cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to find the status of failed roles correctly.

Go to solution
devaprakash_b
Active Contributor

on ‎02-19-2015 10:05 AM

0 Kudos

Hello Experts,

When I check in the identity management UI the role status assigned to the user is showing as failed. When I expand it, under it there are 5 privileges assigned and only one of them has been failed and all other status is as OK, so the role status is failed.

When I am trying to pull out the report, i am not getting the status of role as failed.

When i check the idmv_link_ext table under the column execstate, the value is 1 instead of 4 for that role assigned to the user.

But the when i check for the privileges status, it showing correctly.

How can i pull the report? where the status of role assigned to user is failed or should  i need to compare based on the roles and write a case statement for the privileges under it and check if any privilege is failed then the role status is failed.

Regards,

DP

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

ChrisPS
Contributor
‎02-19-2015 1:59 PM
0 Kudos

Hi DP - is there any job logs showing an error to explain the failed status ? You can use the below query

select mcThisMskeyValue, mcOtherMskeyValue, mcLinkState, mcExecState

from idmv_link_ext where mcThisMskeyValue = '<replace with mskeyvalue of the user>'

to check the privilege assignments on the user -> mcExecState = 4 is failed. You can also check the audit logs with this query

select mcThisMskeyValue, mcOtherMskeyValue, mcLinkState, mcExecState, mcAddAudit, message from

idmv_link_ext inner join mcmv_audit on auditref = mcAddAudit where mcThisMskeyValue = '<replace with mskeyvalue of the user>'

You can in any case run the retry functions if you find that the privilege is assigned correctly in the backend but the status is incorrect - see the blog http://scn.sap.com/community/idm/blog/2013/07/08/repair-failedstuck-pending-assignments

which details how this can be executed.

Thanks,

Chris

Show replies
Show replies
devaprakash_b
Active Contributor
‎02-19-2015 4:09 PM
0 Kudos

Hi Chris,

Thanks for your reply.

WE would like to generate the reports which roles & privileges have been failed.

I am able to find the failed privileges assigned to user using the table idmv_link_ext with the help of the column execstate.

In the same way i am unable to find for the failed roles assigned to the user.

As for IDM roles - there would 1 to many privileges would be assigned, out of them if one of the privilege fails then status for the role would be displayed as failed in the UI for that role.

is there any way to check the the status of roles failed in the database.

Regards,

Deva

terovirta
Active Contributor
‎02-19-2015 4:17 PM
0 Kudos 


D P wrote:




WE would like to generate the reports which roles & privileges have been failed.

In IdM data model the same privilege can belong to several roles, so depending on your role model the report may be nearly impossible to do.

If you would later want to do automated repair based on the provisioning status etc, that's done also on privilege level, not role level.

regards, Tero

devaprakash_b
Active Contributor
‎02-26-2015 1:20 PM
0 Kudos

Thank you Tero.

Answers (0)

Ask a Question