on 03-14-2017 7:20 PM
Hello,
HANA database is connected to SAP IDM 8.0.
I am able to deactivate the user and not able to remove the roles/privileges from deactivated user.
(attribute is privileges and passing value $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(%MSKEY%!!%$rep.$NAME%!!PRIVILEGE!!TRUE)$$ )
Getting the below error with sap_core_getNamesOfAssignedPendingPrivileges function.
putNextEntry (Entry 169410) got DSEInternalException
java.lang.Throwable: Failed running function in string "$FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(169410!!SAPHANA_R3S!!PRIVILEGE!!TRUE)$$". Marking entry as failed. Exception was: org.mozilla.javascript.EvaluatorException: uSelect(SELECT priv_account_name.aValue FROM idmv_value_basic_active pvo_attrvalue WITH (NOLOCK) INNER JOIN idmv_value_basic_active priv_account_name ON priv_account_name.MSKEY = pvo_attrvalue.SearchValue WHERE pvo_attrvalue.AttrName = 'MX_ATTRIBUTE_VALUE' AND priv_account_name.AttrName = '169410' AND pvo_attrvalue.MSKEY IN ( not-existing-mskey ) AND ISNUMERIC(pvo_attrvalue.SearchValue) = 1) got exception com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near the keyword 'not'.
Can you please advise me on this?
Thanks
Purna
Hi Purnachandrarao,
normally you should have some MSKEY(s) in the part of the Query where actually "not existing-mskey" is written.
This message is coming from the script "sap_core_getPendingMsKeysInGroup".
Part of the Script:
PendingMSKEY = uGetContextVar("PENDINGMSKEY", "not-existing-mskey");
IdM can't find the context Varibale for "PendingMSKEY". That's the reason why the error appears.
Maybe some setting like "Use context variables" on an UI is missing.
As we don't know where the error actually appears (Jobs / Provisioning Framework) and what is the configuration about - we can't help you.
My advise is to check why the context variable is missing. Analyze it and enjoy the journey. 🙂
Greetings,
Thomas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thomas,
I have connected our HANA DB system from SAP IDM 8.0 for de provision users (removing privileges) and it runs through Job.
I could not able to find where context variable is missing.
Created one Passes with the below attributes (hana-passes.jpg) with required scripts and getting errors.
userName : %WORKFORCEID%
changetype : modify
AUDITID : $FUNCTION.getAuditId()$$
privileges : $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(%MSKEY%!!%$rep.$NAME%!!,!!)$$
Thanks
Purna
Hi Purnachandrarao,
What happens if you paste this query into your SQL tool? Does it work then? Can you debug it from there?
Is this from the Provisioning Framework or is it from something you wrote?
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Matt,
I have ran the SQL query and there is no returned values of query results (sql-query.jpg)
Thanks
Purna
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.