cancel
Showing results for 
Search instead for 
Did you mean: 

Updating User in IDM Does Not Reflect in Connected SAP AS ABAP System

former_member273752
Participant
0 Kudos
510

Hello Experts,

We are working on a IDM scenario on IDM 7.2. We have done the configuration as per the configuration guide, and successfully done an initial load of the users from a connected SAP ABAP system. From the IDM UI, when we change an user (Via web enabled tasks), the user record gets modified in IDM, but the changes do not get reflected in the connected ABAP system. When we look for system logs or tasks in the Identity Center, we do not find any entries. Can you please guide us in with some pointers, so as to why this behavior might be occurring?

Thanks and Regards,

Sid

View Entire Topic
Former Member
0 Kudos

Hi  Siddhartha,

  You should check if you are set your master privilege on the Repository - master privilege.

Before that check if you have master privilege created for the system PRIV:RepName:ONLY and when you are started, check for PRIV:SYSTEM:RepName..

BR

Simona

former_member273752
Participant
0 Kudos

Hi Simona,

Thank you for the pointer. We have set the master privilege, but the issue persists! 😞

Thanks for sharing this important info, though! 🙂

Best Regards,

Sid

0 Kudos

Hi Simona,

I am working with Sid in the same project, the problem we have is when we select any Web enabled task...like suppose we select Disable Identity from the IDM UI, the web enabled task Disable Identity gets called which can be seen in the provision audit. But we cannot see the changes done in the ABAP side. In the MX_PERSON entry type for the Identity store, in the modify event I have selected 1324/Modify Identity(another web enabled task), so two tasks are initiated, Modify Identity and Disable Identity as can be seen on Provision Audit when I selected Disable identity in IDM UI. But how is the web task going to connect to ABAP system for making the changes, is there any job it should call, any pass need to be defined? We would appreciate if you can help us on this issue.

Former Member
0 Kudos

Hi  Avik,

   If you go in you PRIV:SYSTEM:RepName privilege in tab - Task(you should select for Modify task: Inherited - this way you will inherit the task from you repository - here in the repository tab - Evant tasks you have to select the task, that will be executed for this example: select task from CORE folder task - Modify and from there go in your repository constants - MX_HOOK7_TASK - set a value for MX_HOOK......_TASK - the value should be a task from the connectors folder, the task you set as a value will update the user into the target system). In the list of attributes in your system privilege you should select the attributes, that will triger the modify task. If in your list of attributes you have MX_DISABLED - the change of this attribute will triger Modify task and the your user will be locked in the target system.

BR,

Simona

0 Kudos

Hi Simona,

Sorry I couldn't understand properly. I need little more help on this.

As you wrote,

   "If you go in you PRIV:SYSTEM:RepName privilege in tab - Task" where can I find this privilege PRIV:SYSTEM:CPM100 <CPM100 my ABAP respository> and where can I find the Modify task:Inherited?

Next

"here in the repository tab - Evant tasks you have to select the task, that will be executed for this", I couldnt find repository tab.

MX_HOOK7_TASK=370/7. Disable ABAP User in my system.

MX_DISABLED is there in my Identity store attribute list, in the event task for modify operation, I specified 751/Modify.

I am new to IDM and need some more details, I couldn't find these information in any config guide. Can you attach screenshot as well as it will be easier to understand.

Many Thanks,

Avik 

Former Member
0 Kudos

Hi Avik,

1.  When you do the initial upload you shoul create the system privilege PRIV:SYSTEM:RepName

2.  After you have created this privilege, you can open  PRIV:SYSTEM:RepName and select tab Tasks.

3.  In tab Tasks you cane select for Modify task: Inherited(this way you will inherit the task from your repository)

4.  So here you are still in PRIV:SYSTEM:RepName tab Tasks - here you can select attributes(on change these attributes  will triger user modification in the system)

5.  After you have done the settings in the system privilege, you should go in the target system Repository and there in tab Event tasks for Modify task(select): Modify(this should be a task from CORE folder, after provisioning/deprovisioning - Modify)

BR,

Simona

0 Kudos

Hi Simona,

Thank you so much for the detail information. I followed all the steps that you mentioned, but unfortunately cannot see the changes in the backend ABAP repository yet.

Attaching the provisioning queue screenshot. Check that the queue size is growing enormously and Job status column is empty(should it be empty?)

Above is the screenshot of provisioning audit. Provisioning status shows task initiated ok. Note that two tasks are getting triggered, Disable identity and Modify identity. Any idea where I am going wrong?

Best regards,

Avik

Former Member
0 Kudos

Hi Avik

I would expect that you have a disabled task in there somewhere.  It won't tell you which one, it'll just sit there.

You might also find that something is missing a dispatcher.

Peter