Hello All,
IDM 7.2 SP10
We newly upgraded to SP10 and now we see an issue in provisioning to ABAP and Java systems form IDM.
Provisioning works fine when Business Role(with inherited privileges) is assigned to the user then all inherited privileges are provisioning to SAP systems and mcexecstate in IDM DB get updated to 1 (in IDM UI as OK).
But when new privileges are added to this business role, automatic reconcile happens on the user(which already has this business role).
This triggers assignment of new privilege to user as inherited privilege via business role but provisioning does not happen and new privilege get stuck to pending status (mcexecstate = 512). This has been tried with lot of data.
We do not have this issue in SP8.
New privilege has no issue because if new privilege is already of business role and the business role is added to user then privilege get assigned successfully via provisioning.
Dispatcher settings and other configurations are good to best of my knowledge.
Dispatcher restart was also tried.
As only provisioning of new privileges due to structural changes on User's business role is having issue, it has become difficult to find out the root cause.
We have raised OSS to SAP but still awaiting for resolution since more than a week.
Any help in this forum is highly appreciated.
Thank you very much.
Regards,
Pradeep