I would like to share my experience with repairing the stuck or failed assignment in SAP IDM using the new stored procedures that are going to available
with IDM 7.2 sp8. For pre IDM 7.2 SP8 versions, the following database objects are to be manually created.
Tables: mc_problem_analysis, idmv_problem_analysis
Stored Procedures: mc_analyze_assignments, mc_repair_assignments.
Firstly, let me explain the problem I have faced. I have created a role under which there are number of member privileges when assigned to a user in IDM,
is always going to failed status. I tried to solve the issue, but was not able to fix it. Then approached SAP from where I got these database objects which I have added manually (since I am on IDM 7.2 SP7). In this blog I want to let you know the steps I have followed to resolve the issue.
Firstly, I have created the objects(table, view & stored procedures) mentioned above. The table mc_problem_analysis stored the records of the assignments that are failed or in pending status. And the view idmv_problem_analysis is the corresponding view.
The stored procedure mc_analye_assignments is the one which analyses the identity store and identify the assignments with failed or pending status and
push the information to mc_problem_analysis table. The sp mc_analyze_assignments expects usermskey parameter. If the parameter value is ‘0’ it performs the analysis for all the users in the identity store. If the analysis for a particular user has to be done then the mskey of the user has to be provided. After the analysis if done, look into the table mc_problem_analysis. The columns mcCategory helps to understand the current status of the assignment as shown below.
if mcCategory is 1 – stuck pending
2 – Failed
3 – Rejected
4 – wait for master privilege
5 – stuck provisioning task
This helps to understand why the assignment is not successful. And the value in the column mcSolutionstrategy helps with the suggested solution to
resolve the issue. Following are the various values for mcSolutionstrategy
if mcSolutionstrategy is 1 – Retry without provisioning.
2 – Retry with provisioning.
3 – Assign master privilege.
4 – Clean up.
5 – Finalize audit.
6 – Delete from provisioning queue.
Once the corresponding assignment that has to be processed is identified, use the stored procedure mc_repair assignments which expects parameters
usermskey, repositories and operation. if usermskey is 0, it repairs all the assignments. Else, if you want to repair assignments for a particular user, provide the mskey of the user. As of now the value of repositories if 0 and it is intended for future use. And the vale of operation parameter could be anyone of the values from the mcsolutionstrategy mentioned above. Mostly it could be in 1,2,3,4.
In my case, when I tried to fix the issue by above steps, it dint help me initially as before i had tried with the above approach, I have done de-assignment and re-assignment for the same user with the same role for a couple of times expecting that it will be successful but failed. Because of which the sp mc_repair_assignments was not able to fix the issue for me.
Then I have done the clean up of the assignments using mc_repair_assignments with parameter values 0,0,4 respectively. After that I have assigned the user with the same role which again went to failed status. Then, cleared the mc_problem-analysis table and executed the analyse assignments which pushed the assignments that are in status pending or failed status to the table.
After that, I have executed the repair assignments stored procedure with the appropriate operation value for that particular user and it was able to resolve the issue.