on 07-09-2009 4:34 PM
Hi there
I used the SAP-Provisioning-Framework InitialLoad-Jobs to create Privileges (MX_PRIVILEGE) for ABAP and ADS.
When I assign these privileges directly to an IdentityStore user he gets provisioned to the corresponding systems.
Now I created a simple Role-Structure (MX_ROLE) for testing: "ROLE:SuperUser", and nested wihtin that "ROLE:NormalUser".
In the Role-tab of ome of the imported privileges I added these Roles.
I add one of the Roles (no matter which one) to a brand new IdentityStore user and nothing happens (only the ModifyUser Task is run).
I can verify in MonitoringUI that this user has the Role-entry in MXREF_MX_ROLE and MX_AUTOROLE but he isn't assigned to the privileges and hence not provisioned to the systems.
What am I doing wrong?
Is there some option I have to set in MX_PRIVILEGE or MX_ROLE?
Any help appreciated
Regards
Michael
Michael,
We had the same issue at first - associate the privilege with role on the Role Members tab rather than the Roles tab.
Additionally, if the user already had the role assigned to them you'll need to run the reconcile to see the privilege changes - use have the global constant for Reconcile turned on in dev but otherwise you can just remove the role and then add it back to the user.
-Geoff
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I was in the wrong privilege tab...
In Privilege-Properties one has to add the Roles to the Tab "Role members", not to the tab "Roles"
small difference, big effect
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.