Hi Experts
I have been given a requirement where the manager of a user in IdM should be updated automatically when the manager changes in SAP HR.
The HR extraction job is currently in place and runs every 30mins.
Please could you give me some ideas on how to implement this.
IDM 7.2 SP 6
Thanks
Ran
hello all,
i am trying to run initial loads on AS java database repository, the user i use in repository is and admin user for NW 7.3 and has full administrator rights.
still initial loads were not successful from the configuration guides i came to know Spml_Write_Action role is only for NW 7.0 and below for 7.3 is not using smpl connection i believe.
this is the only warning in the job log
Search request failed! <<user>> is not allowed to perform search request.
default trace log.
UME#sap.com/tc~sec~ume~wd~kit#C0000A17206800A800000002000021A8#23640950000000004#sap.com/tc~sec~ume~wd~umeadmin#com.sap.security.core.wd.maintainuser.MaintainUserComp.public void saveModifications( )#idm_admin#11##B1AC9AC0EC9211E3C1DF00000168BB76#b9612f91ec9511e38cec00000168bb76#b9612f91ec9511e38cec00000168bb76#0#Thread[HTTP Worker [@186066399],5,Dedicated_Application_Thread]#Plain##
Error adding roles
[EXCEPTION]
com.sap.security.core.wd.exception.UmeUiSecurityException: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.handleThrowable(UmeUiFactoryCompInterface.java:2977)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1272)
at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.wdInvokeMethod(InternalUmeUiFactoryCompInterface.java:1034)
at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)
at com.sun.proxy.$Proxy780.modifyEntityMappings(Unknown Source)
at com.sap.security.core.wd.maintainuser.MaintainUserComp.saveModifications(MaintainUserComp.java:1334)
at com.sap.security.core.wd.maintainuser.wdp.InternalMaintainUserComp.saveModifications(InternalMaintainUserComp.java:709)
at com.sap.security.core.wd.maintainuser.ModifyUserView.onActionSave(ModifyUserView.java:630)
at com.sap.security.core.wd.maintainuser.wdp.InternalModifyUserView.wdInvokeEventHandler(InternalModifyUserView.java:579)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:142)
at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:75)
at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:159)
at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:94)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingEmbedded(ApplicationSession.java:919)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:878)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)
at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:62)
at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:39)
at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:46)
at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:270)
at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToAppContext(ExecutionContextDispatcher.java:68)
at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:53)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:244)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callRequestManager(JavaApplicationProxy.java:1244)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callEmbeddedApplication(JavaApplicationProxy.java:1122)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$SendDataAndProcessActionCommand.doExecute(JavaApplicationProxy.java:1605)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$AbstractCommand.execute(JavaApplicationProxy.java:1488)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.execute(JavaApplicationProxy.java:1028)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.execute(JavaApplicationProxy.java:859)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.sendDataAndProcessAction(JavaApplicationProxy.java:468)
at com.sap.tc.webdynpro.portal.pb.impl.JavaApplicationProxyAdapter.sendDataAndProcessAction(JavaApplicationProxyAdapter.java:191)
at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1668)
at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:366)
at com.sap.portal.pb.PageBuilder$PhaseListenerImpl.doPhase(PageBuilder.java:2094)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:251)
at com.sap.tc.webdynpro.clientserver.phases.PortalDispatchPhase.execute(PortalDispatchPhase.java:50)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:908)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:880)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)
at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)
at com.sap.tc.webdynpro.serverimpl.wdc.DispatcherServlet.doContent(DispatcherServlet.java:89)
at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:457)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)
at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:288)
at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)
at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)
at com.sap.security.core.jmx._gen.IJmxServer$Impl.modifyEntityAssignments(IJmxServer.java:3050)
at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.modifyEntityMappings(JmxModelCompInterface.java:569)
at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.wdInvokeMethod(InternalJmxModelCompInterface.java:862)
at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)
at com.sun.proxy.$Proxy779.modifyEntityMappings(Unknown Source)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1266)
... 97 more
Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:376)
at java.security.AccessController.checkPermission(AccessController.java:549)
at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:84)
... 108 more
Hi,
I set some SU01 parameters succesfully (Thanks to Steffi and Tero), now I am looking how to set also the SU01's LicenceData, I found all the corresponding MX_ Attributes in:
-->
Alphabetical list of non-ABAP attributes - Section
But I cannot find any MX attribute wich makes reference to the "Contractual User type ID" ?
Many thanks for your help,
Mia
Hi Team,
Is there any table/view in IDM 7.2 that provides current task/job ID number a request is waiting for?
Even though the last completed phase of the request can be seen from admin UI that only shows the description of the completed steps but not the technical details like task ID/Job ID of the current step.
Knowing the current step/Job ID helps the admin a lot to directly go the step when the request is waiting for long/got failed etc..
Regards,
Venkata Bavirisetty
Hi,
we are currently upgrading from SAP NW IDM 7.1 to 7.2 and encountered a problem with validation extension provided by SAP. Maybe this is a bug an should be filed as OSS message.
The Validation API delivers a list of IdmValueChanges to the custom validation class (I've provided an example implementation in the attachment).
I've now created an UI task containing
MSKEYVALUE
P_COMMENT (initially empty)
P_INITIAL_PASSWORD (already set, encrypted)
I've hooked up the debugger to get this:
You can see the instances of those IdmValueChanges. Each of those are holding an mOperation Attribute which indicates the operation performed on this attribute.
Also, there are constants defined in the class IdmValueChange:
OPERATION_REPLACE = 0
OPERATION_ADD = 1
OPERATION_DELETE = 2
OPERATION_PROPERTY_CHANGE = 3
OPERATION_DISAPPROVE = 4
So all of those attributes are considered to be an OPERATION_PROPERTY_CHANGE, although those should be like this:
P_COMMENT: OPERATION_ADD
P_INITIAL_PASSWORD: OPERATION_REPLACE
This is how it was in 7.1 version.
I've also added some debug code to see the operations:
Do you encounter the same problems?
best regards
Matthias
Hello Experts
We have just setup SAP IDM 7.2 SP8, I am trying to assign a Role / Privileges to ABAP system through Event tasks defined on repository.
Below are the things which I did for this setup:
1. Created Repository.
2. Completed Initial loads
3. Create one Tasks for create / modify ABAP user.
4. Assigned tasks on repository event task.
When I assign a privilege to a user from IDM UI then no jobs get triggered ( User has Account / system privileges already assigned) , In UI it shows the status as "OK" but no jobs are getting triggered for role assignment in backend system.
But when I try to assign a Role, I see following in system logs
I tried to write the MSKEYVALUE in a text file through the same tasks and I get a new MSKEYVALUE always ( MX_1453, MX_1454 etc) , However I guess it should have give me MSKEYVALUE of the user for which I am doing role assignment.
Can you please suggest me the way forward.
Regards
Deepak Gupta
Hi experts,
I am able to create one SAP user and setting some predefined SU01 parameters with Tero and Steffi help (http://scn.sap.com/thread/3565184).
Now I am searching ideas for the following scenario:
I need to create many users with default SU01 parameters. For example I need to create ZUS00001, ZUS00002.........ZUS01000,
many thanks for your help,
Mia
Hi you all,
I am trying to set the portal password as a productive password from IDM. When I change the passwordchangerequired to be false, I get the following error: putNextEntry failed storingSPML.SAPUSER.UN000198
I have changed the repository constants (protocol and port) to be https and 50001. Is there any certificate that I need to import? Reading the configuration guide does not tell me much.
Please let me know if I am missing something.
Thanks in advance!
Anu Biju
Hi All
Please could you provide me some advise on how to address this requirement.
IDM 7.2 SP6
When HR hires a contractor in SAP HR they set the system id in infotype 105 with a specific value eg. X123456. The extract job
creates the identity in IDM with this system id.
In due course if the contractor becomes a permanent employee the system id in 105 is updated to a different value eg. Y123456 by the HR team.
When this occurs and the HR extract job is run as a delta for the same employee nothing happens. The customer expectation is that it would update the identity in IdM with the new system id eg. Y123456 but it fails as the Personnel Number already belongs to a User Account ID in IDM.
Question is, is there a way to meet the customer's expectation? If yes, how?
Are there any drawbacks with this solution?
Please advise
Thanks
Ran
Hello Experts,
Can somebody please advise me the standard documentation for creating BP , Updating HR infotypes into backend CRM or HCM system ?
Is there any document where I can read about business suite connector tasks in IDM ?
Thanks & Regards
Deepak Gupta
Hello Experts,
Currenlty we are on IDM 7.2 SP8 and we have setup the IDM approval task on Validate Add Event for repositories.
Privileges are grouped on Application, so all the privileges for the same system should be grouped in the same request. When two or more privileges are assigned to user, one approval request gets created. In the approval view, the approver only sees one privilege available for approval. However when the request is approved all the privileges are getting assigned to user.
We would like have all the privileges displayed in the approval request for the approver. Any suggestions please for this issue. Why the request is not showing all the details ?
Thanks
Deepak Gupta
hello all,
i am trying to run initial loads on AS java database repository, the user i use in repository is and admin user for NW 7.3 and has full administrator rights.
still initial loads were not successful from the configuration guides i came to know Spml_Write_Action role is only for NW 7.0 and below for 7.3 is not using smpl connection i believe.
this is the only warning in the job log
Search request failed! <<user>> is not allowed to perform search request.
default trace log.
UME#sap.com/tc~sec~ume~wd~kit#C0000A17206800A800000002000021A8#23640950000000004#sap.com/tc~sec~ume~wd~umeadmin#com.sap.security.core.wd.maintainuser.MaintainUserComp.public void saveModifications( )#idm_admin#11##B1AC9AC0EC9211E3C1DF00000168BB76#b9612f91ec9511e38cec00000168bb76#b9612f91ec9511e38cec00000168bb76#0#Thread[HTTP Worker [@186066399],5,Dedicated_Application_Thread]#Plain##
Error adding roles
[EXCEPTION]
com.sap.security.core.wd.exception.UmeUiSecurityException: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.handleThrowable(UmeUiFactoryCompInterface.java:2977)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1272)
at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.wdInvokeMethod(InternalUmeUiFactoryCompInterface.java:1034)
at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)
at com.sun.proxy.$Proxy780.modifyEntityMappings(Unknown Source)
at com.sap.security.core.wd.maintainuser.MaintainUserComp.saveModifications(MaintainUserComp.java:1334)
at com.sap.security.core.wd.maintainuser.wdp.InternalMaintainUserComp.saveModifications(InternalMaintainUserComp.java:709)
at com.sap.security.core.wd.maintainuser.ModifyUserView.onActionSave(ModifyUserView.java:630)
at com.sap.security.core.wd.maintainuser.wdp.InternalModifyUserView.wdInvokeEventHandler(InternalModifyUserView.java:579)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:142)
at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:75)
at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:159)
at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:94)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingEmbedded(ApplicationSession.java:919)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:878)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)
at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:62)
at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:39)
at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:46)
at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:270)
at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToAppContext(ExecutionContextDispatcher.java:68)
at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:53)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:244)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callRequestManager(JavaApplicationProxy.java:1244)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callEmbeddedApplication(JavaApplicationProxy.java:1122)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$SendDataAndProcessActionCommand.doExecute(JavaApplicationProxy.java:1605)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$AbstractCommand.execute(JavaApplicationProxy.java:1488)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.execute(JavaApplicationProxy.java:1028)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.execute(JavaApplicationProxy.java:859)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.sendDataAndProcessAction(JavaApplicationProxy.java:468)
at com.sap.tc.webdynpro.portal.pb.impl.JavaApplicationProxyAdapter.sendDataAndProcessAction(JavaApplicationProxyAdapter.java:191)
at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1668)
at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:366)
at com.sap.portal.pb.PageBuilder$PhaseListenerImpl.doPhase(PageBuilder.java:2094)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:251)
at com.sap.tc.webdynpro.clientserver.phases.PortalDispatchPhase.execute(PortalDispatchPhase.java:50)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:908)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:880)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)
at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)
at com.sap.tc.webdynpro.serverimpl.wdc.DispatcherServlet.doContent(DispatcherServlet.java:89)
at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:457)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)
at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:288)
at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)
at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)
at com.sap.security.core.jmx._gen.IJmxServer$Impl.modifyEntityAssignments(IJmxServer.java:3050)
at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.modifyEntityMappings(JmxModelCompInterface.java:569)
at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.wdInvokeMethod(InternalJmxModelCompInterface.java:862)
at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)
at com.sun.proxy.$Proxy779.modifyEntityMappings(Unknown Source)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1266)
... 97 more
Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:376)
at java.security.AccessController.checkPermission(AccessController.java:549)
at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:84)
... 108 more
Hi experts,
I am working in idm 7.2 SP7 and there is no plan to upgrade to SP08 or SP09 at the moment.
Here is my problem:
After making some search I find the internal table MXI_STRUCTURE_ROOT can give us the parent and the root of the privileges and assigned roles but they are not correct as each time I am getting the top root of roles and not the intermediate.
I am looking for a workaround how to avoid to use this table and get my privilege/role hierarchy ?
I find SAP IDM question and How to get Privilege information and no workaround was exposed.
Thank you,
Nina
Hi,
Our environment is IDM 7.2 SP7.
And we have couple of users whose master privilege (PRIV:ADLDS:ONLY) is in pending state for quite a long time.
I could filter those entries using mcExecState=512 in idmv_link_ext. It looks to me the reason for pending state is it's referring to some of the old notification tasks previously we had. Now those tasks are replaced by new one but i could see the old notification task is still under MX:Pending_Delete folder.
I tried using some of the internal functions (uRetry_Privilege/uIs_PrivReconcile) but that doesn't seems to fix the problem. So is there anyother way available to clean up those mcExecState=512 entries or retry provsioning with new tasks linked ?
Thanks,
Karthik
Hello Gurus,
We are implementing a process for identity termination. SAP security team wants the Id to be deleted from the system as part of the process whereas other applications have requested for removal of groups, change in status etc. The Id termination should be approved by line manager as first level approver.
We are using an action task with "To Identity Store" pass to remove the PRIV:<REPOSITORY>:ONLY privilege for the SAP Id to delete the account from SAP repository.
We need your advice for:
- Is the implementation approach for deletion of SAP ids correct?
- How do we configure the approval task for this process, It seems that it cannot be an assignment approval task in this case.
- There is a task "SetABAPRole&ProfileforUser" in the SAP provisioning framework which is executed following the user deletion. This task fails because it is not able to locate the MSKEY after the user has been deleted. How do we control this task?
Your help in this regard is much appreciated.
Regards,
Subramaniam Iyer
Hi Experts,
I am on IDM 7.2 , SP7 .I have a strange problem. The Provisioning Job will be running fine and I see the entries getting created and roles getting assigned fine in ABAP system. Suddenly I see lot of values in MXP_PROVISION Table 
. When I check the entry , it says either 'TRUE', 'FALSE' ,'NULL' or 'Wait for result audit:<some Audit ID>' . When I check the MXP_AUDIT Table with the Audit ID, It says the ProvStatus is 21 , which means Running. When I go the particular Task, it is actually running from past 5 to 6 days. It hasnt processsed a single entry . I do not know what has gone wrong. I will be really thankful if someone could help me on this,
Thanks in Advance
Mohamed Fazil
Hi Team,
Is there any table/view in IDM 7.2 that provides current task/job ID number a request is waiting for?
Even though the last completed phase of the request can be seen from admin UI that only shows the description of the completed steps but not the technical details like task ID/Job ID of the current step.
Knowing the current step/Job ID helps the admin a lot to directly go the step when the request is waiting for long/got failed etc..
Regards,
Venkata Bavirisetty
Hi Experts,
We are implementing filters while reading user ids from backend systems. We implemented the filter by getting the error - "selection criteria Address userid is not supported". We tried "logonuid" and "userid" and both gave similar error.
Please confirm what should we maintain for User ID.
Thanks in advance for your help.
Thanks and regards,
Nits
Hi all
I'm setting up IdM7.2SP6 to talk to GRC 10. Finally got the web services set up and talking and most of the jobs came through fine. However, I'm getting the following error reading roles from GRC through the GRC 10 Initial Load.
fromDSA.doSearch got exception, returning false
javax.naming.NamingException: [LDAP: error code 1 - (GRC Search Roles:1:msgcode=4;msgdescription=Invalid input or no data present for the given input;msgtype=ERROR)]; remaining name ''
I haven't done any modifications to the job - straight out of the box.
I've been assured that there are roles to find (I don't actually have GRC access).
A trace on the GRC server for the connecting user revealed no errors and authorisations are good.
Has anyone seen this one before?
Thanks
Peter
Hello Gurus!
Need some advise.
We have just implemented IDM 7.2 Sp9.
Provisioning and de-provisioning (including user modifications) seems to work as expected, however it appears that the system is generating additional audit entries which do not get processed in the execution log and have no completion status allowing for the queue to be cleared.
We have noted a large number of pending entries remaining in the provisioning queue since implementing IdM 7.2 SP9 (clean install).
These mainly pertain to the tasks:
The scenario appears to occur during HCM load scenario into IdM for existing Identities, i.e. modify tasks (brand new HCM based identities do not seem to trigger this). Changes to manually UI generated identities also do not seem to trigger this issue either.
Provisioning Queue in UI:
There are no failed or pending provisioning entries relating to these items.
Please refer to attached screenshots for one example containing the current queue snapshot, MXP_Provision , MXP_Audit and Execution Log entries.
Sample from MXP_PROVISION:
Sample from MXP_AUDIT (filtered by 20 - Pending status):
Sample from MCV_EXECUTIONLOG_LIST (filtered by Audit event):
Other useful information:
Dipatchers are working fine.
All Tasks in the provisioning queue are enabled and are executing fine for provisioning and de-provisioning.
Our system details:
Application server: Windows 2008 server
IdM 7.2 (7.20.9.0-SQL-2014-02-21)
Schema 1128 Databse: SQL2008 10.50.1600
Thank you,
KV
Thanks