Skip to Content

“No master task” setup in SAP Identity management after upgrade from 7.1 to 7.2 for successful provisioning to connected systems

                                                                                                      On upgrade of IDM from 7.1 to 7.2

After upgrade of IDM from version 7.1 to 7.2, a mandatory system privilege “Priv:System name_Client no:only” (ex – Priv:EB7_057:only) comes in scenario for provisioning of created user record to backend system.Their are three different available option to include that newly introduced mandatory privilege Priv:System name_Client no:only (ex – Priv:EB7_057:only) in old existing data from IDM version 7.1

  1. Assign the ONLY privilege to the user ALONG with the business role.
  2. Manually include the ONLY privilege in the business role definition.
  3. Set a No Master task on the repository.  That task will be executed every time a ROLE or GROUP privilege is assigned to a user, who doesn’t have the master privilege for this repository.  You just need to set the ONLY privilege for the repository as master privilege (Privilege tab in the repository properties) and select a task to execute, if the master privilege is not assigned (this task can be a simple assignment of the ONLY privilege).

Here, we opt for 3rd option to set “No master task” for all existing repository to save time and efforts. However, option 1st and 2nd will introduce much additional work (adding mandatory privilege to all existing business role) and also increase IDM provisioning queue too long that it will hinder daily security user provisioning job.

Make Priv:System name_Client no:only (ex – Priv:EB7_057:only) visible in UI by selecting visibility “ALL” in entry visibility field for all only privilege (Priv:System name_Client no:only) for all defined/available repository


A)   Select Repository –> Privilege –> Click rectangular box in “Master Privilege”

        Insert entry in pop up window i.e ID store , Unique ID (Privilege) search and then select

        from matching name windows


B) Create a custom Ordered task


C) Include a Empty job in Ordered task


D) Select pass “To Identity Store”


E) Insert values in Destination field of pass





F) Click Apply after select and inserting entries.


G) Go back to repository and select mandatory privilege for that specific repository which you have selected in “Master privilege” i.e for repository EE1_040, select          “PRIV:EE1_040:Only” in Master privilege option and then select rectangular(Search) box in “No Master Task” and drill down and select created custom “Master

      Priv Custom” ordered task and click Apply to save setting.


H) Now, whenever a user is assigned with any business role in User Interface, above created Master privilege will run to assign mandatory only privilege “Priv:System name_Client no:only” to user to provision technical role assignment in backend system.

You must be Logged on to comment or reply to a post.
  • Hello there,

    this document might hold very useful information, but right now I find it pretty confusing, because it lacks screenshots (were there some in an earlier version, because the spaces look so strange?) and there are some spelling mistakes and funny characters in there, that make it hard to read, e.g.:

    Select Repository à Priviledgeà Click rectangular box in “Master Priviedge”

    Would you please take the time to address those things so others, who find your document, can easily get the information and steps you try to get across. Thank you! 🙂



    • Hi Steffi,

      Uploaded document is having all required screenshots with step by step process.It was not actually captured during copy-paste from my original document to SDN blog post area.

      SDN community members can download the document to have IDM information with screenshots.


      Girish Almiya

      • Hello Girish,

        maybe I need my eyes checked, because I can't find a way to download this document in a useable (with screenshots) version. Were would a user find this?

        On the other hand it doesn't matter, since users should not have to download something to see a full version of it. Not here on SCN. This document is what is indexed and what users find when they search for certain terms and right now it's really not up to par with what a document here should look like.

        Even though there is a useful version (somewhere), please update this one, too, so it doesn't look like a draft.. 🙂



        • Hi Steffi, Chris,

          I will amend my post with screenshots.So that it can be used by community members without any trouble. Thank you for bring this to my information.


          Girish Almiya

      • Hi Girish,
                      it would probably make the document more valuable and helpful if you could try amending the document to add the screenshots here on SCN. If you are having any issues feel free to PM me.



        SAP IdM Moderator

        • Dear Christopher,

          I have updated IDM document with required screenshots.

          I hope now it would be clear for all Community Members and fruitful too.


          Girish Almiya