Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Error in removing privilege from the user

Hello IDM Experts,

When I am trying to remove privilege (direct assignment type) from the user in IDM UI (IDM 7.2 SP8) then I get

below error

Unable to set value for attribute Member of Privilege. Detailed information (may not be translated): Referenced value does not exist.

While removing it via custom job in IDM console, I get below error.


putNextEntry failed storing<user mskeyvalue>

Exception from Modify ToIDStore.modEntry failed modifying entry '<user mskeyvalue>'. IDStore returned error message: " Referenced value does not exist:Attribute: MXREF_MX_PRIVILEGE" when storing attribute 'MXREF_MX_PRIVILEGE={e}<priv mskey>'

I ran the query  for user and privilege relationship and everything seems to be consistent.

select mcThisMskey, mcOtherMskey,mcExecState,mcExecStateHierarchy,mclinktype, mcLinkState,mcOrphan from mxi_link where mcthismskey = 1639496 and mcothermskey = 7989

Query result screenshot below:

Error shows referenced value does not exist . This privilege is assigned directly to user and exist in database with OK status.

Could you please let me know why this issue occurs and how to resolve this issue ?

Thanks & Regards,



Hello All,

This Issue is resolved now. :-)

Permanent Solution: Implement SAP Note 2075412.


Issue was that mcassigner had invalid mskey. It may happen if the mskey has been deleted.

mcassigner can be checked in idmv_link_ext for user-privilege relationship.

select mcassigner, mcthismskeyvalue, mcothermskeyvalue from idmv_link_ext_active where mcthismskeyvalue = '<usermskeyvalue'> and mcothermskeyvalue = '<privilegemskeyvalue>'

In such case mcassigner should have a valid user mskey or -1 (means unknown).

SAP has suggested to set value to -1.

To set mcassigner = -1 below query can be run.

UPDATE mxi_link SET mcassigner = -1 WHERE mcThismskey = ‘<usermskey>’ and mcOthermskey = ‘<mcprivilegemskey>’ AND mcOrphan=0 AND mcLinkType=2 AND mcLinkState<2

After updating mcassigner, removal of such privilege from user was successful.

Thank you to everyone whoever has put effort to provide me the solution.



0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question