cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Role > Member Events Tab > Validate - Default Repository?

brandonbollin
Active Participant

on ‎07-12-2016 8:47 PM

0 Kudos

I have a role and, under the Member Events Tab of that role, all the add, remove and modify tasks are set to, "--Inherited--". In the SAP IDM online documentation, it states that, for the Validate add task, "This task uses the repository specified for the Validate tasks. If no repository is specified, the default repository is used."

There is no default repository specified on the role itself so I'm assuming that the role is using a system default repository. This role does have an MX_RESPOSITORY_VALIDATE attribute on it and, whenever a member is added, the validate tasks specified on that repository are followed. I'm trying to figure out where in IDM that MX_RESPOSITORY_VALIDATE attribute is checked so that the system then knows that it needs to follow the validation tasks on that attribute before provisioning can begin.

What am I missing here? See screenshots and thanks in advance for any assistance.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Steffi_Warnecke
Active Contributor
‎07-13-2016 1:59 PM
0 Kudos

I think, because it's a system attribute for exactly that purpose (validation), it might be a hard-coded logic.

Show replies
Show replies
brandonbollin
Active Participant
‎07-13-2016 2:15 PM
0 Kudos

OK. I wish I knew for sure. I wish was still here. He'd know the answer to this right off the top of his head.

Steffi_Warnecke
Active Contributor
‎07-13-2016 2:46 PM
0 Kudos

I thought of pinging him, too! And he's got another account here:

brandonbollin
Active Participant
‎07-13-2016 3:18 PM
0 Kudos

So now I'm following that account as well. Looks like he hasn't used it since February though so he probably won't get on and help with this.  Who's his equivalent within SAP these days? I mean, someone has to be doing the kind of job he did before SAP cut him.

: I know you told me this once but I can't find the conversation now. Who's doing the job now that Per held before leaving SAP?

former_member2987
Active Contributor
‎07-13-2016 3:59 PM
0 Kudos

Hi Brandon,

Hopefully / can help!

Any thoughts, guys?

Thanks,

Matt

brandonbollin
Active Participant
‎10-04-2016 4:33 PM
0 Kudos

This issue has started coming back around again. We're having approvals in IDM simply disappear and the SAP Note that I got from my OSS message says to check your validate tasks on the roles. Once again, all our roles are set to, "Inherited" for the validation tasks but there's no default repository set at the role level.

Again, how does IDM know to check the MX_REPOSITORY_VALIDATE attribute in a role to go to that repository and run those validation tasks? Maybe now that I met and at TechEd they might chime in! 

Steffi_Warnecke
Active Contributor
‎07-13-2016 8:02 AM
0 Kudos

Hello Brandon,

I don't think that attribute is checked somewhere, but it includes the link to the repository "APPROVAL_MGR_OWNER" (you're put the screenshots of that one on). And the event task for that repository are then triggered. Looks like somebody wanted special trigger/event tasks for this role (and maybe more, if you have that attribute filled for more) and thus created the repository for this use case.
Looking at the timestamp of the database info I'd say this was set up some time ago (2014).

You can just add that attribute to a UI mask for roles to change it.

Regards,

Steffi.

Show replies
Show replies
brandonbollin
Active Participant
‎07-13-2016 1:54 PM
0 Kudos

Steffi,

I can see how it all works. That's not the issue I'm having. I want to know WHY it works. When an MX_ROLE record in my environment had the MX_REPOSITORY_VALIDATE attribute, the system checks the aValue then uses the tasks assigned in that repository to do validation. If the attribute isn't there, it goes straight to provisioning. I get all that.

How does the system know that? Is the checking of MX_REPOSITORY_VALIDATE hard coded into IDM? When all the tasks are set to Inherited and the default repository setting under the Member Events tab of a role is blank, the documentation seems to suggest that a system level default repository is then used. Where is that system level default repository set?

former_member2987
Active Contributor
‎07-12-2016 9:48 PM
0 Kudos

The way I understand it, if a value is "inherited" it is passed from the object that is invoking the new object, in this case a Repository via a workflow. So if the workflow has been passed a repository reference the properties of that Repository are what's used.  If nothing is defined in the repository, nothing can be called.

Not really sure what they mean by default repository.  Where were you seeing this?

Matt

Show replies
Show replies
brandonbollin
Active Participant
‎07-12-2016 9:55 PM
0 Kudos

This screenshot is taken from the SAP IDM 7.2 online documentation.

Chenyang
Contributor
‎07-12-2016 10:48 PM
0 Kudos

Hi Brandon,

What's the name of this privilege? I think the default repository is missing for this privilege so the event tasks (validation add/delete) will not be triggered.

Cheers

Chenyang

brandonbollin
Active Participant
‎07-13-2016 1:49 PM
0 Kudos

But they are being triggered. Look at the last three screenshots in my original post. This role has an MX_REPOSITORY_VALIDATE attribute and the aValue for that attribute is APPROVAL_MGR_OWNER. That is the name of the validation repository. The last two screenshots show the settings for and the constants in that repository. When a role has this attribute, validation takes place. When that attribute isn't present, the role just goes through the normal provisioning process.

This is more of a question of understanding. I see how the whole thing works but I want to know WHY it works. The Default Repository is blank on the role's Member Event's tab. How does the system know to check the role's MX_REPOSITORY_VALIDATE attribute?

Ask a Question