cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

provisioning tasks not executing

Go to solution
Former Member

on ‎04-30-2013 12:41 AM

0 Kudos

Hello,

I have IDM 7.2 with the latest SP7 installed, and am currently not able to provisioin roles/privileges in one AS ABAP repository.

To try and resolve this I have re-read the technical overview as well as the configuration guide to see if something was missed. As yet I haven't found anything.

Here's what's been completed:

- AS ABAP repository configured and working

- initial load for AS ABAP repository completed

- role model created, roles created

- I have created a 'Custom Tasks' folder, where I've copied the 'web enabled tasks'. I use these in the IDM UI.

- configuration guide has been worked through, I believe this to be complete.

These tasks currently do execute successfully.

     - 1. Exec Plugin - Create User

     - 2. Exec Plugin - Modify User

The AS ABAP connector tasks that aren't being executed after a role/privilege is assigned to a user are:

     - 4. Assign User Membership

     - 5. Revoke User Membership

So right now I'm able to:

- create and modify a user in IDM UI, and

- this user does get provisioned to the AS ABAP repository (success)

- the user is assigned the account privilege role (success)

But when I assign a role/privilege in the IDM UI, the only message I get is 'identity changed'.

Any thoughts on where to look in resolving this?

Cheers, Paul

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-30-2013 2:48 AM
0 Kudos

Hi Paul ,

For provisioning to happen to AS ABAP please confirm if you have defined Repository & associated Hook task Properly . Also , please check whether you have defined Assignment Add Task ( 601 Provision ) , Deprovision Task , Modify Task defined properly . Also , please note for any user account creation, System will trigger user creation in following order

Step 1 : Account Privilege ( PRIV:<REP>:ONLY) need to be assigned to user through User Interface or a Task

This will trigger ABAP Account Creation in below mentioned order .

Account Privilege Assignment in User Admin Task >>Create ABAP User Plugging Task >> Assign Account Attribute (ACCOUNTrep  - User ID ) >>Assign System Privilege ( System Privilege defined at Repository level) >> FIX PVO >> Trigger Notification

If a user has all this Privileges assigned properly ,Role provisioning to back end ABAP Systems will work as expected .

Please check whether you have all this set up complete . If you are still getting some type of error , please post error screen shot also here . This will help us to check this issue more .

Also in our project also we are running on SP7 .

Thanks ,

Jerry

Show replies
Show replies
Former Member
‎05-01-2013 12:59 AM
0 Kudos

Hi Jerry,

Thanks for your help.

I can confirm the following:

1) repository and associated hook tasks are defined.

2) repository event tasks are also defined.

3) the account privilege was created during the initial load and is assigned to users I'm working with.

Here are some screenshots of the current setup.

As mentioned above, a number of the ABAP plugin tasks do execute, but not all. Specifically I have trouble with MX_HOOK4_TSK, 297/4. Assign User Membership to ABAP.

This brings up a question I have about choosing tasks. When I select the 'choose task' dropdown I'm shown the following choices:

The 'identity' drop down has the same choices. To get this list of available tasks I followed the configuration guide to create the 'custom tasks' folder where the 'web enabled tasks' are copied to.

Now, if I were to choose the 'assign privilges, roles, groups' selection from the 'custom web enabled tasks' I see a different set of roles assigned to certain users. I don't understand why this would be. Also, in the bottom part of the 'manage' users screen, the roles/privileges assigned to users doesn't show all the roles I see when I select the 'custom tasks ->assign privileges, roles and groups' window does. Make sense?

The difference between what these two task screens display may have a bearing on why the 'assign user membership to ABAP' task is not being executed. Any thoughts on that?

Thanks for your help.

Paul

Former Member
‎05-01-2013 4:26 PM
0 Kudos

Hi Paul ,

Can you please post JOB Log & System Log when you Task "Assign ABAP Privileges" are executed .

Also can you please check whether Account Privilege (PRIV:R3D:ONLY) is assigned to user ( OK Status , not in Pending Status) in User Interface Screen . Also please confirm System Privilege also is assigned to user ((PRIV:SYSTEM:R3D) - Check this Privilege in DB level , as this is not visible from UI screen )

Also , Please refer to below mentioned SCN discussion ,around difference in Privileges assignment compared to IDM vs Back end Systems.

http://scn.sap.com/thread/3349510

Thanks ,

Jerry

Former Member
‎05-03-2013 10:27 PM
0 Kudos

Thanks Jerry.

This has now been resolved. I posted what happened in this post.

http://scn.sap.com/thread/3341160

Cheers, Paul

Answers (0)

Ask a Question