Skip to Content
avatar image
Former Member

Provisioning tasks not getting initiated when done in bulk

Hello IDM Gurus,

Needed your help with an issue we're currently facing; We're having an odd problem with provisioning/deprovisioning to our ABAP repositories. For each repository we are using the Add Member/ Remove Member tasks; for all repositoies, both the Add Member and Remove Member event tasks trigger a similar task that basically through the means of a script checks to see whether a user already has privileges within the target repository or not, then accordingly either adds the new privilege to the existing account or creates a new account and adds the new privilege; after the initial check is made, the decision on whether to add the privilege to the existing account or create a new one and add the privilege is done through a uProvision call from the script itself to the appropriate provisioning task for the specific repository in question; the check for whether the account exists or not is done within the Provisioning task itself.The same process is followed for deprovisioning as well. An example of how this would work is:

JohnDoe has no account in Repository A;

Privilege X (associated with repository A) is added to his account;

The script is called and a check is made; the provisioning task for repository A is called;

The provisioning task checks and sees that JohnDoe doesn't have an account in repository A, so an account is created and Privilege X is added to the new account.

After this, we add two new privileges Y and Z(both associated with repository A) to JohnDoe

The script is called and a check is made; the provisioning task for repository A is called;

The provisioning task checks and sees that JohnDoe has an account in repository A, so the two new privileges are simply added to the existing account.

This all works perfectly as long as we only work with one repository at a time; i.e. only add and remove privileges from one repository at a time; make all changes related to privileges for one repository; hit update; then try doing the same again for another repository. Whenever we make multiple changes related to multiple repositories, random things start happening, some changes go across in full, but some just don't; there's no logic in why certain changes happen and certain don't.

Does this have something to do with working with just one dispatcher? is it not able to handle that many changes at once? I tried using privilege/assignment grouping for each repository, grouping it by repository name as it should inherently group add and remove task, but even that didn't have any effect. Privilege changes were still going missing.

Any suggestions / ideas to rectify this behavior?

I would appreciate any help with the issue! Thanks in advance!

Best regards,

Sandeep

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Oct 12, 2011 at 09:23 AM

    Hello IDM Gurus,

    Does anyone happen to have any idea or understanding of what might be happening in the background? what could possibly be making provisioning requests disappear? or just not get initiated? is the load on the dispatcher too much? should privilege grouping be used in a more optimal configuration? Would greatly appreciate any suggestions or thoughts you might have on the issue!

    Thanks in advance!

    Best regards,

    Sandeep

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Matt Pollicove

      Yes; it's unfortunately more common than one would hope.

      It definitely requires a lot more planning and thought and like one might think it isn't exactly just a hot swap of environments; what you're doing in Windows is not the exact same thing you'd end up doing when setting up with UNIX; things have to be scrutinzed a lot more.

      hmmmmm; good experience, nevertheless. 😊