cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password change issue when updating user data in SAP ABAP system

laurent_vandenbemden
Participant

on ‎06-30-2014 8:04 AM

0 Kudos

Hi Guru's,

One of my reconciliation tasks part of the reconciliation job I've created is doing some strange password updates.

As you can see below the task selects all users part of my identity store that are part of the account attribute of the particular ABAP system.

Once these users are selected the task updates different data like username, validto, ... but the task is updating a lot of other things that are not part of the destination tab. What is causing the biggest issue is the password fields that are updated in the ABAP system like, password, productive password, ...

Can you please advise if I missed something and how to solve?

Thanks a lot,

Laurent

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

laurent_vandenbemden
Participant
‎07-28-2014 2:10 PM
0 Kudos

Hello Steffi,

Yes in the ABAP systems they have the same timestamp. No other jobs are running at the same time.

It is only happening to a few users depending on the ABAP system. On some ABAP systems there are only a few users for which the PW is reset and other systems 300.

Example below of a system where I updated all user. In my pass only the following attributes should have been pushed thru to the ABAP system.

However the valid from, accounting number and password have been updated as well.

Thx,

Laurent

Show replies
Show replies
laurent_vandenbemden
Participant
‎09-04-2014 7:52 AM
0 Kudos

Hi,

Finally after a lot of investigation it seems that the problem is not coming from IDM but from the child systems connected to it.

There are at my customer location some system refreshes that make the user "inconsistent" with what IDM knows. Even if the users are exported before the refresh and reimported after the refresh in the child system. So I guess there must be something happening between IDM and the child system when IDM sends some update data to the child.

Has anyone ever encountered this kind of issues?

Thx,

Steffi_Warnecke
Active Contributor
‎07-15-2014 9:51 AM
0 Kudos

Hello Laurent,

have the changes to the other fields (passwords etc) the same timestamp from your stand-alone job or are they updated by IdM later on? Could it be, that you have a scheduled job, that reads changes from SAP back into IdM (like every 10 minutes or something like that) that could trigger a normal modify-ABAP task for these users?

Is this happening for all users, that are found by your job or just some?


And I think Pradeep meant, if you have checked in your job log, if other jobs were running at the same/similar time, that could also be the reason for the updates.

Regards,

Steffi.

Show replies
Show replies
Former Member
‎07-12-2014 5:55 PM
0 Kudos

HI Laurent,

Are you sure that this job only updates password ?

Did you try to check what all jobs get triggered by checking in global job log for this activity?

What value is getting assigned to securitypolicy attribute ?

Regards,

Pradeep

Show replies
Show replies
laurent_vandenbemden
Participant
‎07-15-2014 7:42 AM
0 Kudos

Hello Pradeep,

It is a stand alone job that updates the user details.

Only the attributes in the second screenshot of my original post are pushed to the ABAP system.

Actually I can see it updates some additional attributes that are not mentioned in the to ABAP pass.

The securitypolicy sends a "A" over to the ABAP system, which is corresponding with Dialog user.

Thx,

Laurent

Ask a Question