on 02-26-2013 4:16 PM
Hello experts.
I need your expert assistance. I'm using IDM 72SP5. What is the way to go about assigning a business role to about 100k users. The business role contains technical privileges to various abap\business suit clients. No approval required. Does anyone have a script to share or some kind of a headway? I tried creating a job with script but strugglling so far.
Thanks.
Hello Peter,
Just one last question on the scripts, the pass should be a "To Identity Store" right. Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Fernandez
A little more information is required - specifically, how are you identifying the users you want to assign it to? A simple job would be easy enough if there was some way to identify them from their IDM data.
With that many users you'll need to use a Job rather then an IDStore task.
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is it all users? If so, a job with:
SELECT distinct mcvalue FROM idmv_vallink_basic_active WHERE mcattrname='MSKEYVALUE' AND mcidstore = %gbl.SAP_MASTER_IDS_ID% AND MSKEY IN (SELECT mskey FROM idmv_vallink_basic_active WHERE mcattrname='MX_ENTRYTYPE' AND mcvalue = 'MX_PERSON')
This should select all active users.
The Destination is:
MSKEYVALUE %mcvalue%
changetype modify
MXREF_MX_ROLE {A}<rolename>
That should do the job. You can keep adding clauses to the SQL select to get the right set of users
Peter
I see this is answered but I want to add this anyway for future searchers that end up here:
To find entries its quicker and more efficient to use the idmv_entry_simple view, example:
select
mcmskeyvalue from idmv_entry_simple where mcEntryType = 'MX_PERSON'and mcIdStore = %glb.SAP_MASTER_IDS_ID%
(idmv_vallink_<> views are joins between multiple tables while idmv_entry_<> has no joins)
And if on SQL Server add WITH(NOLOCK) to queries used in the source of passes that write to IDStore to avoid issuing a shared lock when reading the entry you'll update on the destination pass. Especially important when using idmv_vallink... or other views that access MXI_VALUES.
User | Count |
---|---|
85 | |
10 | |
9 | |
9 | |
6 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.