and more in a single search tool across platforms. Read the announcement here. |
07/12/2023 08:16 AM
Hi All,
We have a use case for SAP deprovisioning where we need to set a user group, remove the roles and clear SNC field. I am using below for user group and roles:
While disable account the account status is locked but the user group, roles and SNC use case is not getting fulfilled.
Am I missing any configuration here as I cannot find any error in logs.
Thanks,
Bhushan
Solved! Go to Solution.
07/12/2023 10:08 PM
Does service account have required access & Group exist in target
07/14/2023 07:53 AM
Hi Rushikesh,
Yes, it has I will check again with client. But for SNC I do not see any configuration in the connection to clear it during account disable.
Thanks,
Bhushan
07/14/2023 07:56 AM
There is no disable account JSON in case of SAP Connector hence that is not supported.
08/02/2023 04:48 PM
Use case:
If the user is terminated, remove the roles, disable the account, move the usergroup and clear SNC details
Solution:
status is updated and status = 0, create update account task and deprovision access - accounts and access. Screenshot referred
2. Set the TERMINATEDUSERGROUP to 'DISABLED' or any group of your choice in the connectorSet the TERMINATED_USER_ROLE_ACTION to 'REMOVE'
3. You can set the task execution heirarchy to Update Account Tasks followed by Remove Access and Remove Account
4. When the user is terminated, based on the rule - Update account task and Remove Access, Remove Account tasks are created
5. Add this in the update account json config of the connector:
Note: This is a sample json but you can modify it as per your requirement.
{
"ADDRESS": {
"LASTNAME":"${user.lastname}",
"FIRSTNAME": "${user.firstname}"
},
"LOGONDATA": {
"GLTGB": "99991231"
},
"SNC": {
"PNAME": "${if(user.statuskey='0'){' '} else {'p:cn=abc@dummy.com'}}"
}
}
If the user status is 0, SNC value will be cleared out and set to blank. If it is active, you can set whatever the value is. The above json has a dummy value.
Once the remove access tasks are processed, all the roles assigned to the user will be removed in SAP
When the remove account task is processed, the SAP account gets locked with value 64 in UFLAG and the usergroup will be set to DISABLED or any other value you have given in the connector.
Hope this helps 🙂
08/03/2023 06:27 AM
Hi Sai,
I will follow this solution. Thank you so much!
Thanks,
Bhushan