cancel
Showing results for 
Search instead for 
Did you mean: 

SAP IDM modifies system user to dialog user automatically

189

Hi Experts,

We are observing strange behavior that whenever a system / service user created by SAP IDM in ABAP is modified again through UI standard form , upon submission IDM updates the user to Dialog while it has been assured that user type remains the same which is B/S. I've checked the modify pass and found that user type attrib is passed into SecurityPolicy. Could anyone throw some light on this? and how to tackle ?

Regards

Rims

Accepted Solutions (0)

Answers (1)

Answers (1)

devaprakash_b
Active Contributor

Hello Tiwari,

check what value is being passed to the securityPolicy attribute in the Modify ABAP user Task. Usually we maintain the user type value in the MX_USERTYPE attribute.

Check what value is maintained in IDM for this user and whether it is correct, so this should be your initial trouble shooting step. If still facing challenges, paste the screenshot of your modify abap user task along with the values stored or maintained in the above mentioned attribute

Community members would be able to help you

Regards,

Deva

0 Kudos

Hi Deva, thanks for looking .. just as mentioned initially, user type attrib (i.e. MX_USERTYPE) is being passed into Security Policy in the modify abap user task which is all standards just as you said .. I'd like to know about this behavior where display name of system / service user is modified through UI , IDM assumes it for a Dialog user and converts the user to Dialog even though before submitting it has been verified that user type (under abap settings - standard UI) is B / S .. We have verified with a few users and same issue is seen .. I want to know whether it is a standard issue and something to do with security policy?

alexanderbrietz
Active Contributor
0 Kudos

Hi Rims,

as Deva mentioned the default is that MX_USERTYPE is converted and written to ABAP. Please note that legal values are defined in mxi_AttrValueHelp. You should find something like this when you query your db using the following statement:

select * from mxi_attrvaluehelp
where valid='MX_USERTYPE' and vallocale='EN'

IIRC the abap connector or the abap system takes Dialog as default, so if you are missing the entries in mxi_AttrValueHelp it converts it to Dialog. You can check this on UI when you expand the Options for Usertype. It should look like this:

Regards,

Alex