cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Assign business role to thousands of users.

Go to solution
Former Member

on ‎02-26-2013 4:16 PM

0 Kudos

Hello experts.

I need your expert assistance. I'm using IDM 72SP5. What is the way to go about assigning a business role to about 100k users. The business role contains technical privileges to various abap\business suit clients. No approval required. Does anyone have a script to share or some kind of a headway? I tried creating a job with script but strugglling so far.

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-01-2013 9:55 PM
0 Kudos

Hello Peter,

Just one last question on the scripts, the pass should be a "To Identity Store" right. Thanks.

Show replies
Show replies
Former Member
‎03-03-2013 9:16 PM
0 Kudos

Hi Fernandez

Definitely.  To IdStore.  Also make sure you set the correct entry type (MX_PERSON) or you might get issues...

Peter

Former Member
‎03-05-2013 4:49 PM
0 Kudos

Thank you so much again Peter.

I tried it and it worked well. I appreciate your help immesely.

Answers (1)

Answers (1)

Former Member
‎02-26-2013 10:39 PM
0 Kudos

Hi Fernandez

A little more information is required - specifically, how are you identifying the users you want to assign it to?  A simple job would be easy enough if there was some way to identify them from their IDM data.

With that many users you'll need to use a Job rather then an IDStore task.

Peter

Show replies
Show replies
Former Member
‎02-26-2013 10:43 PM
0 Kudos

The users are already in IDM with unique MSKEYVALUE.

Former Member
‎02-26-2013 10:50 PM
0 Kudos

Alternatively, I could have users listed in a spreadsheet/csv file.

Former Member
‎02-26-2013 11:30 PM
0 Kudos

Is it all users?  If so, a job with:

SELECT distinct mcvalue FROM idmv_vallink_basic_active WHERE mcattrname='MSKEYVALUE' AND mcidstore = %gbl.SAP_MASTER_IDS_ID% AND MSKEY IN (SELECT mskey FROM idmv_vallink_basic_active WHERE mcattrname='MX_ENTRYTYPE' AND mcvalue = 'MX_PERSON')

This should select all active users.

The Destination is:

MSKEYVALUE   %mcvalue%

changetype  modify

MXREF_MX_ROLE  {A}<rolename>

That should do the job.  You can keep adding clauses to the SQL select to get the right set of users

Peter

Former Member
‎02-27-2013 12:06 AM
0 Kudos

Peter,

Thanks for this script. i'll play around with it. No, it's not all the user. it's a about 100K users already in IDM. User provided in a spreasheet. Trying to assign same role in IDM that grants ABAP privileges.

Former Member
‎02-27-2013 12:11 AM
0 Kudos

In that case, just read the users in using a From ASCII pass to a temporary table.

Then use SELECT identifier FROM temptable

with the same destination pass:

MSKEYVALUE   %identifier%

changetype  modify

MXREF_MX_ROLE  {A}<rolename>

Former Member
‎02-27-2013 12:33 AM
0 Kudos

Peter,

Thanks much. i'll update you of my outcome.

Former Member
‎03-04-2013 1:11 PM
0 Kudos

I see this is answered but I want to add this anyway for future searchers that end up here:

To find entries its quicker and more efficient to use the idmv_entry_simple view, example:

select

mcmskeyvalue from idmv_entry_simple where mcEntryType = 'MX_PERSON'

and mcIdStore = %glb.SAP_MASTER_IDS_ID%

(idmv_vallink_<> views are joins between multiple tables while idmv_entry_<> has no joins)

And if on SQL Server add WITH(NOLOCK) to queries used in the source of passes that write to IDStore to avoid issuing a shared lock when reading the entry you'll update on the destination pass. Especially important when using idmv_vallink... or other views that access MXI_VALUES.

Former Member
‎03-05-2013 4:51 PM
0 Kudos

Thanks much Per,

I tried this and it lit up my face.

Ask a Question