cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to Modify Assignment Validity of Existing Role

Go to solution
Ckumar
Contributor

on ‎06-07-2016 5:52 PM

0 Kudos

Hello Gurus,

I am trying to modify the Assignment Validity of Existing Role (IDM 7.2 SP10, Oracle DB) with 2 non-overlapping validity period and getting below error.

putNextEntry failed storing ABC12345

Exception from Add operation:com.sap.idm.ic.ToPassException: ToIDStore.addEntry failed storing entry 'ABC12345'. IDStore returned error message: "Entry already exists" when creating entry

Exception from Modify operation:com.sap.idm.ic.ToPassException: ToIDStore.modEntry failed modifying entry 'ABC12345'. IDStore returned error message: " Not allowed to change a current assignment to a future assignment:Attribute: MXREF_MX_ROLE" when storing attribute 'MXREF_MX_ROLE={LINKID=12345!!VALIDFROM=2016-07-01!!VALIDTO=9999-12-31}55555'


Here Role 55555 is assigned to the Identity ABC12345 with validity 01-01-2016 to 31-12-9999 with Link ID (mcUniqueID) =12345.

Now, I wanted to change the assignment validity as 01-01-2016 to 15-06-2016 and then again from 01-07-2016 to 31-12-9999 for the same role to the same user.


As per SAP documents, It seems that it is possible for new assignment.



: Please confirm that whether it is valid for only role assignment or valid for existing role assignment validity modification too.


In my pass, I am passing LINK ID too along with the Validity Period. I would appreciate if anyone can suggest alternate way to achieve this?


Regards,

C Kumar

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

jaisuryan
Active Contributor
‎06-08-2016 1:48 AM
0 Kudos

Hi Kumar,

Please post the destination tab screenshot.

The syntax I suppose should be,

MXREF_MX_ROLE={LINKID=12345!!VALIDFROM=2016-01-01!!VALIDTO=2016-06-15}55555|{VALIDFROM=2016-07-01!!VALIDTO=9999-12-31}55555

Please note that there is no linkid in second assignment.

Kind regards,

Jai

Show replies
Show replies
devaprakash_b
Active Contributor
‎06-09-2016 5:57 AM
0 Kudos

Hi Kumar,

As suggested by Jai, please follow the below syntax

MXREF_MX_ROLE={LINKID=12345!!VALIDFROM=2016-01-01!!VALIDTO=2016-06-15}55555|{VALIDFROM=2016-07-01!!VALIDTO=9999-12-31}55555


@Jai - When i tried the same, its working and in IDM the validity dates are changing but triggers are not running. Can you please let me know do we need to update the attribute MX_MODIFYTASK at privilege level {D} currently in our system it is -1 and MX_MOD_VALIDITY_TASK do we nee to link the provisioning task at repository level to this attribute


regards,

DP

Ckumar
Contributor
‎06-24-2016 3:05 AM
0 Kudos

Thanks Jai Suryan, It worked.

devaprakash_b
Active Contributor
‎07-08-2016 8:19 PM
0 Kudos

Hi Kumar,

After validity change has the modified date has been pushed to backend sap systems?

Regards,

DP

Ckumar
Contributor
‎07-13-2016 7:53 AM
0 Kudos

Hello DP,

Sorry for delayed response, I didn't check this as of now. I will check and let you know soon.

Regards,

C Kumar

Answers (1)

Answers (1)

Chenyang
Contributor
‎06-07-2016 10:46 PM
0 Kudos

Hi Kumar,

Please post the screen shot and you shall be able to identify the issue.

The error says

Not allowed to change a current assignment to a future assignment

So you can try {D}<old_role with validity>|{A}<first assignment with validity>|{A}<second assignment with validity>

Cheers

Chenyang

Show replies
Show replies
Ask a Question