is: Identity Group - in - Requested_Testing_Rule. Then Default rule is set to Deny.
  When I will try login with my testing user then authentication against RSA SecurID is OK, but authorization will be denied by Default rule – It looks like my Rule with Identity Group is totally omitted.
  I am managing several other ACS servers (version 5.3 but with older patches) where similar rules are working without problem.
  What I am tested:
  Remove testing user and create his account again.
  Rename Identity Group
  Use another Identity Group
  Remove Access Policy rule and create it again
  Use Compound Condition: System:Identity Group
  Use Compound Condition: System:UserID instead of Identity Group in Rule (it is working without problem)
  Do you have any idea where problem can be?

  OK guys, it started working yesterday without any configuration change. Maybe it was some database inconsistence wich was solved by ACS itself.

• ISE Admin Menu Access Policy and Network Resources

  Hello Board,
  Does someone experience the same issue as me, if using an Admin Menu Access Policy?
  First of all, I'm using the latest ISE release (1.1.3.124 with patch 1).
  I created a custom Administrator Menu Access Policy (Admin Access -> Authorization -> Permissions -> Menu Access).
  But basically I allowed (show) all menu items.
  Then I bind this permission profile to an Admin Authorization Policy
  Everything works very well, but I have issues, if I want to administer "Network Resources", if I'm using this admin menu access
  - In "Network Devices", there is no Menu bar (no "add", "delete" or "edit" button)
  - In "Network Device Groups", there is just the folder "Groups" on the left side, but there is no way to create anything or navigate into the groups
  I'm not quite sure if this is a configuration fault on my side or just some kind of bug.
  By the way - I'm using the latest firefox.

  As far as I know everything seems fine to me from the configuration  side. You can try downgrading the ISE version to 1.1.2 patch 5 and also  try changing the browser which might help.

• [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

  Hi Experts,
  OIM Build Number: 1866.62 ( BP15 )
  IHAC that faced an unexpected behavior on User disabling.
  Some users were associated to groups that had access policies applied.
  When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
  I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
  Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
  I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
  Any help would be very appreciated.

  Hi Nishith,
  I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
  This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
  But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
  Is it any enhancement for this task in order to improve its performance, or something like that?
  What else I can check?
  Thanks in advance.

• Access Policy is not getting trigggered after creation of user through GTC

  Hi,
  I have an access policy for ALL USER role and that provision users to an RO after getting created in oim. I have a trusted source flat file reconciliation GTC for user creation. I am facing issue when user is getting created through GTC, access policy is not getting triggered. But while creating an user through web console the same access policy is working fine and user is getting provisioned with RO.
  If anybody have any idea how to resolve this, please help me in this regards.
  Regards,
  Avijit

  Hi ,
  its good to know that its working. As per my experience it works for once (through reconciliation) but then stops working. Now to confirm try to revoke the user by changing the group member-ship through reconciliation and see if the resource is revoked or not (repeat it for 2 -3 times). Note that don't do it form within IDM web admin console, do it through reconciliation.
  do post your results.......
  Regards.

• PF attribute modification in Access Policy for existing users.

  Hi Guys,
  I have an access policy for provisioning a resource. Suppose if I make some changes for the process form attribute value inside the access policy,How can I have the same attribute value reflected in the process form of users who are already provisioned by the access policy?
  Direct database update wont be a good idea here as I am having multiple access policies for the same resource. Is there any table which is having the relation between provisioned resource and curresponding access policy if at all I have to go for a custom scheduled task?
  Thanks,

  Does this solution also supposed to work in OIM 11g? I Tried it but data on the main form does not get reflected on the process form of existing users. For child data it does work.
  Edited by: bsteen on Aug 5, 2011 5:21 AM

• Access Policy and Process Task

  Hi,
  I created "access policies" to provision resources when a user is associated with a role with the name of this resource.
  When I manually assign the role, the access policy works properly and the resource is provisioned.
  When the role is assigned through a process task, the access policy does not work properly and the resource is not created.
  Why this happens?
  How can I make the process task trigger the access policy when assign the role?
  TKS
  Edited by: raraujo on Oct 15, 2012 3:36 AM

  Better assign Role using group membership rule. Also, can you check if role is assigned using process task, is it getting assigned to user properly?
  Which OIM you are using? If it's 11.1.1.5 then apply BP03 patch or BP04 patch.
  regards,
  GP

• How to Setup another Access Policy 5.3

  hi everyone,
  Thank you for your help in advance. I am new to v5.3, and I am not good at VPN. So hope you can help.
  I just have my consultant to configure this correctly just today. Currently, there is only one rule for the access policy (Single Result Selection). That rule is to use Active Directory as the source for the authentication. And by default will deny any other access which is not found in the rule.
  Now... I just got an order that I need to setup a new user who will need to access to our network by using Cisco IPSec VPN (the software one). But that user is not setup in our Active Directory, and we do not want him to access our domain anyway. He only needs to access non-domain resourse...such as airconditioning controller by IP. So I am thinking to setup his account by using "internal identtity". If I do this way, what do I need to do to setup another access policy? May you give me some steps with little more details?
  OR... if it is not the way I should do...what else can I do to achieve this goal? Also, he said he could provide his static IP trying to access from.
  I have a ASA 5520.
  Thank you very much for your help.
  Takami Chiro

  Hello,
  Instead of creating a separate rule for the credentials validation you can edit the existing one that points to AD1 (only) and change it to a result on the ACS that checks both AD1 and Internal Users. In that case we need to use Identity Store Sequence. Refer to the steps below:
  On the ACS GUI > Users and Identity Stores > Identity Store Sequences > Create > Select "Password Based" and on the first box move AD1 and Internal Users to the right. Please do the same on the box at the bottom.
  The option "Internal User/Host Advanced Option: If internal user/host not found or disabled then exit sequence and treat as "User Not Found" should stay unchecked. Click submit.
  After creating the ID Store Sequence you need to change the Identity Result where you had AD1. Now the name of the ID Store will display as an available option. Please select that one and save the changes.
  With the above configuration, the expected behavior would be:
  1) ACS receives a request from the Internal User.
  2) ACS tries to validate the credentials against AD.
  3) AD returns an "User Unkown" response.
  4) ACS moves to the Internal Users.
  5 ACS successfully authenticates the user validating the provided credentials against Internal Users.
  Hope this helps.
  Regards.

• Access policy issues and daylight savings

  I have the WRVS4400N. I have purchased a few Linksys routers in the past and have been happy with their operation. The wireless access however, was mediocre until I purchased this model. This model has great a great wireless connection. I like the fact that I can make many changes to the settings on the router without having to reboot the router. The performance of this router in combination with the cable modem has been excellent. It far outperforms the equipment that it replaced. I will normally pick a linksys product over another brand.
  I am having 2 intermittent issues that are really causing me grief and an additional couple of annoying issues. I need help in fixing these issues. I have confirmed that I have the latest firmware version.
  1) Some computers do not have connection to the internet. As if the security policy is confused about the time or connection. I really think this is a security policy issue, but I will let you decide.
  2) There are some computers that I allow a 24/7 connection to the internet. For the rest I don’t want them to have access between the hours of 12a-6a. I have found that the connection doesn’t always shut-off. I have kids and do not want them to have access during those hours. I never had problems with my previous linksys router.
  3) I am unable to set an access policy that spans the 5 min between 11:55p and 12a. In my previous linksys router I could.
  4) The new daylight savings schedule is not part of my current firmware. This really threw off my security policies.
  I have found that if I reboot or if I simply goto the security policy screen and click on save settings it seems to correct itself. But, I shouldn’t have to babysit it to make sure that it’s working correctly. When I am out of town I need to know that my security policies will continue to work while I am away.
  Here’s my set up:
  1) I have a linksys cable modem that connects me to the internet through my cable provider.
  2) I have the linksys wireless (WRVS4400N) router that connects to the cable modem.
  3) I have a 3Com Superstack II switch as the backbone of my network which connects to the router.
  4) I have several devices connected to this router: computers, xbox, vonage phone line.

  This is EXACTLY what my router is doing...
  2) Access restrictions do not work, PERIOD...."ALLOW" will disable internet access for the entire subnet (regardless of the rule), and "DENY" will prevent uploading of file attachments to hotmail, myspace, facebook etc....for every computer on the subnet.
  Message Edited by DSMKilla on 10-26-2008 11:08 AM
  (Edited post for guideline compliance. Thanks!) 
  Message Edited by JOHNDOE_06 on 10-26-2008 11:39 AM

• OIM Access Policy Error

  I created an access policy for provisioning a resource and it works fine. But I get the following error when I click on manage and edit the child form fields. Can someone please guide what is this error for?
  2009-04-20 12:57:35,618 ERROR [org.apache.struts.actions.DispatchAction] Request[ManageAccessPolicies] does not contain handler parameter named method
  Thanks!

  What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
  Deborah

• OIM iPlanet Resource revoked using access policy

  Hi,
  I had created a group and access policy based upon which i tried to provisioned a iplanet resource to a user.
  For this I had created a UDF(say type with value C) and created a rule based on which user is assigned to group say business and also iPlanet resource is provisioned to user
  As I Edit the profile and clear UDF. User is removed from group and also iPlanet resource is revoked.(In Access Policy revoked if no longer applied)
  I am able to do this task Successfully But If iPlanet resource is already allocated to user and I update the UDF(value C) user is assigned to group and iplanet is already assigned to user(muliple resource UNTICK). and now if i again Updated the UDF(mean clear it) user is removed from the group but iPlanet resource is not revoked from the user......
  Can somebody tell me why it is happening??? wheather its a bug in OIM or I am missing something...
  Thanks
  Anil

  If I understand your requirement correctly, when you change the value in process form edit from C to other, iPlanet resource is getting revoked.
  But when you change the the same value from user profile edit, the iplanet is not getting revoked right?
  As per my knowledge I can say, when you update the value for UDF in user profile, you can use triggers USR.TRIGGERS which will update the process form. In this case your process form will gets updated by default.
  This in turn triggers access policy and revokes the resource.
  Hope this helps you

• OIM Access Policy dilemma

  I have a need to use an Access policy for basic account creation but still have a Request workflow for enhanced privileges. The Access Policy needs the Resource and Process forms to both be Auto Pre-populate and auto save. This seems to be a conflicting requirement by the way I understand OIM. Any thoughts on a good work around?
  Kerry

  What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
  Deborah