Skip to Content

Role > Member Events Tab > Validate - Default Repository?

I have a role and, under the Member Events Tab of that role, all the add, remove and modify tasks are set to, "--Inherited--". In the SAP IDM online documentation, it states that, for the Validate add task, "This task uses the repository specified for the Validate tasks. If no repository is specified, the default repository is used."

There is no default repository specified on the role itself so I'm assuming that the role is using a system default repository. This role does have an MX_RESPOSITORY_VALIDATE attribute on it and, whenever a member is added, the validate tasks specified on that repository are followed. I'm trying to figure out where in IDM that MX_RESPOSITORY_VALIDATE attribute is checked so that the system then knows that it needs to follow the validation tasks on that attribute before provisioning can begin.

What am I missing here? See screenshots and thanks in advance for any assistance.

Capture.PNG (61.5 kB)
Capture2.PNG (27.2 kB)
Capture3.PNG (89.1 kB)
Capture4.PNG (32.2 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Jul 12, 2016 at 08:48 PM

    The way I understand it, if a value is "inherited" it is passed from the object that is invoking the new object, in this case a Repository via a workflow. So if the workflow has been passed a repository reference the properties of that Repository are what's used.  If nothing is defined in the repository, nothing can be called.

    Not really sure what they mean by default repository.  Where were you seeing this?


    Add comment
    10|10000 characters needed characters exceeded

    • But they are being triggered. Look at the last three screenshots in my original post. This role has an MX_REPOSITORY_VALIDATE attribute and the aValue for that attribute is APPROVAL_MGR_OWNER. That is the name of the validation repository. The last two screenshots show the settings for and the constants in that repository. When a role has this attribute, validation takes place. When that attribute isn't present, the role just goes through the normal provisioning process.

      This is more of a question of understanding. I see how the whole thing works but I want to know WHY it works. The Default Repository is blank on the role's Member Event's tab. How does the system know to check the role's MX_REPOSITORY_VALIDATE attribute?

  • Jul 13, 2016 at 07:02 AM

    Hello Brandon,

    I don't think that attribute is checked somewhere, but it includes the link to the repository "APPROVAL_MGR_OWNER" (you're put the screenshots of that one on). And the event task for that repository are then triggered. Looks like somebody wanted special trigger/event tasks for this role (and maybe more, if you have that attribute filled for more) and thus created the repository for this use case.
    Looking at the timestamp of the database info I'd say this was set up some time ago (2014).

    You can just add that attribute to a UI mask for roles to change it.



    Add comment
    10|10000 characters needed characters exceeded

    • Steffi,

      I can see how it all works. That's not the issue I'm having. I want to know WHY it works. When an MX_ROLE record in my environment had the MX_REPOSITORY_VALIDATE attribute, the system checks the aValue then uses the tasks assigned in that repository to do validation. If the attribute isn't there, it goes straight to provisioning. I get all that.

      How does the system know that? Is the checking of MX_REPOSITORY_VALIDATE hard coded into IDM? When all the tasks are set to Inherited and the default repository setting under the Member Events tab of a role is blank, the documentation seems to suggest that a system level default repository is then used. Where is that system level default repository set?

  • Jul 13, 2016 at 12:59 PM

    I think, because it's a system attribute for exactly that purpose (validation), it might be a hard-coded logic.

    Add comment
    10|10000 characters needed characters exceeded

    • This issue has started coming back around again. We're having approvals in IDM simply disappear and the SAP Note that I got from my OSS message says to check your validate tasks on the roles. Once again, all our roles are set to, "Inherited" for the validation tasks but there's no default repository set at the role level.

      Again, how does IDM know to check the MX_REPOSITORY_VALIDATE attribute in a role to go to that repository and run those validation tasks? Maybe now that I met Former Member and @Plamen Pavlov at TechEd they might chime in!  😊