cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Profile Type Privilege Assignments through IDM roles are stuck in Pending State

Former Member

on ‎08-12-2014 8:13 AM

0 Kudos

Hi Everyone,

We are getting a strange problem in our project in IDM 7.2 SP8. We use IDM role based concept where backend system specific technical roles, profiles (called as privileges in IDM) combined into IDM roles and these IDM roles are assigned to users.

Events are configured on the privileges level (i,e backend system specific technical roles, profiles) in IDM so that once a IDM role is assigned to a user the corresponding privileges are assigned to user in IDM and these assignments triggers provisioning to associated backend systems.

Now for role type privileges the provisioning is working fine. But for profile type privileges the provisioning status is always showing as pending and nothing happening and even no logs are showing in job log.

I tried with execution of the mc_analyze_assignments stored procedure that came with SP08 to find the logs at least but still no information appearing. Looks like the triggering itself is not happening.

I also compared the member events definition for the profile type privileges with the role type privileges (for which the provisioning is working fine) and looks like the settings are exactly same.

Can any one suggest any other things that we are suppose to check? Any help is highly appreciable.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

jaisuryan
Active Contributor
‎09-10-2014 5:30 PM
0 Kudos

Hi Venkata,

Have you resolved this? If not, try setting repository constant MX_REQ_PRIV to id of privilege Priv:$rep:only and check if it works.

Kind regards,

Jaisuryan

Show replies
Show replies
Former Member
‎09-05-2014 9:41 AM
0 Kudos

Hi Venkata,


At first I would check the SQL script responsible for getting all valid privileges and profiles for provisioning whether it's result contain also the missing profiles.  In past the script contained serious bug which resulted in situation where no ABAP profile selected for provisioning.


Secondly you should check triggers are set on the profiles.  I experienced situation where triggers were not set for profiles as part of initial load due to bad setup of Delta definition. Triggers setup you find on the end of initial load job.


Regards,

Jiri

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎08-12-2014 11:52 AM
0 Kudos

Hello Venkata,

did I understand correctly: You have business roles, that have SAP-profiles & SAP-roles (both privileges in IDM) assigned. Now you assign such a business role to a user, but only the SAP-roles are provisioned to the backend system and the SAP-profiles are not?

Since you can see them in the UI for the user as pending, it looks like at least the provisioning is triggered, just not completed.

You could check with the following SQL-statement, if they are waiting for the sucessful completion of another task and work your way from there:

select * from mxp_provision where msg like 'Wait for%'

The MSG-column gives you the audit-id of the "blocking" task and you can find more information about that one via





select * from mxp_audit where auditid=<auditid>

to see, what is going on there.

Also do you have access to the Monitoring-tab via http://<portalurl:port>/idm/admin? In the provisioning-audit you might find some clues for those operations, too.

Regards,

Steffi.

Show replies
Show replies
jaisuryan
Active Contributor
‎08-12-2014 10:22 AM
0 Kudos

Hi Venkata,

Does your IDM role have PRIV:$Rep:ONLY for each system that the child privileges are associated?

Kind regards,

Jaisuryan

Show replies
Show replies
Former Member
‎08-12-2014 10:39 AM
0 Kudos

Hi Jaisuryan,

Thanks for your response.

Yes, All IDM roles have PRIV:$Rep:ONLY for each system that the child privileges are associated with.

Regards,

Venkata Bavirisetty

Ask a Question