cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User-Role Provisioning Problem

Go to solution
Former Member

on ‎12-11-2009 11:17 AM

0 Kudos

Hi,

When I try provisioning a role to a User, if there are already some roles assigned to him, the valid from date of the previously assigned roles and the new role changes to the current date. I see this as a serious issue as the validity of the previous roles should not change when a new role is assigned to a user.

Note - I'm trying to provision roles to users in ECC system. I'm making use of the SAP Provisioning framework for provisioning/de-provisioning

Please let me know, if I'm required to make some change to the provisioning Tasks/Jobs that I'm employing here

Regards,

Joel Davis

IDM - Infosys Technologies

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-18-2009 8:48 AM
0 Kudos

Hi Joel.

I've been investigating the same issue and noticed that valid-from dates for user's existing roles are already updated to the current date when the Initial Abap Load from SAP to IDM is done. Then when ever you e.g. add a new abap role for the user in IDM, SetABAPRole&ProfileForUser task updates valid-form dates to current date. Looks serious bug for me! Especially if you have valid-from date in the future to activate the role later.

Can any SAP personnel comment this? Perhaps Joel you should create SAP Note about this?

Br. Jukka

Show replies
Show replies
Former Member
‎02-08-2010 10:54 AM
0 Kudos

Ok. Thanks.

I have raised an SAP OSS message for this question. I got the answer that it is a technical limitaion that IDM has.

Regards,

Joel Davis.

Answers (1)

Answers (1)

Former Member
‎08-27-2013 8:19 PM
0 Kudos

Hello,

We are also facing this issue Its been a week that we are using Role Provisioning functionality.

Did SAP provide a solution for it now? 

Show replies
Show replies
Former Member
‎09-03-2013 4:53 PM
0 Kudos

Hi Deepali,

This limitation can be overcome in IDM7.2 using customised scripts.

The date of the newly assigned privileges will not be changed. We can also have the delta roles assigned to the SAP system by avoiding the present overwrite policy of IDM.

regards,

Dileep Reddy

Former Member
‎09-06-2013 7:58 AM
0 Kudos

Hi Deepali,

Can you please let me know which version of IDM you are in ?

We are using the SAP PF for prov & de-prov and we are on IDM 7.2 SP7 at present. We never faced such issue.

There is a script which returns a list of all privileges of the passed user for the passed repository and the passed privilege type. It contains all already assigned privileges plus/minus the delta of the current pending added and/or removed privileges without affecting the validity of the assignment.

You can refer to the scripts sapc_getNameOfAssignedPendingPrivileges which comes with IDM.

Regards,

Krishna.

Ask a Question