on 12-11-2009 11:17 AM
Hi,
When I try provisioning a role to a User, if there are already some roles assigned to him, the valid from date of the previously assigned roles and the new role changes to the current date. I see this as a serious issue as the validity of the previous roles should not change when a new role is assigned to a user.
Note - I'm trying to provision roles to users in ECC system. I'm making use of the SAP Provisioning framework for provisioning/de-provisioning
Please let me know, if I'm required to make some change to the provisioning Tasks/Jobs that I'm employing here
Regards,
Joel Davis
IDM - Infosys Technologies
Hi Joel.
I've been investigating the same issue and noticed that valid-from dates for user's existing roles are already updated to the current date when the Initial Abap Load from SAP to IDM is done. Then when ever you e.g. add a new abap role for the user in IDM, SetABAPRole&ProfileForUser task updates valid-form dates to current date. Looks serious bug for me! Especially if you have valid-from date in the future to activate the role later.
Can any SAP personnel comment this? Perhaps Joel you should create SAP Note about this?
Br. Jukka
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
We are also facing this issue Its been a week that we are using Role Provisioning functionality.
Did SAP provide a solution for it now?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Deepali,
Can you please let me know which version of IDM you are in ?
We are using the SAP PF for prov & de-prov and we are on IDM 7.2 SP7 at present. We never faced such issue.
There is a script which returns a list of all privileges of the passed user for the passed repository and the passed privilege type. It contains all already assigned privileges plus/minus the delta of the current pending added and/or removed privileges without affecting the validity of the assignment.
You can refer to the scripts sapc_getNameOfAssignedPendingPrivileges which comes with IDM.
Regards,
Krishna.
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.