cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Java users, roles and group do not show up in IDM UI after initial load

Former Member

on ‎08-16-2012 6:59 PM

0 Kudos

Helo all,

Using IDM 7.2/SP4. I ran the initial load with read passes only enabled with the intent of loading the users from EP to the IDM Data Store. My log says Users, roles and groups were read but I cannot see them via the UI. I am not using VDS. What am I doing wrong considering I have no errors. Thanks in advance.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎08-16-2012 7:11 PM
0 Kudos

I can see only the system privilege in the UI.

Show replies
Show replies
Former Member
‎08-17-2012 11:30 AM
0 Kudos

I guess you did not set the right IDStore Identifier in either MMC/Global Constants/SAP_MASTER_IDS_ID or during configuration of the jmx~app.

Former Member
‎08-17-2012 5:48 PM
0 Kudos

Thaks so much Michael,

I took a hint from your response. I modified and enabled the write passes and now abled to see my users/groups/ roles in the UI.

Former Member
‎08-17-2012 5:53 PM
0 Kudos

I am however not abled to assign the portal system privilege to a user that exist in the UI. I get some error from CreateJavaUser that seems to be related to password. I have disabled the password lines from the writeuser pass but same error. Any ideas?


putNextEntry failed storingSPML.SAPUSER.tempUser


Exception from Add operation:com.sap.idm.ic.ToPassException: Exception when
creating user :ALPHANUM_REQUIRED_FOR_PSWD


Exception from Modify operation:com.sap.idm.ic.ToPassException: SPML
exception: Unexpected error when processing modify request Unsupported ID found
null

Former Member
‎08-20-2012 11:02 AM
0 Kudos

1. Your Password policy in AS Java UME is set to include numbers in the password.

2. If you want to CREATE a user in AS Java UME you have to supply a password.

3. Do you have Password provisioning enabled in you ID Store?

4. You should enable the password lines in the Write Passes and change the custom_Password-Script in Global Scripts according to your needs. Else you create a user in IDStore without password which won't help much, imho.

BR

Michael

Former Member
‎01-03-2014 7:25 AM
0 Kudos


Dear   Fernandez,

I am facing the same problem my abap users and roles are not visible in IDM UI. But write abap user pass is executed without any error. Could you please suggest what needs to be done to view abap users and roles in sap IDM UI.

Thanks

Sajin

Steffi_Warnecke
Active Contributor
‎01-03-2014 7:31 AM
0 Kudos

Hello Sajin,

what helped Fernandez is here in the thread. Have you tried doing, what Michael described?

Regards,

Steffi.

Former Member
‎01-03-2014 9:43 AM
0 Kudos

Dear Steffi,

Thank you for quick reply. As I have followed the steps given by Michael now I am able to see the number of users. But the roles are not showing. please find the below screenshot of the same.

Thanks

Sajin

Steffi_Warnecke
Active Contributor
‎01-03-2014 9:49 AM
0 Kudos

Hello Sajin,

can you please show the settings of your import task for the roles? The source and destination tab for this.

Regards,

Steffi.

terovirta
Active Contributor
‎01-03-2014 10:21 AM
0 Kudos 


sajin ts wrote:




As I have followed the steps given by Michael now I am able to see the number of users. But the roles are not showing. please find the below screenshot of the same.

Are all the passes in the job enabled? Both the passes that read from AS ABAP to temp tables and the passes that write data from temp tables to Id Store? Do you see data in the temp tables?

Can you find any of the roles if you search them as follows:

select mskey, attrname, searchvalue, is_id from idmv_value_basic where searchvalue like '%NAME_OF_ANY_OF_THE_PRIVILEGES_THAT_SHOULD_APPEAR%'

and if anything is returned what does following SQL return:

select mskey, attrname, searchvalue, is_id from idmv_value_basic where mskey = [MSKEY_FROM_PREVIOUS_QUERY]

(I assume you did set the correct Id Store for the roles as you did for the users and you're creating roles with MX_ROLE entry type, but you can verify the correct entry type and Id Store ID from the query results.)

regards, Tero

Former Member
‎01-03-2014 12:16 PM
0 Kudos

Thank you Steffi and Tero for quick reply

@Steffi-As I am new to IDM please tell me you are asking about the passes. if yes I have attached below. or else kindly let me know what exactly needs to show .please suggest.

@Tero - I am unable to see the passes that you have indicated, read from AS ABAP to temp tables and the passes that write data from temp tables to Id Store. please find the below screenshot of the same. kindly suggest...

Thanks

Sajin


Steffi_Warnecke
Active Contributor
‎01-03-2014 12:38 PM
0 Kudos

Hello Sajin,

that's the read PASS for the roles Tero was talking about. As you can see, the data is written into a database (in the "table name field" is the temp table defined).

"WriteABAPRolePrivileges" further down then reads the information from that table and writes it into the IdM. Could you show the destination-tab from that one, please?

And did you check the SQL-queries, Tero provided to see, if the roles are there (and just maybe for other reasons not found in the UI)?

You can check that in the MMC, too. When you go to your Master ID store (usually NOT the Enterprise People-thing) there, then "Identity store metadata" and there "Privileges".

Regards,

Steffi.

Former Member
‎01-05-2014 11:20 PM
0 Kudos

Roles in IDM are not Roles from ABAP.  Check the privileges and they should be there as PRIV:ROLE:...

Roles have a specific meaning in IDM and its a different object type.

Peter

Former Member
‎01-08-2014 3:15 PM
0 Kudos

Thank you very much Peter...I was selecting wrong one to see roles.

Dear All,

Now I am having another issue that I am trying to create a user in abap system but I assign privileges to user and try to save it by that time I am getting the below error. Could you please suggest.

Thanks

Sajin

Steffi_Warnecke
Active Contributor
‎01-08-2014 3:26 PM
0 Kudos

Hello Sajin,

you should open a new question for this issue, so that it can be found more easily.

Regards,

Steffi.

Former Member
‎01-08-2014 10:55 PM
0 Kudos

Don't use assignments.  Use MXREF_MXPRIV and see if that works.  Assignments is a calculated field of all assignments iirc.

Peter

Former Member
‎01-09-2014 4:17 AM
0 Kudos

Hi Peter,

I didn't get you...could you please elaborate? if you are talking about the attribute MXREF_MXPRIV please find the screenshot below and kindly suggest.

Thanks

Sajin

terovirta
Active Contributor
‎01-09-2014 12:22 PM
0 Kudos

Peter suggested using attributes MXREF_MX_PRIVILEGE for privilege assignments and MXREF_MX_ROLE for role assignments rather than the MX_ASSIGNMENT that is mapped to your UI. Just select them from the list in your screen shot.

That "Assign" UI task is standard screen within the SAP Provisioning Framework and should work out of the box, did you perhaps modify it?

I've seen MX_ASSIGNMENT been used in similar UI tasks in previous project and it worked..

If you have few minutes maybe try creating a new UI task with minimum attributes for the user and use the MXREF_MX_PRIVILEGE as Peter suggested, if that saves the entry without errors and triggers provisioning then add MX_ASSIGNMENTS to your UI and if that works the problem is elsewhere (not visible in the screen shots) in the "Assign" UI definitions than these attributes.

Former Member
‎01-09-2014 8:49 PM
0 Kudos

Exactly - much like you have for groups (MXREF_MX_GROUP), you need to use MXREF_MX_PRIV and MXREF_MX_ROLE.  MX_ASSIGNMENT is a collection of all the assignments and is kept up to date by the system.  If you want to assign something, you need to specify the mxref attributes as these form the basis for whats displayed in MX_Assignments.

MX_Assignments is essentially read only.

Peter

Ask a Question