cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

What is the attribute used for the Assigning privilege to user ?

Go to solution
Former Member

on ‎07-26-2012 11:05 AM

0 Kudos

Hi ,

I am assigning Privilege to the user , I have used the query

GRANT $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(ACCOUNT%$IMDB_REPO%!!,!!)$$ TO %MSKEYVALUE%

and also i tried with the

GRANT $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(%MSKEY%!!%$IMDB_REPO%!!ROLE)$$ TO %MSKEYVALUE%

Please let me know is this the right attribute which i have used in the above grant query.

I got the below error  in the log , please let me know if you have any idea about this as early as possible.

Failed running function in string "GRANT $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(23!!Z6R!!ROLE)$$ TO HANATEST4". Marking entry as failed. Exception was: org.mozilla.javascript.EvaluatorException: uSelect(SELECT priv_account_name.aValue FROM

Thanks in advance.

Prasanna

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member2987
Active Contributor
‎07-26-2012 1:36 PM
0 Kudos

Prasanna,

IDM Privileges are assigned in a To Identity Store pass, by passing the MSKEY of the desired privilege to MXREF_MX_PRIVILEGE.

You can also pass the complete name of the privilege in <> and SAP IDM will look up the MSKEY for you.

MXREF_MX_PRIVILEGE <SAPPRIV1>

This will also work for passing IDM Role information.

Matt

Show replies
Show replies
Former Member
‎07-30-2012 2:34 PM
0 Kudos

Matt ,

i am not understanding  this MXREF_MX_PRIVILEGE <SAPPRIV1> how to use this.

1 )i have used like this ,

GRANT $FUNCTION.sap_core_getNamesOfAssignedPendingPrivileges(%

MXREF_MX_PRIVILEGE <Privilege name> %!!%$IMDB_REPO%!!ROLE)$$ TO %MSKEYVALUE%

2)  i getting the error when executing the below query

SQL = "SELECT aValue FROM mxiv_simple_entries WITH (NOLOCK) WHERE MSKEY = " + mskey + " AND AttrName IN ('MX_AUTOPRIVILEGE','MXREF_MX_PRIVILEGE')";

The table mxiv_simple_entries is not available in the ID center database.

i am using the IDM version 7.2 please let me know if you have any idea.

got the error like this

got RuntimeException - org.mozilla.javascript.EvaluatorException: uSelect(SELECT aValue FROM mxiv_simple_entries WITH (NOLOCK) WHERE MSKEY = Z6R AND AttrName IN ('MX_AUTOPRIVILEGE','MXREF_MX_PRIVILEGE')) got exception com.microsoft.sqlserver.jdbc.SQLServerException: Invalid object name 'mxiv_simple_entries'.

regards ,Prasanna

former_member2987
Active Contributor
‎07-30-2012 3:01 PM
0 Kudos

Prasanna,

Ok so you are doing this from a query so you must know the mskey of the privilege you are looking for. Not sure how you are doing this query.

I would probably do something like this:

select searchvalue from idmv_value_ext_active where MSKEY = Par and AttrName='MSKEYVALUE'

So you'll notice there are some differences, let me try and explain...

  • First off it's a best practice always to use SearchValue over aValue.
  • If you pass <Z6R> to the script, IDM will look-up the MSKEY for you.
  • I'm not a DBA or even an advanced SQL Query writer, so I can't evaluate the in fuction you are using to check multiple attributes.  I'd suggest getting it working with one attribute first and then getting the more advanced functionality working.
  • I do not see the view idmv_value_ext_active in my SQL Server instance, please try the idmv_value_basic view instead.

This is all of course, assuming that you're looking to return the MSKEYVALUE or some other descriptive attribute for the given Privilege.  You can also replace MSKEYVALUE with DISPLAYNAME.

Hope this helps!

Matt

Answers (0)

Ask a Question