on 07-03-2014 8:30 AM
Hi experts,
My user (MSKEYVALUE= myUser, MSKEY=12345678) has some problem.
Under "Simple search" the user cannot be found. Under "Advanced search" the user can be found and the user is not INACTIF.
In UI the user has 5 ABAP privileges that in Pending status that I cannot not removed form the UI.
select * from idmv_entry_simple where mcMSKEYVALUE='myUser'
--> NO RESULT
select * from idmv_link_ext where mcThisMskey= 12345678
--> Give more information and shows that this user has 5 privileges under the status mcExecState=1536
So I think that my user was deleted and only the links to pending privileges still available in IDM.
I tried a job with MXREF_MX_PRIVILEGE = {D} / {E} <privilege> and also MXREF_MX_PRIVILEGE = {D} {LINKID = linkid} <privilege>
But still no succes so any help how to get back my user?
Victoria
Hi Victoria,
If your user was deleted from IdM to re-active it you should follow the steps below:
1. Get the user’s mskey from:
select * from mxi_entry where mcmskeyvalue=MSKEYVALUE;
2. Update the entry state:
update mxi_entry set mcentrystate=0 where mcmskey=%MSKEY%;
3. Update user’s attribute:
update mxi_values set disabled=0 where mskey=%MSKEY%;
4. Delete fromtable: mxi_values - MX_INACTIVE(attrid=%ATTRID%) and MC_DISABLE(attrid=%ATTRID%)) - if you user them
BR,
Simona
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Victorya,
The easy way is to update(set to removed) all of the assigned privileges - mclinkstate = 2 and mcexecstate, mcexecstatehierarchy to 1052 for the current user:
1. update mxi_link set mclinkstate=2 where mcthismskey=%MSKEY% and mcattrid='%PRIV_ID%';
2. update mxi_link set mcexecstate=1052 where mcthismskey=%MSKEY% and mcattrid='%PRIV_ID%';
3. update mxi_link set mcexecstatehierarchy=1052 where mcthismskey=%MSKEY% and mcattrid='%PRIV_ID%';
This way you will remove the previous access(pending and assigned) and the user will be reactivated.
BR,
Simona
Hi Simona,
Thanks for the help,
Victoria
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Simona,
Any update please, do you mean by %PRIV_ID% the mskey of the privilege to be removed or only the Attr_ID of MX_ACTIVE, MX_DISABLED, MX_LOCKED ?
Thanks,
Victoria
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Victora,
No, by %PRIV_ID% I mean, that you will specify that in mxi_link - table you will update only privileges(all MX_PRIVILEGES have the same ATTRIBUTE_ID). As well in this table(mxi_link) you have only reference values (reference values - in this case for entry type MX_PERSON) not attrubute of the user.
BR,
Simona
Hi Victoria,
About the execstate value, yes I meant 1025. As for the MX_PRIVILEGE reference ID you can use this select to get it:
select distinct(mcattrid) from idmv_vallink_basic_active where mcattrname='MXREF_MX_PRIVILEGE' and mskey in(
select mskey from idmv_vallink_basic where mcattrname='MSKEYVALUE' and mcsearchvalue ='%MSKEYVALUE%');
Note: %MSKEYVAUE% - of some user in IdM.
BR,
Simona
Victoria,
Please look under the idmv_value_ext view to see if the user is there. It does indeed sound like the user is gone for some reason.
Reconstructing the user will probably need to be done manually but you might find some information in the audit tables.
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Any comments or Input please ?
We are using SP 7.2 SP7
Victoria
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.