on 11-17-2014 12:15 PM
Dear all,
according to SAP since SP9 behavior of MX_INACTIVE was changed so modify operations on inactive identity are allowed now.
That's fine, it was not really comfortable to remove MX_INACTIVE, perform a change, enable the MX_INACTIVE again.
Actually my question related to state showed in IDM after I switch identity to Inactive state.
Basically what happen then is that the identity loose all privileges in backend system - GOOD.
But in IDM I see all the privileges still assigned with status OK. - Not good.
I would expect the status will be e.g. "Not Asssigned", but not OK.
I would like to hear an opinion of IDM experts here before asking SAP support directly.
Thank you in advance.
Best Regards,
Jiri
Hi Jiri,
I would recommend you to not use the MX_INACTIVE attribute for your scenario at all. There is so many dependencies coming with it and if something does not work perfectly, you cannot even clean up manually as you have to reactivate users which leads to provisioning again and and and...
My recommendation is: just remove all privileges from the user, so the user gets deprovisioned. If you want the user to not be visible in UI anymore use ACLs or an attribute to filter which tasks can be executed on those users.
Regards
Norman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.