• State Not Answered
  • Replies 4 replies
  • Subscribers 96 subscribers
  • Views 70 views
  • Users 0 members are here
Options
Related

How does "PFDInheritAccountDef" works ?

Michel GRUAU
11 days ago

Hello,

This is a column of the table TSBAccountDef and its description is the following :

"Specifies whether permanently deactivated identities can retain account definitions. This behavior may be required to ensure, for example, that necessary authorizations are immediately available if the identity is reactivated at a later date."

I set this flag to True for the TSBAccountDef associated to our SAPUser but the SAPUser are removed anyway when the identity is permanently deactivated (Person.IsInactive = True).

Any explanation ?

Many thanks for your help.

Michel

Parents
  • 0 7 days ago

    What was the origin of the account definition assignment? I assume a request? If that's the case, the request will be ended if the identity (Person) is no longer a member of the IT shop from which you requested the account definition. Therefore, the assignment and the SAP User will be removed. This wouldn't happen if you had assigned the account definition directly or via a role (assuming that the role membership is not requested).

  • 0 5 days ago in reply to Markus Weiss-Ehlers

    Hello Markus,
    The origin of the account definition is a business role and I would summarize things as follows :
    Person > Business role (Org) > Account defintion (OrgHasTSBAccountDef) > PersonHasTSBAccountDef > SAPUser
    When the Person has IsInactive=True, then the SAPUser is removed despite the fact the flag PFDInheritAccountDef=True.
    Is this normal in our context ?
    If so, can you tell me in which context this flag really prevent the account deletion ?
    Many thanks.
    Michel

  • 0 4 days ago in reply to Michel GRUAU
    Hello Michel,
    I just tried the use case in 9.2 and the account definition assignment persists. (I tested with primary business role as well as with assign business role.)
    Does the deactivated Person retain the Org membership in your use case? If the Org membership is lost then the inheritance chain is broken outside of the scope of PFDInheritAccountDef.
  • 0 6 hours ago in reply to Andreas Finsterbusch

    Hello Andreas, 
    Thank you for your answer.
    Yes, in our context, the Org membership is lost and then that is not inconsistent from my point of view that the Account Definition is lost as well, as the Account Definition is attached to the Org.
    But even if that is the normal behavior, I am still wondering in which special use case the flag "PFDInheritAccountDef = True" is capable to prevent the account deletion when the identity is permanently disabled. 

Reply
  • 0 6 hours ago in reply to Andreas Finsterbusch

    Hello Andreas, 
    Thank you for your answer.
    Yes, in our context, the Org membership is lost and then that is not inconsistent from my point of view that the Account Definition is lost as well, as the Account Definition is attached to the Org.
    But even if that is the normal behavior, I am still wondering in which special use case the flag "PFDInheritAccountDef = True" is capable to prevent the account deletion when the identity is permanently disabled. 

Children
No Data