Hi All,
Thanks for your prompt reply!
Now I have fixed the issue. Special thanks to Jai and Tero to explain the solution step by step.
A small modification i have done in first pass of my job to fix the issue.
Jai Proposed that
1) Create a temp table (something Z_TEMP) with list of users who has failed assignments. SQL would be a
select mcThisMSKEYVALUE, mcOtherMSKEYVALUE, mcuniqueid from idmv_link_ext with (nolock) where mcothermskeyvalue like 'PRIV%AD_rep%' and mcExecState = 4 or mcExecStateHierarchy = 4
here query output was all failed privileges and roles as and operation was working between mcothermskeyvalue like 'PRIV%AD_rep% and mcExecState = 4 only; not with the mcExecStateHierarchy = 4.
I have corrected the query as
select mcThisMSKEYVALUE, mcOtherMSKEYVALUE, mcuniqueid,mcExecState,mcExecStateHierarchy from idmv_link_ext with (nolock)
where mcothermskeyvalue like 'PRIV%' and (mcExecState = 4 or mcExecStateHierarchy=4)
and now its working perfectly.
Thanks everyone once again.
I will appreciate if somebody will explain my few doubts or link me the URL where i can find the answer of my doubts-
- What is the difference between mcExecState and mcExecStateHierarchy?
I have got below value for few users. PRIV:XXXXX and PRIV:XXXXX status is same (failed) then why values are different.
| mcThisMSKEYVALUE | mcOtherMSKEYVALUE | mcuniqueid | mcExecState | mcExecStateHierarchy |
| ABC123 | PRIV:XXXXX | 123456 | 4 | 0 |
| ABC123 | PRIV:XXXXX | 123489 | 1 | 4 |
- What is mcuniqueid and LINK ID and how SAP IDM creates these fields?
- Why we need to use BYPASS_MEMBER_TASK=1 while deleting and then adding the privilege back to the user.
Regards,
C Kumar