cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Automatic Provisioning in SAP IdM 7.2

Go to solution
Former Member

on ‎06-10-2013 1:18 PM

0 Kudos

Hi all!

I installed and configured the SAP IdM 7.2 and after the job Write HCM Employee to SAP Master is finished the employee doesn't created in SAP ECC, I have the repository created, the SYSTEM PRIVILEGE created after job Initial Load too... but the automatic provisioning don't work...  I don't know where set this option...

I have reading the configuration guide, but i can't understand it...

Can you help me, please?

Daniel

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

ChrisPS
Contributor
‎06-10-2013 2:30 PM
0 Kudos

Hello Eduardo,

                       once values are transferred from HCM there is no automatic provisioning like

you expect. You need to assign the master privilege of the ECC system to the users brought in

into the Identity Store by the HCM write job so that they are created there. The master privilege

assignment to the users will start the provisioning job that was defined on the ECC repository.

hope it helps.

Chris

Show replies
Show replies
Former Member
‎06-10-2013 7:04 PM
0 Kudos

Hi Chris!

thank you by your answer... but i would like to know how can i assign the master privilege of the ECC system to the users...

Can you help me, please?

Note: When I'll assign the privilege in the user with the user interface the provision is ok! but, i would like to know how i can configure the job "assign the privilege in the users" after the job write hcm to sap master is finished...

Thank you!

Daniel

ChrisPS
Contributor
‎06-10-2013 9:02 PM
0 Kudos

Hello Eduardo,

                       you would need to create a job with a to identity store pass to read all the mskeyvalue's of the users in the identity store using an SQL select statement in the source of the pass and in the destination of the pass write the master privilege to all the selected users. In the destination choose the entry type as MX_PERSON and the values as below

Attribute                                Value

MSKEYVALUE                     %MSKEYVALUE%

changtype                             modify

MXREF_MX_PRIVILEGE    <name of the ECC master Privilege>

In the source check the box  'use identity store' and use the Build SQL Query tool to choose all maskeyvalues and select entrytype MX_PESON as the filter eg

SELECT DISTINCT mskey FROM idmv_vallink_basic_active WHERE mcidstore=1 AND

((mskey IN (SELECT mcmskey FROM idmv_vallink_basic_active WHERE mcattrname='MX_ENTRYTYPE' AND mcsearchvalue = 'MX_PERSON')))

Thanks,

Chris

Answers (1)

Answers (1)

Former Member
‎06-11-2013 5:29 AM
0 Kudos

Is this the same ECC as you're getting the HCM data from?

Make sure ECC is a Business Suite system - you should get a FUNCTION_SET privilege HR_COMMUNICATION (or similar).  Also make sure NO_USER_ACCOUNT is set to 1.

Assign that to each user coming from HCM as part of the import process.

The Assign Master Privilege task is

MASKEYVALUE  %MSKEYVALUE%

changetype  modify

MXREF_MX_PRIVIELEGE  {A}<PRIV:%$rep$NAME%:ONLY>

Assign this as the 'No master privilege task' on the repository and it'll do the work as soon as the functionset is assigned.  Note that this task also works for every other repository.

Show replies
Show replies
Ask a Question