on 04-28-2013 8:25 PM
Experts ,
As part of AS ABAP IDM User - System integration , i am trying to create a new User in IDM by using "Create Identity" Task . When i do system executes job in following flow & got struck at this point.
System execute Provision Job 601 , execute TASK as mentioned above & stop .After this Step when i check DATABASE , i found that ACCOUNT<System ID> Attribute is created for the User . But PRIV:<rep>:ONLY is still in Pending Status . System is not showing up any error , but system is not trying to go to next step like " Update System Privilege (PRIV:SYSTEM:<rep> " or to fix Pending Value Object .
So post this step when we check DB for this user , it was identified that user has account Attribute assigned, but not Account Privilege or System Privilege . Experts can you please provide any guidance on this issue. I have set up repository as shown below :
Since Account Privilege is still in PENDING STATUS , i am not able to do Provisioning .
Please provide any inputs around this issue
Jerry George
Hello Jerry,
Could you please share the exact steps you took to fix this issue, as we are facing a similar issue ourselves ?
Thank you and Best Regards,
Emanuil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Emanuil ,
Please check following things as part of Initial Set up .
ACCOUNT PRIVILEGE (PRIV:<system>:ONLY ) is referring to Associated Repository ( Member EVENTS are inherited or defined )
SYSTEM PRIVILEGE (PRIV:<system>:SYSTEM) - MEMBER EVENTS Assignment Task are inherited from Repository Level . Also MODIFY TASK (MX_MODIFYTASK) should refer to REPOSITORY .
Also , please make sure Repository is defined with required Tasks.
Thanks,
Jerry George
All ,
Our issue related to Provisioning is fixed ,. Issue was due to a Modify Task which also got triggered as part of provisioning TASK . This creates Loop in the system which holds request in the Pending Value status .We have made adjustment to the Modify Task & corrected provision jobs accordingly .
Thanks ,
Jerry
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jerry,
It seems the hook task for creating the user has finished already. Have you checked the following tasks under '1. Exec Plugin - Create User - waitafter'(as you may also noticed) about following points:
1. They are all enabled, and the status is not Error(especially this).
2. All assigned to a running dispatcher, and this dispatcher configured to run provisioning jobs in Java runtime engine(in its policy tab).
BR, Keith
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Keith ,
Hook Task are enabled & dispatcher is configured to run provisional jobs . Please see snap shot of task overview
Also see Create TASK overview :
This is how flow is defined in SAP IDM SP 7 Can you please review this , Also i am not able to find where SAP updates Account Privilege as part of users MXREF_MX_PRIVILEGE . ?So in this case , Account Attribute got assigned , but not returning back to execute Create System privilege in the ordered group initial screen .
Thanks ,
Jerry
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.