cancel
Showing results for 
Search instead for 
Did you mean: 

user creation in ABAP system not working

Former Member
0 Kudos

Hi everybody!!

I've got an error when I try to provision a user in an ABAP system.

Normally everything is configured well :

- Initial loads was OK

- I put tasks in "event task" tab of the ABAP repository as shown below

When I assign the account privilege PRIV:..:ONLY, no workflow is triggered. Nothing happened in the IDM Log but on the IDM interface the assignment is set to "OK". To be more exact, nothing happens hen I add or remove PRIV..:ONLY privilege

Do I have to configure the account privilege (fill in provision field)? an idea of why the workflow is not triggered?

Moreover, when I put the account privilege in a business role, the provisioning workflow is well triggered but the condition to determine if an ACCOUNTD.. is present (mxpt_check_account sql procedure) doesn't recognize that the user has no account in the abap system yet and so try to make the assignment that fail because of no user exists.

I'm in version 7.2 SP8 if IDM

Thanks

Guillaume

Accepted Solutions (1)

Accepted Solutions (1)

keith_zhang
Active Participant
0 Kudos

Hello Guillaume,

Please check following passes of this ABAP initial load job, which may not have ran properly:

- Create ABAP Account Privilege(especially attribute "MX_REPOSITORYNAME" and "MX_IS_ACCOUNT")

- Add triggers to ABAP account Privilege

You can create a new initial load job based on the standard template and compare the attributes values with yours.

BR, Keith

Answers (4)

Answers (4)

Former Member
0 Kudos

Hi Guillaume,

Can you check the privilege tab on repository and confirm the PRIV:DE2:ONLY is mapped as the master privilege ?

If the PRIV:<>:ONLY is mapped as master privilege on repository, then the account attribute is created for the user on the repository.

If any other privileges of same repository are assigned, firstly IDM checks whether the account attribute exists for the user for the repository or not. If account attribute is not available, the assignments will get failed. this is what happening in your case.

All the best !!

~ Krishna.

Former Member
0 Kudos

thanks to answer me that fast.

I check the hook tasks, evrything seems to be OK :

The tasks are enabled and assigned to a dispatcher. The dispatcher is running and Policy seems to be OK :

Two things appear to be wrong :

  - when I assign the account privilege, nothing happens. the 601 provision task is not triggered. the only that works is when I put the job 22/1. Create abap user in the provisioning field of the account privilege

  - when I assign another privilege, the provision task is well trigger but the condition "check is account" doesn't recognize that the attribute "ACCOUNT..."is not set to the user yet (in the case where the PRIV:..:ONLY is not assign to the user). I made a quick test. I modify the procedure to force the output to be 1 in order to trigger "1. Exec plugin - Create user..." (hook1) and the user is created well.

Do I have to set a master privilege at repository level?

I remarked that every privilege has a master privilege (PRIV:..ONLY) fill in the "master privilege" field. I s that OK?

Former Member
0 Kudos

Have you assigned the ONLY privilege as the master on the repository?

Peter

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Guillaume,

did you check in the repository-constants, if the hook-tasks have assigned the different tasks?

Is a dispatcher assigned to the tasks?

Regards,

Steffi.

EDIT: Chris was faster. ^^ Still, the constants-thingy stands.

ChrisPS
Contributor
0 Kudos

Hello Guillaume,

                         some things to check

- are all the passes/tasks for provisioning enabled -> both 601 task and repository plugin tasks

- are all the tasks assigned a dispatcher

- is this dispatcher running

- do you have a dispatcher setup to execute provisioning (check the dispatcher policy tab)

Cheers,

Chris