on 11-26-2014 12:45 PM
Dear Community Members,
When I try to find an identity in IDM, let say unique id is "ABCD" , I'm not able to find it whereas when I'm try to create the same identity "ABCD"
in IDM.I do get an error which says "Identity already exists" in SAP Identity Management.
I understand that somehow the identity is not deleted from IDM database however not reflecting in IDM user interface but unable to understand
the technical possibility of this issue.
Kindly share the reason of this issue and what will be the possible solution.
I do not want adapt the non recommended SAP way of deleting the identity directly from IDM database.
Regards
Girish Almiya
SAP Security Consultant
Hi Girish,
Given that the issue exists for only few users, the quicker remedy would be to delete the user from ID store and recreate.
Kind regards,
Jaisuryan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Jai,
It is complete now.
Thank you to all for answering to this thread
Regards
Girish Almiya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Community Members,
Please share you knowledge in this if you have come across with such issue.
Regards
Girish Almiya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please check the database and see if the user is there. A query like:
select mskey,attrname,searchvalue from idmv_value_ext where mskey in
(select mskey from idmv_value_ext where attrname='MSKEYVALUE' and searchvalue='somemskeyvalue')
order by attrname
Should give you the information you need.
Matt
Hello Matt,
User is not listed in inactive user (MX_INACTIVE) as i tried advance search option in IDM UI to check if user is in inactive state but could not find it.
I understand to recreate that user again in IDM.I need to delete his identity entry directly from database (not recommended by SAP) as presently i do not see any way around to fix this issue.
Any suggestion from your end to fix this problem.
Regards
Girish Almiya
Girish,
I would suggest checking this from the database end first and making sure that the Use inactive identities is selected in the UI configuration.
In a worst case scenario you should be able to delete the user from the Identity store in a job where you specify the MSKEYVALUE and use changetype DELETE
Matt
Hi Girish,
I had this issue as well and for me, it was due to wrong config in UI.
Please check if your UI is configured for the Identity store you are working with.
For newer releases of Netweaver,
Open NWA -> Open Java System Properties -> Search "tc~idm~jmx~app" in application tab -> com.sap.idm.jmx.idstoreid (this should have id of your id store)
Kind regards,
Jai
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Girish,
Oh, then I can think of only two more thing to check.
1) check if the users are active (i.e. MX_INACTIVE is not set to 1)
2) check if you have set any "Access Limitations" in MX_PERSON entry type. If so, then you need to satisfy the access limitations.
If both not of any help, then we need to wait for the experts to come up with more places to check.
Kind regards,
Jaisuryan
Hello Jai,
I have already checked on the first point that you have given.
User is not set to inactive state and also during an advance search of that user in IDM, I check marked Inactive option to see inactive user in my search pane. Considering that mistakenly that user has got status changed to Inactive by someone. As usual search in IDM UI does not shows inactive user and only advance search does that by placing a check mark in Inactive square box.
Additionally, I understand from "Access Limitation" in MX_PERSON that no of maximum entries IDM can show for a search criteria and it is also all good.
Regards
Girish Almiya
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.