on 12-23-2014 12:26 AM
Hello,
I'm having an issue getting the CORE/Provisioning task to be executed following the assignment of a privilege.
I've done a number of tests with other tasks (modifying users, creating users) that have been successful. But, using the 'assign' task in the Web Enabled Folder, the CORE/Provisioning task fails to execute.
I also tried creating a new role, adding the required privileges and assigning this to a test user. The log showed that provisioning did work, but no privileges were assigned.
In the monitoring tab, the provisioning audit shows the 38/Assign task as having a provisioning status of 'OK', but the related CORE/Provisioning task does not get executed.
How can I trouble shoot this? Where should I look first?
I'm currently on IDM 7.2 SP9. While on SP8 provisioning did work.
Could there be an issues with the database?
Appreciate the help. Happy holidays!
Paul
Hi Paul,
Let's investigate the case step by step, because the reasons can be many.
First question: Did the privilege you are trying to assign to the person is assigned to it with OK status in IDM? If not what is the status? Or you don't see it at all?
After you answer this question, there might be the others to follow.
Best regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Paul,
After the privilege is assigned to the user successfuly, this means that according to IDM provisioning to the backend system is not needed.
It looks like a logical error in your configuration.
Please provide event task configuration for repository.
Hook task configuration for repository.
Event task configuration on repository master privilege.
Best regards,
Ivan
Hi Paul,
Sorry for the delay.
Master privilege task tab is actually the next tab (Event tasks tab of the master privilege).
The repository looks good.
Still I miss one configuration: Member Event tab of the privilege you are trying to assign to the person. you have showed the Tasks Tab, but it is not important in your case. The Member Event tab matters.
So please provide these two.
Best regards,
Ivan
Hello, you might want to review a recent article that I wrote regarding this scenario. This walks you through repository and priv config. Hope this helps.
Scott
Does the privilege you assign have a master privilege, or a repository that has a master privilege? And if so, is that master privilege succesfully assigned to the user? You should be able to see the state using
SELECT * FROM idmv_link_ext where mcThisMSKEYVALUE = '<USER_MSKEYYVALUE>' order by mcUniqueId
I don't remember all the column names, and SP9 might have introduced a new "masterprivilegeassignmentstate" or similar column as well, but mcThisMSKEYVALUE, mcOtherMSKEYVALUE, mcLinkState,mcExecState, mcAssignedDirect, mcAssignedInheritCount should give a basic idea of the assignment state.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Per,
Yes, the privilege I assigned does have a master privilege associated with it. See below.
The Tasks tab for this privilege shows the following:
And here it shows that master privilege assigned to the user.
I did execute this query using the user logonid as well, and it came back with mcExecState = 1.
I still suspect this is related to a issue with creating a company address, for which I get the following errors in the provisioning queue.
Hi Paul,
did you import the SP9 framework when you updated to SP9 as this also delivers updates to scripts used by the framework.
I would also check the provisioning queue at db level for the tasks and cross check the audit tables for these tasks to check for errors.
Regards,
Chris
SAP AGS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chris,
Yes, when I updated to SP9 I also imported the framework as well. I suspect this would explain why a number of other tasks and jobs are working.
I did look at two views at the DB level, the provisioning queue and the audit table. In the provisioning queue the two entries are the same as what is view-able in the IDM ADMIN provisioning queue.
As for the audit table, I do see entries related to the Company Address, but I'm not sure how they related.
Is it possible that the two entries in the provisioning queue are causing provisioning not to be executed? If so what options do I have in correctly this? What's the best way to deal with these two items? Can they be deleted?
Thanks for your help.
Paul
Hi - I would try restarting the db and if that does not help try creating a new dispatcher and assign the jobs to this new dispatcher and see if the behaviour changes - try and rule out if it is an issue specific to the dispatcher. I also assume the runtime is on SP9 and this is shown in the dispatcher overview.
Thanks,
Chris
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.