on 11-30-2010 3:12 PM
Hi Guys,
I am using SAP IDM 7.1 SP5 Patch2. I am tyrying to user master privilege and grouping but it does not seem to work or i did not get the concepts.
Anyone who is familiar with these two concepts.
Example : Master privilege:
i define one in Active Directory repository and i suppose that when i provision, all other privileges will wait until this one is provisioned. This is not what happens.
As soon as i assign a role with five privileges to a user, the five privileges start executing.
So create user executes five times.
Any help is appreciated
Hi Anup,
Please have a look at the schema document, if you do not have it i can send you a copy.
Here is the paragraphe for the MX_PRIVILEGE ENTRY TYPE
In the schema document, i cannot see MXMEMEBER_MX_PRIVILEGE as allowed for the MX_PRIVILEGE ENTRY TYPE:
Entry type MX_PRIVILEGE
Description
This entry type is to hold privileges.
Attributes
The entry type contains the following attributes:
Attribute Mandatory (Yes/No) Available as of version
DESCRIPTION No 7.1 SP1
DISPLAYNAME Yes 7.1 SP1
MSKEYVALUE Yes 7.1 SP1
MX_ACCESS_CONTROL No 7.1 SP1
MX_ADD_MEMBER_TASK No 7.1 SP1
MX_ADDMEM_DISABLE_POLICY No 7.1 SP2
MX_APPLICATION_ID No 7.1 SP4
MX_APPROVAL_TASK No 7.1 SP1
MX_APPROVERS No 7.1 SP1
MX_AUDIT_FLAGS No 7.1 SP1
MX_DEL_MEMBER_TASK No 7.1 SP1
MX_DELMEM_DISABLE_POLICY No 7.1 SP2
MX_DEPROVISIONTASK No 7.1 SP1
MX_EDIT_ATTRIBUTES No 7.1 SP1
MX_EDIT_MEMBERSHIP No 7.1 SP1
MX_ENTRYTYPE Yes 7.1 SP1
MX_GROUPING_DISABLED No 7.1 SP3 Patch 1
MX_INACTIVE No 7.1 SP1
MX_INHERIT No 7.1 SP1
MX_MANAGER No 7.1 SP1
MX_MODIFYTASK No 7.1 SP1
MX_MODIFYTASK_ATTR No 7.1 SP1
MX_OWNER No 7.1 SP1
MX_PRIVILEGE_TYPE No 7.1 SP1
MX_PROVISIONTASK No 7.1 SP1
MX_RBAC_DIRECT_PRIVILEGE No 7.1 SP1
MX_RBAC_REVERSE_PRIVILEGE No 7.1 SP1
MX_REPOSITORYNAME No 7.1 SP1
MX_REQ_PRIV No 7.1 SP2
MX_REQ_PRIV_INTERVAL No 7.1 SP2
MX_REQ_PRIV_NOMASTER_TASK No 7.1 SP2
MX_REQ_PRIV_PCYADD_MISSING No 7.1 SP2
MX_REQ_PRIV_PCYADD_PENDING No 7.1 SP2
MX_REQ_PRIV_PCYADD_REMOVING No 7.1 SP2
MX_REQ_PRIV_TIMEOUT No 7.1 SP2
MX_SEMAPHORE No 7.1 SP1
MX_TARGET_ALL No 7.1 SP1
MX_TARGET_DYNAMIC_GROUP No 7.1 SP1
MX_TARGET_SELF No 7.1 SP1
MX_VALID_MEMBERS No 7.1 SP1
MX_VIEW_ATTRIBUTES No 7.1 SP1
MXAC_ENTRY No 7.1 SP1
MXAC_MEMBERS No 7.1 SP1
MXMEMBER_MX_GROUP No 7.1 SP1
MXMEMBER_MX_PERSON No 7.1 SP1
MXMEMBER_MX_ROLE No 7.1 SP1
MXREF_MX_APPLICATION No 7.1 SP1
MXREF_MX_ROLE No 7.1 SP1
Relations
One MX_PRIVILEGE object can reference multiple MX_GROUP, MX_PERSON and
MX_ROLE objects. One MX_GROUP/MX_PERSON/MX_ROLE object can reference more
than one MX_PRIVILEGE object.
MX_PRIVILEGE object can be referenced to from MX_APPLICATION object.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
As per the schema there is no concept of Master privilege.
There is a workaround if you prefer you can try.
1. Either put some delay in the Provisioning and Devprovisioning jobs linked to the other priv you want to execute later.
2. Use Result handling for the Provisioning and Devprovisioning jobs linked to the other priv you want to execute later.
Hi Anup,
According to the schema document there is no MXMEMBER_MX_PRIVILEGE for the MX_PRIVILEGE ENTRYTYPE
See Below :
Relations
One MX_PRIVILEGE object can reference multiple MX_GROUP, MX_PERSON and
MX_ROLE objects. One MX_GROUP/MX_PERSON/MX_ROLE object can reference more
than one MX_PRIVILEGE object.
MX_PRIVILEGE object can be referenced to from MX_APPLICATION object.
Thanks
Lahcen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Please try adding the other child privileges to the attribute "MXMEMBER_MX_PRIVILEGE" of the master privilege.
hope this should work
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.