Quantcast
Channel: SCN : Discussion List - SAP Identity Management
Viewing all 1754 articles
Browse latest View live

How to avoid GRC provisioning dynamically

December 19, 2014, 8:47 am
$
0
0

Hi All,

 

I have typical scenario like this:

 

I have integrated IDM with GRC for risk analysis and SAP system provisioning. I have various workflows where GRC provisioning framework is getting called when GRC privileges are assigned or revoke.

 

But in one workflow, I need to assign GRC privileges to user but I do not want "AC Submit request" to be invoked.I want privileges to be assigned to the user without sending to GRC.

 

Any suggestions how I can stop invoking "AC Submit Request" dynamically?

 

Thanks,

Dhiman Paul.

Search

Job to Delete Failed or rejected privilege assignments

December 22, 2014, 5:44 am
$
0
0

Hi,

We are currently in the middle of a new IDM implementation. One thing I have noticed is that if an assignment of a privilege is rejected by an approver, or fails for any reason. An entry remains on the IDM account for that users and the privilege is listed as either "Rejected" or "Failed" In order to attempt assignment again, you must first delete that entry from the users account. Is there any job I can create and schedule to do this automatically? I would like to automatically delete all entries for all users labeled "Rejected" or "Failed"?

Dispatcher is being stopped

December 21, 2014, 10:34 pm
$
0
0

Hi All,

 

Our dispatcher is getting stopped even after restarting it in Identity Center but the same is still running at windows level. Can anyone let me know how to resolve this ?

 

Thanks,

Kalyan.dispatcher.jpg

Necessary media of Identity Management for Installation

December 21, 2014, 11:14 pm
$
0
0

Hello experts,

 

 

I am currently planning to install the latest new IDM(Identity Management 7.2). According to the document link:https://websmp202.sap-ag.de/~sapidb/011000358700001223002010E, the following media I need to install:

 

1. Identity Center

2. Management Console

3. Runtime Components

4. User Interface

 

 

Could anybody help me find out how to install the database for Identity Center?

 

I first need to install supported database for it, but I am not so sure whether to download the database media from each brand of database software which I choose and to separately install the database for Identity Center. Seeing the database on Market Place, I have not found the media for database.

IDM provisioning task not activated

December 22, 2014, 4:26 pm
$
0
0

Hello,

 

I'm having an issue getting the CORE/Provisioning task to be executed following the assignment of a privilege.

 

I've done a number of tests with other tasks (modifying users, creating users) that have been successful. But, using the 'assign' task in the Web Enabled Folder, the CORE/Provisioning task fails to execute.

 

modify-ok.jpg

 

I also tried creating a new role, adding the required privileges and assigning this to a test user. The log showed that provisioning did work, but no privileges were assigned.

 

In the monitoring tab, the provisioning audit shows the 38/Assign task as having a provisioning status of 'OK', but the related CORE/Provisioning task does not get executed.

 

assign-ok.jpg

 

How can I trouble shoot this? Where should I look first?

 

I'm currently on IDM 7.2 SP9. While on SP8 provisioning did work.

 

Could there be an issues with the database?

 

Appreciate the help. Happy holidays!

 

Paul

BYPASS_MEMBER_TASK not working for Attribute MXMEMBER_MX_PERSON while it is working for MXREF_MX_PRIVILEGE

December 23, 2014, 5:19 am
$
0
0


Hi,

 

We are trying to delete privileges from user using the following code in the script using BYPASS_MEMBER_TASK

 

task_property="{D}{BYPASS_MEMBER_TASK=1}";

var tempvalue=task_property+PrivMskey;

var SetPrivToUser2 = uIS_SetValue(tempvalue,IDStore,"MXMEMBER_MX_PERSON",mskey2,"",2);

 

but this not working ,we are getting an error Entry doesnot exist attribute:MXMEMBER_MX_PERSON.

 

If we are trying to delete the privilege from ToIdentity store pass with the same concept of {D}{BYPASS_MEMBER_TASK=1} PrivMskey it's working fine.

 

We had raised a same thread fro Add privilege and it worked with {BYPASS_MEMBER_TASK=1} in the script and {A}{BYPASS_MEMBER_TASK=1} in the To IdentityStore pass.How to avoid GRC provisioning dynamically

 

Please find the screenshot of ToIdenity store pass and the error screenshot which we are recieving when we run the script containing

{D}{BYPASS_MEMBER_TASK=1}PrivMSKey

 

BYPASS_MEMBER_TASK_delete.png

 

 

BYPASS_MEMBER_SCRIPT_ERROR.png

 

Thanks,

Dhiman

How to Update SMTP in Active Directory through LDAP Passes

November 14, 2014, 4:39 am
$
0
0

Hi Experts,

 

Presently I am working on SAP IDM 7.2

 

We have requirement that whenever anyone update user's mail address in IDM, IDM must update the new mail address in IDM.

 

The same new mail address must be updated as mail and SMTP(Proxyaddresses) in AD and SMTP should be chnaged to smtp.

 

Now we are using Powershell Script for the above however new requirement is to use LDAP Passes for the same.

 

for example-

User1 has mail address xyz@123.com in IDM.

and AD data of this user is
mail = xyz@123.com
proxyAddresses = SMTP:xyz@123.com

when anyone change mail address of user1 to abc@123.com
the mail address in IDM should be abc@123.com This is working fine.

and IDm should update AD data as
mail = abc@123.com
proxyAddresses = SMTP:abc@123.com
proxyAddresses = smtp:xyz@123.com

so that user can have multiple secondary email addresses(smtp) and one primary email address(SMTP)

 

Please help me regarding this.

 

Waiting for your response

 

Thanks in Advance

 

Regards,

C Kumar

An identity is not appearing in IDM however when creating same identity in IDM, it is giving error in IDM that "Identity already exists in IDM"

November 26, 2014, 4:45 am
$
0
0

Dear Community Members,

 

When I try to find an identity in IDM, let say unique id is "ABCD" , I'm not able to find it whereas when I'm try to create the same identity "ABCD"

in IDM.I do get an error which says "Identity already exists" in SAP Identity Management.

 

I understand that somehow the identity is not deleted from IDM database however not reflecting in IDM user interface but unable to understand

the technical possibility of this issue.

 

Kindly share the reason of this issue and what will be the possible solution.

 

I do not want adapt the non recommended SAP way of deleting the identity directly from IDM database.

 

Regards

 

Girish Almiya

SAP Security Consultant

Search

Message templates, html, http:// not supported?

December 23, 2014, 7:08 am
$
0
0


Hello,

we got

SAP NetWeaver Identity Management 7.2 SP9

IDENTITY CENTER DESIGNTIME 7.2 SP9 patch 7

IDENTITY CENTER RUNTIME 7.2 SP9 patch 5

VIRTUAL DIRECTORY SERVER 7.2 SP9 patch 3

 

In the admin UI I use register "Message Templates" I create and maintain message templates e.g. for approvals (Template Category: MX_APPROVALS).

And here I use HTML with stylesheets.

 

While I put following HTML code in

    <tr style="vertical-align: top;">

      <td>URL:</td>

      <td>http://support.sap.com/swdc</td>

    </tr>

the text starting with http:// including the next tag (here </td>) dissappears.

So following insufficient HTML code is left:

    <tr style="vertical-align: top;">

      <td>URL:</td>

      <td>

    </tr>

Similar if I try to add a reference to a link like

All other cases <a href="http://company.appl.net/Home?OpenPage">call COMPANY IT Service Desk</a> / open an incident at <a href="https://serviceportal.company.com/Services.aspx">COMPANY IT Service Desk Portal.</a>

all what is left after saving is:

All other cases <a href="">call COMPANY IT Service Desk</a> / open an incident at <a href="">COMPANY IT Service Desk Portal.</a>

 

Has anybody seen something similar?

Is there a workaround?

Isn't it supported that I put http:// or https:// to the HTML code of the message template?

 

with kind regards

Michael Schäfer

IDM UME Integration

December 29, 2014, 5:06 am
$
0
0

Hi Experts,

 

I need to  load the users from AD to IDM and users should login to the IDM web UI with AD credentials.

For authentication purpose, without moving the user to UME, not adding J3E_Java_Only previlege to the user, Did any other methods are present.

Can  please suggest the steps to be followed to accomplish the above task.

 

Thanks in Adbance,

Jaya

SAP IDM GRC integration

November 30, 2014, 10:49 pm
$
0
0

We have integrated SAP IDM 7.2 with SAP GRC 10.0. When we ran the initial load we are getting the error as per the attached screenshot.

Is this the error from SAP IDM or GRC?

 

How can we rectify the error.

 

Thanks.

 

Prajakta

IDM UME Integration

December 29, 2014, 5:06 am
$
0
0

Hi Experts,

 

I need to  load the users from AD to IDM and users should login to the IDM web UI with AD credentials.

For authentication purpose, without moving the user to UME, not adding J3E_Java_Only previlege to the user, Did any other methods are present.

Can  please suggest the steps to be followed to accomplish the above task.

 

Thanks in Adance,

Jaya

AD and IDM UME integration

December 30, 2014, 2:08 am
$
0
0

Hi Experts,

 

  Today we have done few configuration related to AD and UME integration which doesn't go well. Please provide your valuable suggestions to overcome the issues. Steps what we followed are :

 

1. We have created service user in Ad

2. Configured service user with SPN (service prinicpal name)

3.Logged into nwa : http://hostname:port/nwa

4. Done UME configurations, please check attached doc for screenshot

5.Restart AS Java

 

We are looking to load the AD users into UME, could you please suggest what needs to be done after these steps.

 

 

Thanks,

Lokesh

Ports in VDS

December 30, 2014, 2:09 am
$
0
0

Dear experts,

 

I have few doubts regarding ports in VDS. Can you please guide me.

 

1. How to find what are the ports used and free ones.

2.How to change port number, if it is already set for the service. For example I created xml file and set the Port number, how to modify.

3. If a configeration file is deleted without stopping the service on port, how to stop that service and use that port.

 

Thank in Advance.

 

Warm Regards,

Jaya

IDM 7.2 - problems with Installation of VDS

December 12, 2014, 2:39 am
$
0
0

Hi everybody,

 

during the Installation if IDM 7.2 I'm coming to a halt at the installation of the VDS

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

NW IDM 7.2

OS: Windows Server 2012 R2

DB: MS SQL Server 2012

JRE tried with Sun 1.5 32& 64 Bit and jdk-6u45 32&64 Bit

JDBC 4.1

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

I think it has something to do with the Java VM's but im not 100% sure.

 

Here a part of the VDS_InstallLog.log with the error's and warnings (the complete File as .txt is in the attachments)

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Installation: Successfulwith errors.

 

1352 Successes

1 Warnings

3 NonFatalErrors

0 FatalErrors

 

Action Notes:

 

Set Environment Variable: MVDHOME = \usr/sap/IdM/Virtual_Directory_Server: This action has failed.  To ensure full functionality for this application, please edit your system environment to include the following variable/value combination: MVDHOME=\usr/sap/IdM/Virtual_Directory_Server

 

Install Uninstaller:VDS (Install All Uninstaller Components)
Status: ERROR

Additional Notes: ERROR - Failure to install Uninstaller executable: java.lang.NullPointerException

Create LaunchAnywhere:Virtual Directory Server (Install All LaunchAnywhere Java Executable Components)

Status: ERROR

Set Environment Variable: MVDHOME = \usr/sap/IdM/Virtual_Directory_Server

Status: WARNING

Additional Notes: WARNING - java.io.IOException: Cannot run program "/usr/bin/sh": CreateProcess error=2, The system cannot find the file specified

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Does anybody have some hints for me? - help is is deeply appreciated.

 

Regards,

 

Franz

Search

Login in to IDM UI

January 6, 2015, 5:48 am
$
0
0

Dear Experts,

 

 

We are able to fetch users into UME from AD by doing AD and UME integration.

But, we are unable to load users into IDM web ui. Could you please suggest us

and our expected outcome is to login to IDM UI with AD credentials without loading users into IDM.


Many Thnaks,

Jaya

IDM - GRC Process Control Integration

January 6, 2015, 12:13 pm
$
0
0

All ,

 

We have integrated GRC Process Control Module for Compliance monitoring , along with GRC Access Control - IDM Integrated Solution .

 

We have integrated GRC Access Control with IDM for SOD Purpose ( VDS-IDM-GRC Web service ) Integration . We have  one integration requirement

from Business users around Process Control also . We would like to know where we can retrieve data for Process control from IDM Database .

 

In this case we are looking whether we can retrieve IDM Data (Table Level) to GRC Box . Any idea or any suggestions on this ...?

 

Thanks ,

 

Jerry George

Syncronization between IDM and ECC

January 12, 2015, 5:08 am
$
0
0

Hi

We have Installed SAP IDM and maintained the connectivity/integrated it with Portal ( to run activate /idm url)

Initial Load from Business Suite has also been pulled to IDM DB and I can view the details of the users, roles, address and other attributes in the IDM.

 

Then I created a user using SAP Netweaver Java (/idm) which can be viewed.

I need to know how i can transfer this user back to ECC, as i could not see any job for data sync.

 

 

 

Thanks,

Rajesh

How to create a user with future start date

January 13, 2015, 1:41 am
$
0
0

Hi Guys,

 

What is the best practice when you use the HR LDAP Extract program to create a user in SAP IdM and target systems with a future date?

I have declared the WRITE_FUTURE_DATED_HIRES = TRUE and replaced the script sap_importTimeValues with sap_cutDate.

I need attributes such as MX_LASTNAME, MX_FIRSTNAME to create the user in ACtive Directory.

 

Anyone done this before and could give some advice as I am still testing?

 

Regards,

Ridouan

Semaphores on SQL-database: stored procedure mc_chk_sema_timeout

January 13, 2015, 6:57 am
$
0
0

Hi there!

 

We do run this environment:

 

Microsoft Server 2008 R2

Microsoft SQL server /2008 R2 / driver 10.50.4000

Identity-Management 7.2, SP6 Patch 1

 

 

We`re discovered a (strange?) behavior in our SQL-database cache.

 

As we look to the top most executions per minute,the IdM stored procedure "mx_chk_sema_timeout" gets the highscore (is the number one procedure that hast most cpu, time, reads, and so on)... It is executed 161 (in average) per minute.

 

 

This is executed this often:

USE [db]
GO

/****** Object:  StoredProcedure [dbo].[mc_chk_sema_timeout]    Script Date: 13.01.2015 13:37:24 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER OFF
GO

 

CREATE PROCEDURE [dbo].[mc_chk_sema_timeout]
       @Ptimeout int,
       @Status as int OUTPUT,
       @Statustext as varchar(256) OUTPUT
AS
       Declare @Lrowcount int
       Declare @Lbuf varchar(256)

       -- LOCK
       EXEC sp_getapplock 'mc_chk_sema_timeout','Exclusive','session'

       delete from mc_semaphore where (DATEADD(s, @Ptimeout, Sematime)<getdate());
       select @Status = @@ERROR, @Lrowcount = @@ROWCOUNT
      

       -- UNLOCK
       EXEC sp_releaseapplock 'mc_chk_sema_timeout','session'
      
       IF @Status = 0
       BEGIN
             set @Statustext = 'OK'
             IF @Lrowcount > 0
             BEGIN
                    set @Lbuf = convert(varchar,@Lrowcount) + ' stale semaphores released'
                    execute mc_write_syslog @Lbuf,'',1,'',0
             END
       END
       ELSE
       BEGIN
             set @Statustext = 'Unable to release staled semaphore';
       END


GO

 

My questions:

1. Is this maybe a normal behavior (seen on DB time and execution) and we should not be worried?

If not, what can we do to lower the executions per minute?

 

I did some searchs:

 

The table mc_semaphore shows no special behavior. Looks good for me: Some (1-6 semaphore go in, 1-6 leave immediately). I had expected, that this table would maybe be overflowed. But it wasnt...

 

I also  read this SCN entry of Per Krabsetsve (at the end of the entry): Dispatchers Deadlock Issue

He talks (in case of a about contacting the SAP-Support in order to get a different (altered?)  procedure of "mc_chk_sema_timeout".

 

2. Maybe this would be a solution?

 

3. Are there any further suggestions/experiences you can give us?

 

Thank you for your replies!

 

Michael

Viewing all 1754 articles
Browse latest View live
Search

Latest Images

7 clever tricks Primark does to keep you walking & buying more than you need...

7 clever tricks Primark does to keep you walking & buying more than you need...

July 20, 2025, 5:14 am
Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

July 20, 2025, 5:06 am
Paintings of English Downs 2

Paintings of English Downs 2

July 20, 2025, 4:30 am
How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

July 20, 2025, 3:30 am
Met Eireann warns of heavy rain & spot flooding for DAYS before big...

Met Eireann warns of heavy rain & spot flooding for DAYS before big...

July 20, 2025, 1:14 am
Who is Kevin Lerena’s wife Geraldine?

Who is Kevin Lerena’s wife Geraldine?

July 20, 2025, 12:57 am
Man stabs woman, baby to death inside Queens home, police say

Man stabs woman, baby to death inside Queens home, police say

July 19, 2025, 11:00 pm
Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

July 19, 2025, 9:45 pm
Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

July 19, 2025, 7:29 pm
Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

July 19, 2025, 2:11 pm
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>