Hi Peter,

Thx for the follow up.

I've removed the spaces after the "/" but it still doesn't work. I probably missed something but I don't know what.

I asked to upgrade to SP8. I hope that will fix this last annoying problem then I will be able to enjoy this great product 🙂

Any experience with SP8 ?

Just got it installed.  Haven't had a chance to test the upgrade yet but my reading of the script is its still a problem.  Perhaps they've fixed it in the 'write' step to set an audit ID of at least something (-1 would do) but I won't know until I test.

The easiest thing you might find is just ending each string at the '/' and starting a new one.  So:

var sql="select blah blah /

blah blah";

becomes

var sql = "select blah blah ";

sql = sql + " blah blah";

That should resolve the issue.  I'd also put:

uWarning(sql);

after its finished being built - that will let you see what it is thats being queried (and you can copy and paste it into an sql tool which will give you better error reporting on the SQL).

Peter

Just got it installed.  Haven't had a chance to test the upgrade yet but my reading of the script is its still a problem.  Perhaps they've fixed it in the 'write' step to set an audit ID of at least something (-1 would do) but I won't know until I test.

The easiest thing you might find is just ending each string at the '/' and starting a new one.  So:

var sql="select blah blah /

blah blah";

becomes

var sql = "select blah blah ";

sql = sql + " blah blah";

That should resolve the issue.  I'd also put:

uWarning(sql);

after its finished being built - that will let you see what it is thats being queried (and you can copy and paste it into an sql tool which will give you better error reporting on the SQL).

Peter

Just got it installed.  Haven't had a chance to test the upgrade yet but my reading of the script is its still a problem.  Perhaps they've fixed it in the 'write' step to set an audit ID of at least something (-1 would do) but I won't know until I test.

The easiest thing you might find is just ending each string at the '/' and starting a new one.  So:

var sql="select blah blah /

blah blah";

becomes

var sql = "select blah blah ";

sql = sql + " blah blah";

That should resolve the issue.  I'd also put:

uWarning(sql);

after its finished being built - that will let you see what it is thats being queried (and you can copy and paste it into an sql tool which will give you better error reporting on the SQL).

Peter

I don't have the Script arror anymore, but even the steps i've described above, it doesn't work.

Can you see the error I made in the 4 steps ?

I'm happy to read someone else has installed SP8.

It really seems great !

Hi Nicolas

SP8 fixes the problem if my initial tests are correct.  Instead of getting mcAddAudit = NULL we now get mcAddAudit = <something>.

What is happening is that during the initial load it assigns the profile and immediately triggers provisioning.  That provisioning auditid is used as the audit Id of the profile so that it satisfies the SQL.

What that means is that during initial load the system is writing back to the source system immediately with the updated user.  Personally I'd probably pause provisioning during initial load so that it all queues up and you wait for the user to finish being updated before it does the write-back.

Peter

Oh, and the pending values for the profiles are created if you need to catch and operate on them.

Peter

Just go it installed SP8, everything seems to work as before except my issue.

I've noticed that even after installing ICDESIGNTIME08_1-10009681.zip (Basic Component team did the rest of Installation) the Jscript I've modified "sap_abap_getNameOfAssignedPendingPrivileges" has been updated ?

I thought that when we do the upgrade the Jscript, especially that one, would be updated with a issue-free version.

Can someone (Peter for example) tell me why my Jscript is not updated and how to do it to the genuine SAP correct version ?

Thx in advance.

Update the SAP Provisioning Framework - the script is from there, not from the designtime install.

Peter

Peter,

I'm so happy that it works now !

We have updated to SP8, updated the SAP Provisinning Framework and now the roles are not even kept, but also the one who were deleted are added back !!!

Thank you very much for your help !

Nicolas.

Hi all,

As we applied SP8 and upgrade the Prov. Framework, the issue is freed and current assigned ABAP privileges do not get removed on ABAP side. As the new standard script (sap_abap_getNameOfAssignedPendingPrivileges) include all pending and existing privileges.

However, as I noticed it create a new issue that I am still analyzing and looking for a resolution.

The Function_set is actually executed as many privileges assigned on same role.

As user assigned a role that contain 7 ABAP privileges including one Function_set privilege type, then the Function_set get assigned 7 times and associated implementation get executed 7 times as well.

On our scenario this has cause updating the Email back to the Business Suit system 7 times, by running the BAdI implementation for that Function_set (in my case it is the STUDENT Function_set).

On this case the filter was enabled on the assignment task of the Business Suite Connector to capture any change  of communication data and update to source  back, but that result on adding multiple entry as many as number assignments the  user get.

On each time an ABAP role is assigned to the user it also get the existing Function_set and run the BAdi which result in updating the source system back while communication did not change.

Anyway, the requirement  is to just to write-back user/email once onlyat creation and those should never change unless it is a correction case;

So a simple resolution is to enable the filter only on create task of ABAP/Business Suite Connector, and disable it on the assignment task.

The previous resolution is a fast work around temporary on production;
However, after observing and analyzing, It works but has some limitation and required modification  on the Function_set Master Privilege.
Other than changing the filter entry; It requires removing the master privilege from the Function_set to get it as pending on the creation task,

The limitation is that Function_set can only be assigned to new user, otherwise assigning it will trigger the assignment task on provisioning Framework and as the filter is disabled on assignment task,  the filter and Function_set BAdi will not run.

also, it does not support if user creation is not required and only Function_set is needed for the user.

A more reliable resolution is to modify the standard script and save it as custom “Z” script, and use it on the filter entry only.
The modification include changing to the SQL that get the pending and assigned privileges to only get the pending assignment on case of Function_set.

This will capture only new Function_set assignment and exclude the privilege if it is already assigned.

Note: you need to be careful for any upgrade of the provisioning Framework as it may change the task back to original script (when using custom connector folder, this may happen when re-coping the standard connector to the custom one to apply the upgrade), you may need to preserve customization or re do it after the any upgrade.
Also, you lose the advantage of the standard script in case it is change/enhanced/fixed by SAP on your custom old script.
If SAP release a better solution for this scenario then you may want to change everything back as it is.

See below snap for the modifications:

Standard script SQL (sap_abap_getNameOfAssignedPendingPrivileges😞

Modified script SQL (zsap_abap_getNameOfAssignedPendingPrivileges😞