on 02-19-2015 10:05 AM
Hello Experts,
When I check in the identity management UI the role status assigned to the user is showing as failed. When I expand it, under it there are 5 privileges assigned and only one of them has been failed and all other status is as OK, so the role status is failed.
When I am trying to pull out the report, i am not getting the status of role as failed.
When i check the idmv_link_ext table under the column execstate, the value is 1 instead of 4 for that role assigned to the user.
But the when i check for the privileges status, it showing correctly.
How can i pull the report? where the status of role assigned to user is failed or should i need to compare based on the roles and write a case statement for the privileges under it and check if any privilege is failed then the role status is failed.
Regards,
DP
Hi DP - is there any job logs showing an error to explain the failed status ? You can use the below query
select mcThisMskeyValue, mcOtherMskeyValue, mcLinkState, mcExecState
from idmv_link_ext where mcThisMskeyValue = '<replace with mskeyvalue of the user>'
to check the privilege assignments on the user -> mcExecState = 4 is failed. You can also check the audit logs with this query
select mcThisMskeyValue, mcOtherMskeyValue, mcLinkState, mcExecState, mcAddAudit, message from
idmv_link_ext inner join mcmv_audit on auditref = mcAddAudit where mcThisMskeyValue = '<replace with mskeyvalue of the user>'
You can in any case run the retry functions if you find that the privilege is assigned correctly in the backend but the status is incorrect - see the blog http://scn.sap.com/community/idm/blog/2013/07/08/repair-failedstuck-pending-assignments
which details how this can be executed.
Thanks,
Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chris,
Thanks for your reply.
WE would like to generate the reports which roles & privileges have been failed.
I am able to find the failed privileges assigned to user using the table idmv_link_ext with the help of the column execstate.
In the same way i am unable to find for the failed roles assigned to the user.
As for IDM roles - there would 1 to many privileges would be assigned, out of them if one of the privilege fails then status for the role would be displayed as failed in the UI for that role.
is there any way to check the the status of roles failed in the database.
Regards,
Deva
D P wrote:
WE would like to generate the reports which roles & privileges have been failed.
In IdM data model the same privilege can belong to several roles, so depending on your role model the report may be nearly impossible to do.
If you would later want to do automated repair based on the provisioning status etc, that's done also on privilege level, not role level.
regards, Tero
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.