How to remove role\privileges assignment from iden...

Former Member · ‎10-26-2017

How to remove role\privileges assignment from indentity

.
I checked already similar topic but no solution.
In IdM UI I found an inactief identity but still with an assigned (role)privilege.
Status is in progress (see enclosed image)
I tried to remove role/privilege assignment on IdM UI. This option was not the solution.

So i made a job to delete role\privilege assignment of identity. See enclsoed image.
Nothing happend. What do i wrong or what possiblities do i have.

I also changed MX_PRIVILEGE to MX_ROLE. No result
I also changes {e} to {d}. No result

devaprakash_b · ‎10-27-2017

Hi Vorstenbosch,

As per the screenshot, it seems to be that wrong attribute is maintained in the destination tab. It should be MXREF_MX_PRIVILEGE.

And also you need to provide the mskeyvalue/uniqueid of the privilege inside the angular braces like below

MXREF_MX_PRIVILEGE - {e}<PRIV:ROLE:*>

try to remove the privilege using the above syntax.

as per the UI screenshot, it seems to be the status of the privilege might be not allowed. so can you share the status of the privilege from the data base table.

select mcuniqueid,mcthismskeyvalue,mcothermskeyvalue,mcexecstate,mcexecstatehierarchy,mcassigneddirect,mcorphan from idmv_link_ext2 where mcthismskeyvalue = 'provide the mskeyvalue/uniqueid of the user inside single quotes'

Regards,

DP

brandonbollin · ‎11-08-2017

On the third line of your Destination tab, it should read as follows:

MXREF_MX_PRIVILEGE {e}<PRIV:ROLE:xxxxxx>

The MSKEYVALUE of the privilege you're trying to remove must be encapsulated in the greater than / less than characters, <>. This way IDM knows your referring to the privilege by MSKEYVALUE. If you don't use the <> on either side of the value, IDM assumes your passing in an MSKEY. That's why the error message you're getting says, "Entry reference value is not numeric", as MSKEYs are only numbers.

Former Member · ‎11-10-2017

Deva, Brandon and C Kumar,

I followed the instructions of Deva and issue is solved.

Thanks for the info and support.

Regards,

Jan Vorstenbosch

Former Member · ‎11-09-2017

I add < > and now job is not running in error. But i still got mcExecState = 1536.
We are using as database MS SQL 2012.

Deva Prakash B

select * from idmv_link_ext where mcthismskey = usermskey and mcothermskeyvalue = 'PRIV:ROLE:OGPCLNT100:C:GTW:0000:INZET_VERANTWOORDEL' --> mcMasterPrivLinkid

Same statement for MS SQL 2012???

update MXI_LINK set mclinkstate =2 ,mcexecstate =1025,mcexecstatehierarchy =1025,

mcaddaudit = NULL ,MCLINKTYPE =0, MCLASTAUDIT =0 ,MCAUDITID = 0

C Kumar

I do not understand you comment --> If any case you are planning to run the Update query, please don't forget to take the database bafore.

Former Member · ‎11-08-2017

mcExecState = 1536
I changed job:
MSKEYVALUE <mskeyvalue>
changeType modify
MXREF_MX_PRIVILEGE {e}PRIV:ROLE:OGPCLNT100:C:GTW:0000:INZET_VERANTWOORDEL

Job run details
putNextEntry failed storing <mskeyvalue>
Exception from Modify operation:com.sap.idm.ic.ToPassException: ToIDStore.modEntry failed modifying entry '<mskeyvalue>'. IDStore returned error message: " Entry reference value is not numeric:Attribute: MXREF_MX_PRIVILEGE" when storing attribute ={e}PRIV:ROLE:OGPCLNT100:C:GTW:0000:INZET_VERANTWOORDEL'

How to remove role\privileges assignment from identity

Accepted Solutions (0)

Answers (5)

Answers (5)

Re: [XSLT]: Dynamic rows creation and values(in co...

Re: Connecting SAP CAP with SAP Cloud ALM

Re: How to configure alerts in Time and Material J...

How to configure alerts in Time and Material Journ...

Re: How to use node modules in SAPUI5 Fiori Javasc...