SAP Identity Management: multiple modify tasks triggered for MX_PERSON when changing attributes and assigning/removing roles at the same time
For SAP Identify Management 7.1, 7.2 and 8.0 the following system behavior may be observed:
- When you modify attributes with SAP Identity Management Web UI, multiple modify tasks for these attributes are triggered to the backend systems.
- In most cases this is possible to happen when you do this together with another UI action:
– change the attributes contained in the modify tasks trigger attributes (e.g. MX_FIRSTNAME) for MX_PERSON and
– assign/remove MX_ROLE objects.
- You have not defined attribute MXREF_MX_ROLE as modify task trigger attribute (In the SAP Provisioning Framework, modify task trigger attribute is defined on the system privilege PRIV:SYSTEM:<repository_name> )
The described behavior can be reproduced:
- Logon to the IDM Web UI
- Change any modify task trigger attributes’s values for a user and assign/remove business roles for it in the same time
This behavior is in very rare cases and it cannot be prevented. It assures the correct provisioning of modified attribute’s values to backend systems. It does not cause any provisioning errors.
Thanks for sharing, Stefan.
Hi Stefan,
We are in IDM 7.2 SP9
We have multiple updateABAPUser task triggered for one user for same repository though we haven't changed anything via UI. It was HR delta changes via writeHCMEmployee task. Is it common and not prevented as well?
Kind regards,
Jai