cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IDM70: MX_ROLE assignment does not assign MX_AUTOPRIVILEGE

Go to solution
Former Member

on ‎07-09-2009 4:34 PM

0 Kudos

Hi there

I used the SAP-Provisioning-Framework InitialLoad-Jobs to create Privileges (MX_PRIVILEGE) for ABAP and ADS.

When I assign these privileges directly to an IdentityStore user he gets provisioned to the corresponding systems.

Now I created a simple Role-Structure (MX_ROLE) for testing: "ROLE:SuperUser", and nested wihtin that "ROLE:NormalUser".

In the Role-tab of ome of the imported privileges I added these Roles.

I add one of the Roles (no matter which one) to a brand new IdentityStore user and nothing happens (only the ModifyUser Task is run).

I can verify in MonitoringUI that this user has the Role-entry in MXREF_MX_ROLE and MX_AUTOROLE but he isn't assigned to the privileges and hence not provisioned to the systems.

What am I doing wrong?

Is there some option I have to set in MX_PRIVILEGE or MX_ROLE?

Any help appreciated

Regards

Michael

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-09-2009 5:23 PM
0 Kudos

Michael,

We had the same issue at first - associate the privilege with role on the Role Members tab rather than the Roles tab.

Additionally, if the user already had the role assigned to them you'll need to run the reconcile to see the privilege changes - use have the global constant for Reconcile turned on in dev but otherwise you can just remove the role and then add it back to the user.

-Geoff

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎07-09-2009 5:19 PM
0 Kudos

I was in the wrong privilege tab...

In Privilege-Properties one has to add the Roles to the Tab "Role members", not to the tab "Roles"

small difference, big effect

Show replies
Show replies
Ask a Question