Skip to Content
0

Role/Privilege Shows in OK Status but not replicating in AD Backend System

Feb 15 at 10:29 AM

55

avatar image
Former Member

Hi Experts,

In my current assignment, IDM Being parent system and AD,SAP system are Child system. And we are managing few AD groups dynamically based on user's location.

Issue is a user is assigned to AD group Dynamically in IDM via Role, which shows OK status in IDM however it didn't replicated into AD.

Issue is for Role Delete Button is disabled as Role is assigned to user Dynamically.

Can you please advise me action?

issue.png (8.7 kB)
10 |10000 characters needed characters left characters exceeded

Hello Ravi,

is this issue just for one user or for all?

And please share also your IDM version and database.

.

Regards,

Steffi.

PS: Your secondary tag ("BW Operational Data Provisioning (ODP") has nothing to do with IDM or this question, so I would ask you to delete it.

0
Former Member

Its just one user. Other users are working fine.

We are in IDM 7.2 version, SQLOLEDB

I just think, is there a way I can push the assignment again?

0
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Steffi Warnecke
Feb 16 at 02:10 PM
0

You wrote, that the business role is assigned dynamically? I assume you mean via a dynamic group?

The easiest way to re-assign that business role and trigger reassigment of the attached privileges would be to exclude the mskey of the user in the SQL filter query of the dynamic group, recalculate the group (the user will be deleted from the BR), wait a moment, then put the SQL filter back to normal, recalculate the dynamic group again and check if the assignments now went to the backend.

.

That's what I normally do. ^^

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

So I have another case, what if Privilege is in Pending state?

Situation is similar - I'm unable to remove Privilege as Privilege is coming from Dynamic Role.

0

Then you need to check why it is pending. Maybe the account is not created, maybe it's another reason. Channel your inner Sherlock Holmes and try to find the underlying issue. ;)

.

Regards,

Steffi.

0