cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Invalid dates while Provisioning

Go to solution
Murali_Shanmu
Active Contributor

on ‎03-06-2013 11:22 PM

0 Kudos

Hi,

I have SAP IdM provisioning a technical role in ERP after approval from Access Control. The role gets assigned to the user in the ERP system. Everything works fine. However, the From date has changed to 1-1-1900 and End Date has changed to 31-12-9999 for ALL my roles in ERP. The dates which I provided for this technical role are visible in the Identity Store/Access Control. It just has not passed down to ERP system.

I have an IdM 7.2 SP6 system.

I have also gone thru this Note 1681408 - Validity Dates Not Provisioned to ABAP or Java Systems


Any suggestions ?

Regards

Murali.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

keith_zhang
Active Participant
‎03-07-2013 9:03 AM
0 Kudos

Hello Murali and Peter,

Maybe the note you mentioned is 1626816?

If you are using standard SAP PF connector jobs for ABAP, this should be the standard behavior. You may can also reproduce this by simply assign a ABAP role with validity dates directly from Web UI without GRC.

Now in standard SAP provisioning framework, we do not provision validity date to ABAP repositories, instead this is managed by IDM centrally(as you saw), which will deprovision the privileges when necessary. While if you still want to implement your own such functions, please you can also refer to note 1626816, or check the RDS solution which may have implemented such validity date provisioning.

Hope this helps for you.

Best regards,

Keith Zhang

Show replies
Show replies
Murali_Shanmu
Active Contributor
‎03-07-2013 9:20 AM
0 Kudos

Interesting.

I don't have the system in front of me now. But curious to know what would be the standard behavior when in IdM, if I assign a privilege today with a "Valid From" date as 1-Apr-2013. Will IdM straightaway put this role in my SAP ABAP system or wait until 1-Apr-2013 ?

Thanks,

Murali.

keith_zhang
Active Participant
‎03-08-2013 12:28 AM
0 Kudos

Hi Murali,

If the 'valid from' is a future date, this will not trigger the add member task directly, so the backend ABAP system doesnot have this info. From IDM side, the link table stores this assignment as 'pending add' status with the validity dates, and this should can also be seen from web UI side by advanced search.

BR, Keith

Murali_Shanmu
Active Contributor
‎03-08-2013 12:45 AM
0 Kudos

Thanks Keith.

Answers (1)

Answers (1)

Former Member
‎03-07-2013 6:31 AM
0 Kudos

Hi Murali

I seem to remember looking at this 6 months ago.  It appeared possible but its a bit of a pain.  There was an OSS note I was looking at but I can't find it again.

Sorry I can't give more info.

Peter

Show replies
Show replies
Murali_Shanmu
Active Contributor
‎03-07-2013 6:48 AM
0 Kudos

Hi Peter,

Thanks. I have raised an OSS Message with SAP. Shall update once I get a solution from them.

Cheers

Murali.

Ask a Question