Hello Paul,
it's good, it didn't work or you would have deleted all your privileges, not just those for the one repository.
If I'm creating a new job, that should change or delete a lot of data, I always limit the source SQL to one of the found entries. This way, if something goes wrong, it doesn't hurt the whole identity center, but only one entry.
Jai pointed out a lot of issues in your setup, to all I can absolutly agree.
The most important part being:
and mskey in (select mcmskey from idmv_entry_simple where mcIdstore = %$glb.SAP_MASTER_IDS_ID% and mcEntryType = 'MX_PRIVILEGE' and mcMSKEYVALUE like 'PRIV%%$rep.$NAME%%')
because here you declare, that only those privileges of the repository you set on the job (CRD100) are used for the delete job.
In my privileges delete-job, the source-SQL looks a bit "simpler" though. I just use:
select mskey from idmv_value_basic where attrname = 'MSKEYVALUE' and searchvalue like 'PRIV%%$rep.$NAME%%'
and mskey in (select mcmskey from idmv_entry_simple where mcentrytype ='MX_PRIVILEGE')
Look for all entries, that have the repository of the job as part of their name AND that are privileges.
So no "idmv_value_basic_active"-view or setting the ID-store in my SQL, because I put that on the source and destination tab directly.
Your destination-tab was missing a lot, as Jai already showed. ^^ You need to set, where (your Identity center), what kind of (Entry type) and excactly which entry (MSKEYVALUE here) should be dealt with how (delete here).
Take Jai's screenshot and follow it, fill the yellow dropdown, too and you're done.
BUT as I wrote at the beginning:
Please take one of the privileges, you want to delete and limit the source of the job to it, so you can test if it's working.
Easiest way would be to just take the mskey of that privilege and put a
and mskey = <here the mskey of the privilege>
at the end of the source SQL. If it's working, you just take it out again later to run the jobs for all repository-privileges.
Regards,
Steffi.