Skip to Content

Modifying an saP IDM enterprise role is not triggering any provisioning tasks to ABAP system

Dear Experts,

There were many posts related to the same query, but unable to post my queries in those posts as it seems to be archived, hence posting it again.

Our Business Requirement - when modified the validity of IDM Enterprise roles, it should update the same in IDM connected systems. The modification of validity of the roles should go for approval and once approved should update new valid dates in IDM and also in the IDM connected systems.

We were able to create an workflow task for modification of role validity dates to go for approval and the dates are being changed in sap Idm too but not triggering any provisioning framework tasks and getting updated in idm connected systems.

IDM system Details:

Version - 8.0 SP0

Provisioning framework version - 1

After browsing many sites and blogs came to know that function to trigger a pre configured Modify Validity workflow for ABAP target systems is available as per SAP Note 2162439 in 7.2 but it is not available for 8.0 systems. IDM 8.0 SAP Provisioning Framework now doesn't support modify validity task, so after modifying the validity of an assignment, no defined task will be triggered.

So i believe we need to create a custom task for it and require your suggestions/inputs/ideas on how to create it.

Approach 1: by Default set the validity dates to the 31-12-9999 indefinitely while pushing roles to ABAP system, but it Idm it would contain the correct validity dates like valid from as 2015-01-01 and valid to 2016-01-01 but in backend system it would be indefinitely. When validity ends in SAP IDM, it would perform de-provisioning and remove the access

Approach 2: Create a dummy role in the target systems, without any authorizations. As part of the role validity modification workflow, create an new attribute which would be assigned to the user and link a custom task to it and assign the dummy role, so as per idm provisioning rule, what all roles are assigned to user in sap idm along with the validity dates would be pushed to backend.

Approach 3: Create a custom modify validity task in the provisioning framework, and it would trigger provisioning task in sap idm.



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Dec 18, 2016 at 08:09 PM

    Dear experts can you please provide your suggestions

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 30, 2016 at 10:08 PM

    Any suggestions please

    Add comment
    10|10000 characters needed characters exceeded