Skip to Content
author's profile photo Former Member
Former Member

Removal of IDM Role does not remove MXREF_MX_PRIVILEGE

Hi SAP IDM Experts,

I'm encountering a strange problem that I can't seem to figure out; When removing an IDM role comprising multiple system privileges (The roles are configured with the technical system privileges assigned as "Member Privileges"), the role easily gets removed but the privileges contained within are still left within the IDM account; this leaves the account in a weird state of not showing the IDM role, but the Privileges still exist in IDM and in the target systems as well. This forces us to remove the system privileges again as a separate action inside the IDM account; this doesn't make sense and shouldn't have to happen if you remove the main IDM role containing these privileges in the first place.

Any idea on why this might be happening? how can this be fixed?

Thanks and Best regards,

SJ

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jul 30, 2012 at 09:33 PM

    Hi Sandeep, is this happening for all the users or only few users. why i am asking this is if it is for some users then those users might have so called dirty flag which will stop them from getting those priv's. You can do role reconcile. for them.

    Thanks,

    Arun

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Sandeep

      You said you mass loaded the users? How? Was it with Initial Load jobs?

      just guessing: these priviliges (e.g. SAP profiles) were already/are assigned to the users in the source system before the initial load. Afterwards you assigned a business role to them which also contained these privileges. Then you have the privileges once in automatic and in direct assignment, so if you remove the role the direct ones still exist.

      Maybe it's that simple?

      Regards

      Michael

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.