Hi Experts
I'm using SAP ID Mgmt 7.2 SP4 Patch 1 with standard provisioning framework
Here is my configuration:
a "SAP" repository with :
- master priv set with "PRIV:SAP:ONLY"
- "master priv missing task" point to a job wich assign the "PRIV:SAP:ONLY" (if missing, set the master)
- no grouping rules (due to specific approval for each assignments)
PRIVs from "SAP" repository have "Validate Add task" pointing to a complex approvals workflow.
Here is the process:
- When I assign a PRIV to a USER who has not "PRIV ONLY", the "Validate Add task" status is "25" : Waiting Add Privilege (the master one).
- The task "Master Priv missing" is launched
- The USER has "PRIV ONLY"
- As soon as ONLY has been assigned to the USER, the approval workflow is launched.
Here is the dilemma :
- If approvers decline the request, the user keep an account into SAP.
- If I remove the ONLY because of decline, the user has already received an email with credentials (according to standard framework)
Do you have a way to launch the Approval Workflow even if Master Privilege is not present ?
We tried to add a task into the the provisioning workflow to add PRIV ONLY when required, but if the provisioning is launch is mass (via Business Role for exemple), even if we set "Wait for event task", we are facing issues (setABAPprivilege executed before CreateABAPUser) !!
Have you already faced this kind of issues ?
Thanks in advanced for your help,
Benjamin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.