Skip to Content
0

SAP IDM - Identify the parent role via which privilege is assigned

Mar 21 at 01:51 PM

57

avatar image

Dear Experts,

I have a requirement to trigger mail notifications to some teams whenever they are assigned. So i have created a privilege in idm and mapped it to few roles. Maintained notification task to the privilege Add memeber event, so that whenever this privilege is assigned to any user it triggers mail notification. This entire flow is working fine, but only challenge is how to identify the role via which this privilege is assigned to user. Unable to get this information in the pending value attributes.

Business Use Case:

There are three teams A, B, C.

Whenever Role 1,2,3 are assigned Team A should be notified via email. Similarly for Role 4,5 its team B and Role 6 it is Team C.

So created three different privileges as priv:alert:teamA, teamb, teamC and mapped to respective IDM roles and linked notification task under Add member event process.

When role1 & 2 are being assigned then the respective team should be notified on which roles are assigned.

In the below screenshot is the sample pending value object which would be created when event task is triggered. Able to identify, the user, the assigner, privilege being assigned but unable to identify the parent role.

Can you please let me know if there any way can maintain the role via which the privilege is assigned to user in the pending value or else only possible solution i find, is to create one privilege with same name as role and map it to the respective role and notified users stating that this role is assigned to users.

Not sure if it is good idea to link the event task to the roles. is it a good idea to do it? if so should i need to maintain it in the add member task after complete role approval process or else link the notification task to the RequestCompleteProcess once the role is assigned to the user and here it checks whether notification needs to be triggered or not and sends notification.

IDM Version - SAP IDM 8.0 SP4

Regards,

Deva

pendingvalue.png (18.9 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Deva Prakash B Mar 23 at 08:33 AM
0

Hello Experts,

Can you please let me know is there any possibility to find the parent role via which the privilege is assigned

Regards,

Deva

Share
10 |10000 characters needed characters left characters exceeded
Chenyang Xiong Mar 26 at 08:03 AM
0

Hi

Please try db view idmv_link_ext to find connection between the privilege and role, and the person - role. But what if a privilege is assigned to multiple business roles and the user has got the all the business roles. Which business role should become the parent of the privilege?

Cheers

Chenyang

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi,

Yes, it is not possible to know if multiple roles have same/common privileges assigned, to know for which role, privilege assigned. :(

Regards,

Jay

0
Jaya Kumar Mar 27 at 07:47 AM
0

Hi Deva,

You can try this query

select aValue from idmv_bw_current_links where MSKEY='RoleMSKEY' and ocName='MX_PRIVILEGE'

to get privilges assigned to the role. One option is check the mcmodifytime/mcaddedtime of the assigned privileges and roles from the user.

You can get approximately but not exactly.

Regards,

Jay

Share
10 |10000 characters needed characters left characters exceeded