Skip to Content
0

Deprovision HANA user from SAP IDM 8.0

Mar 14, 2017 at 07:20 PM

840

avatar image

Hello,

HANA database is connected to SAP IDM 8.0.

I am able to deactivate the user and not able to remove the roles/privileges from deactivated user.

(attribute is privileges and passing value $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(%MSKEY%!!%$rep.$NAME%!!PRIVILEGE!!TRUE)$$ )

Getting the below error with sap_core_getNamesOfAssignedPendingPrivileges function.

putNextEntry (Entry 169410) got DSEInternalException

java.lang.Throwable: Failed running function in string "$FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(169410!!SAPHANA_R3S!!PRIVILEGE!!TRUE)$$". Marking entry as failed. Exception was: org.mozilla.javascript.EvaluatorException: uSelect(SELECT priv_account_name.aValue FROM idmv_value_basic_active pvo_attrvalue WITH (NOLOCK) INNER JOIN idmv_value_basic_active priv_account_name ON priv_account_name.MSKEY = pvo_attrvalue.SearchValue WHERE pvo_attrvalue.AttrName = 'MX_ATTRIBUTE_VALUE' AND priv_account_name.AttrName = '169410' AND pvo_attrvalue.MSKEY IN ( not-existing-mskey ) AND ISNUMERIC(pvo_attrvalue.SearchValue) = 1) got exception com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near the keyword 'not'.

Can you please advise me on this?

Thanks

Purna

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Thomas Golaszewski Mar 16, 2017 at 09:03 AM
3

Hi Purnachandrarao,

normally you should have some MSKEY(s) in the part of the Query where actually "not existing-mskey" is written.

This message is coming from the script "sap_core_getPendingMsKeysInGroup".

Part of the Script:

PendingMSKEY = uGetContextVar("PENDINGMSKEY", "not-existing-mskey");


IdM can't find the context Varibale for "PendingMSKEY". That's the reason why the error appears.

Maybe some setting like "Use context variables" on an UI is missing.

As we don't know where the error actually appears (Jobs / Provisioning Framework) and what is the configuration about - we can't help you.

My advise is to check why the context variable is missing. Analyze it and enjoy the journey. :)

Greetings,

Thomas

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Thomas,

I have connected our HANA DB system from SAP IDM 8.0 for de provision users (removing privileges) and it runs through Job.

I could not able to find where context variable is missing.

Created one Passes with the below attributes (hana-passes.jpg) with required scripts and getting errors.

userName : %WORKFORCEID%

changetype : modify

AUDITID : $FUNCTION.getAuditId()$$

privileges : $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(%MSKEY%!!%$rep.$NAME%!!,!!)$$


hana-passes.jpg

Thanks

Purna

hana-passes.jpg (79.1 kB)
0
Matt Pollicove
Mar 15, 2017 at 11:53 AM
0

Hi Purnachandrarao,

What happens if you paste this query into your SQL tool? Does it work then? Can you debug it from there?

Is this from the Provisioning Framework or is it from something you wrote?

Matt

Share
10 |10000 characters needed characters left characters exceeded
Matt Pollicove
Mar 15, 2017 at 11:53 AM
0

Hi Purnachandrarao,

What happens if you paste this query into your SQL tool? Does it work then? Can you debug it from there?

Is this from the Provisioning Framework or is it from something you wrote?

Matt

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hello Matt,

I have ran the SQL query and there is no returned values of query results (sql-query.jpg)


Thanks

Purna

sql-query.jpg (43.8 kB)
0