cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tasks by "member events" are not triggered

Go to solution
Former Member

on ‎01-19-2012 9:45 AM

0 Kudos

Environment: SAP NetWeaver IdM 7.2 SP3

Hi All,

I've got a serious problem with member events kicking off provisioning tasks. In my setup there is a privilege called PRIV:UME:USERACCOUNT which triggers the task "Create UME user" when it gets assigned to a user. When this event happens for the first time, the mentioned task is triggered, and the user will be tried to be synchronized to UME. However, if there is a problem with the task "Create UME user" and the user is not synchronized, then assigning the privilege to the user again (and of course after fixing the problem in the provisioning task) does not trigger the "Create UME user" task again. By this second trial nothing can be seen in the logs, it's like the user would be flagged as "a problematic one" and therefore not synchronized never again.

When I delete and recreate the mentioned user, and assign to him the privilege again, then the task is triggered again, and the user gets created in UME...

Any thoughts on this? How can we synchronize users which failed earlier?

Kind regards,

Zoltan Kormany

Edited by: Zoltan Kormany on Jan 19, 2012 11:59 AM

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-07-2012 12:11 PM
0 Kudos

Hi Zoltan,

as I mentioned here:

please do the following steps:

  • Go to the UI

  • Go to the Task where you assign the privs

  • on the right side with the assigned Privs klick on "Advanced"

  • click on "any"

  • click on the failed assigment

  • theres a retry button, press it and save the assigment

  • provisioning should start again

Show replies
Show replies
Former Member
‎02-08-2012 2:43 PM
0 Kudos

Hi Christoph,

Thank you very much for this useful information, that really helped. I also realized that the connection of a user and a privilege has a state (e.g. OK, Not allowed, Denied, Assignment failed etc). Do you know where these status informations are stored in the database? It would be nice to be able to query for all "failed" assignments for example. I don't remember reading of this in the docs either.

Kind regards,

Zoltan

Former Member
‎02-08-2012 4:02 PM
0 Kudos

Hi Zoltan,

in the view idmv_link_ext is a column called LinkExecStateHier. This column can have various values which indicates the state of the assignment. Everything other then 1024, 0, 1, and 1025 is not that good

Please have a look in the help of the identity center and search for "LinkExecStateHier". There you can see all the values

BR,

Christoph

Answers (2)

Answers (2)

former_member192665
Participant
‎02-01-2012 3:22 PM
0 Kudos

Hi.

In mxiv_sentries there is a column "prov_status" or something like that (I do not have an 7.1 DB at hand so I can't check at this moment). Check if its value is 21 or 11 or something like that. If so this indicates that initial provisioning failed (and you say exactly this happened) and then the logic won't do any new provisionings. What might help is delete the privilege assignment and assign it again.

Maybe this helps.

Cheers,

Kai

Show replies
Show replies
Former Member
‎02-03-2012 11:47 AM
0 Kudos

Hi Kai,

thank you for your reply, unfortunately in my environment (version 7.2) there is no mxiv_sentries view. On the other hand I cannot delete the mentioned privilege assignment as it is not assigned to the user. The only solution I see currently is to delete the user and create it again. After the user has been recreated it is possible to assign to him the privilege, and with that, to trigger the tasks.

Kind regards,

Zoltan

former_member283791
Participant
‎01-20-2012 8:52 AM
0 Kudos

Hey Zoltan,

I do believe that the problem you are refering to is a big issue with the new version of IdM. I am facing the same issue.

The research I have done into this leads me to believe that some special value isn't assigned correctly because the job was stopped prematurely. Maybe someone else can answer this but is it somehow possible that the Update Changenumber job has something to do with this?

I can however advice you to always keep your IdM up to date with the latest SP and even Patch Levels. Each Patch Level brings new bug fixes and hugely improves the product.

KR,

Jonathan

Show replies
Show replies
Ask a Question