Hi Friends,
I am performing Role Provisioning - by using uIS_SetValue Function in SAP IDM.
I have values Usermskey, PrivilegeMskey, and IDStore.
and i am using uIS_SetValue function, please see the syntax:
var NewValue = uIS_SetValue(Usermskey,IDStore,"MXREF_MX_PRIVILEGE","{VALIDFROM="+ 2014-12-08 + "!!VALIDTO=" +2014-12-25 + "}" + "<" + PrivilegeMskey + ">");
Please tell if i am wrong because this function is returning an error: Please check attached File.
Hi,
I have created the Password Reset task in the IDM System as per the standad guide:
The guide only speaks about accessing the task using the web-dynpro screens. But I need to access the tasks using SAPUI5 screen. I am however able to access the other standard tasks from SAP UI5 screens.
How do I access the guided tasks like password reset using REST APIs? When I try to access the task, I only get success reply with entries being empty.
{
MX_REST_SUCCESS: true
ENTRIES: {}
}
Regards,
Avinash G
Dear Community Members,
When I try to find an identity in IDM, let say unique id is "ABCD" , I'm not able to find it whereas when I'm try to create the same identity "ABCD"
in IDM.I do get an error which says "Identity already exists" in SAP Identity Management.
I understand that somehow the identity is not deleted from IDM database however not reflecting in IDM user interface but unable to understand
the technical possibility of this issue.
Kindly share the reason of this issue and what will be the possible solution.
I do not want adapt the non recommended SAP way of deleting the identity directly from IDM database.
Regards
Girish Almiya
SAP Security Consultant
Hello everybody,
during the installation of IDM 7.2 I am facing the following Error while executing the Windows Service Test of the Dispatcher.
'"D:\usr\sap\IdM\Identity Center\MxService.exe"' is not recognized as an internal or external command,operable program or batch file.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NW IDM 7.2
OS: Windows Server 2012 R2
DB: MS SQL Server 2012
JRE tried with Sun 1.5 32& 64 Bit and jdk-6u45 32&64 Bit
JDBC 4.1
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Does anybody have a hint for me, how to get the dispatcher working?
thx in advance
Franz
Hi,
I would like to run ABAP inital load job with delta one time per day. It is simple for small amount systems and clients.
However I have to run the job for about 500 clients of 80 systems.
Is there a way to make this happen easily? Creating repository for each client and then create a job for each repository is quite difficult?
I appreciate your help.
Oktay
Dear Community Members,
I have come across with an issue in SAP IDM that on removal of all business roles and privileges for an identity in Identity Management through user interface, there are still some privileges showing for user and privileges are appearing as inherited however their is no position based assignment for that identity.
I don't understand from where all those inherited privileges are getting read for that identity while all assignment is removed for that identity in IDM.
Please share your thoughts regarding this issue.
Regards
Girish Almiya
Hello community,
I was just made aware by my consultant, that this exists: SAP IdM – Identity Management Web UI
As part of the "Customer Influence" they created this project where we as SAP customers can post ideas about what we think is missing from the IDM UI and how to make it better etc.
From the description page:
Scope of project
SAP Identity Management helps our customers to centrally manage their user accounts (identities) in a complex system landscape, including both SAP and non-SAP systems. The solution includes a web-based user interface for self-service scenarios for Employees, Managers, and Administrators. In this Focus Topic we will focus on Improvements to this Web UI.
In scope:
•Identity Management 7.2 SP9, software component “NW IDM 7.20 UIS FOR NW 7.10”
Out of scope:
•Releases/SP Level lower than 7.2 SP09
•Software Component “NW IDM 7.20 UIS FOR NW 7.00”
•Software Component “NW IDM 7.2 UI FOR HTML5”
Since this collection phase ends on December, 15th 2014 (so... in 4 days!), I thought I share the information about it here in case someone else also missed it till now and wants to contribute or support some ideas. 
Regards,
Steffi.
Hello Gurus,
We are having some privilege assignments to users which are in status "Not Allowed". Is there some way to fix them? I have tried executing the stored procedure mc_repair_assignments for the entry but there is no change.
Thanks in advance for your help.
Regards,
Subbu
Hi Guys,
We are looking to use IDM and wanted some advice on the typical source of users to populate IDM, this is a Greenfield implementation.
My current view is the following,
IDM is connected to Active Directory which has all our users 20K we therefore populate IDM with these users, this then provions the users to all of our backend systems .....
When a user logs in to the network, authenticates against AD they then sign in to Portal for SSO which authenticates against AD if successful the user has access to the backend systems where the user has been provisioned from IDM
Would this work, so one ID across the landscape ???
Any help appreciated as always
Hi everybody,
during the Installation if IDM 7.2 I'm coming to a halt at the installation of the VDS
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NW IDM 7.2
OS: Windows Server 2012 R2
DB: MS SQL Server 2012
JRE tried with Sun 1.5 32& 64 Bit and jdk-6u45 32&64 Bit
JDBC 4.1
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I think it has something to do with the Java VM's but im not 100% sure.
Here a part of the VDS_InstallLog.log with the error's and warnings (the complete File as .txt is in the attachments)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Installation: Successfulwith errors.
1352 Successes
1 Warnings
3 NonFatalErrors
0 FatalErrors
Action Notes:
Set Environment Variable: MVDHOME = \usr/sap/IdM/Virtual_Directory_Server: This action has failed. To ensure full functionality for this application, please edit your system environment to include the following variable/value combination: MVDHOME=\usr/sap/IdM/Virtual_Directory_Server
| Install Uninstaller: | VDS (Install All Uninstaller Components) |
| Status: ERROR | |
Additional Notes: ERROR - Failure to install Uninstaller executable: java.lang.NullPointerException |
| Create LaunchAnywhere: | Virtual Directory Server (Install All LaunchAnywhere Java Executable Components) |
Status: ERROR |
Set Environment Variable: MVDHOME = \usr/sap/IdM/Virtual_Directory_Server
| Status: WARNING | |
Additional Notes: WARNING - java.io.IOException: Cannot run program "/usr/bin/sh": CreateProcess error=2, The system cannot find the file specified |
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Does anybody have some hints for me? - help is is deeply appreciated.
Regards,
Franz
Hello,
With Tero's help, I've resolved one error I had with provisioning to a new ABAP system, however I now have a new error related to the checking of an entry type. To resolve the first error I needed to ensure privileges were set to 'inherit'. After the initial load privileges didn't have this set originally.
The next think I had to change were the links to the provisioning tasks. Here is how the repository links are now set.
It's important to note that in order to get the provisioning tasks to execute, I needed to link the provisioning task from the provisioning framework to both the 'add task' under assignment as well as the 'provisioning task' under the Privilege tasks.
I originally didn't think was necessary, but I tested provisioning with and without these links and the provisioning framework task would only be triggered with this configuration.
I then tested provisioning a privilege that inherits the provisioning tasks. In the provisioning audit log, you can see that the provisioning tasks execute, but it's the 'check entrytype' fails and gives the message:
ERROR!AuditId, variable does not exist in mxpt_get_entrytype.
I haven't had this error message before, so I'm unsure what to check first. Thoughts?
Appreciate the help.
Paul
Hello All,
i would like to ask for ideas for the following issue:
I get an new SAP ABAP client and do the initial load, which gives me the users with direct assigned ABAP-Roles/Privileges. So i would like to use IDM business roles and assign these via a job. After this i have the same privileges directly and indirectly assigned to the users. So my question is how to remove all the direct privilege assignements that are already assigned via business roles. Is there somewhere a flag which indicates the direct assignements.
Regards
Christian
Hi,
I'm new to IDM config and currently struggling with a requirement where a user needs to view only Manage and self service tab in the IDM UI and later on this view shall be linked to another portal.
Thanks
Rimesh
Hi Everyone,
When you navigate to SU01 -> Select user and Change -> Goto -> References
Can these References be managed by SAP IdM using the standard SAP provisioning framework?
Please advise on how to go about this if anyone has achieved this.
Thank you,
KV
Hi All,
We are using SAP IDM 7.2 SP09 Framework, I have created an approval (Ordered) Task, in Approval (pass), i have selected Type Assignment - Pending Value Object, the Task is attached in the Role with Validate Add Task option.
Whenever i am assign the Role to the users, the Approval task is getting triggered, the Approvers's value(mskey) is set in MX_APPROVERS attribute, but Actual approver unable see the pending approval request in ToDo Tab, Request is showing in APPROVAL MANAGEMENT Tab, unable to approve the request. 
Please suggest. its very urgent !
Regards,
Kishor Kajale
Hello Experts,
SAP IDM 7.2 SP8.
I have query on event task being defined on SYSTEM PRIVILEGE (PRIV:SYSTEM:<REPO_NAME>).
I believe IDM should not trigger provisioning tasks(ex. HOOK TASK 4) due to removal or addition of SYSTEM privilege.
Only removal/addition of ACCOUNT PRIVILEGE (PRIV:<REPO_NAME>:ONLY) should
trigger of provisioning tasks which also remove/add of system privilege for the user as defined in provisioning framework.
So, How Event tasks should be defined for system privileges ?
I think it should be empty (NONE).
Below screenshots shows the current configuration being done for system privileges in my client's IDM system.
This results in trigger of HOOK TASK 4 when SYSTEM privilege is removed/added from the user which causes errors which I know happen because of defining event tasks on SYSTEM PRIVILEGES.
Your help is appreciated.
Thanks & Regards,
Pradeep
Hi Experts,
Anyone attended the delta training for SAP IDM8?
The fact that Windows runtime and VB scripts not supported from IDM8, what would be the future of LN connector or existing IDM-LN integrations?
Is it included in any of the connector packages?
Kind regards,
Jaisuryan
Dear experts,
I got some typical problem, Can you please suggest me how to resolve this.
I created a new work flow, Ordered Task Group and mapped to test_role in the event Tasks, validate Validate add task.
I assigned this role to the user, request goes for approval to the correct approver, role status shows pending status.
But when I login with approver credentials nothing showing for approval in TO DO tab or APPROVAL MANAGEMENT tab.
When I checked in AdminUI, provisioning queue, Job status showing disabled.
But in the IDM MMC all the below jobs are enabled.
Below is the screenshot for the same.
Can you please suggest me how to rectifiy this.
Regards,
Jaya
Hi All,
I have completed the necessary steps to setup a secure communication between SAP IdM and an ABAP system.
I used the following article and SAP Help: Securing Connections to AS ABAP with SNC - Security and Identity Management - SCN Wiki
I don't see any error messages in the SNC configuration but I am getting the following error message in SAP IdM 7.2 SP09 when testing a job:
18.12.2014 09:23:07 :I:Successfully created JCo3Proxy.
18.12.2014 09:23:07 :I:JCo3Proxy: Created/updated destination 'NSPCLNT100' for repository 'NSPCLNT100'.
18.12.2014 09:23:07 :E: - com.sap.conn.jco.JCoException: (102) JCO_ERROR_COMMUNICATION: Initialization of destination NSPCLNT100 failed: connection closed without message (CM_NO_DATA_RECEIVED)
18.12.2014 09:23:07 :E:Exception reading table: 'TSAD3T' com.sap.conn.jco.JCoException: (102) JCO_ERROR_COMMUNICATION: Initialization of repository destination OEOCLNT100 failed: connection closed without message (CM_NO_DATA_RECEIVED)
Any clue?
Regards,
Ridouan
