cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Denied for Self Services after Transport

Go to solution
former_member192665
Participant

on ‎09-04-2013 8:42 AM

0 Kudos

Hi,

my customer is on Idm 7.2 SP7 and Oracle.

We have the problem that after each transport the Self Services stop working. Users get an "Access Denied" when they launch the self service link in the browser. The problem is easily fixed: You double click the corresponding line on the access control tab of the task and click "ok" on the dialog that pops up. Problem is that we don't want to do this every time we transport.

I remember I was having the same problem already in SP6 with another customer.

Does somebody else face the issue as well?

Thx

Kai

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

keith_zhang
Active Participant
‎09-10-2013 3:51 AM
0 Kudos

Hello Kai,

I noticed another customer got the same issue, that is after transport, the access control of self-service task got this problem, and it can be fixed by just modify and apply the access control rule again.

In table mxp_taskaccess, you may find these self tasks have targetmskey=null, while this should be 0. This issue is known to IDM DEV now, and should be fixed in 7.2 SP9.

BR, Keith

Show replies
Show replies
Former Member
‎12-05-2013 7:14 AM
0 Kudos

Hi Keith,

Could you please help me with pointing to the table mxp_taskaccess. Where can I find the same and where exactly the parameter value needs to be updated?

Many thanks,

Girish

Former Member
‎12-05-2013 7:43 AM
0 Kudos

Hi Girish,

As Keith said, simply reassigning the access controls for self-service on the respective task will fix the issue.

If you want to do it through table MXP_TaskAccess, following is the way.

1. Get the Task ID of the self-service task.

.

2. Login to the Identity center database with user mxmc_admin and corresponding password.

3. Execute the following select query with the self-service taskid ( task id from step 1).

    select * from MXP_TaskAccess with(nolock) where TaskId=<yourtaskid>

4. Check the value of the column TargetMskey for the self-service task.

    The value should be '0'. If you find the value is NULL, update the value to 0.

6. UPDATE MXP_TaskAccess SET targetmskey=0 WHERE TaskId=<yourtaskid>

All the best !!

~ Krishna.

keith_zhang
Active Participant
‎12-05-2013 8:17 AM
0 Kudos

Hi Girish,

This issue happened after transport, for self service web tasks. You can fix it by just modifying the access control rule and applying it again in IDM management console, like Kai described above.

From table mxp_taskaccess, normally following combination indicates a self service task:

Membertype=1, mskey=0, targetmembertype=101, targetmskey=0

When this issue happened after transport, you may find targetmskey=null there.

Hope it helps for you.

BR, Keith

keith_zhang
Active Participant
‎12-05-2013 8:39 AM
0 Kudos

Thanks Krishna

Just found your reply after I added mine. Need to refresh more often next time

BR, Keith

Former Member
‎12-06-2013 10:20 AM
0 Kudos

Hi Krishna,

Many thanks for the propmt reply. But we found that the value for TargetMSKEY is ZERO already ...

Could you please suggest further. We are not yet able to see the tasks in IDM interface.

Best regards,

Girish. 

Former Member
‎12-06-2013 12:05 PM
0 Kudos

Hi Girish,

Did you apply modify the ACL rules on the self service task? usually if you modify the ACL, it should work.

As Keith mentioned in the below post, can you verify the columns for the selfservice task in MXP_TASKACCESS table as below.

Membertype=1, mskey=0, targetmembertype=101, targetmskey=0


If the columns are as above,  but still not able to see the task in IDM UI,


can you pls post a screen shot of the ACL for that particular task.


Can you also confirm the version and patch level of your system.

~ Krishna.

Answers (1)

Answers (1)

Former Member
‎09-04-2013 11:14 AM
0 Kudos

Hi Kai,

Check in your web task(Self Service) in the tab(Access Control) if the access is set like:

BR,

Simona

Show replies
Show replies
Ask a Question