on 01-29-2014 11:45 AM
Hi everybody!!
I've got an error when I try to provision a user in an ABAP system.
Normally everything is configured well :
- Initial loads was OK
- I put tasks in "event task" tab of the ABAP repository as shown below
When I assign the account privilege PRIV:..:ONLY, no workflow is triggered. Nothing happened in the IDM Log but on the IDM interface the assignment is set to "OK". To be more exact, nothing happens hen I add or remove PRIV..:ONLY privilege
Do I have to configure the account privilege (fill in provision field)? an idea of why the workflow is not triggered?
Moreover, when I put the account privilege in a business role, the provisioning workflow is well triggered but the condition to determine if an ACCOUNTD.. is present (mxpt_check_account sql procedure) doesn't recognize that the user has no account in the abap system yet and so try to make the assignment that fail because of no user exists.
I'm in version 7.2 SP8 if IDM
Thanks
Guillaume
Hello Guillaume,
Please check following passes of this ABAP initial load job, which may not have ran properly:
- Create ABAP Account Privilege(especially attribute "MX_REPOSITORYNAME" and "MX_IS_ACCOUNT")
- Add triggers to ABAP account Privilege
You can create a new initial load job based on the standard template and compare the attributes values with yours.
BR, Keith
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Guillaume,
Can you check the privilege tab on repository and confirm the PRIV:DE2:ONLY is mapped as the master privilege ?
If the PRIV:<>:ONLY is mapped as master privilege on repository, then the account attribute is created for the user on the repository.
If any other privileges of same repository are assigned, firstly IDM checks whether the account attribute exists for the user for the repository or not. If account attribute is not available, the assignments will get failed. this is what happening in your case.
All the best !!
~ Krishna.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks to answer me that fast.
I check the hook tasks, evrything seems to be OK :
The tasks are enabled and assigned to a dispatcher. The dispatcher is running and Policy seems to be OK :
Two things appear to be wrong :
- when I assign the account privilege, nothing happens. the 601 provision task is not triggered. the only that works is when I put the job 22/1. Create abap user in the provisioning field of the account privilege
- when I assign another privilege, the provision task is well trigger but the condition "check is account" doesn't recognize that the attribute "ACCOUNT..."is not set to the user yet (in the case where the PRIV:..:ONLY is not assign to the user). I made a quick test. I modify the procedure to force the output to be 1 in order to trigger "1. Exec plugin - Create user..." (hook1) and the user is created well.
Do I have to set a master privilege at repository level?
I remarked that every privilege has a master privilege (PRIV:..ONLY) fill in the "master privilege" field. I s that OK?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Guillaume,
did you check in the repository-constants, if the hook-tasks have assigned the different tasks?
Is a dispatcher assigned to the tasks?
Regards,
Steffi.
EDIT: Chris was faster. ^^ Still, the constants-thingy stands.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Guillaume,
some things to check
- are all the passes/tasks for provisioning enabled -> both 601 task and repository plugin tasks
- are all the tasks assigned a dispatcher
- is this dispatcher running
- do you have a dispatcher setup to execute provisioning (check the dispatcher policy tab)
Cheers,
Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
24 | |
11 | |
9 | |
7 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.