Role Relationships Application (P95921) Changes

When LDAP is enabled, P95921 has been modified to enable or disable certain functionality, depending on whether roles are managed in LDAP. When roles are managed in LDAP, you cannot use EnterpriseOne to add or delete a role for an individual user. However, you can add roles to the default user for LDAP, which is _LDAPDEFLT. Additionally, you can modify the role expiration date.

If you attempt to add a role to an individual user in EnterpriseOne, the system displays this error:

Error: Role Relationship is managed by LDAP.

Similarly, if you attempt to delegate, remove, or add a role for an individual user, the system will display the same error.

Note: When LDAP is enabled and roles are managed in LDAP, you can use a third-party LDAP-enabled application to add, delete, or modify role relationships for any user.