Hi you all,
I am trying to set the portal password as a productive password from IDM. When I change the passwordchangerequired to be false, I get the following error: putNextEntry failed storingSPML.SAPUSER.UN000198
I have changed the repository constants (protocol and port) to be https and 50001. Is there any certificate that I need to import? Reading the configuration guide does not tell me much.
Please let me know if I am missing something.
Thanks in advance!
Anu Biju
Hi Experts,
Is it possible to get the origin of an assigned privilege ? Like recovering from which Business Role or Rule the user gets the privileges?
Any advice or SQL requests will be appreciated?
Victoria,
Hi,
I have hooked up a java portal to our IdM system, and I can read in the data no problem.
I can also provision users to the system, and all is good.
The problem is, as soon as I try to provision any roles or groups, nothing happens. And I mean nothing! No entries in the job log, no errors.
If I change data on the user, such as name or email, it gets provisioned through as expected.
Provisioning to ABAP systems works as intended...
Does anyone have any idea what is wrong?
Cheers,
Henrik
On version 7.2 SP6
Hi all,
We are using IDM 7.2 SP7, and the standard notification framework.
We are currently creating e-mails for creation of a user id for all repositories that we are linked to, but we only want to create e-mails for one repository out of all of them.
Is there a repository constant or notification constant available that we can use to stop the sending of the emails, or do we need to do what we have currently done, which is to set up a switch task and look at the incoming repository name and make the decision about whether to send the e-mail or not based on that?
Thanks in advance
Simon
Hi All,
We have implemented SSPR functionality in our IDM 7.1 system and everything was working fine as expected.
However since last few days we are getting below error, once users is trying to change his password using SSPR.
He is entering his unique id, then answering the authentication questions correctly, but when he specifies the password and clicks on finis, below error comes up.
Could anyone please advise.
500 Internal Server Error
java.lang.NullPointerException
at com.sap.idm.wd.wf.task.PwdRecoverComp.SaveData(PwdRecoverComp.java:255)
at com.sap.idm.wd.wf.task.PwdRecoverComp.MoveNext(PwdRecoverComp.java:293)
at com.sap.idm.wd.wf.task.wdp.InternalPwdRecoverComp.MoveNext(InternalPwdRecoverComp.java:192)
at com.sap.idm.wd.wf.task.PwdRecoverCompView.onActionNext(PwdRecoverCompView.java:165)
at com.sap.idm.wd.wf.task.wdp.InternalPwdRecoverCompView.wdInvokeEventHandler(InternalPwdRecoverCompView.java:193)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:333)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Thanks
Aditi
Hi All
After assigning a role to an identity with a valid from date in the future it is not visible in the UI.
I've tried to configure this in the MX_ASSIGNMENT attribute and also in task level (same attribute) but still no good.
It only shows the current assignments. The Advanced option does not do anything.
Is this due to SP6. Do we have to move to SP8 for this to work?
Please advise.
Ranjit
Hi,
I am implementing RDS on IDM 7.2. While importing the 0256_IDM72_Provisioning_Folder.mcc file in Identity Store I receive a msg "Could not update parameters for task '5938/SAPC Display Company Address - Complete Data/0A9A7BC7-C70D-4DA9-9906-42B441330734'".
Any help ?
We are trying to find what tables in GRC provide the web services, like GRAC_REQUEST_STATUS_WS, their information. We are seeing a situation where a GRC Access Request appears approved in GRC10 , but the status that gets read back into IDM (via the Polling Process) shows the status of FAILED. So we want to be able to look at the table that has the status in it in GRC so we can verify what status was actually written to the status table and is then made available via the GRAC_REQUEST_STATUS_WS web service. Again, we are using polling in IdM, so the status IdM is getting is actually fetched from GRC so we just need the name of the table to do some comparisons.
If we have GRC do the provisioning instead of IDM, the status IdM receives (via the Polling Process) is OK. Yet when IdM is to do the provisioning the status is always FAILED. IF a resquest is disapproved in GRC, it comes back to IDM as FAILED (which is proper), but the approved requests are also coming back as FAILED.
Has anyone seen this behavior before?
Hi Experts,
When creating an ABAP user in the Backend (with CreateABAPUser pass), I need to generate password and send it by email.
I tested the functionality bith fixed password but now I need to generate a random one and send it by email?
Do you have any help/info on this topics please ?
Imy
Idm 7.2 SP7
Hi,
I am exploring to build a simple custom UI with the help of identity managment REST API interface. I am using SAP NW IDM 7.2 SP7.
I found couple of rest api interface docs and code samples but not sure where to start with :-) May be steps to setup the environment or a simple client to connect from SAP Netweaver Developer Studio would be helpful.
Also i tried to access below URL from browser but it gives 403 forbidden error
http://<hostname>:<port>/idmrest/
Any authentication settings need to be changed for this from NWA ?
Thanks,
Karthik
Hi folks!
I'm working on a synchronization job and I have a particular challenge, delete Roles assigned to a user in the ABAP System.
Our use case is this: IDM is regarded as the authoritative source and as such if the user has a privilege in IDM, it should be in the backend. Easy enough! 
However if the privilege is not in IDM but is in the back-end, it needs to be removed. Is there a way to do this in IDM? From what I saw in the Framework, we are assuming that the role already exists in IDM.
I suppose the work around would be to assign and then remove the matching privilege in IDM, but I really don't like that at all, for a number of reasons.
I looked in the business suite and plain ABAP portions of the framework. I'll take a more detailed look and also check the RDS, but I get the feeling this will be a toughie.
Thanks for your help!
Matt
Hello Gurus!
Need some advise.
We have just implemented IDM 7.2 Sp9.
Provisioning and de-provisioning (including user modifications) seems to work as expected, however it appears that the system is generating additional audit entries which do not get processed in the execution log and have no completion status allowing for the queue to be cleared.
We have noted a large number of pending entries remaining in the provisioning queue since implementing IdM 7.2 SP9 (clean install).
These mainly pertain to the tasks:
The scenario appears to occur during HCM load scenario into IdM for existing Identities, i.e. modify tasks (brand new HCM based identities do not seem to trigger this). Changes to manually UI generated identities also do not seem to trigger this issue either.
Provisioning Queue in UI:
There are no failed or pending provisioning entries relating to these items.
Please refer to attached screenshots for one example containing the current queue snapshot, MXP_Provision , MXP_Audit and Execution Log entries.
Sample from MXP_PROVISION:
Sample from MXP_AUDIT (filtered by 20 - Pending status):
Sample from MCV_EXECUTIONLOG_LIST (filtered by Audit event):
Other useful information:
Dipatchers are working fine.
All Tasks in the provisioning queue are enabled and are executing fine for provisioning and de-provisioning.
Our system details:
Application server: Windows 2008 server
IdM 7.2 (7.20.9.0-SQL-2014-02-21)
Schema 1128 Databse: SQL2008 10.50.1600
Thank you,
KV
Thanks
Hi Guru's,
One of my reconciliation tasks part of the reconciliation job I've created is doing some strange password updates.
As you can see below the task selects all users part of my identity store that are part of the account attribute of the particular ABAP system.
Once these users are selected the task updates different data like username, validto, ... but the task is updating a lot of other things that are not part of the destination tab. What is causing the biggest issue is the password fields that are updated in the ABAP system like, password, productive password, ...
Can you please advise if I missed something and how to solve?
Thanks a lot,
Laurent
Hallo All,
I encounter an issue on my IDM development system which I have been trying to solve for a couple of days.
It seems that the passes part of the initial load job are not able to write or read on my identity store anymore.
This is the error message I receive.
There is probably a parameter somewhere that I missed and need to change.
Can someone please advice on this issue?
Thx by advance,
Laurent
Hello all, newbie question here -
We are implementing IdM. I am the Active Directory guy. I manage AD and Exchange.
As we implement the SAP IdM solution, I am being told that all user management, in regards to group membership for users, must be performed in IdM. I should no longer use ADUC or PowerShell for group management because IdM will overwrite my group membership changes the next time it makes a change. And that IdM wants to be in the lead, owning user attributes like memberof.
On one level I understand this, but on other levels this seems very limiting. Not using PowerShell or Group Policies or the like to manage group membership, as I do now, would be hard.
Is it necessary for IdM to "own" membership? To be the sole manager of group membership? And for me to give up all other tools? Is there another way?
Thanks,
Paul
Hello Experts,
We have installed and configured IDM 7.2 on windows 2008 server , Now we want to give access to IDM MMC to all IDM administrators on their laptop/desktops.
I am not getting any clue on how I can provide them access ?
Can you please help and let me know procedure for same ?
Regards
Deepak Gupta
Hello Gurus,
We are implementing a process for identity termination. SAP security team wants the Id to be deleted from the system as part of the process whereas other applications have requested for removal of groups, change in status etc. The Id termination should be approved by line manager as first level approver.
We are using an action task with "To Identity Store" pass to remove the PRIV:<REPOSITORY>:ONLY privilege for the SAP Id to delete the account from SAP repository.
We need your advice for:
- Is the implementation approach for deletion of SAP ids correct?
- How do we configure the approval task for this process, It seems that it cannot be an assignment approval task in this case.
- There is a task "SetABAPRole&ProfileforUser" in the SAP provisioning framework which is executed following the user deletion. This task fails because it is not able to locate the MSKEY after the user has been deleted. How do we control this task?
Your help in this regard is much appreciated.
Regards,
Subramaniam Iyer
hello all,
i am trying to run initial loads on AS java database repository, the user i use in repository is and admin user for NW 7.3 and has full administrator rights.
still initial loads were not successful from the configuration guides i came to know Spml_Write_Action role is only for NW 7.0 and below for 7.3 is not using smpl connection i believe.
this is the only warning in the job log
Search request failed! <<user>> is not allowed to perform search request.
default trace log.
UME#sap.com/tc~sec~ume~wd~kit#C0000A17206800A800000002000021A8#23640950000000004#sap.com/tc~sec~ume~wd~umeadmin#com.sap.security.core.wd.maintainuser.MaintainUserComp.public void saveModifications( )#idm_admin#11##B1AC9AC0EC9211E3C1DF00000168BB76#b9612f91ec9511e38cec00000168bb76#b9612f91ec9511e38cec00000168bb76#0#Thread[HTTP Worker [@186066399],5,Dedicated_Application_Thread]#Plain##
Error adding roles
[EXCEPTION]
com.sap.security.core.wd.exception.UmeUiSecurityException: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.handleThrowable(UmeUiFactoryCompInterface.java:2977)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1272)
at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.wdInvokeMethod(InternalUmeUiFactoryCompInterface.java:1034)
at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)
at com.sun.proxy.$Proxy780.modifyEntityMappings(Unknown Source)
at com.sap.security.core.wd.maintainuser.MaintainUserComp.saveModifications(MaintainUserComp.java:1334)
at com.sap.security.core.wd.maintainuser.wdp.InternalMaintainUserComp.saveModifications(InternalMaintainUserComp.java:709)
at com.sap.security.core.wd.maintainuser.ModifyUserView.onActionSave(ModifyUserView.java:630)
at com.sap.security.core.wd.maintainuser.wdp.InternalModifyUserView.wdInvokeEventHandler(InternalModifyUserView.java:579)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:142)
at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:75)
at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:159)
at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:94)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingEmbedded(ApplicationSession.java:919)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:878)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)
at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:62)
at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:39)
at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:46)
at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:270)
at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToAppContext(ExecutionContextDispatcher.java:68)
at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:53)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:244)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callRequestManager(JavaApplicationProxy.java:1244)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callEmbeddedApplication(JavaApplicationProxy.java:1122)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$SendDataAndProcessActionCommand.doExecute(JavaApplicationProxy.java:1605)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$AbstractCommand.execute(JavaApplicationProxy.java:1488)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.execute(JavaApplicationProxy.java:1028)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.execute(JavaApplicationProxy.java:859)
at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.sendDataAndProcessAction(JavaApplicationProxy.java:468)
at com.sap.tc.webdynpro.portal.pb.impl.JavaApplicationProxyAdapter.sendDataAndProcessAction(JavaApplicationProxyAdapter.java:191)
at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1668)
at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:366)
at com.sap.portal.pb.PageBuilder$PhaseListenerImpl.doPhase(PageBuilder.java:2094)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:251)
at com.sap.tc.webdynpro.clientserver.phases.PortalDispatchPhase.execute(PortalDispatchPhase.java:50)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:908)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:880)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)
at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)
at com.sap.tc.webdynpro.serverimpl.wdc.DispatcherServlet.doContent(DispatcherServlet.java:89)
at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:457)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)
at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:288)
at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)
at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)
at com.sap.security.core.jmx._gen.IJmxServer$Impl.modifyEntityAssignments(IJmxServer.java:3050)
at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.modifyEntityMappings(JmxModelCompInterface.java:569)
at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.wdInvokeMethod(InternalJmxModelCompInterface.java:862)
at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)
at com.sun.proxy.$Proxy779.modifyEntityMappings(Unknown Source)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1266)
... 97 more
Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:376)
at java.security.AccessController.checkPermission(AccessController.java:549)
at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:84)
... 108 more
Hi All,
We run two jobs HR LDAP Data Extraction & Extract Positions Data to bring new psotions in IDM. These jobs create a .csv file which is transferred to IDM.
When we are running this job it creating a .csv file with new position & that file in IDM Server also & there is no error log in IDM.
But when we check the position in IDM UI new position is not coming
Thanks
Aman
Hi All
Please could you provide me some advise on how to address this requirement.
IDM 7.2 SP6
When HR hires a contractor in SAP HR they set the system id in infotype 105 with a specific value eg. X123456. The extract job
creates the identity in IDM with this system id.
In due course if the contractor becomes a permanent employee the system id in 105 is updated to a different value eg. Y123456 by the HR team.
When this occurs and the HR extract job is run as a delta for the same employee nothing happens. The customer expectation is that it would update the identity in IdM with the new system id eg. Y123456 but it fails as the Personnel Number already belongs to a User Account ID in IDM.
Question is, is there a way to meet the customer's expectation? If yes, how?
Are there any drawbacks with this solution?
Please advise
Thanks
Ran