Hi
Customer has posted this query regarding moving OIM default assignment in password polices. Following is the use case:
By OOTB default, the Person.DialogUserPassword column is assigned to policy “One Identity Manager password policy”
However the requirement is to have the password policy for the Person.DialogUserPassword to match that of the Person.CentralPassword column (e.g reason being user has set the DialogUserPassword automatically based on the CentralPassword). Hence the intend was to remove Person.DialogUserPassword from “One Identity Manager password policy” and then to add it to “Employee central password policy“
However, when trying to remove the Person.DialogUserPassword from the OOTB default policy “One Identity Manager password policy” in Designer with intend to add it to the other policy, the following error occur as a pop up:
“You are not allowed to remove default objects or assignments.”
With this Person.DialogUserPassword cannot be added to “Employee central password policy“
However having mentioned the above, it seems this can be worked around by SQL update (either via direct SQL or Object Browser front end tool)-:
E.g.: this can be achieved if we change the entry in QBMObectHasPwdPolicy table by updating the "UID_QBMPwdPolicy" for the row with UID_DialogColumn having "Person.DialogUserPassword" 's ID. to have the UID_QBMPwdPolicy entry for "Employee central password policy“.
Note: I have tested the above SQL method and tried on the updated polices on the column and seems to work in my lab.
So the question is:
1. Is there a specific reason the UI prevents the user from making this change?
2. If we move the column to a different policy via ObjectBrowser or SQL method, will this cause any issues?
3. Is there another method that can be used to allow this modification?
Many thanks in advance.
