I have seen several threads related to Dynamic Group Creation and resolving issues so thought to jot down the steps here to Create and Resolve Dynamic Group in SAP IDM 8.0
Loading only New Roles from SAP systems to SAP IDM automatically on the regular interval (daily interval) is a challenging task.
When we run the Initial load which comes with the SAP IDM product, it can take up a lot of time – depending on the data, sometimes it can take more than a day – as it loads all the data again from SAP systems to SAP IDM including the previously loaded data.
As per my knowledge, there are only 2 ways to do this:
- Load all the Roles or basically all the data – which can be time-consuming
- Load only new roles using delta technique – which I discuss in this blog.
In this post, I use the delta method which is very fast as it calculates the only new roles and same get loaded to SAP IDM.
- Login to SAP IDM UI
- Manage -> Dynamic group
- Hit the Create… button
- Select the Create Dynamic Group task
- Hit Choose Task
A new tab/window Create Dynamic Group will open
6. Enter Dynamic Group Unique ID, Display Name and Description (Optional) under General tab
7. Select the Attribute Name and Attribute value in Target Definition tab
Note – Alternatively, you can also select advanced mode and write the SQL query. While writing SQL query, please ensure that your query must return MSKEY.
- Hit Save
Dynamic Group has been created now.
- To view the newly created dynamic group, go to Manage tab and search for the Dynamic Group.
- Select the newly created Dynamic Group DGROUP_IDM_TEST1 to view the details
In Target Definition tab, you can see that IDM automatically created a SQL query based on the attribute name and value selected.
Visibility tab is blank as we didn’t define anything here while creating Dynamic Group.
Assigned Users tab is also Blank.
Now to get the users in the Assigned Users tab, we need to resolve the newly created Dynamic Group.
To Resolve the Dynamic Group
- Login to IdM Developer Studio Eclipse Plugins
- Create a New Job with a To Generic Pass under any existing/new package.
- Create a New Script under Scripts tab with following code
- In the Source tab of To Generic Pass “Calculate Dynamic Group”, enter the SQL which returns the MSKEY of the newly created dynamic group.
- In the Destination tab of To Generic Pass, select the Z_CalculateDynamicGroup script in the Next Data Entry and enter the attribute and value.
- Save the changes and run the job
- After the successful execution of job, go to Manage tab of IDM UI and search the Assigned users under Assigned Users tab
It will show all the users assigned to the Dynamic group.
As per business requirement, Calculate Dynamic Group job can be scheduled on periodic interval to calculate the Assigned users automatically.
Note – My Database is MS SQL so I have used with (nolock) in my query. I have used SAP IDM 8.0 SP4 for this blog.
C Kumar is an SAP IDM Consultant based in India.