When you import data, Identity Governance uses either the basic import flow (directly importing a file) or the enhanced import flow (uploading, filtering, and refreshing data before importing). In both cases, Identity Governance enables you to select the entities to import, import references, and resolve conflicts. For example, during an import, if Identity Governance detects a technical role with the same name but a different unique ID, then Identity Governance shows the technical role as a conflict. You can either replace the existing technical role with the same name or create a new one.
The enhanced import flow does not yet work for all data related to functional areas. Currently, you can use the enhanced export and import flow to import the following:
Advanced Settings except environment-specific ones
Analytics and Role Mining Settings
Decision Support
Similarity Profile
Role Mining
Audit Settings
Authorization Assignments
Categories
Certification Policy Schedules
Collection Schedules
Data Policy Schedules
Delegation Mappings
Download Settings
Fulfillment Context Attributes
General Settings
Logging Levels
Maintenance Schedules
Risk Policies
Risk Schedules
Technical Roles
Your import selections are maintained until the import file is deleted or expires. However, if you import the same file, Identity Governance sets a new expiration date.
When Identity Governance uses the basic import flow, if you import more than the preconfigured threshold for the number of roles or policies that can be displayed on the import page or if the import fix size exceeds the preconfigured threshold, Identity Governance switches to bulk import mode. In bulk mode, instead of selecting whether to create, update, or handle conflicts for specific roles or policies, Identity Governance prompts you to import all new roles and policies and update all existing roles and policies. For conflicts, you can choose to either overwrite existing roles or create new roles.
NOTE:In basic import flow, the default value for roles and policies that can be displayed is 200. However, you can change the default value using the com.netiq.iac.importExport.maxImportsToDisplay property. Use the Advanced Global Configuration menu to add the property and specify a new value.
Identity Governance does not switch to the bulk mode when it uses the enhanced import flow because Identity Governance supports paging in the enhanced import flow and can display more than 200 roles or policies. In enhanced import flow, you can continue to selectively create, update, or handle conflicts as needed.
Sometimes reimporting previously deleted roles and policies might fail soon after cleanup. For example, when business roles, SoD policies, technical roles, applications, or review definitions are exported, deleted, and later reimported and the cleanup operation purges the deleted business roles, SoD policies, technical roles, applications, or review definitions before they are reimported, you might get an error in the UI during the reimport process, depending on how soon after the purge the reimport takes place.
The server log would contain an ERROR (SEVERE) message that corresponds to the error message in the UI. The wording of the message will be different depending on the database platform, but in general the message will indicate that an insert or update into the auth_role_mapping table violated the fk_auth_scope_id foreign key constraint. When you see this kind of error, we recommend that you wait at least 10 or 15 minutes and then try to reimport again.
To import:
(Conditional) If you are importing more than one file, create a plan for import based on the recommended order of import.
Log in to the application as the authorized user.
Navigate to the appropriate page and click the import link. For more information, see Section 33.6, Exporting and Importing Quick Reference for details on importing policies or settings.
(Conditional) If Identity Governance prompts you to open a file (basic import flow), navigate to the local folder on your computer where your downloaded file is located, then click Open.
NOTE:Identity Governance does not upload a file that does not match the expected name. For example, if you are importing a business or technical role but select an SoD policy file an error will be displayed.
(Conditional) If Identity Governance prompts you to load a file:
Click Upload Import.
Navigate to the local folder on your computer where your downloaded file is located, then click Open.
Click the Import icon next to the file you want to import to start the import process.
(Optional) Enter a search string to filter the import items, then take action on all or selected items within the filtered list. Identity Governance persists selections across pages if you have a long list of items, as long as the imported file is not deleted or has not expired.
Review data and resolve conflicts.
(Optional) If you want to preview and analyze the import data, select Generate Report.
Select the items for import and then select Import.
This automatically generates a CSV report that you can download and review. This import report identifies what was imported and calls out any unresolved references.
HINT:At times, the list of import items can span multiple pages. The Select All option in the Actions menu enables you to select all the import items. If you selected all items and then decided to select only a few items to import, click Actions > Select None to remove selection from multiple pages, then select only the items that you want to import.