SPML Request Behavior

An action on a user is a request SAP Access Control sends to Waveset using SPML. The SPML request is a batch request type. One request in SAP Access Control can consist of multiple steps, each an individual SPML request inside the batch, that Waveset must process. This behavior is not configurable on the SAP Access Control side, but it has implications for processing the request on both systems.

Waveset processes the individual requests inside the batch in the order that they are received. A status is returned for each of the requests processed: success, failure, or pending. A failure will show up as an error in SAP Access Control, marking the action appropriately. Any request that requires an approval or other manual action in Waveset creates a background process. The status that is returned for these requests will be pending. Any pending requests will be interpreted as a failed request by SAP Access Control. Processing of the request on the Waveset side is not impacted by this.

SAP Access Control does not maintain state of the individual requests sent inside the batch and marks the whole request as a failure if at least one request returns a status of failure. The approval or manual action on Waveset should complete as normal. If the changes were approved in Waveset, the request must then be resubmitted or reapproved in SAP Access Control. This action will generated a new batch request which will retry each individual request. In this case, the audit log entries in SAP Access Control could show inconsistent information about the user state on Waveset. The final state in SAP Access Control should be correct after the batch request is resubmitted.