Skip to Content

Updating User in IDM Does Not Reflect in Connected SAP AS ABAP System

Hello Experts,

We are working on a IDM scenario on IDM 7.2. We have done the configuration as per the configuration guide, and successfully done an initial load of the users from a connected SAP ABAP system. From the IDM UI, when we change an user (Via web enabled tasks), the user record gets modified in IDM, but the changes do not get reflected in the connected ABAP system. When we look for system logs or tasks in the Identity Center, we do not find any entries. Can you please guide us in with some pointers, so as to why this behavior might be occurring?

Thanks and Regards,

Sid

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • avatar image
    Former Member
    Apr 19, 2013 at 01:16 PM

    Hi  Siddhartha,

      You should check if you are set your master privilege on the Repository - master privilege.

    Before that check if you have master privilege created for the system PRIV:RepName:ONLY and when you are started, check for PRIV:SYSTEM:RepName..

    BR

    Simona

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Avik Dutta

      Hi Avik

      I would expect that you have a disabled task in there somewhere.  It won't tell you which one, it'll just sit there.

      You might also find that something is missing a dispatcher.

      Peter

  • Apr 19, 2013 at 01:01 PM

    Hello Sid,

                  in such a case the hook task to create an abap user as defined in the repository should be called. Check the job log for this task and see if there is any information. Also ensure that this task is enabled and assigned a dispatcher.

    Thanks,

    Chris

    Add comment
    10|10000 characters needed characters exceeded

    • Christopher Leonard wrote:

      Hello Sid,

                    in such a case the hook task to create an abap user as defined in the repository should be called. Check the job log for this task and see if there is any information. Also ensure that this task is enabled and assigned a dispatcher.

      Thanks,

      Chris

      The hook task MX_HOOK7_TASK is assigned the value 370/7. Disable ABAP User, but unfortunately the task is not getting called when I disable the user in the IDM UI. The task is enabled and the job enderneath it 3258/LockUnlockAbapUser is assigned a dispatcher. Where do I need to assign event task that would trigger this provision?

  • Apr 19, 2013 at 09:13 PM

    I suspect there is a problem with some tasks in the Provisioning Queue. Apart from the Modify operation which you are performing, is anything else (like assigning a role) flowing to AS ABAP system ?

    Cheers,

    Murali

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Murali,

      Currently nothing is getting reflected in the ABAP system. I suspect we need to assign some task events somewhere but I dont know the details where to assign which event. Currently the web enabled task "Disable Identity" gets called when I disable any user from IDM UI. I need some details on where to assign which which event that would trigger the provision into the target system. Any help would be appreciated.

      Many Thanks,

      Avik

  • Apr 29, 2013 at 09:37 AM

    Hello Avik,

    now that's some frustrating issue. Somethings working (the queue fills up) and then... nothing. I hate those, too. ^^

    When you go to the Status-overview, where you can see ALL the jobs (should be right at the top under "Management"), sort by state and look for "error". Is there any job like this? Try restarting them (Right klick > Run now).

    Also try restarting the dispatcher, that you assigned to this job. Maybe something is stuck there (happens to our system sometimes).

    Check the settings of the dispatcher, too to see, if it is allowed to run tasks and jobs. When you klick on "Dispatchers", an overview opens where you can set different settings for the dispatcher like "Tasks", "Approvals", "Jobs" etc.

    Regards,

    Steffi.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 02, 2013 at 01:48 AM

    HI Sid,

    Just wondering if you managed a fix to this issue?  We have an almost identical issue whereby we are unable to modify the backend abap systems.

    I can confirm the following is in place and checked:

    (1) The user has the repository system priv (PRIV:SYSTEM:REP) assigned.

    (2) The system priv above has both the modify job inherited from the repository and the relevant attributes ticked as triggers on the task tab.

    [Note: We have tried global constant values of both 0 & 3 for MX_PRIV_MODIFY_POLICY]

    (3) The hook tasks in the repository appear correct.

    (4) All modify jobs, plugins etc are enabled

    (5) The jobs are set to dispatch and the dispatchers have no obvious issues ( & been restarted)

    (6) We have traced the user with little sucess also.

    The result is we get line items in the 'Provisioning Queue' for the modify job and its underlying log and synchronous check, though they are identified as disabled and error states with no further info and no update to the abap system and nothing further in the job log.

    Thoughts? Any feedback would be appreciated, as the above (from my understanding) is all the pieces of the puzzle correct, though no result.

    Cheers,

    Andrew Whitebrook

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Sid,

      We have just managed to process end to end with updates in our abap system.  The difference seems to be at the job level.  When using a copy of the standard modify job in our namespace, we had no luck, though with the standard job, it worked fine.  So I would suggest following steps 1 - 4 in the post above, set the global constant to either 0 or 3 depending on your requirement and use the standard modify job.

      Good luck!

      Andrew Whitebrook.