Hello,I have managed to use the SAP R/3 Adapter and pull in User information. SAP has a concept called "profiles" that are treated as a multi-valued attribute. So far, all OK. I can get them into the Metaverse just fine with "Sync Rules".My issue comes when I try the EXPORT on the FIM MA. I created a custom multi-valued attribute (using Schema Update) called sapProfiles, indexed-text, MV. I have a matching one that I created in the metaverse.When I export, I get the following "failed-web-motification-error"*************************************here is an error executing a web service object modification request. Type: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException Message: Access to the requested resource(s) is denied Stack Trace: at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate() at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Update() at MIIS.ManagementAgent.RavenMA.ExportObjectModification(DataSourceObject dsObject, SchemaManager schemaManager) at MIIS.ManagementAgent.RavenMA.Export(DataSourceObject dsObject) Inner Exception: ********************It looks like a permission problem but I cannot figure out where. I looked at all the mgmt policies and made sure they were enabled and also made sure the the Schema Atribute set had my new "sapProfile" attribute (which I binded to USER) in it.This worked just fine in RC0 so I am stumped. Thanks Kevin

Please note that in RC1 the default MPRs list explicitly which attributes the FIM MA account can edit. This means that you will need to add explicitly your custom attribute type to the list of resource attributes. It sounds like you want to add this new attribute to the default MPR "Synchronization: Synchronization account controls users it synchronizes".

I will give that a try. It seems a bit counter intutive in that why wouldn't it be part of the scheme set that some of the MPR's reference? So it has to be done as an explict member as opposed to dynamic group?

You can just go through and set the MPRs to "All Attributes" like they were in RCO. I gave both Administrators and the Synchronization account access to All Attributes in the following MPRs: Administration: Administrators can read and update users Synchronization: Synchronization account controls users it synchronizes Also - just another tip - I don't know if you're going to use your new attribute in group creation, but if you do, you also have to add it to some called Filter Permissions. http://www.wapshere.com/missmiis

I believe Joe and Carol are correct, you could also see this if you try to use your new attribute as a filter in a set definition:http://www.identitychaos.com/2008/11/ilm-2-rc0-access-denied-when-adding.htmlI haven't verified if this still occurs in RC1 - this is old RC0 behavior. Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com

What kind of object is trying to create?. I have the same problem, but my type of execution is "Update" and the object DetectedRuleEntry.Thks Eduardo Velez Consultant Maint Cia Ltda.