cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Business Role Update doesn't trigger backend provisioning

Go to solution
former_member190695
Participant

on ‎02-13-2015 11:39 AM

0 Kudos

Dear All,

I have SAP Identity Management 7.2 SP09 latest patch and I have observed the following issue:

When updating the validity dates of a Business Role (MXREF_MX_ROLE) with child back-end privileges, there are no events triggered to update the assignment in the back-end system.

I have set the Global Constant MX_PRIV_MODIFY_POLICY to 3 and have added MXREF_MX_PRIVILEGE and MXREF_MX_ROLE to the MX_MODIFYTASK_ATTR attribute and on the Repository I have added a task to the Modify validity task.

I see on the UI and in the database that the role including the privileges validity dates are changed but the system doesn't trigger any updates to update the assignment in the target system.

Any idea?

Regards,

Ridouan

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

ChrisPS
Contributor
‎02-13-2015 1:34 PM
0 Kudos


Hi Ridouan,
                 this is a known issue which IdM development are aware of it and plan a fix in one of the next SP9 designtime patches. The workaround they suggest is as follows

For Person A and you assign Role X, with validFrom -  01/01/2015 and ValidTo - 02/10/2015.

Then  you want to extend the Role X to be valid to 06/06/2016.

Instead of modifying the validity, you can do a brand new assignment - assign Role X to Person A, but with ValidFrom - 03/10/2015(one day after the validto date of the previous assignment) and ValidTo - 06/06/2016.

When 02/10/2015 comes at 23:59:59 Identity Management will expire the first

assignment, and it will deprovision the privileges, contained in the role, from the ABAP system. Then, when the date changes to 03/10/2015, Identity Management will create the new assignment (it was a future assignment up to this point) and it will provision the privileges, with the new validity, to the

ABAP system, and they will be valid to 06/06/2016.

Thanks,

Chris,

SAP AGS Support

Show replies
Show replies

Answers (0)

Ask a Question