Orphan Assignment

Hello All,

SAP IDM 7.2, 8

I would like to get clarified on orphan privilege and orphan assignment. I have been through the thread https://answers.sap.com/questions/388185/orphaned-privilege-removal-in-sap-idm-7280.html. But After looking at my system, i am really confused.

It sounds logical that Privileges without roles, can be termed as Orphan privileges

Scenarios i have seen 2 types in my system towards orphan assignments(mcorphan in idmv_link_ext) are:

Type A: Privileges who are part of roles

a. assigned to user without roles, mcorphan =1

b. assigned to user with roles: mcorphan =0

Type B: Privileges who are not part of any role, presently

a. directly assigned to users; mcorphan =0

b. Privilege was earlier part of role, and this role is presently assigned to user. No entry for mcorphan

There are many other cases, where same privilege has mcorphan 1 for a particular user but mcorphan =0 for other user

So, could you please guide here

Regards

Plaban