cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deprovision HANA user from SAP IDM 8.0

Go to solution
Former Member

on ‎03-14-2017 7:20 PM

0 Kudos

Hello,

HANA database is connected to SAP IDM 8.0.

I am able to deactivate the user and not able to remove the roles/privileges from deactivated user.

(attribute is privileges and passing value $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(%MSKEY%!!%$rep.$NAME%!!PRIVILEGE!!TRUE)$$ )

Getting the below error with sap_core_getNamesOfAssignedPendingPrivileges function.

putNextEntry (Entry 169410) got DSEInternalException

java.lang.Throwable: Failed running function in string "$FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(169410!!SAPHANA_R3S!!PRIVILEGE!!TRUE)$$". Marking entry as failed. Exception was: org.mozilla.javascript.EvaluatorException: uSelect(SELECT priv_account_name.aValue FROM idmv_value_basic_active pvo_attrvalue WITH (NOLOCK) INNER JOIN idmv_value_basic_active priv_account_name ON priv_account_name.MSKEY = pvo_attrvalue.SearchValue WHERE pvo_attrvalue.AttrName = 'MX_ATTRIBUTE_VALUE' AND priv_account_name.AttrName = '169410' AND pvo_attrvalue.MSKEY IN ( not-existing-mskey ) AND ISNUMERIC(pvo_attrvalue.SearchValue) = 1) got exception com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near the keyword 'not'.

Can you please advise me on this?

Thanks

Purna

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

thomas_go1
Explorer
‎03-16-2017 9:03 AM

Hi Purnachandrarao,

normally you should have some MSKEY(s) in the part of the Query where actually "not existing-mskey" is written.

This message is coming from the script "sap_core_getPendingMsKeysInGroup".

Part of the Script:

PendingMSKEY = uGetContextVar("PENDINGMSKEY", "not-existing-mskey");


IdM can't find the context Varibale for "PendingMSKEY". That's the reason why the error appears.

Maybe some setting like "Use context variables" on an UI is missing.

As we don't know where the error actually appears (Jobs / Provisioning Framework) and what is the configuration about - we can't help you.

My advise is to check why the context variable is missing. Analyze it and enjoy the journey. 🙂

Greetings,

Thomas

Show replies
Show replies
Former Member
‎03-21-2017 9:36 PM
0 Kudos

Thomas,

I have connected our HANA DB system from SAP IDM 8.0 for de provision users (removing privileges) and it runs through Job.

I could not able to find where context variable is missing.

Created one Passes with the below attributes (hana-passes.jpg) with required scripts and getting errors.

userName : %WORKFORCEID%

changetype : modify

AUDITID : $FUNCTION.getAuditId()$$

privileges : $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(%MSKEY%!!%$rep.$NAME%!!,!!)$$


hana-passes.jpg

Thanks

Purna

Answers (1)

Answers (1)

former_member2987
Active Contributor
‎03-15-2017 11:53 AM
0 Kudos

Hi Purnachandrarao,

What happens if you paste this query into your SQL tool? Does it work then? Can you debug it from there?

Is this from the Provisioning Framework or is it from something you wrote?

Matt

Show replies
Show replies
Former Member
‎03-21-2017 9:37 PM
0 Kudos

Hello Matt,

I have ran the SQL query and there is no returned values of query results (sql-query.jpg)


Thanks

Purna

Ask a Question