Skip to Content
0

SAP IDM User Not getting Deleted in IDM nor Created in Connected System.

Mar 02 at 09:38 AM

67

avatar image
Former Member

User created in SAP IDM with assignments to SAP ABAP systems.

Where we entered wrong user group

MX_ADMIN_UNIT. The user has not been created in

SAP ABAP systems . After that even when i assign the
correct Group ( which is in all connected systems )
the user not got created. Even when I assign
Roles they are not getting assigned in backend SAP Systems.But in IDM UI the roles are visible as assigned.

Even when i try to delete the user. its not been deleted.

we need to use the same user ID as it we use SSO.

Now the user is not created in SAP AbAP systems from IDM
Nor it is getting deleted from IDM.
Is there any way to fix this.

Error log while deleteing user

error-log-idm.png

.

error-log-idm.png (19.1 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Deva Prakash B Mar 05 at 08:36 AM
0

Hi Siva,

Please do note that, from next time onwards, whenever you are posting any question, kindly provide basic details as below and mention them clearly. It will be very helpful for others to provide a solution. In many of your questions you can see Steffi Warnecke asking for the version details. Please follow the guidelines mentioned by Matt Pollicove in this link

IDM System Version:
Support Pack Version:
Database Type:
Troubleshooting Steps which you have performed to resolve the issue.

Coming to your issue, as per the error message in attached screenshot, it states that the idm is unable to identify which user needs to be deleted.

  1. Check whether any value is maintained for this attribute ACCOUNT<mention REP_NAME here without angular brackets>. You can find this value in the database table/view - idmv_vallink_basic/idmv_value_basic. I assume this attribute wouldn't be maintained for the user as the user itself is not created in the target system.
  2. Check the master privilege (priv:rep_name:only) and role assignment status assignment status. you can find the status in the view idmv_link_ext2 , check for mcexecstate if it is in pending removal status (513/1536/1537), try to remove the role or if master privilege is assigned directly remove master privilege with out triggering member even tasks bu using {DIRECT_REFERNCE=1} attribute property and once it is completely removed, then reassign it after updating correct user group (MX_ADMIN_UNIT) to the user.

    If still didn't resolve, please provide the screenshot of the following details
    1) status of assignment in the UI
    2) assignment details in the view idmv_link_ext2 (with these columns mskey,mcexecstate,mcexecstaehierarchy,mcassigneddirect,mcorphan,mcuniqueid,mcvalidfrom,mcvalidto)

Regards,

Deva

Share
10 |10000 characters needed characters left characters exceeded
Jaya Kumar Mar 03 at 08:34 AM
0

Hi Siva,

First can you check the System privilege and Only privilege corresponding to ABAP system, assigned to the user? in DB.

Check the privilege/role status is OK or Pending as well.

Regards,

Jaya Kumar

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hi Jayakumar

System Privilège is not there .I tried removing the role but not getting reomved.

Can you help more technically. which tables to check.

Is it possible to delete the user at DB level if yes any procedure

0

Hi Siva,

then assign system privilege from IDM MMC and delete.

Never delete/modify data from DB directly.

Regards,

Jay

0