Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Error in removing privilege from the user

Hello IDM Experts,

When I am trying to remove privilege (direct assignment type) from the user in IDM UI (IDM 7.2 SP8) then I get

below error

Unable to set value for attribute Member of Privilege. Detailed information (may not be translated): Referenced value does not exist.


While removing it via custom job in IDM console, I get below error.

Error

putNextEntry failed storing<user mskeyvalue>

Exception from Modify operation:com.sap.idm.ic.ToPassException: ToIDStore.modEntry failed modifying entry '<user mskeyvalue>'. IDStore returned error message: " Referenced value does not exist:Attribute: MXREF_MX_PRIVILEGE" when storing attribute 'MXREF_MX_PRIVILEGE={e}<priv mskey>'

I ran the query  for user and privilege relationship and everything seems to be consistent.

select mcThisMskey, mcOtherMskey,mcExecState,mcExecStateHierarchy,mclinktype, mcLinkState,mcOrphan from mxi_link where mcthismskey = 1639496 and mcothermskey = 7989

Query result screenshot below:


Error shows referenced value does not exist . This privilege is assigned directly to user and exist in database with OK status.

Could you please let me know why this issue occurs and how to resolve this issue ?


Thanks & Regards,

Pradeep


Tags:
replied

Hello All,

This Issue is resolved now. :-)

Permanent Solution: Implement SAP Note 2075412.

Workaround:

Issue was that mcassigner had invalid mskey. It may happen if the mskey has been deleted.

mcassigner can be checked in idmv_link_ext for user-privilege relationship.

select mcassigner, mcthismskeyvalue, mcothermskeyvalue from idmv_link_ext_active where mcthismskeyvalue = '<usermskeyvalue'> and mcothermskeyvalue = '<privilegemskeyvalue>'

In such case mcassigner should have a valid user mskey or -1 (means unknown).

SAP has suggested to set value to -1.

To set mcassigner = -1 below query can be run.

UPDATE mxi_link SET mcassigner = -1 WHERE mcThismskey = ‘<usermskey>’ and mcOthermskey = ‘<mcprivilegemskey>’ AND mcOrphan=0 AND mcLinkType=2 AND mcLinkState<2

After updating mcassigner, removal of such privilege from user was successful.

Thank you to everyone whoever has put effort to provide me the solution.

Regards,

Pradeep

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question