cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IdM 7.2 - prevent mass operation

michaelfranke
Participant

on ‎12-14-2016 11:06 AM

0 Kudos

Hello together,

we have scheduled daily jobs to synchronize our IdM data with the satelite systems. It is possible that through these jobs many data will be modified. Therefore we want to build a functionality which checks how many data will be changed.

For example:

One pass creates a table "A" with all roles/profile from ABAP system.
Another pass creates a table "B" with all roles/profiles from this ABAP system stored in IdM.
The third task compares table "A" with table "B" and synchronize the data.

At the moment we have two scripts configured in the third task:

Initialization script: define global var counter
Entry script: check counter and stop job if the counter has a specific value; otherwise counter ++

Is it possible to check how many data will be changed through a pass? Something like a count of rows/entries of the sql statement in the source tab..

How do you prevent your landscape/system regarding undesired mass operations?

Thanks in advance

Michael

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member201064
Active Participant
‎12-14-2016 8:25 PM
0 Kudos

Hello Michael,

that should be possible. I don't think the B pass is needed, I'd replace the table select by a larger query in the C pass or something like that. If you don't have too many users the performance in the end should be quite good.

I did something similar without a counter. I set up a reprovisioning of not changed extensionAttributes in the AD compared to the IdM values every hour. If I'd wanted to use a counter I would do some precheck with a count(*) in the query I use. I guess giving an example is better then blank theory. Add with (nolock) when you have an MSSQL, Oracle syntax may be a bit different though (been almost two years since I last did something in an Oracle system...):

Example for changes on firstname I assume MSKEYVALUE = logonuid. If not you would have to add a join which then compares ACCOUNT<repName> and logonuid. Hm, might be useful anyway, or joining on the system priv or something.

select count(*) from (
select e.mcmskey, e.mcmskeyvalue,
(select avalue from idmv_value_ext where mskey = mcmskey and attrname = 'MX_FIRSTNAME') firstnameIdM,
(select firstname from sap<repName>user where logonuid = mcmskeyvalue) firstnameSAP  
from idmv_entry_simple e where mcEntryType = 'MX_PERSON'
) allrows
where not firstnameSAP = firstnameIdM

Should be quite fast. Do this for all wanted attributes. Summing them up either via SQL. Has to be some union stuff, but I would have to google it, too. Or more simple inside the init script of the last pass.

Maybe you even can set up an SQL function which contains that code and takes attrname and table name as value. The column name has to be given, too. Does it work? I don't know by hand, but somehow it should be possible. A function saves no execution time whatsoever, but increases the codes readability to the max. I did this e.g. for switch tasks which not only reduced each of the queries in length, but also unified the queries for 150+ tasks (a no to the query builder!).

I actually neither have a real prevention of mass changes, nor do I want this. Sometimes I even trigger mass changes like correcting telephone numbers, locking of users or other stuff. The only thing I do is delaying some actions by 5 minute per 50 entries. I even have a calculation script which does this 🙂

Using the Delta mechanism? I say no thanks.

Best regards

Dominik

Show replies
Show replies
michaelfranke
Participant
‎12-16-2016 8:29 AM
0 Kudos

Hello Dominik,

Thanks. I will check it.

BR

Michael

Ask a Question