Release NotesKnown IssuesEndpoint TypesCA DLP › CA DLP User is Placed in Root Group on CA DLP Endpoint

Previous Topic: Error Message – The Communications Mode of the Provisioning Server and Client Do Not Match. CMS Is In Standard mode. Client Is In Advanced mode.

Next Topic: CA SSO Connector for Advanced Policy Server
CA DLP User is Placed in Root Group on CA DLP Endpoint

Symptom:

I created a CA DLP account template and used the default values for the group attribute: %UCOMP%/%UCOUNTRY%/%UDEPT%.

I created a user and assigned a provisioning role to user based on the template. When I viewed the CA DLP account of the user in CA Identity Manager, the group attribute was empty. On the CA DLP endpoint, the account was in the root group.

Solution:

When you created the global user, you did not specify a value for the Company, Country, or Department. As a result, the group attribute was set to / and the user was placed in the root group on the CA DLP endpoint.

This behaviour is expected when the Group attribute is set to /.