on 10-29-2014 12:20 PM
Hi Experts,
If I add two (or more) privileges to an user, SAP IDM creates two (or more) pending value objects. So I have to approve more items.
I want to have only one approval item with several requested privileges.
How can I realize this?
Thanks in advance:)
Regards
Florian
Hi Florian,
You have to disable 7.2 approval mechanism to get a single approval request for all the privileges.
If your DB is SQL,
1. Stop any running dispatchers.
2. Open a command prompt and navigate to the directory containing the Identity Center script files.
3. Run the script mxmc-disable-72-approvals.cmd. You are prompted for the password for
mxmc_oper.
4. Start the dispatchers.
for Oracle,
Disabling the 7.2 approval mechanism on an Identity Center database
To disable the 7.2 approval mechanism:
1. Stop any running dispatchers.
2. Open a command prompt and navigate to the directory containing the Identity Center script files.
Make sure you have the same include.sql file as you used during install.
3. Run the script mxmc-disable-72-approvals.cmd/ mxmc-disable-72-approvals.sh. You are prompted
for the password for mxmc_oper.
4. Start the dispatchers.
but this has a disadvantage, when you cannot reject one role and approve other. The whole request will be rejected.
Kind regards,
Jaisuryan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Jai..
I found the script, but I get many warnings with "permission was denied":
Disable 7.2 approval mechanism
Msg 229, Level 14, State 5, Server SNT241, Line 24
The SELECT permission was denied on the object 'MC_GLOBAL_VARIABLES', database 'mxmc_db', schema 'dbo'.
Msg 229, Level 14, State 5, Server SNT241, Line 25
The SELECT permission was denied on the object 'MC_GLOBAL_VARIABLES', database 'mxmc_db', schema 'dbo'.
Disabling the 7.2 approval mechanism
Msg 229, Level 14, State 5, Server SNT241, Line 36
The SELECT permission was denied on the object 'MC_GLOBAL_VARIABLES', database 'mxmc_db', schema 'dbo'.
Msg 229, Level 14, State 5, Server SNT241, Line 36
The DELETE permission was denied on the object 'MC_GLOBAL_VARIABLES', database 'mxmc_db', schema 'dbo'.
Msg 229, Level 14, State 5, Server SNT241, Line 37
The SELECT permission was denied on the object 'MC_GLOBAL_VARIABLES', database 'mxmc_db', schema 'dbo'.
Msg 229, Level 14, State 5, Server SNT241, Line 37
The DELETE permission was denied on the object 'MC_GLOBAL_VARIABLES', database 'mxmc_db', schema 'dbo'.
Msg 229, Level 14, State 5, Server SNT241, Line 40
The DELETE permission was denied on the object 'mxi_approval', database 'mxmc_db', schema 'dbo'.
Msg 229, Level 14, State 5, Server SNT241, Line 41
The DELETE permission was denied on the object 'mxi_approver', database 'mxmc_db', schema 'dbo'.
Msg 229, Level 14, State 5, Server SNT241, Line 42
The DELETE permission was denied on the object 'mxi_approval_pending_action', database 'mxmc_db', schema 'dbo'
Regards Florian
OK, I have disabled the 7.2 approval mechanism. But I still get several approval items.
How I have to configure the privileges?
Regards Florian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Florian,
have a look at the "Privilege"-tab of the repository you want to activate grouping for (just click in the repository itself to see it). You'll find the option at the end there. If you look at the build-in help for the different options, you should get a pretty good idea of how to configure it..
Regards,
Steffi.
Hi Steffi,
I have activate the grouping with P:2 (P:3).
Now when I request several privileges I get only one approval item. But inside the approval I can only see one privilege... How can I see all requested privileges?
The Attribute MX_PRIV_GROUPING_ATTR_VALUE is empty...
Thank you:)
Regards Florian
The Privilege Grouping functions should do able to do this for you (in IdM 7.2) if the assignments are in the same repository. See About privilege grouping
Br,
Per "Not SAP" Krabsetsve
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.