How to change\generate new GenProcID for Process.

Hi Enrico,

The GenProcId is an internal construct and I would stay away from it. Checking the correct execution of a provisioning step also does not fit in how One Identity Manager works, you should accept that provisioning can fail. In case the provisioning step fails the job will be frozen in the job queue and it can be restarted. If you can get the JobId of the provisioning step you could look up the job in the synchronization logs (table: DPRJournal). In DPRJournal you can find the status (column: ProjectionState). If you want more details of an error you can find it in table DPRJournalFailure. Note that I am assuming that you have the synchronization log enabled.

Hi Enrico,

The GenProcId is an internal construct and I would stay away from it. Checking the correct execution of a provisioning step also does not fit in how One Identity Manager works, you should accept that provisioning can fail. In case the provisioning step fails the job will be frozen in the job queue and it can be restarted. If you can get the JobId of the provisioning step you could look up the job in the synchronization logs (table: DPRJournal). In DPRJournal you can find the status (column: ProjectionState). If you want more details of an error you can find it in table DPRJournalFailure. Note that I am assuming that you have the synchronization log enabled.

Hi Rodney, 

I will not try to change the Gen ProcID. I was trying to use the DPRJournal Table but the problem is to find the correct provisioning process in the Journal. Ho do i find the correct One? The only avaiable informations in that table are the JobID (uid_Job of table JobQueue) and the objectKey or display Name of the provisioned Object, for example object SAPUserInSAPRole in case of sap or ADSGroup in case of AD. Is It possible to find the UIDJob of the AdHocProjection step that makes the provisoining after i insert the memebership with my custom process, and heve it to my costum process to use it?

Hi Enrico,

On the AdHocProjection process task you do have a not enabled UID_DPRJournal parameter. According to the description of the parameter it will contain the key of the synchronization log.

Thank you for this info. But this does not help me solve my problem. I want to better explain my process: There's a custom table that contains some 'request', For example: User A wants a Role X to be assigned to his account Z on target system. What i do in my first custom process step is an Insert on  UserInRole Table, and this triggers an assign provisioning (AdHocProjection) Process. In the next step I want to use a process step, for example a check column step, to check an entry on another Table (for example DPRJournal or JobQueue) to see if the provisioning process has been succesful. 

The main issue is: How do I find the correct record in Table JobQueue or DPRJournal? I tried using the GenProcID because it's the same of both provisioning process and my custom process, but in the case i have triggered multiple custom processes that assign this roles,at the same time, the all have the same GenProcId, and also the provisioning processes have the same procID, so it can be impossible to find the right one. I tried using the output values of ResultingKeyParam and Resulting ObjectParam (in the Insert Step) to find the correct Affected object on the queue, but the notation $OUT(InsertedKey)& is not working, maybe beacuse i'm using this notation to build a where clause for the Check SQL Column step. 

Hi Enrico,

Based on your description is the suggested solution exactly what you want. The value in the out parameter will be the dprjournal record of the provisioning action. Use that to retrieve the DPRJournal record and verify the state of the provisioning action. Did you try it or did you just theorized that it would not work?

In my environment, 9.0 LTS Cumulative Update 2, is the specified output parameter name not used (bug). Enabling or disabling the process task parameter also does not work as expected (also a bug). The provisioning task always makes an output parameter with the name 'UID_DPRJournal' available, you can for example use it as follows:

Value = f.UidComparison("UID_DPRJournal", "&Out(UID_DPRJournal)&" )

Unfortunately I cannot use the UID_DPRJournal output because i need to use it in my custom process, where I have an insert step and not an AdHocProjection. I need to check the provisioning within this process. The problem is how do i find the ptovsioning task (ADHocProjection) trigghered after i insert the record in my custom process. My custom process must check if the provisioning is occurring and is succesflul. I tried using the output parameter called Resultingkey Param and ResultingObjectParam of the HandleObjectCompoent Insert Step in my custom process but it seems that the &Out()& Notation is not working when i try to get the output balues and use them in a where clause. I will try using the SQLFOrmatter notation instead of using the string concat and see if it works. 

Do you think the &OUT()& notation is not working due to a Bug?

Hi Enrico,

The following is a bit nasty and depends on the GENProcId not being substituted. I think that a synchronization journal report actually covers your requirements more elegantly. You can always do the following in your custom process using a wait and retry loop:

1. Use the genprocid, xobjectkey of the group (BasisObjectKey) you are adding a member to, job chain name (ex: AAD_Group_Insert/Update/Delete), and task name (ex: AdHocProjection) to find the uid_job@jobhistory in case the provisioning task is already processed and moved to the jobhistory table.
2. In case the provisioning task is frozen in the jobqueue table you can find uid_job@jobqueue the same way as above.
3. Use the uid_job (jobid@dprjournal) and BasisObjectKey (CausingEntityKey@DPRJournal) to find additional info. Test what will happen if you end a frozen job with success.
4. Note that step 3 is not needed since you can use the waserror@jobhistory to find an error situation.

Provisioning is normally a fire and forget task, errors can happen and the above described steps can be error prone. 

Hi rodney. 

this what exactly what i tried. Using a Check SQL column step (in my custom process after the insert tep) to check if there's an entry in Job queue related to my provinisong task, and eventually using the UID_job to find out the correct record in DPRJournal and check if it was succesfull or not. The problem is building the where clause of the Check SQL column Step. The only way to find the correct job is using the basisObjectKey, for example the SAPUserinSAPROle UID generated after my insert step. I tried using the Step Parameter 'ResultinObjectKey' and the OUT notation but the variable OUT is not populated in my where clause so the resulting where clause does not contain the UID of the object insrted but the &OUT()& notation, like it was not calculated, even if the correct output values for uid and XObjctkey are calsulated as I can see in Job Queue. I think this could be a Bug or maybe the wrong way I'm using the notation beacuse I'm building the where clause like a string (E.g "BasisObjectKey = '" + "&OUT(ResultingObjectParam)&" + "'"). As soon as I can, I will try bulding the where clause using the SQLFormatter like you did in your example, and check if in this case the variable is populated after the insert step is executed by Job Service. 

Remember you need to use the XObjectKey of the SAPRole, since you are inserting in the table SAPUserInSapRole you do have all details to create the XObjectKey@SAProle. Membership provisioning is on the SAPRole and not SAPUserInSAPRole.

Hi rodney, 

i tested a solution and IT WORKS! in my check SQL Step, i'm using a where clause built with the SQL FOrmatter instead of concatenation of strings and it seems that in Job queue info the Where clause is composed with the '&OUT()&' noation, but, thanks to an error in my where clause sintax, the job server logs reported the full query executed by the Check Column step and the '&OUT()'' was substituted by the full XObjectKey contained in the OUTPUT parameter of the previous Insert step. So i Think that probably is a bug but only when the where clause parameter is shown in Job Quque. 

Thank You for Your Help!