Automatic Creation of Roles and Role Mappings in GRC
Hi,
we are planning to use SAP Identity Management and SAP GRC Access Management.
In SAP IDM we have defined several business roles that contain privilieges in SAP systems. When a user is requesting a role, the request will first be sent to SAP GRC for approval and risk checking.
In order to get this to work, we need to load the business roles of SAP IDM into SAP GRC and we also need to configure the role mapping between the business roles and the technical SAP privileges.
From what I understood, this could be implemented by loading the required information via Excel filles into SAP IDM.However, this is a quite cumbersome and error-rpone approach an we would like to automate this.
Is there a way to use e.g. web service calls to create/delete roles and role mappings in SAP GRC?
BTW: is a documentation of all available GRC web service calls and their parameters available?
Thanks for your help in advance!
Best regards
Tom
Hi Tom,
as stated before, the web service description is in the config guide.
Unfortunately there is no web service to create roles or even mappings in CUP - this is one of many I would also like to se created
I don't think in your context you will be able to directly send Business Roles to CUP. The role mapping only happens after you send the request, so I'm not sure if that's in time for risk analysis - you will need to try that.
Are you a customer or a consultant - anyway, feel free to contact me if you need further help integrating CUP and IdM. This is an evolving interface with many possible scenarios, so it's not easy to give you good advise without seeing the full picture.
Frank.
Similar Messages
-
Publish reports to a role and roles to user
Hi,
What does it mean ..
Publish reports to a role and roles to user
can anybody give a detail what exactly it mean ? In implementation which stage it comes into picture ?/
Thanks,
DebasishHi,
This publishing option is available to you when you open the query in Query designer as 8th button in top panel. To publish in a role , you should have that role to be assigned to you.
With rgds,
Anil Kumar Sharma .P
Message was edited by:
Anil Kumar Sharma -
Hi all,
Please explain me about the Roles and Role List used in Projects...
Thanks
DineshHi
Roles are using in Projects for two goals -
A) a basis for project-based security. You might create roles as project roles and assign people to the role in a project. For example, project manger, project admin, project billing person, etc. You then might configure the security access to forms and functions of specific roles.
B) when implementing Proejct Resource Management, the project roles may be scheduled on a project and serve as a template for resource demand. In that case you might configure the team member role on a project, such as competencies, job information, and security.
You might want to review Oracle Projects Fundamentals and Projects Implementation Guide for more details.
Dina -
Creation of user and roles in ldap using jldap api
Please help me in creating user and roles in ldap through java api.
I am able to manupulate the existing user and role in ldap. Please give
me some steps or some sample code for creating user
satyanandasahu
satyanandasahu's Profile: http://forums.novell.com/member.php?userid=89095
View this thread: http://forums.novell.com/showthread.php?t=414763Thanks Jim..
this is doing the work. Here we have a custimised class with customised
attributes I am looking how to do that.
Can you give your mail id.
thanks again
Jim Willeke;1995096 Wrote:
> Have you seen these samples:
> 'Novell Documentation'
> (http://developer.novell.com/document...mple/index.htm)
>
> See the AddEntry.java
> -jim
>
> On 7/2/2010 9:36 AM, satyanandasahu wrote:
> >
> > Please help me in creating user and roles in ldap through java api.
> > I am able to manupulate the existing user and role in ldap. Please
> give
> > me some steps or some sample code for creating user
> >
> >
satyanandasahu
satyanandasahu's Profile: http://forums.novell.com/member.php?userid=89095
View this thread: http://forums.novell.com/showthread.php?t=414763 -
I've just start as an intern in Change Management team that is helping to implement SD. My two tasks are to "develop SAP user roles specific to the new business processes" and "manage the role to position mapping for provision of security roles." None of the real employees in my team has ever done this, and my manager is now on three weeks leave. I'm new to SAP and I don't really know where to start. Can anyone offer any advice, or point me to some references? Thanks.
Intern,
Its a pretty cold manager who will dump a task on a inexperienced subordinate without any guidance or mentoring, and then take three weeks off.
Anyhow, you first need to get some insights as to what the expectations of the client are: What type of users will there be? What tasks will each user be responsible for carrying out?
You also will want to collect a list of names of the actual users. Your Basis people will tell you which bits of data will have to be collected in order to create users on the system
Next, you need to talk to the SD expert on your team about the solutions that will be implemented. Quotes? Consignment? Scheduling agreements? Pricing? Customer Service? Marketing? Customer Master? Material Master? The SD expert should be able to tell you at a very minimum which transactions should be made available.
There are standard roles available delivered in the system. These are pretty much un-usable as delivered, but they make a good starting point. Review http://help.sap.com/erp2005_ehp_04/helpdata/EN/b4/3f9c41919eae5fe10000000a1550b0/frameset.htm
and
http://help.sap.com/erp2005_ehp_04/helpdata/EN/06/57683801b5c412e10000009b38f842/frameset.htm
Once you have all the info needed from the client and your SD experts, you then design the supporting roles at a high level. I usually use an Excel Spreadsheet with two tabs: One tab listing roles to be developed, with all the transactions and authorization object limitations for each one; and another tab listing Users and the supporting data needed to create a user. If you are a Basis expert, you already know the next steps. If not, then you typically hand your designs to the Basis team for creation of the actual Roles.
Good luck. Remember not to treat your interns the same way you have been treated.
DB49 -
What are Roles and Role entry points in the context of windows azure?
I am just starting out with my journey towards understanding azure. I have a vague idea about the Web and Worker roles.
So when I am publish-deploying a website on azure from visual studio, am I doing something with respect to roles? Am I starting up a Web role?!
RoleEntryPoint: But this is actually related with the web/worker roles and services. My understanding is that the RoleEntryPoint is some code which is executed when you deploy "services" on the azure cloud. These services either have a web role or
a worker role.
What is "services" in this context? So what traditional (on-premise) app would be analogous to a service that has a web worker role? A WCF service or WebApi? Or can it be a website? So would a service having a worker role be something analogous to
a "windows service"?
And finally RoleEntryPoint. I don't get the use case. From what I've seen,
say you want to initialize some related services that support your main service, for e.g. a cache server, or a sql database, you have have the initialization logic written in these classes and make the code perform them.
There are definitely other ways to do this right? You don't need to necessarily tie the deployment of that main service with the initialization of the other services. They could be separate deployments, right?!
I am a bundle of mistakes intertwined together with good intentionsHi deostroll,
From you post I understand you've read quite a lot about Azure, but I'm affraid there's still some misunderstanding on what all these terms mean.
Azure is a cloud computing suite of services tiered into three categories: IaaS, PaaS and SaaS. IaaS stands for Infrastructure-as-a-service and is an offering where Microsoft allows you to run your own virtual machines. You will handle everything from software
patching, network connectivity (from the application level: virtual networks etc.), software installition and configuration etc. Basically everything you would do today on your own premise except for whatever concerns hardware (bare-metal). PaaS stands for
Platform-as-a-service, and is a middle offerint, where Microsoft selects some VMs and is responsible for periodically patching this machines. You don't have to care about IIS or whatever existing applications there are on the VM either, because it's Microsoft's
job to do this. Last but not least, SaaS stands for Software-as-a-service, and is the offering where you use a piece of software without even knowing what infrastructure exists behind it: I guess you've used some sort of webmail client before, right? That's
a SaaS.
When it comes to Windows Azure, IaaS is offered as Azure VM, PaaS is offered as Azure Cloud Services (formely known as Azure Hosted Services, should you get across documentation that uses that term instead) and SaaS is offered in the form of: Azure WebSites,
Azure Mobile Services, Azure Media Services and many more.
When you talk about either web roles or worker roles, you actually talk about two forms of roles that exist in the context of an Azure Cloud Service. Basically, when you create a cloud project from Visual Studio, you end up in adding either Web projects
which might (but not necessarily) be linked as a Web Role to your Azure Cloud Service. You may also add, to the same solution, Worker Role projects. As you've probably already guessed, whenever you add a Web role, the web project it references is a web project
in the literal term: ASP.NET Web Project, whether that is WebForms, MVC, MVC WebAPI that's all completely up to you. However, what is a worker role project, you might ask? A worker role project might be though of just as a console application. You basically
get absolutely no UI, but your code runs as long as it runs inside an infinite loop at some point. If the loop stops, just like a console application, your worker role will stop which will force the Azure FabricController to refresh your role. Consider the
FabricController has the guardian of all roles, which will auto-magically 'respawn' your roles whenever something goes wrong, whether that's a software issue in your app, in the OS or a hardware failure.
Moreover, keep in mind that every role in your cloud service project ends up in being created as a separate VM. What this means is that you will have separate VMs for each roles in your cloud service, so even if you create several web projects, you still
get one machine, with one IIS instances with a single web application (yours) for each of your cloud's roles. Same goes for worker roles.
I hope this information clears up some of the questions you might have.
Alex -
WLST 92 - How to Create Global Role and Role Condition?
I'm currently using WLS 9.2 and trying to use WLST to create a global role and defining a role condition. Anyone know how to do so using WLST for WLS 9.2?
Trying to:
- create Global Role, testRole
- create condition where 'username = testuser'
thanks!Did you find out a solution for this?
-
Automatic creation of delivery and TO
Hi everyone,
can any body explain me process of creating delivery automatically with the delivery date and time from sales order. whether this auto creation of delivery also creates TO(transfer order). Here a batch job should run for every 2 hours automatically to create delivery. so which program should i run in the background and what are the process steps......also pls let me know how i can auto create TO for all the deliveries as soon as the delivery gets created.
........waiting for ur reply.....
thanks®ardsHi;
For creating the deliveries automatically you can use the T.code VL04 in the b/g or run the program RV50SBT1 in the b/g every 2 hours. This can be done using T.code SM36, this is where you set up the job. Here you can specify the details and the timing.
For creating the TO's for the delivery, either you do it through the config setting or run a similar job in the b/g and TO's should be created automatically.
For some reason if you find deliveries are not created you may use V.22 and give the Log number(which you will get from the job log) and see the reasons for delivery bnot being created.
hope this helps.
Regards,
Mani. -
Preinstalling OS and roles to a passthrough disk in SCVMM 2012 R2?
Technet firends,
I have scoured the internet for an answer to a fairly simple question:
"can I create a template and use that to automatically install an OS and roles etc. to a passthrough disk?"
The idea is to use LUNs for direct passthrough disks in a HA cluster to improve the performance capabilities of the VM's.
I have noticed that this limits the abilities regarding templates and how they can be made (for example, one cannot create a template from a VM using a passthrough disk.). If it is not possible to have SCVMM perform this kind of operation using VM templates,
then what methods could I use to automate the process of installing the OS, server roles, and license keys?
The end goal is to use passthrough disks as the drives for the VM's, but to still be able to provision the server with most (if not all) its configuration and software installed automatically.
Any guidance in this area would be greatly appreciated.
Regards,
-JaredYou do realize that passthrough disks no longer have the performance gains they had many years ago(?)
That said - the OS disk must be on a virtual disk in the SCVMM world. There is no other way.
And adding roles and applications, and processing configuration scripts is where the SCVMM Service Template comes into play.
An SCVMM 'VM Template' is an OS VHD, hardware settings, and OS specialization settings.
An SCVMM 'Service Template' adds script, installer, package execution, SQL, machine deployment orders, etc. to build a one or multi-machine enterprise application.
Brian Ehlert
http://ITProctology.blogspot.com
Learn. Apply. Repeat. -
Hello Experts,
my scenario:
1) AD Group Reconciliation Task
2) Auto creation Role category "AD Roles" if it doesnt exists
3) Auto creation Roles based on AD groups in "AD Roles" Role category
Ive already done auto creation role category and roles in default category, but i still cant create roles in my category.
I think it could be done like this in role creation:
mapAttrs.put(RoleManagerConstants.ROLE_CATEGORY_KEY, key)
but how can i get Role category key of my category to var "key"?
Are there more links between role and role category?
Pls help.
Thanks.public static String getRoleCategoryKey(String categoryName)
String roleCategoryKey = null;
RoleManager rmgr2;
Set retAttrs = new HashSet();
rmgr2 = oimClient.getService(RoleManager.class);
System.out.println("Creating....");
String ctxFactory = "weblogic.jndi.WLInitialContextFactory";
String serverURL = "t3://10.111.6.101:14000";
String username = "xelsysadm";
String password = "xelsysadm";
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,ctxFactory);
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, serverURL);
oimClient = new OIMClient(env);
System.out.println("Logging...");
try {
oimClient.login(username, password);
} catch (LoginException e) {
System.out.println("Log in");
rmgr2 = oimClient.getService(RoleManager.class);
retAttrs.add(RoleManagerConstants.ROLE_CATEGORY_KEY);
retAttrs.add(RoleManagerConstants.ROLE_CATEGORY_NAME);
SearchCriteria criteriaM = new SearchCriteria(RoleManagerConstants.ROLE_CATEGORY_NAME, categoryName, SearchCriteria.Operator.EQUAL);
try
List roleCategories = rmgr2.search(criteriaM, retAttrs, null);
System.out.println(roleCategories.size());
boolean found = false;
Iterator i$ = roleCategories.iterator();
do
if(!i$.hasNext())
break;
RoleCategory roleCat = (RoleCategory)i$.next();
roleCategoryKey = roleCat.getEntityId();
System.out.println("FOUND!!!");found = true;
} while(!found);
catch(Exception e) { }
return roleCategoryKey;
- I just find interesting code, but it doesnt work, when i use it to my map:
mapAttrs = new HashMap<String, Object>();
mapAttrs.put(RoleManagerConstants.ROLE_NAME, "testrole");
mapAttrs.put(RoleManagerConstants.ROLE_DISPLAY_NAME, "testrole");
mapAttrs.put(RoleManagerConstants.ROLE_DESCRIPTION, "desc for test");
mapAttrs.put(RoleManagerConstants.ROLE_CATEGORY_KEY, getRoleCategoryKey("testcat"));
And with .browse() I even know my category key, but when i use it:
mapAttrs = new HashMap<String, Object>();
mapAttrs.put(RoleManagerConstants.ROLE_NAME, "testrole");
mapAttrs.put(RoleManagerConstants.ROLE_DISPLAY_NAME, "testrole");
mapAttrs.put(RoleManagerConstants.ROLE_DESCRIPTION, "desc for test");
mapAttrs.put(RoleManagerConstants.ROLE_CATEGORY_KEY, "21"));
- errors.
Whats wrong? -
Is it possible to automate creation of roles,users & assign roles to users
Respected Guru's,
Is it possible to automate creation of roles according to our functional requierment with the help of SAP IDM.
Futher, i would like to know whether creation and deletion of users along with assigning created roles to the user's can be automated.
Please help me....
Thank you.Hi Dayananadan,
SAP NW IdM is compatible with your system and uses SAP Java Connector (JCo).
My colleague Steffen Baumann wrote a blog with three parts, where you get some hints and screenshots how to create similar objects to business roles and automatically assign them. Have a look at the last two parts How To synchronize data from SAP HCM to SAP NetWeaver Identity Center using SAP PI (Part II) and
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/8868. [original link is broken] [original link is broken] [original link is broken] Especially the last topic in the last part shows how to implement dynamic groups. It's not everything covered you will need to automatically create business roles and assign them. To explain this in detail is like writing another blog... If you go through the last two parts of the blog you will know how to modify the jobs my colleage has used for importing HCM data to create business roles similar to org. units.
You can also have a look at /docs/DOC-8983#section6. There you find "Identity Management for SAP System Landscapes: Configuration Guide" and other documents. They help to get familar with the possibilites of SAP NW IdM, but don't mention how to implement your case in detail.
Best regards,
Nils -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
BP creation in CRM WebClient - Role and Number Range assignment
Hello,
I have the requirement to specify a particular number range and BP role when an Account is created in the CRM WebClient Interface.
For example as standard, when an employee is created through the CRM WebClient (BSP component BP_EMPL) the default employee role (BUP003) and the default number range are assigned to the BP.
I would need to specify a different number range and role to the employee
I've tried to configure the Account Identification profiles (activity "Define Account Identification Profiles" in customizing); with that activity you can specify which role and which number group you want to use for the BP (account) creation. However this customizing is affecting the IC WebClient only and not the CRM WebClient.
I was wondering if a similar customizing activity exists for the CRM WebClient (in particular for the BP_EMPL application), or if there's a way around this.
Anybody has an idea about how to solve this?
Any help would be greatly appreciated, thank you in advance.Hi all,
I have done this by defaulting the bp group in the BADi
1.Go to the se18 and select BADI_CRM_BP_UIU_DEFAULTS and select the interface IF_UIU_BP_DEFAULTS
2. Go to the method IF_UIU_BP_DEFAULTS~GET_DEFAULT_VALUES and you can write your logic here to default the grouping.
In my case I wanted all accounts created to be defaulted to a particular grouping and my code looks like this
lv_name1 = lr_current->get_property_as_string( iv_attr_name ='BP_CATEGORY' ).
IF lv_name1 IS NOT INITIAL.
IF lv_name1 = '2'.
lr_current->set_property( iv_attr_name = 'BP_GROUP'
iv_value = '0060' ).
ENDIF.
ENDIF.
Thanks & Regards,
Sanila -
Account Creation - Badi for Default values for BP Role and Sales Area
Hi all,
my requirement regards the possibility to create a new prospect (a link should be available in the navigation bar or create section).
Logically, a bp role as "Prospect" and particoular sales area should be created automatically.
I created an implementation for the BADI definition "BADI_CRM_BP_UIU_DEFAULTS". But don't know how to create the default values for BP role and Sales area:
In my code
assign cr_me->('VIEW') to <lv_view_name>.
if sy-subrc ne 0.
exit.
endif.
lv_viewname = <lv_view_name>.
case lv_viewname.
when 'AccountDetails.htm'.
I obtain the viewname "AccountDetails" , the related context "Header". After I don't know how to proceed to obtain the related entities through the relationship BuilRolesRel and BuilSalesArrangementRel.
Am I following the right way? Is there another solution to prepare the output for default values?
Any kind of suggestion will be appreciated.
Regards, Robertogo to spro>cross-application components>sap busines partner>business partner> basic settings>field groupings>Configure Field Attributes per BP Role
Double click the business role which you want to customaze (e.g. 'A') and change the proper settings.
Regards. -
Creation of MKK and Contract Account for New CRM Roles
Hi Experts,
I need a help in CRM for creating new roles and extending the same in R/3 in MKK role.
Here is the problem I faced.
I have copied the CRM000 role and created a new role ZCRM00 for
business specific need. It is getting created in CRM and a BP is also
getting created in R/3 BP but it is not creating an MKK Role in FI-CA.
The following steps can be used to simulate the problem
Step-1: Create a BP in CRM with the ZCRM00 role. Please do not
extend or create the BP in Sold to Party Role. Because if the BP has
Sold to Party role then the problem will not occur and Business does
not want to have s in Sold to Party roles because customers will
be having Sold to Party Role
Step-2: Create a Business Agreement for that BP
Step 3: Go to R/3. Run Transaction FPP3 and search for the BP created
in role. The system throws the message "usiness Partner <BP
Number> does not exist in the MKK Role".
Step-4: If you go to the transaction CAA2 and enter the Contract
Account Number (Appearing in the Business Agreement Tab of BP Business
AGreement Tab in CRM) and the BP Number the system will say "Business
Partner <BP Number> does not exist in the Contract Partner.
I have already executed the steps mentioned in OSS Notes 632749 but it did not result into anything.
Can anybody please help me to create the MKK role and Contract Account in R/3 for the newly created role in CRM. I understand this thing works fine for the Sold to Party role in CRM. I believe when SAP has given the flexibility to create new role in CRM, there will be some way to create the MKK role and contract account automatically (very much like Sold to Party) in R/3.
Looking forward for your reply
Regards
Karthi VHi,
Can you please guide us if you were able to resolve this issue and you were able to assign the MKK Contract partner role for the custom BP Roles.
Thanks,
Vamsi.
Maybe you are looking for
-
I installed and configured lighttpd and php/fcgi exactly as found http://wiki.archlinux.org/index.php/Lig … nd_Non-SSL except for: ssl and eaccelerator. I am also running php with the lighttpd user instead of phpuser. I have done chmod 775 for /var/r
-
Problem: Lightroom to Elements and back
I can get an image from Lightroom 3 to Photoshop Elements 8 (Mac) but I can't seem to get back. Even after saving and closing the image in Elements it is not visible in Lightroom. Also, since I just changed printers I have new icc files. I have those
-
Calculate Percentage from the result of row result
Expert I want to calculate percentage from row result For Ex Vendor ID Record Percentage 1001 1002 1003 sum A 10 10% B 20 20% C 70
-
Backup recovery in sun cluster production
Hello Friends, Can any body provide me document for Backuprecovery in suncluster based sapR3 SERVER. Thanks in Advance.
-
Is possible to connect as system/manager automatically???
Hi, I have any problems I have a package with two procedures (MT_PROC and SEN_MAIL) the first call to second. The first run in system/manager and in myuser/password, while the second run just in system/manager. Is possibile run the package in myuser/