cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lock Unlock User with select system option

Former Member

on ‎08-21-2013 7:41 PM

0 Kudos

Hi ALL!

I am configuring the SAP IdM and now I have a doubts... I have the task (standard) LockUnlockABAPUser and JAVAUser it's work fine!!! but I would like to know if is possible customizing the task, where i can select the system (ABAP or JAVA) and start the process (lock or unlock) It's possible?

King regards.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎08-21-2013 11:43 PM
0 Kudos

Sure!

Set up attributes TEMP_UNLOCK_SYSTEM and TEMP_LOCK_SYSTEM as a multivalue strings.  Configure them to display the reposirtory names as valid options.

In the UI, the user can select one or more systems to unlock / lock.

Have a subtask which triggers a cut down hook task that sets or unlocks the user.

Alternatively:

Create LOCK_rep.NAME and have them all shown.  Change the hook task so that it writes out LOCK_rep.NAME rather then MX_LOCKED.

You can even combine them - have them select the repositories from a list, then a subtask which sets the individual locked attributes.  If you add the LOCKED_rep.NAME to the trigger attributes for a repository it'll trigger the update for you.

This is a very broad brush but hopefully points you in the right direction.

Peter

Show replies
Show replies
Former Member
‎08-22-2013 8:35 PM
0 Kudos

Hi Peter!

I'm not understand... I have create the attribute? can you shared a screenshot with this customizing, please?

Thank you very much!

Former Member
‎08-26-2013 1:11 AM
0 Kudos

Hi Eduardo

I haven't actually built it but the steps are pretty simple I think:

1. Create an attribute: TEMP_UNLOCK_ABAP_REPOSITORIES

      check 'Multivalue'

     Set the Attribute Values to

          SELECT rep_name FROM MC_REPOSITORY WHERE rep_type IN (2,6) AND rep_name IN (SELECT SUBSTRING(attrname,8,30) AS repositories FROM idmv_value_basic WHERE attrname LIKE 'ACCOUNT%' AND mskey = %USERMSKEY%)

2. Add this attribute to a UI Task (MSKEYVALUE,  TEMP_UNLOCK_ABAP_REPOSITORIES).  It should show you a list of the ABAP/Business Suite repositories for the user and allow you to move them into the new attribute.

3. Have a subtask which is ToGeneric and calls a script which essentially does:

     accountsToUnlock = Par.get("TEMP_UNLOCK_ABAP_REPOSITORIES");   

     unlockArray = accountsToUnlock.split("|");

     for(i=0; i< unlockArray.length; i++)

          repositoryID = uSelect("SELECT rep_id FROM MC_REPOSITORY WHERE rep_name = '" + unlockArray[i] + "'");

          result = uProvision(Par.get("MSKEY"), unlockTaskID, AuditID, repositoryID, "",0);

unlockTaskID is the ID of the job you want to trigger to do the work in ABAP.

AuditID is the audit id of the parent task but can be left at 0;

4. Clear the contents of the TEMP attribute

There are refinements you can do:

- Added a 'permanent' attribute which can store the status of the locked attribute for each system individually (or do one per repository) so that the status can be displayed on the UI Screen.

Hope that helps

Peter

bxiv
Active Contributor
‎08-21-2013 8:28 PM
0 Kudos

Are you looking for a global solution of locking/unlocking or to prompt for a SID/some type of system identifier and only unlock on the SIDs specified?

Show replies
Show replies
Former Member
‎08-22-2013 8:23 PM
0 Kudos

Hi

I would like of the select the system e.g: ECC100:ONLY is my SID ECC... I have a landscape with 3 system (2 ABAPs and 1 JAVA) with the task standard i lock or unlock all system, but i want select any system... understand?

thanks by your help...

Ask a Question