Solved: SAP IDM 8.0 Provisioning of group privilege assign...

former_member719476 · ‎03-26-2015

Hi,

I set up Active Directory as a target system. I imported the new packages for Eclipse and did the initial load for AD (System privileges were created).

When I assign the PRIV:AD:ONLY privilege to an identity, the identity gets provisioned to AD.

When I assign the PRIV:AD:ONLY privilege to a group, the group gets provisioned to AD.

So far so good.

But when I assign the group to the identity I get the error in the execution log:

Cannot obtain mskey for group privilege PRIV:GROUP:AD:CN\=MY AD GROUP\,CN\=GROUPS\, DC\=DUMMY\, DC\=COM

The CN represents my CN in the Active Directory, but, I have no PRIV:GROUP:AD privilege?

so I can not provision group assignments to AD and I used only the default packages with no modifications.

And an additional question, when does the RDS for 8.0 comes out?

Are there some predefined approval processes like in 7.2?

Thanks, Patrick

jaisuryan · ‎03-26-2015

Hi Patrick,

Were you able to confirm that this group priv is available in the system?

check if the SQL gives any hit,

select * from idmv_entry_simple with (nolock) where mcmskeyvalue = 'PRIV:GROUP:AD:CN\=MY AD GROUP\,CN\=GROUPS\, DC\=DUMMY\, DC\=COM'

By default, the initial load job in IDM 7.2 have "WriteGroupPrivileges" enabled. Hope this is the case in IDM 8.0 as well.

Kind regards,

Jai

SAP IDM 8.0 Provisioning of group privilege assignments

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

In SAP Hana Cloud, do packages exist as database o...

Re: Mass Update a Zfield in Std Table with Split &...

Re: Change BW Query Initial Variable Input at runt...

Invalid value of "AppName" in MDKProject.json. It ...

Re: How to write the sum of same values into each ...