cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP IDM - role in failed status for user : Invalid time interval: Start date after end date

Former Member

on ‎06-12-2017 3:55 PM

0 Kudos

IDM business roles gets in failed status for user due to error :

Exception from Modify operation:com.sap.idm.ic.ToPassException: Invalid time interval: Start date 06/08/2017 after end date 03/28/2016

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Steffi_Warnecke
Active Contributor
‎06-12-2017 4:00 PM

Well... because 2017 comes after 2016 and here you want to put it the other way around (want to start something this year, but it ends last year). I'd guess a typo.

So what's unclear?

.

Regards,

Steffi.

Show replies
Show replies
Former Member
‎06-12-2017 5:22 PM
0 Kudos

Thanks for reply Steffi,

User was disabled in 03/28/2016, and now joined the organization back so when tried to assign the business roles it got failed since users validity was 03/28/2016.

Then I have extended the user validity in IDM and tried to retry the assignment still it is failing.

Steffi_Warnecke
Active Contributor
‎06-12-2017 10:06 PM
0 Kudos

And what are the dates now for that user in the backend? Maybe it's not provisioned? Is he/she still disabled? I'd check that before you try assigning privileges or business roles.

Former Member
‎06-19-2017 5:10 AM
0 Kudos

Hi Steffi,

Currently user is active in IDM as well as in backend system. However if I try to re-try the Business Role assignment its goes to fail status again with the error as : "Invalid time interval: Start date 06/08/2017 after end date 03/28/2016".

But if I change any user parameter from IDM like Phone no. it is getting updated properly in target system.

I feel in IDM database for this user start valid till date is saved as 03/28/2016, that the reason even if I removed failed BR and assign it back it goes to failed status.

Can you please suggest, what can be done here?

Steffi_Warnecke
Active Contributor
‎06-19-2017 10:23 AM
0 Kudos

So there is still a business role attached, but with wrong dates? Can you share a screenshot?

Former Member
‎06-19-2017 7:09 PM
0 Kudos

Business roles (SF*) not assigned with any validity in IDM still fail status.

Steffi_Warnecke
Active Contributor
‎06-20-2017 6:58 AM
0 Kudos

And if you expand them? What about the related privileges?

Another idea wiuld be to check directly in the database for this user and the assignments.

Former Member
‎06-27-2017 9:07 PM
0 Kudos

nother idea wiuld be to check directly in the database for this user and the assignments.

---> Can you please suggest where I can check this?

Steffi_Warnecke
Active Contributor
‎07-03-2017 12:25 PM
0 Kudos

This should be table "idmv_link_ext" for checking the identity-privilege links with validity. Depending on your database you either use the Oracle SQL developer or the MS SQL Server Management Studio (or whatever is used for DB2 ^^).

devaprakash_b
Active Contributor
‎07-12-2017 9:59 AM
0 Kudos

Hi Swapnil Dimble,

As per steffi you have removed the validity dates and tried provisioning too but still it is failing.

Please check if you are passing any validity dates in the idmv_link_ext view as suggested by steffi.

If no validity dates are there, then please remove the role and assign it without validity dates. IF still it failed, then there might be any issue with the dates calculating in the script maintained in AssignALLABAPPrivileges task.

Kindly please inbox me your email id incase need to do any screensharing

Regards,

DP

Show replies
Show replies
Ask a Question