Solved: MX_INACTIVE behavior in IDM 7.2 SP9

Former Member · ‎11-17-2014

Dear all,

according to SAP since SP9 behavior of MX_INACTIVE was changed so modify operations on inactive identity are allowed now.

That's fine, it was not really comfortable to remove MX_INACTIVE, perform a change, enable the MX_INACTIVE again.

Actually my question related to state showed in IDM after I switch identity to Inactive state.

Basically what happen then is that the identity loose all privileges in backend system - GOOD.

But in IDM I see all the privileges still assigned with status OK. - Not good.

I would expect the status will be e.g. "Not Asssigned", but not OK.

I would like to hear an opinion of IDM experts here before asking SAP support directly.

Thank you in advance.

Best Regards,

Jiri

normann · ‎11-17-2014

Hi Jiri,

I would recommend you to not use the MX_INACTIVE attribute for your scenario at all. There is so many dependencies coming with it and if something does not work perfectly, you cannot even clean up manually as you have to reactivate users which leads to provisioning again and and and...

My recommendation is: just remove all privileges from the user, so the user gets deprovisioned. If you want the user to not be visible in UI anymore use ACLs or an attribute to filter which tasks can be executed on those users.

Regards

Norman

MX_INACTIVE behavior in IDM 7.2 SP9

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Re: CAP authentication

Re: Has the SAP Master Data Integration service be...

Infix filters in CAP Node.js not working

Re: LTMOM : Rule xxx is corrupt : How to find the ...

Re: DRC e-Cockpit Add a New Button