cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IDM provisioning task not activated

Former Member

on ‎12-23-2014 12:26 AM

0 Kudos

Hello,

I'm having an issue getting the CORE/Provisioning task to be executed following the assignment of a privilege.

I've done a number of tests with other tasks (modifying users, creating users) that have been successful. But, using the 'assign' task in the Web Enabled Folder, the CORE/Provisioning task fails to execute.

I also tried creating a new role, adding the required privileges and assigning this to a test user. The log showed that provisioning did work, but no privileges were assigned.

In the monitoring tab, the provisioning audit shows the 38/Assign task as having a provisioning status of 'OK', but the related CORE/Provisioning task does not get executed.

How can I trouble shoot this? Where should I look first?

I'm currently on IDM 7.2 SP9. While on SP8 provisioning did work.

Could there be an issues with the database?

Appreciate the help. Happy holidays!

Paul

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

ivan_petrov
Active Participant
‎01-09-2015 1:09 PM
0 Kudos

Hi Paul,

Let's investigate the case step by step, because the reasons can be many.

First question: Did the privilege you are trying to assign to the person is assigned to it with OK status in IDM? If not what is the status? Or you don't see it at all?

After you answer this question, there might be the others to follow.

Best regards,

Ivan

Show replies
Show replies
Former Member
‎01-09-2015 7:36 PM
0 Kudos

Ivan,

Yes, after assigning the privilege in question to the user, the status in the Provisioning Audit tab shows the status as OK.

Thanks,

Paul

ivan_petrov
Active Participant
‎01-12-2015 8:13 AM
0 Kudos

Hi Paul,

After the privilege is assigned to the user successfuly, this means that according to IDM provisioning to the backend system is not needed.

It looks like a logical error in your configuration.

Please provide event task configuration for repository.
Hook task configuration for repository.

Event task configuration on repository master privilege.

Best regards,

Ivan

Former Member
‎01-12-2015 11:55 PM
0 Kudos

Hi Ivan,

Here's a screenshot of the R3D repository configuration.

Cheers,

Paul

ivan_petrov
Active Participant
‎01-13-2015 8:09 AM
0 Kudos

Hi Paul,

This is only 1/3 of what I've requested

This one looks good, but it is not enough.

I need also repository event tasks tab and repository master privilege event tasks tab configuration.

Best regards,

Ivan

Former Member
‎01-15-2015 12:09 AM
0 Kudos

Ivan,

Sorry for missing those. Here they are:

Repository event tasks tab:

Master privilege task tab:

ivan_petrov
Active Participant
‎01-16-2015 12:18 PM
0 Kudos

Hi Paul,

Sorry for the delay.

Master privilege task tab is actually the next tab (Event tasks tab of the master privilege).

The repository looks good.

Still I miss one configuration: Member Event tab of the privilege you are trying to assign to the person. you have showed the Tasks Tab, but it is not important in your case. The Member Event tab matters.

So please provide these two.

Best regards,

Ivan

Former Member
‎01-16-2015 9:32 PM
0 Kudos

Hi Ivan,

I understand the master privilege to be this PRIV:%$rep$NAME%:ONLY. This privilege doesn't have an 'events tasks tab', but just a 'tasks tab'. Is this correct?

Also here is the member and master events tab, and master privilege tab for the privilege I'm trying to assign.

Former Member
‎01-18-2015 1:45 PM
0 Kudos

Hello, you might want to review a recent article that I wrote regarding this scenario.  This walks you through repository and priv config.  Hope this helps.

Scott

Former Member
‎01-09-2015 12:50 PM
0 Kudos

Does the privilege you assign have a master privilege, or a repository that has a master privilege? And if so, is that master privilege succesfully assigned to the user? You should be able to see the state using

SELECT * FROM idmv_link_ext where mcThisMSKEYVALUE = '<USER_MSKEYYVALUE>' order by mcUniqueId


I don't remember all the column names, and SP9 might have introduced a new "masterprivilegeassignmentstate" or similar column as well, but mcThisMSKEYVALUE, mcOtherMSKEYVALUE, mcLinkState,mcExecState, mcAssignedDirect, mcAssignedInheritCount should give a basic idea of the assignment state.





Show replies
Show replies
Former Member
‎01-09-2015 7:33 PM
0 Kudos

Per,

Yes, the privilege I assigned does have a master privilege associated with it. See below.

The Tasks tab for this privilege shows the following:

And here it shows that master privilege assigned to the user.

I did execute this query using the user logonid as well, and it came back with mcExecState = 1.

I still suspect this is related to a issue with creating a company address, for which I get the following errors in the provisioning queue.

ChrisPS
Contributor
‎12-23-2014 2:22 PM
0 Kudos

Hi Paul,

            did you import the SP9 framework when you updated to SP9 as this also delivers updates to scripts used by the framework.

I would also check the provisioning queue at db level for the tasks and cross check the audit tables for these tasks to check for errors.

Regards,

Chris

SAP AGS

Show replies
Show replies
Former Member
‎12-23-2014 10:08 PM
0 Kudos

Hi Chris,

Yes, when I updated to SP9 I also imported the framework as well. I suspect this would explain why a number of other tasks and jobs are working.

I did look at two views at the DB level, the provisioning queue and the audit table. In the provisioning queue the two entries are the same as what is view-able in the IDM ADMIN provisioning queue.

As for the audit table, I do see entries related to the Company Address, but I'm not sure how they related.

Is it possible that the two entries in the provisioning queue are causing provisioning not to be executed? If so what options do I have in correctly this? What's the best way to deal with these two items? Can they be deleted?

Thanks for your help.

Paul

ChrisPS
Contributor
‎12-24-2014 2:05 PM
0 Kudos

Hi - I would try restarting the db and if that does not help try creating a new dispatcher and assign the jobs to this new dispatcher and see if the behaviour changes - try and rule out if it is an issue specific to the dispatcher. I also assume the runtime is on SP9 and this is shown in the dispatcher overview.

Thanks,

Chris

Ask a Question