Release 7.2 – Navigating the User Interface (Part 2)
In the first part of my blog we looked at assigning privileges to an identity in the IDM system. In this part we will look at how to check the status of this assignment. Once again we choose the identity (search person type) and call the Display Identity task. Once called you can find the Assigned Privileges and Assigned Roles tab where you can check the assignments and their current status. Clicking on the assigned privileges tab I can see all the current assignements with status ok. This means the privileges are assigned successfully.
However searching I do not see the privilege that I had previously assigned PRIV:ROLE:EDM:SAP_TREX_ADM. In this case you can click the advanced link where additional search possibilities are presented. If the assignment is still pending then you need to search with the radio checkbox Any selected. The privilege is now displayed and its current status as pending. This means that the assignment is still being processed in the IDM system.
If there is a problem then the status will change to failed. In the below example the assignment of another ABAP role has failed. Find the cause for this and fix it. Then navigate back to the Assign Privileges, Roles and Groups task and perform an advanced search for privileges that are not yet assigned. Click on the failed link which will in the next popup screen allow you to press the edit/retry button. The status of the assignment will then change to retry and the provisioning request resubmitted.
Hopefully this blog has been useful if you are for example migrating from release 7.1 and are unfamiliar with some of the new features of release 7.2.
Great tip, this is a massive plus from 7.1.
Hi Christopher,
I am facing a similar problem. I did role assignment. After the approver approves the assignment, the status is displayed as failed for this assignment. Can you please suggest where should I have to check to identity the cause for this failure.
Thanks,
Krishna.
Hi krishna,
check the privs assigned to the role and see if any of these failed. If they did
then check the connector hook task for the priv and see if there are any errors in the job log (or check the overall job log for errors).
Thanks,
Chris
Hi Christopher,
Thanks for the helpful information.
We are using IDM 7.2 SP8, Netweaver 7.3.
However the UI screens is different for us. I do not have the option to check direct/indirect assignments or check the staus of assignment and retry.
In which version we can find these options and additional feature?
Thanks
Rashmi
Hi Rashmi,
did you deploy the SP8 UI on the NW 7.3 server ? You can check this by
the version of the IDMIC component which you can check in the NWA.
Thanks,
Chris
Thanks for your reply Chris. We are good now after we have 7.2 SP8 version on the AS Java stack.