cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP IDM8.0- not able to assign DB privilege

Go to solution
former_member256680
Participant

on ‎05-10-2018 1:34 PM

0 Kudos

Dears,

I have connected Non-SAP repository (Oracle DB) & defined all required parameters.

I am creating manual privilege (with DB repository assigned to it) from IDM8 UI and then assigning it to user from UI. But no jobs are triggered after assignment. Below are some more details about configuration..

1. I have similar working setup in IDM7.2 and trying to implement in SAP IDM8.0

2. The processes (task) are similar to IDM7.2 and i have done required changes in scripts/parameter values.

3. I can see that newly created privilege is available in IDS DB but not getting updated in destination DB.

3. the below query should get executed after priv. assignment

INSERT INTO NES_SAPIDMUSER (SAP_USERID,SAPIDM_GROUP_NAME) VALUES ('%MSKEYVALUE%','$FUNCTION.GetPrivilegeMSKEYVALUEclean(%MXREF_MX_ROLE%)$$')

I am not getting any logs, kindly help, where to check detailed logs ??

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member256680
Participant
‎05-30-2018 4:03 PM
0 Kudos

Hi All,

SAP development team help to resolve issue. There was mismatch between my Eclipse version & IDM 8.0 SP05.

Now i am able to assign priviliges to Non-SAP applications.

Thank you.

Show replies
Show replies

Answers (2)

Answers (2)

former_member256680
Participant
‎05-17-2018 10:42 AM
0 Kudos

Hi Deva,

Thanks for reply.

Member event tasks of privilege in IDM UI shows "inherited" from repository type.

I have attached result of SQL query.

I have observed that, the Processes (TASK) which should be executed after assignment are not visible in UI. But the custom package is checked out & all required processes are "made public".

Also there is no "qualified name" for processes after i make them public. Is their something wrong ?

Show replies
Show replies
devaprakash_b
Active Contributor
‎05-17-2018 1:00 PM

It should be InHerited only at the privilege, as the event tasks would be inheriting it from the repository level.

  1. Check whether the process type is AddMember PRocess in the properties of the task
  2. Also check the status of the privilege assigned to user, whether it is in pending status
  3. also check if any tasks any related pending tasks available in the provisioning queue for the user.
  4. is master privilege (priv:repname:only) is assigned to user and is in okay status.

Below are my observations after re checking the attached repository screenshots.

  • Usually in 8.0, the provisioning engine framework tasks needs to maintained at repository level. its not calling the provision, modify & Deprovision tasks available in the sap standard provisioning engine package.
  • this is the process which I consider connecting any new system to IDM
  1. Create new custom connector package
  2. Create new repository type under the newly created connector package
  3. Create new folders by name Triggers and Plugins under the process folder
  4. Create three new process by name, Provision, Modify & Deprovision under Triggers folder and link the respective tasks available in the provisioning engine package.
  5. Create the following plugins tasks under the plugins folder, by name CreateUser, ModifyUser, DeleteUser,AssignUserMembership, RemoveUserMembership etc., and under them create and link the custom tasks

Please refer to the below links for more information and also check how the provisioning framework(engine and connector) flow for the abap systems and and set it up in the same manner.

https://help.sap.com/viewer/4773a9ae1296411a9d5c24873a8d418c/8.0/en-US/8ced739a6a3e4f6b9dd9017ebaa47...

https://help.sap.com/viewer/4773a9ae1296411a9d5c24873a8d418c/8.0/en-US/190596659b1245399f0fed52b4349...

former_member256680
Participant
‎05-22-2018 1:59 PM
0 Kudos

Hi Deva,

Actually i followed steps as per IDM7.2 and it worked for IDM7.2 for assigning privileges.

https://www.sap.com/documents/2015/07/aaeb8454-5a7c-0010-82c7-eda71af511fa.html.

In IDM8.0, does same logic works too? i dont find any such document for IDM8.0

devaprakash_b
Active Contributor
‎05-14-2018 9:32 AM
0 Kudos

Hi Imran,

As you have mentioned in your post, that you are creating privilege manually from IDM UI, can you check whether the memeber event tasks are assigned to the privilege in the db.

"I am creating manual privilege (with DB repository assigned to it) from IDM8 UI and then assigning it to user from UI. But no jobs are triggered after assignment."

Execute the below query in db and check whether the member event tasks attributes are assigned to the privilege.

"SELECT * FROM IDMV_VALLINK_BASIC WHERE MSKEY IN (SELECT MCMSKEY FROM IDMV_ENTRY_SIMPLE WHERE MCMSKEYVALUE = '<please mention here the mskeyvalue or unique id of your newly created privilege with out angular brackets>' "

Regards,

Deva

Show replies
Show replies
Ask a Question