cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP IDM - ABAP User Creation

Former Member

on ‎04-28-2013 8:25 PM

0 Kudos

Experts ,

As part of AS ABAP IDM User - System integration , i am trying to create a new User in IDM by using "Create Identity" Task . When i do system executes job in following flow & got struck at this point.

System execute Provision Job 601 , execute TASK as mentioned above & stop .After this Step when i check DATABASE , i found that ACCOUNT<System ID> Attribute is created for the User . But PRIV:<rep>:ONLY is still in Pending Status . System is not showing up any error , but system is not trying to go to next step like " Update System Privilege (PRIV:SYSTEM:<rep> " or to fix Pending Value Object .

So post this step when we check DB for this user , it was identified that user has account Attribute assigned, but not Account Privilege or System Privilege . Experts can you please provide any guidance on this issue. I have set up repository as shown below :

Since Account Privilege is still in PENDING STATUS , i am not able to do Provisioning .

Please provide any inputs around this issue

Jerry George

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

emanuil_ivanov
Explorer
‎11-15-2013 10:47 AM
0 Kudos

Hello Jerry,

Could you please share the exact steps you took to fix this issue, as we are facing a similar issue ourselves ?

Thank you and Best Regards,

Emanuil

Show replies
Show replies
Former Member
‎11-15-2013 2:33 PM
0 Kudos

Hi Emanuil ,

Please check following things as part of Initial Set up .

ACCOUNT PRIVILEGE (PRIV:<system>:ONLY ) is referring to Associated Repository ( Member EVENTS are inherited or defined )

SYSTEM PRIVILEGE (PRIV:<system>:SYSTEM) - MEMBER EVENTS Assignment Task are inherited from Repository Level . Also MODIFY TASK (MX_MODIFYTASK)  should refer to REPOSITORY .

Also , please make sure Repository is defined with required Tasks.

Thanks,

Jerry George

Former Member
‎04-29-2013 5:26 PM
0 Kudos

All ,

Our issue related to Provisioning is fixed ,. Issue was due to a Modify Task which also got triggered as part of provisioning TASK . This creates Loop in the system which holds request in the Pending Value status .We have made adjustment to the Modify Task & corrected provision jobs accordingly .

Thanks ,

Jerry

Show replies
Show replies
keith_zhang
Active Participant
‎04-29-2013 10:01 AM
0 Kudos

Hello Jerry,

It seems the hook task for creating the user has finished already. Have you checked the following tasks under '1. Exec Plugin - Create User - waitafter'(as you may also noticed) about following points:

1. They are all enabled, and the status is not Error(especially this).

2. All assigned to a running dispatcher, and this dispatcher configured to run provisioning jobs in Java runtime engine(in its policy tab).

BR, Keith

Show replies
Show replies
Former Member
‎04-29-2013 12:27 PM
0 Kudos

HI Keith ,     

Hook Task are enabled & dispatcher is configured to run provisional jobs . Please see snap shot of task overview

Also see Create TASK  overview :

This is how flow is defined in SAP IDM SP 7  Can you please review this , Also i am not able to find where SAP updates Account Privilege as part of users MXREF_MX_PRIVILEGE . ?So in this case , Account Attribute got assigned , but not returning back to execute Create System privilege in the ordered group initial screen .

Thanks ,

Jerry

Ask a Question