on 12-19-2017 1:49 PM
Hello Gurus,
i hope, everyone are good and rocking ;),
this time i came here to know something about ORPHANED privileges. as far as i know, orphaned privileges are those entries who doesn't have parent entry / parent may be removed. then, MCORPHAN goes 1 to show its status.
question here is ,
i could not remove them via reconcile/repair entry or any custom jobs and assignment operators. is there any way to tackle this issue guys.
I'm strictly forced not to use SQL update query directly in database. I'm in search of finding a custom job or a script i can write to over come. but i read some blogs saying that we cannot remove them via above mentioned methods..
so, i'm up here to seek your help, could you guys please help me to solve this .
suggestions are much more welcome
regards
Mano...
Hello Manojkumar,
Below is the process to remove orphan assignments, in any version of SAP IDM,
You can create a custom job and use to identity store as below
Direct assignment of orphan privilege
MSKEYVALUE - provide user mskeyvalue
changetype - modify
MXREF_MX_PRIVILEGE - {DIRECT_REFERENCE=1}<privilege mskeyvalue>
Removal of orphan privilege
MSKEYVALUE - provide user mskeyvalue
changetype - modify
MXREF_MX_PRIVILEGE - {e}<privilege mskeyvalue>
The above steps should work, if not provide the screen shot of the job and steps performed.
Regards,
Deva Prakash Budati
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Mano,
there is a stored procedure called mxi_deleteOrphanAssigment which can be used to solve your problem.
For more details please refer to note 2499697 Introducing new DB stored procedure for orphan assignments revocation.
Best Regards
Lennart
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mano,
Actually the best answer you have selected is not the best answer.
Don't get me wrong - it works, but much better is to follow the SAP Note
2499697 Introducing new DB stored procedure for orphan assignments revocation.
Provided to you by lennart.kayser
It is a stored procedure which might be later become a house-keeping procedure.
It has options to provision or not provision to backend system during the cleanup and it does it properly also setting some additional audit information.
Regards,
Ivan Petrov
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Matt,
thanks for instant response ,
We are currently using IDM 8.0 and SQL database 2012 . And, i tried using some operators like {e},{d},{D} in the attribute MXREF_MX_PRIVILEGE. since i just want to remove these Orphaned privileges.
For Example:
Attribute Name 'MXREF_MX_PRIVILEGE' and its value like {e}<PRIVILEGE NAME>, replacing with {d},{D} respectively. and i have chosen Changetype as Modify as well.
when i chose Changetype as delete, it deleted entire entry . so i cannot do that .
SO Matt, do you feel that am i doing anything wrong out here?
if so, please let me know
regards
Mano..
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.