cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to assign privilege from IDM to an ABAP SAP System connected to IDM

Go to solution
devaprakash_b
Active Contributor

on ‎07-26-2015 7:16 PM

0 Kudos

Hello Experts,

When i am trying to assign an privilege for an ABAP system i am receiving an error message that user is already exists. and the privilege assignment status is in failed status. When verified the assigned privileges to the user, found that the user is not having any related privilege assigned related to thar abap system. When verified in that sap abap system we found that, the particular privilege which we are trying to add, was already assigned to the user from very long time.  That privilege is not assigned through IDM.

Unable to delete the privilege through IDM as the role is in failed status. We arent givine permission to delete the privilege directly from the sap abap system.

How to make the privileges statu as OK and make sure that privilege is assigned to the user

Regards,

DP

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-27-2015 9:31 AM
0 Kudos

Hi Deva,

if you are not able to retry the privilege from the UI you can create a job for fixing such problems by using this functionality:

but the privilege should be removed from the back-end system first.

As well you can create a custom script and set it in the tasks for assign membership/remove membership and there you can call the script in case of error(job setting in the tests). So when you have error in case of already assigned/removed privilege you can only set the privilege state in Idm to OK(as in the back-end system the access is already there) - this will be more permanent solution for all users(and you won't have to manually assign/remove the access).

BR,

Simona

Show replies
Show replies
devaprakash_b
Active Contributor
‎07-27-2015 4:31 PM
0 Kudos

Hi Simona,

thanks for your reply. Is there any way to remove roles which are assigned directly in ABAP system through IDM instead of removing from sap abap system

Former Member
‎07-27-2015 6:31 PM
0 Kudos

Hi Deva,

Yes, you can set them with bypass(you can directly read the user assignments from the ABAP system and set them in IdM with BYPASS), so you won''trigger the provisioning to the back-end system. Then when the privileges are assigned in IdM you can trigger de-provisioning and the roles will be remove from IdM&ABAP.

BR,

Simona

Answers (2)

Answers (2)

jaisuryan
Active Contributor
‎07-29-2015 7:26 AM
0 Kudos

Hi Deva,

Very strange. I checked our system now and I remember from previous instances as well that if the user exists and role assigned already in ABAP system, then IDM wouldn't throw any error. It would just set the status to OK. I know there is a problem with AD connector if user/assignment already exists.

In which version are you in? Probably it is good to raise with SAP. Also please post the screenshot of your error job log is you still have it. Thanks.

Kind regards,

Jai

Show replies
Show replies
devaprakash_b
Active Contributor
‎07-31-2015 1:19 PM
0 Kudos

Hi Jai,

I am receiving error message as the user id already exist.

my idm version is 7.20.9

Former Member
‎07-27-2015 6:57 AM
0 Kudos

Hi Deva,

If you already removed the privilege from the ABAP system you can retry the assignment(from the UI - select the user in Modify mode and then you can retry it) and it should pass with no problems.

BR Simona.

Show replies
Show replies
Ask a Question