on 02-25-2014 6:52 AM
Hello Experts
I assigned the Task on repository for validity modification for Roles as in below screenshot:
When I modify the role validity, Task defined for Validity modification doesnt get triggered and IDM executes the tasks defined as Modify Task and fails with below errors:
1. Could not obtain repository name from Pending object.
2. Error ! Audit id , Variable doesnt exist in MXPT_GET_ENTRYTYPE.
I tried checking provisioning audit logs but could'nt find any Audit ID created for validity modification and I guess due to this tasks are getting cancelled.
Why the task defined in Modify Valdity tasks doesnt get triggered when I modify the Role assignment validity ?
Am I doing anything wrong with the SAP Standard way of working ?
Regards
Deepak Gupta
Hello Deepak,
when defining the events on the repository the standard setting is to set a task for
Modify event however normally no event is set for the Modify Validity Task. Therefore remove this and test again and see what the outcome is.
Thanks
Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chris,
if the provisioning framework is adapted and the validity dates are provisioned to the target systems it is a valid approach to use this task. If the validity ends on target system and is extended in IdM without that event you have inconsistency and the user will loose the assignment in target while he still has it valid in IdM.
The first thing to do here is having a look at the PVO created. Is it different to a PVO created for an add/remove event?
Regards
Norman
Hello Chris
Thanks for your response.
Even I was in impression that Modify tasks should get triggered when we modify validity information in IDM UI, But nothing is getting triggered.
Moreover, I am surprised that after modify the validity there is no Audit ID / Pending value generated, Might be because of this issue there is no task triggered.
Am I doing anything wrong ?
Regards
Deepak Gupta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Deepak/Chris,
We are also facing a similar issue in our project where modifying validity of the role does not trigger any task. We then changed the Modify attribute(in task tab) on the priveleges to "inhereted".
The modify task is now triggered and completes successfully. However, no changes occur in backend.
We need unedrstand where do we maintain the setting to define which attributes(if changed) will trigger an event task in the provisioning framework. the "check attributes modification" task within the provisioning framework executes the below query:
select COUNT(VarName) from mxpv_audit_variables where AuditID=%AUDITID% and VarValue='%MSKEY%' and VarName='MARK_EXEC_MODIFY_ATTR%MSKEY%'
The query gives the result as "False" in case we only modify the validity of the role assigned to user. Thus no event tasks are executed for the same.
Can anyone please share where do we define the attributes for this query to give "True" as result for role validity modification.
regards,
Nits
User | Count |
---|---|
84 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.