While creating BW User from SAP IDM , all roles are assigned in the roles tab.
Later we have schedule one job which removes the roles & lock the in active users.
Again as Secondary step, User can request for the same system for his requirement from SAP IDM to reinitiate Unlock, Password reset & assignment of reference user & additional roles in the roles tab as a part of modification for the existing user.
So when he does it the User is getting Unlocked, Password is getting reset & reference user is assigned. We have only one issue that additional roles are not getting assigned.
Would also provide additional information that we have two customized global constants which hold the BW roles, which are being assigned well at the time of creation of User but this assignment of additional roles is not happening when IDM is trying to modify the user.
Please find the screen shot of Global Constants, User Modification logs & User Creation Logs for the User modification for the BW system. customized-global-constants.png user-modification-logs.png user-creation-logs.png .
Please help why the additional roles coming from Customized Global Constants are not being assigned when a user is getting modified ( Recreated in the back end system) but roles getting calculated from the customized global constants are being assigned at the time of User Creation. To add the only difference between the User Creation logs & User Modification Logs is the add Privilege log in the screen shot.