My Oracle Support Banner

Need To Reconcile Only SAP Composite Roles, But Connector User Recon Reconciles All Roles Granted To A User (Doc ID 2460487.1)

Last updated on OCTOBER 22, 2020

Applies to:

Identity Manager Connector - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Need to Reconcile only SAP Composite Roles, but connector reconciles all roles granted to a User?

Changes

1) Setup on SAP:

There are some composite roles and single roles in SAP.

2) Setup on OIM:
Modified Lookup.SAPAC10ABAP.Configuration and set
singleRoles: no
compositeRoles: yes

3) Now, run the SAP AC UM Role Lookup Reconciliation
It correctly brings in only the composite role.
We have checked this from /sysadmin lookup tab
and also using sql query on LKV and LKU tables

4) Then we run user recon.
After doing this, we go to the OIM user --> account tab
and see the roles assigned to the account at the bottom.
You can see that the composite role is displayed correctly BUT
there are other (blank) rows for single roles which should not be displayed.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.