cancel
Showing results for 
Search instead for 
Did you mean: 

Issue while changing validity date for assigned roles: SAP IDM 7.2 SP8

deepakkg86
Participant
0 Kudos

Hello Experts

I assigned the Task on repository for validity modification for Roles as in below screenshot:

When I modify the role validity, Task defined for Validity modification doesnt get triggered and IDM executes the tasks defined as Modify Task and fails with below errors:

1. Could not obtain repository name from Pending object.

2. Error ! Audit id , Variable doesnt exist in MXPT_GET_ENTRYTYPE.

I tried checking provisioning audit logs but could'nt find any Audit ID created for validity modification and I guess due to this tasks are getting cancelled.

Why the task defined in Modify Valdity tasks doesnt get triggered when I modify the Role assignment validity ?

Am I doing anything wrong with the SAP Standard way of working ?

Regards

Deepak Gupta

Accepted Solutions (1)

Accepted Solutions (1)

ChrisPS
Contributor
0 Kudos

Hello Deepak,

                     when defining the events on the repository the standard setting is to set a task for

Modify event however normally no event is set for the Modify Validity Task. Therefore remove this and test again and see what the outcome is.

Thanks

Chris

normann
Advisor
Advisor
0 Kudos

Hi Chris,

if the provisioning framework is adapted and the validity dates are provisioned to the target systems it is a valid approach to use this task. If the validity ends on target system and is extended in IdM without that event you have inconsistency and the user will loose the assignment in target while he still has it valid in IdM.

The first thing to do here is having a look at the PVO created. Is it different to a PVO created for an add/remove event?

Regards

Norman

Answers (1)

Answers (1)

deepakkg86
Participant
0 Kudos

Hello Chris

Thanks for your response.

Even I was in impression that Modify tasks should get triggered when we modify validity information in IDM UI, But nothing is getting triggered.

Moreover, I am surprised that after modify the validity there is no Audit ID / Pending value generated, Might be because of this issue there is no task triggered.

Am I doing anything wrong ?

Regards

Deepak Gupta

Former Member
0 Kudos

Hi Deepak/Chris,

We are also facing a similar issue in our project where modifying validity of the role does not trigger any task. We then changed the Modify attribute(in task tab) on the priveleges to "inhereted".

The modify task is now triggered and completes successfully. However, no changes occur in backend.

We need unedrstand where do we maintain the setting to define which attributes(if changed) will trigger an event task in the provisioning framework. the "check attributes modification" task within the provisioning framework executes the below query:

select COUNT(VarName) from mxpv_audit_variables where AuditID=%AUDITID% and VarValue='%MSKEY%' and VarName='MARK_EXEC_MODIFY_ATTR%MSKEY%'

The query gives the result as "False" in case we only modify the validity of the role assigned to user. Thus no event tasks are executed for the same.

Can anyone please share where do we define the attributes for this query to give "True" as result for role validity modification.

regards,

Nits