cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue: Inherited privileges of Role get assigned w/o approval

Go to solution
Former Member

on ‎03-16-2015 4:42 PM

0 Kudos

Hello All,

SAP IDM 7.2 SP8.

Assigning a Business role to the user which is already pending for approval for inherited privileges assignment to the same user via same Business role but with different business role hierarchy results in assignment of inherited privileges without approval.

This is causing violation.

Example scenario.

Step 1: User  (MX_PERSON)is linked to Position(MX_ROLE1). Position (MX_ROLE1 ) having link with MX_ROLE2 which in turn linked to MX_ROLE3 having MX_PRIVILEGE. MX_ROLE3 has approval workflow using MX_VALIDATE_ADD_TASK  .

Expected result: MX_ROLE3 should still be waiting for Approval and MX_PRIVILEGE should not be linked.

Actual Result: MX_ROLE3 still be waiting for Approval and MX_PRIVILEGE should not be linked.


Mapping Status after Step 1:



Step2:

MX_ROLE 3 is raised for MX_PERSON through user interface as direct assignment.

Expected result: MX_ROLE3 should still be waiting for Approval and MX_PRIVILEGE should not be linked.

Actual Result: MX_ROLE3 is pending for approval MX_PRIVILEGES part of MX_ROLE3 is assigned.


Mapping Status after Step 2:

Note: Links marked in red are not expected






Could you please let me know what could be causing this issue and how to resolve this ?

Thanks & Regards,

Pradeep

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-17-2015 8:38 AM
0 Kudos

Hi Pradeep,

I tested the scenario on 7.2 SP9, and had it working as it should. See note 1942052.

Regards,

Ole K.

Show replies
Show replies
Former Member
‎03-17-2015 9:50 AM
0 Kudos

Hi Ole K.

Thanks a lot for your response.

SAP Note 1942052 says "When a role R2 with approval is added as a subrole to role R1, the privileges which are associated with R2 are assigned before R2 is approved."

But my scenario having issue is different  from the scenario mentioned in the SAP Note which is also mentioned in problem description which I see that you have tested in SP9.

However, if I talk about another use case similar to scenario mentioned in SAP Note, MX_ROLE1(no approval) is already assigned to user and if inherited role MX_ROLE4 (of MX_ROLE1) is replaced with new Role (MX_ROLE2) then also inherited role (MX_ROLE3) of MX_ROLE2 has approval workflow triggered and inherited privilege of role MX_ROLE3 wait for approvals before it get assigned to user.

if you also have IDM 7.2 SP8 system then could you please check the exact scenario(as mentioned in problem description) there as well ?

I think SAP note 1942052  does not talk about issue I reported.

If you think otherwise, please let me know .

Thank you. 🙂

Thanks & Regards,

Pradeep

Former Member
‎03-17-2015 9:56 AM
0 Kudos

Hi Pradeep,

I tested the scenario you described, and it worked OK on SP9. I did not read the complete note, just saw that it might be linked to your problem. Currently I d not have SP8 so I cannot test it.

Regards,

Ole K.

Answers (0)

Ask a Question