cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Adding a user to a role

joachimvanpraet
Active Participant

on ‎04-01-2010 3:15 PM

0 Kudos

Hi All,

I created a job that reads a file and creates users in the identity store.

All these users must be added to a Role with MSKEYVALUE ROLE_EMPLOYEE.

In the to Identity store pass I added this line:

MSKEYVALUE %USERID%

...

MXREF_MXROLE <ROLE_EMPLOYEE>

...

When I run the job without the role assignment there is no error and the user is created.

Running it with the role assignment I get this error?


putNextEntry failed storingJoachimVanPraet
Exception from Add operation:com.sap.idm.ic.ToPassException: ToIDStore.addEntry 
failed storing entry 'JoachimVanPraet'. IDStore returned error message: " 
User is not allowed to run task:Attribute: MXREF_MX_ROLE" when storing attribute 
'MXREF_MX_ROLE=<ROLE_EMPLOYEE>'

Exception from Modify operation:com.sap.idm.ic.ToPassException: 
ToIDStore.modEntry failed updating entry 'JoachimVanPraet'. IDStore 
returned error message: "Entry does not exist" when fetching entry

Who can help me out?

kr,

Joachim

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

mubarakshabna_asmi
Participant
‎04-01-2010 7:14 PM
0 Kudos

Joachim,

Please try replacing the ROLE_EMPLOYEE with its MSKEY. You can find this by querying it in the mxiv_sentries view with

attribute = "MSKEY" and aValue= <ROLE_EMPLOYEE>.

Hope this helps.

Thanks

Shabna

Show replies
Show replies
joachimvanpraet
Active Participant
‎04-01-2010 7:24 PM
0 Kudos

Hi Shabna,

Thanks for your reply, but I've already tried this, without succes.

kr,

Joachim

Former Member
‎04-02-2010 9:57 AM
0 Kudos

Did you set the IDStore in the Job?

joachimvanpraet
Active Participant
‎04-02-2010 10:14 AM
0 Kudos

Hi all,

Yes I did, the job is working when I remove the line MXREF_MX_ROLE.

I allready tried te replace the <EMPLOYEE_ROLE> in the MSKEY of the role.

I also tried to do it the other way around. Assigning the user to the MXMEBER attribute of the role.

Entry type: MX_ROLE

MSKEY: <EMPLOYEE_ROLE>

MXMEMBER_MX_PERSON: <JoachimVanPraet>

changeType: modify

Result:


putNextEntry failed storingEMPLOYEE_ROLE

Exception from Modify operation:com.sap.idm.ic.ToPassException: 
ToIDStore.modEntry failed modifying entry 'EMPLOYEE_ROLE'. 
IDStore returned error message: 
" User is not allowed to run task:Attribute: MXMEMBER_MX_PERSON" 
when storing attribute 'MXMEMBER_MX_PERSON={A}<JoachimVanPraet>'

strange thing: when I create the user without MXREF_MX_ROLE I can assign the role in the UI without any problem...

kr,

Joachim

joachimvanpraet
Active Participant
‎04-02-2010 10:27 AM
0 Kudos

problem solved!!

Solution:

The provisioning task for one of the linked privileges was not a public task.

I changed this and everything is working.

Thanks for all help,

kr,

Joachim

Ask a Question