on 07-11-2012 6:08 AM
Hi IdM Expert
I am implementing SAP IdM for a client, our client has very restricted rule for getting server access. No anyone will be given server access other than Basis team member . I could not get access IdM MMC access directly from server, the workaround is that I am able to access MMC via the client tool.
However I have experienced following restrictions when I use client tool to access MMC:
Not able to run the trace for provision jobs,
Not able to perform Java script the trace,
Not able to import provision framework, and
Not able to retrieve the error log
Just wonder if any people have good way to resolve these issue when use client tool.
Regards
Hi Han
for setting up the environment you could use a dispatcher running on your client. This should solve your problems.
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michael
Could you please elaborate a bite more?
Current I can create new dispatcher via the client tool, however I could not start and stop the dispatcher as it required window admin access (which I current do not have either).
also I am very interested to know how you resolve the trace issue, for example when you trace the java script trace, you need to create java batch file to launch RT GUI , as far as I understand a person need to know the server directory for DJ_HOME and DSE_HOME to be able to create Batch file correctly. Given the fact I can not access the server, how to get the information?
Another issue I have noticed that I am not able to export the task and import the SAP provision framework via client tool, the log informs me that there is sync issue, just wonder how I should resolve that too?
Appreciate your help
Regards
Harry
Harry,
Assuming that the MMC administration console for IDM is installed on your workstation, create a dispatcher locally for you to use.
However, I don't know if this will work long term. I think you're going to need to sit down and explain the IDM architecture to the BASIS team and let them know that as a fellow SAP Security professional you're going to need some access. In these environments, I usually invite the BASIS people to work with me with to make the needed changes.
However for some of what you've mentioned above it could be database issues as well, again you'll need to work with the DBAs so that you'll have the correct permissions.
If you let us know the exact error messages you are getting we might be able to give you more specific guidance.
Matt
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.