cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active user id not searchable in basic search but searchable in advanced search

Go to solution
Former Member

on ‎12-11-2015 1:06 PM

0 Kudos

Hello All,

SAP IDM 7.2 SP8.

Database: DB2

Issue1:

I am struggling to find why active user id not searchable in basic search but searchable in advanced search.

See screenshots below.

Issue2:

When I try to remove privilege from this active user, I see the error given below. It seems that IDM understand that entry(user id) does not exist. I think this issue occurs due to Issue1 mentioned above.

"Unable to set value for attribute Member of Privilege. Detailed information (may not be translated): Entry does not exist"

Can you please help me to know why these issues occur and how to resolve them ?

Thank you.

Kind Regards,

Pradeep

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Steffi_Warnecke
Active Contributor
‎01-18-2016 5:27 PM
0 Kudos

Hello Pradeep,

have you opened a ticket with SAP support yet?

While I was working my way through some IDM SAP notes looking for solutions to our issues, I stumbled upon SAP note 2075412 ("Error appears when you try to unassign a privilege from a user"). It sounds a lot like your issue no.2. It's for SP9, but I can image that this issue might be present in SP8, too.

Maybe you can use that for your ticket. Or.. well... update the SP and see if that helps (since that is sooo easy ).

Regards,

Steffi.

Show replies
Show replies
Former Member
‎01-19-2016 9:23 AM
0 Kudos

Hi Steffi,

Thank you for your response.

I recently upgraded Test and Dev system to SP10 and I see that this problem does not occur in these systems .

I would check this issue again after upgrading Prod system to SP10 within next few weeks.

Regards,

Pradeep

Answers (2)

Answers (2)

Former Member
‎01-19-2016 7:38 AM
0 Kudos

Hi Pradeep,

Please, check the user in select * from mxi_values where mskey=%mskey%; and check if in the DISABLED column you have 1 as a value (for some of the attributes), so there is your problem. After reactivating the user some of his attributes are still disabled, if you want to fix him you can update the value in DISABLED column to 0 and the user will be visible in the standard IdM UI.

BR,

Simona

Show replies
Show replies
Former Member
‎01-19-2016 9:27 AM
0 Kudos

Hi Simona,

Thank you for your response.

I see that DISABLED = 1 for all attributes when the user is active (mcentrystate=0) .

Unfortunately, I can not do this update in production system directly due to client processes. In Dev and Quality system , I do not see this issue.

Prod -> SP8

Dev and Quality -> SP10.

After upgrading Prod to SP10 within next few weeks, I would check it again.

Thank you.

Kind Regards,

Pradeep

Former Member
‎12-14-2015 3:28 PM
0 Kudos

Would like to know if somebody has solution to this issue mentioned above.

Thank you.

Show replies
Show replies
jaisuryan
Active Contributor
‎12-14-2015 10:34 PM
0 Kudos

Hi Pradeep,

I have no solution but you are not alone. Even we (7.2 SP9, SQL Server) have users only searchable in advanced search option. Should this happen, I reset the mskey or delete the user and re-create. Never raised it with SAP yet but I suppose you should report to get to root cause.

Kind regards,

Jai

Former Member
‎12-15-2015 5:14 AM
0 Kudos

Thank you Jai.

Unfortunately, I can not delete such users in our production IDM system because of audit/compliance process. So, I would need a fix for it.

I believe this is causing issue in removal of privileges from such users as I mentioned in my problem description in Issue2.


I also think I would need to raise SAP message to get the root cause.

@All: Anyone else in this forum has any solution for this ?

Thank you.

Kind Regards,

Pradeep

Former Member
‎12-17-2015 4:29 PM
0 Kudos

This one looks like data issue.

Looks like your user is corrupted in mxi_entry table. Please compare this table to idmv_value_basic_all view. You most propably find some inconsitent data.

You can also check for mcdisabled flag on this user.

Let me know if that helps, we can think on some other solution for this one.

Lukasz

Ask a Question