I'me getting an issue with role assignment and a SAP User Driver. What's
going on is that, having assigned the rule using IDM, if I look up the
Role in SUO1 I can see the user assigned to the role, but if I look up
the user I don't see the role in assigned roles. This feels awfully
familiar to me its the sort of thing you expect if you haven't assigned
all the attributes of a Novell group of course, so I wonder if its
something similar. This is the rule that I have at the momment, which is
in Command Transformation.

<rule>
<description>SRM Role modification</description>
<conditions>
<or>
<if-op-attr name="SCC:SapSrmShopperProfile" op="changing"/>
<if-op-attr name="SCC:SapSrmServiceApprover" op="changing"/>
</or>
</conditions>
<actions>
<do-if>
<arg-conditions>
<and>
<if-src-attr mode="nocase" name="SCC:SapSrmShopperProfile"
op="equal">SHOPPER</if-src-attr>
</and>
</arg-conditions>
<arg-actions>
<do-set-dest-attr-value name="sapRoles">
<arg-value>
<token-text xml:space="preserve">ZSRM:SHOPPER</token-text>
</arg-value>
</do-set-dest-attr-value>
</arg-actions>
<arg-actions>
<do-if>
<arg-conditions>
<and>
<if-src-attr mode="nocase" name="SCC:SapSrmShopperProfile"
op="equal">EXPERT_SHOPPER</if-src-attr>
</and>
</arg-conditions>
<arg-actions>
<do-set-dest-attr-value name="sapRoles">
<arg-value>
<token-text
xml:space="preserve">ZSRM:EXPERT_SHOPPER</token-text>
</arg-value>
</do-set-dest-attr-value>
</arg-actions>
<arg-actions>
<do-clear-dest-attr-value name="sapRoles"/>
</arg-actions>
</do-if>
</arg-actions>
</do-if>
<do-if>
<arg-conditions>
<and>
<if-src-attr mode="nocase" name="SCC:SapSrmServiceApprover"
op="equal">TRUE</if-src-attr>
</and>
</arg-conditions>
<arg-actions>
<do-add-dest-attr-value name="sapRoles">
<arg-value>
<token-text
xml:space="preserve">ZSRM:SERVICE_APPROVER</token-text>
</arg-value>
</do-add-dest-attr-value>
<!-- <do-set-src-attr-value disabled="true" name="sapRoles">
<arg-value>
<token-text
xml:space="preserve">ZSRM:SERVICE_APPROVER</token-text>
</arg-value>
</do-set-src-attr-value> -->
</arg-actions>
<arg-actions/>
</do-if>
</actions>
</rule>

and this is the schema map for SAP roles.

<attr-name class-name="User">
<nds-name>sapRoles</nds-name>
<app-name>ACTIVITYGROUPS:AGR_NAME</app-name>
</attr-name>

So any ideas what I'm doing wrong? There's no obvious error in the
trace, but its too long to post...


--
jimc
------------------------------------------------------------------------
jimc's Profile: http://forums.novell.com/member.php?userid=6130
View this thread: http://forums.novell.com/showthread.php?t=382674