cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Modifying an saP IDM enterprise role is not triggering any provisioning tasks to ABAP system

devaprakash_b
Active Contributor

on ‎10-30-2016 2:13 PM

0 Kudos

Dear Experts,

There were many posts related to the same query, but unable to post my queries in those posts as it seems to be archived, hence posting it again.

Our Business Requirement - when modified the validity of IDM Enterprise roles, it should update the same in IDM connected systems. The modification of validity of the roles should go for approval and once approved should update new valid dates in IDM and also in the IDM connected systems.

We were able to create an workflow task for modification of role validity dates to go for approval and the dates are being changed in sap Idm too but not triggering any provisioning framework tasks and getting updated in idm connected systems.

IDM system Details:

Version - 8.0 SP0

Provisioning framework version - 1

After browsing many sites and blogs came to know that function to trigger a pre configured Modify Validity workflow for ABAP target systems is available as per SAP Note 2162439 in 7.2 but it is not available for 8.0 systems. IDM 8.0 SAP Provisioning Framework now doesn't support modify validity task, so after modifying the validity of an assignment, no defined task will be triggered.

So i believe we need to create a custom task for it and require your suggestions/inputs/ideas on how to create it.

Approach 1: by Default set the validity dates to the 31-12-9999 indefinitely while pushing roles to ABAP system, but it Idm it would contain the correct validity dates like valid from as 2015-01-01 and valid to 2016-01-01 but in backend system it would be indefinitely. When validity ends in SAP IDM, it would perform de-provisioning and remove the access

Approach 2: Create a dummy role in the target systems, without any authorizations. As part of the role validity modification workflow, create an new attribute which would be assigned to the user and link a custom task to it and assign the dummy role, so as per idm provisioning rule, what all roles are assigned to user in sap idm along with the validity dates would be pushed to backend.

Approach 3: Create a custom modify validity task in the provisioning framework, and it would trigger provisioning task in sap idm.

Regards,

DP

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

devaprakash_b
Active Contributor
‎12-30-2016 10:08 PM
0 Kudos

Any suggestions please

Show replies
Show replies
devaprakash_b
Active Contributor
‎12-18-2016 8:09 PM
0 Kudos

Dear experts can you please provide your suggestions

Show replies
Show replies
Ask a Question