cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can't find apparent duplicate role

Go to solution
Former Member

on ‎07-10-2012 8:42 PM

0 Kudos

Hi SAP IDM Experts!

I have a weird problem that I'm facing in our IDM environment; I have a requirement to create new roles within IDM, but when trying to create one specific role I get an error "IS_CreateEntry failed: Entry already exists". Now obviously, I was a bit surprised that this role name already existed, but after looking through the list of roles and even searching for the same conflicting name in the database (MXIV_SENTRIES) I couldn't find any trace of the conflicting role.

where does this duplicate role possibly exist? which table can I search to find it as I apparently can't see it anywhere in the MMC console? Is there a specific table where roles that are not enabled during creation get put into? As I managed to create a few roles with no issues but even though they were visibly created in the MMC, they never showed up in MXIV_SENTRIES as those role entries were not enabled. The second I enabled the entries the roles showed up in the DB. Where are they being stored before being enabled? This might give me a clue as to where to look for this mystery role that's not allowing me to create it in the MMC.

Would greatly appreciate your help with trying to sort this issue out!

Thanks a lot in advance!

Best regards,
Sandeep

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-11-2012 4:23 AM
0 Kudos

You duplicate entry is probably inactive, that's why it's not in that table.  It doesn't even have to be a role that it's a duplicate of, it could be any other entry as well (person, privilege, etc.)

Sorry I can't help you with the tables, been too long since I've worked with 7.1 and I don't have a test system to look at, but look for an inactive entry that has that same name.

Show replies
Show replies
Former Member
‎07-12-2012 10:47 AM
0 Kudos

Hi Chris!

Thanks for your quick response! I have unfortunately still not been able to find the inactive role entry (checked as a person or a role also) anywhere in the DB or the MMC; will try looking again!

Thanks and Best regards,
Sandeep

Former Member
‎07-15-2012 1:34 PM
0 Kudos

Hi,

I managed to fix this myself; in case this helps anyone, you can firstly find the "inactive" entry within the "MXIV_ALL_SENTRIES" view that will contain ALL entries, inactive / active. Once you have confirmed the MSKEYVALUE stored for that entry, you can create a custom job with a "To Identity Store" pass, changetype "delete", MX_ENTRYTYPE as "MX_ROLE" (in this instance), and pass in the known MSKEYVALUE; this way the ghost role easily gets removed from the Identity store.

Thanks Chris for your help with this!

Best regards,
Sandeep

Answers (0)

Ask a Question