Skip to Content
0

SAP IDM - role in failed status for user : Invalid time interval: Start date after end date

Jun 12, 2017 at 02:55 PM

141

avatar image
Former Member

IDM business roles gets in failed status for user due to error :

Exception from Modify operation:com.sap.idm.ic.ToPassException: Invalid time interval: Start date 06/08/2017 after end date 03/28/2016

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Steffi Warnecke
Jun 12, 2017 at 03:00 PM
1

Well... because 2017 comes after 2016 and here you want to put it the other way around (want to start something this year, but it ends last year). I'd guess a typo.

So what's unclear?

.

Regards,

Steffi.

Show 8 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Thanks for reply Steffi,

User was disabled in 03/28/2016, and now joined the organization back so when tried to assign the business roles it got failed since users validity was 03/28/2016.

Then I have extended the user validity in IDM and tried to retry the assignment still it is failing.

0

And what are the dates now for that user in the backend? Maybe it's not provisioned? Is he/she still disabled? I'd check that before you try assigning privileges or business roles.

0
Former Member

Hi Steffi,

Currently user is active in IDM as well as in backend system. However if I try to re-try the Business Role assignment its goes to fail status again with the error as : "Invalid time interval: Start date 06/08/2017 after end date 03/28/2016".

But if I change any user parameter from IDM like Phone no. it is getting updated properly in target system.

I feel in IDM database for this user start valid till date is saved as 03/28/2016, that the reason even if I removed failed BR and assign it back it goes to failed status.

Can you please suggest, what can be done here?

0

So there is still a business role attached, but with wrong dates? Can you share a screenshot?

0
Former Member

Business roles (SF*) not assigned with any validity in IDM still fail status.

error.jpg (77.4 kB)
0

And if you expand them? What about the related privileges?

Another idea wiuld be to check directly in the database for this user and the assignments.

0
Former Member

nother idea wiuld be to check directly in the database for this user and the assignments.

---> Can you please suggest where I can check this?

0

This should be table "idmv_link_ext" for checking the identity-privilege links with validity. Depending on your database you either use the Oracle SQL developer or the MS SQL Server Management Studio (or whatever is used for DB2 ^^).

0
Deva Prakash B Jul 12, 2017 at 08:59 AM
0

Hi Swapnil Dimble,

As per steffi you have removed the validity dates and tried provisioning too but still it is failing.

Please check if you are passing any validity dates in the idmv_link_ext view as suggested by steffi.

If no validity dates are there, then please remove the role and assign it without validity dates. IF still it failed, then there might be any issue with the dates calculating in the script maintained in AssignALLABAPPrivileges task.

Kindly please inbox me your email id incase need to do any screensharing

Regards,

DP

Share
10 |10000 characters needed characters left characters exceeded