on 12-08-2014 7:50 PM
Hi Friends,
I am performing Role Provisioning - by using uIS_SetValue Function in SAP IDM.
I have values Usermskey, PrivilegeMskey, and IDStore.
and i am using uIS_SetValue function, please see the syntax:
var NewValue = uIS_SetValue(Usermskey,IDStore,"MXREF_MX_PRIVILEGE","{VALIDFROM="+ 2014-12-08 + "!!VALIDTO=" +2014-12-25 + "}" + "<" + PrivilegeMskey + ">");
Please tell if i am wrong because this function is returning an error: Please check attached File.
Hi Kishor,
I guess you do not really put the dates as numbers in there? If this is really your code you calculating 2014 - 12 - 08 which is 1994 Otherwise they are a string as well and thus must be in double quotes.
Then you are using the MSKEY of the privilege in the <> brackets. Those you would only use for the MSKEYVALUE in a to-identity pass. The syntax <MSKEYVALUE> is getting resolved to the MSKEY at runtime. If you are using MSKEY already you wont use the brackets.
uIS_SetValue(Usermskey,IDStore,"MXREF_MX_PRIVILEGE","{VALIDFROM=" + validFromDateString + "!!VALIDTO=" + ValidToDateString + "}" + PrivilegeMskey);
or
uIS_SetValue(Usermskey,IDStore,"MXREF_MX_PRIVILEGE","{VALIDFROM=2014-12-08!!VALIDTO=2014-12-25}" + PrivilegeMskey);
Regards
Norman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kishor,
The answer for your question can be found in the help file for uIS_SetValue function,
no entry event tasks are started using uIS_SetValue and as suggested by Norman, please use "to Identity Store" pass to perform the update.
For the same reason it is not recommended to use uIS_Create function to create an entry.
Kind regards,
Jaisuryan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Norman,
Thanks for Reply.
Norman,The syntax you have provided is working fine, whenever i assign ONLY privilege to the user by using uIS_SetValue Function, ADD Member Task is getting triggered, ONLY privilege is assigned successfully to the user, but ADD Member task is not getting completed, on IDM UI assignment is showing Pending status, SYSTEM privilege is unable to assign after ONLY privilege.
Even if i assign a privilege to the user using IDM UI with Validity Period, same thing happen, in job log showing just User has been created in the Target system but nothing happen beyond User creation e.g. Add system privilege...Apply pending on the group etc.
This is happen when i am giving Validity Dates to the Privileges, otherwise without Validity Dates every thing is ok.
Please suggest me.
Regards,
Kishor Kajale
9673691740
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kishore,
I have never used uIS_SetValue with validity dates on an account privilege, only on normal privileges. Only workaround I could suggest is using toIdentityStore pass instead of uIS_SetValue. My add member tasks are always toIdentityStore passes as you have repository and just need simple syntax:
MSKEYVALUE=%MSKEYVALUE%
changetype=modify
MXREF_MX_PRIVILEGE={A}<PRIV:%$rep.NAME%:ONLY>
What version are your running on?
Thanks
Norman
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.