on 07-26-2015 7:16 PM
Hello Experts,
When i am trying to assign an privilege for an ABAP system i am receiving an error message that user is already exists. and the privilege assignment status is in failed status. When verified the assigned privileges to the user, found that the user is not having any related privilege assigned related to thar abap system. When verified in that sap abap system we found that, the particular privilege which we are trying to add, was already assigned to the user from very long time. That privilege is not assigned through IDM.
Unable to delete the privilege through IDM as the role is in failed status. We arent givine permission to delete the privilege directly from the sap abap system.
How to make the privileges statu as OK and make sure that privilege is assigned to the user
Regards,
DP
Hi Deva,
if you are not able to retry the privilege from the UI you can create a job for fixing such problems by using this functionality:
but the privilege should be removed from the back-end system first.
As well you can create a custom script and set it in the tasks for assign membership/remove membership and there you can call the script in case of error(job setting in the tests). So when you have error in case of already assigned/removed privilege you can only set the privilege state in Idm to OK(as in the back-end system the access is already there) - this will be more permanent solution for all users(and you won't have to manually assign/remove the access).
BR,
Simona
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Deva,
Yes, you can set them with bypass(you can directly read the user assignments from the ABAP system and set them in IdM with BYPASS), so you won''trigger the provisioning to the back-end system. Then when the privileges are assigned in IdM you can trigger de-provisioning and the roles will be remove from IdM&ABAP.
BR,
Simona
Hi Deva,
Very strange. I checked our system now and I remember from previous instances as well that if the user exists and role assigned already in ABAP system, then IDM wouldn't throw any error. It would just set the status to OK. I know there is a problem with AD connector if user/assignment already exists.
In which version are you in? Probably it is good to raise with SAP. Also please post the screenshot of your error job log is you still have it. Thanks.
Kind regards,
Jai
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Deva,
If you already removed the privilege from the ABAP system you can retry the assignment(from the UI - select the user in Modify mode and then you can retry it) and it should pass with no problems.
BR Simona.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.