cancel
Showing results for 
Search instead for 
Did you mean: 

Pending privileges are not getting removed

Former Member
0 Kudos
171

Hi,

I have business role with the Validity dates. MX_PENDING_VALUE is getting created for this role with the Valid To date assigned to this role. The role deletion is happening as expected by the Pending Value object. But the privileges assigned to these roles are not getting removed from the user. I tried writing on demand job to delete these privileges using linkid. MXREF_MX_PRIVILEGE= {d}{linkid=%linkid%}<PRIVILEGE_MSKEY>. There are no errors in the on demand job. But the privileges are not getting removed for the user. I have even tried with BYPASS MEMBER task options. But no luck. Can anyone help me how to remove these expired business role privileges from the user.

It's IDM 7.2; SP10

Thanks in advance

Sudheer

Accepted Solutions (1)

Accepted Solutions (1)

normann
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Sudheer,

since you are talking about indirect assignments I would recommend to try MX_AUTOPRIVILEGE instead of MXREF_MX_PRIVILEGE.

Regards

Norman

Former Member
0 Kudos

Hi Norman,

Thanks for the solution. I have used MX_AUTOPRIVILEGE {d}<privilegeMSKEY>. This has removed the privilege.

Warm regards

Sudheer

Answers (1)

Answers (1)

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Sudheer,

{d} only removes current values, for pending you need to use {e}.

Search the IDM help for the article "Using attribute operators (To identity store pass)". All the options are explained really well and you can decide, which one you want to use.

Regards,

Steffi.

Former Member
0 Kudos

Hello Steffi,

Thanks for the reply. I have tried the below in To Identity store pass

MSKEYVALUE  %userMSKEYVALUE%

MXREF_MX_PRIVILEGE = {e}{linkid=%linkId%}%privilegeMSKEY%

CHANGETYPE  MODIFY

Still, the privilege is not getting removed. The query that I have used to get the privileges and users in Source is

select mcUniqueID as linkId, mcValidTo as validTo, mcOtherMSKEY as privilegeMSKEY, mcOtherMSKEYVALUE as privilegeMSKEYVALUE,

mcThisMSKEY as userMSKEY, mcThisMSKEYVALUE as userMSKEYVALUE from idmv_link_ext where mcvalidto < sysdate

Any other suggestions.

Thanks

Sudheer

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Sudheer,

have you tried the simple version first: no source-query, but in the destination tab directly putting the mskeys of the user and the privilege you want to take away? Like this:

MSKEYVALUE                                0815

MXREF_MX_PRIVILEGE               {e}4711

CHANGETYPE  MODIFY

The mskeys are random here of course. Does your job work like that? Is that privilege assigned several times to the user or why do you use the link-id, too?

Former Member
0 Kudos

Hello Steffi,

I have tried as suggested by you.

MSKEYVALUE SUDHEER

MXREF_MX_PRIVILEGE {e}12345

CHANGETYPE MODIFY

Still the same issue. Once this is fixed, then I can pass the privileges and users data randomly to this pass

Warm regards

Sudheer

Steffi_Warnecke
Active Contributor
0 Kudos

Identitystore and entrytype on the destination tab are okay, too?

Former Member
0 Kudos

Yes both are correct. Entry type is MX_PERSON and Identity store is also correct.

Steffi_Warnecke
Active Contributor
0 Kudos

Then I'm at the end of my ideas right now. Sorry that I can't help more. 😕

Maybe the rest of the IDM crowd has new input for you.

Regards,

Steffi.