Backend AC std roles: Generate in each environment or transport from DEV?
Hi all,
After installing SAP GRC AC 5.3 application there are standard roles (/VIRSA/*) created in the backend without profile generation
Since such component has been installed in DEV, QA and PROD the different roles (without profiles) are also in the three environment.
Which is the right way to proceed?
1) Should we generate the profile for such roles in DEV and tranport them to QA and PROD?
2) Should we generate the profiles in each R/3 environments?
3) It does not matter to go for 1 or 2?
Many thanks in advance. Best regards,
Imanol
None of the above, if they are not assigned to users.
Best practice is to create a transport request for them and release it. Then delete them (no standard functionality for that anymore because it created problems, but check OSS for a solution "mass delete roles").
You can then import them again into a client if you really need to. Deleting them will be a performance gain for you from GRC perspective, and you should anyway not generally use the standard roles directly with profiles, but rather copies of them with their own.
Unfortunately there are exceptions to the rules and some standard roles have "personalization keys" for access to WDA applications. In SolMan you should not delete the standard roles without checking the installation guides first...
Cheers,
Julius
Similar Messages
-
How to transport roles, pages and iViews in the PCD from DEV to QA
Hi
Please would someone telll me how I can transport/move roles, pages and iViews we have created in our own area of the Portal Content Directory from our Development to our QA portal environment.
Kind Regards
ClaireHi,
Please check help.sap.com.
http://help.sap.com/saphelp_nw70/helpdata/en/c5/56599164d0c04cb566ba0e2d7ed55c/frameset.htm
Your Basis/NetWeaver consultants can help you.
Regards,
Masa -
Transporting a role from DEV to QAS in a Workflow
Hi,
I assigned a Role as the possible agent for a std task in DEV. I transported from DEV to QAS, first the Role (where I see the Std. task to which it is assigned and the corresponding WF template in PFCG for the role) with a Customizing Req. and then transported the WFlow template & associated std.task with a WBench TReq.
The transport is successful without any errors.
But, when I see the agent assignment for the task in QAS, the role is gone. Also, When I see the role Maintenance PFCG for this role, I don't see any WFlow tasks in the Workflow tab.
I tried to trasport this sequence(first role and then the wflow & std. task associated with it) twice, but in vain.
Can somebody pl tell me what's going on with the transport of the roles(that should include the wflow tasks & templates).
Thanks in advance
venuMike,
Infact I did first time transport in the sequence of WB req and then Cust. Req. It didn't help and then I tried the other sequence too.
And Could you tell me how to look into the WF configuration of the system to see if it is set to transport the Roles?
Actually, i tried transporting 3 roles under one Cust. Tran.Req, but only one Role got transported correctly and the rest two have been failing.
Pl. tell me if I am doing it correctly...
thank you
venu -
ERP Mass Role generating from master role.
Hello
In our ERP system we have several master roles and lots of roles derived from those masters. My question is when I add a transaction or even change one authorization object I have to manually generate all of those sub roles.
How can I do "copy from master role" then regenerate and then compare users more easily? Editing hundreds of roles takes lots of time.
I know PFCG has option Mass Compare and Mass Generate but they are not working for those sub roles.
ThanksHi,
Please go through help.sap.com or google to search and understand the process of creation/generation of master-derived roles:-)
If you have master -derived role created in system, you do not need to generate each individual roles. Just go to change mode of Master role in Authorization tab and beside "Generate" button at the top, you also see an icon "Generate derived role" (CTRLSHIFTF4 is the shortcut key) which can be used to adjust-derive all derived roles inheriting all characteristics of the master role into the derived roles (except the organizational values in case they are separately maintained in the derived roles)
Thanks
Sandipan
Edited by: Sandipan Choudhury on Mar 18, 2011 2:53 PM -
SD - Accounting document line items are generating for each item
Hi all of you,
We have done account determination for SD. Accounting documents are also generating, but with in the invoice accounting document, number of line items are generating for each item with in the sales order, standard invoice type is F2 like -
Item 001 - X Material
Item 002 - Y Material
Item 003 - Z Material
The accounting document is -
Line Item 001 - Customer Ac Dr
Line Item 002 - Discount A/c Dr
Line Item 003 - Sales revenue
Line Item 004 - Discount A/c Dr
Line Item 005 - Sales Revenue
Line Item 006 - Discount A/c Dr
Line Item 007 - Sales revenue
Line Item 008 - VAT
Even, in my experience I did not find this type of entry and the sales revenue and discount accounts are same with in the COA and is posted with in the plant.
Please give me your valuable suggestion to rectify the above issue.
Regards,
Ramki
Edited by: Ramki on Nov 5, 2009 10:06 AMDear Ramki,
This is SAP Standard. System generates Accounting document line item for each Line items in Invoice.
This is standard & also required bacuase say you have different Material types in single Invoice (e.g.Material & Service items, Trading Goods, etc). The valuation class assigned to these Material Types may be different & you might want to post revenues from these Line items in different GL Accounts.
Hope this helps. .
Thanks,
Jignesh mehta -
I would like to know the role of the each thread on coherence
Help me.
I would like to know the role of the each thread on coherence.
There are too many kind of threads.
Example ~
GC Slave GC Slave RUNNABLE
RMI TCP Accept-1972 RMI TCP Accept-1972 RUNNABLE
Health Center trace subscriber Health Center trace subscriber RUNNABLE
LT=0:P=342534:O=0:port=55170 LT=0:P=342534:O=0:port=55170 RUNNABLE
Attach API wait loop Attach API wait loop RUNNABLE
PacketListener1 PacketListener1 RUNNABLE
PacketListener1P PacketListener1P RUNNABLE
PacketListenerN PacketListenerN RUNNABLE
Cluster|Member(Id=1, Timestamp=2013-04-05 10:45:44.655, Address=192.168.240.157:8088, MachineId=50044, Location=site:,machine:TMTEST-PC,process:5316, Role=CoherenceServer) Cluster|Member(Id=1, Timestamp=2013-04-05 10:45:44.655, Address=192.168.240.157:8088, MachineId=50044, Location=site:,machine:TMTEST-PC,process:5316, Role=CoherenceServer) RUNNABLE
RT=0:P=342534:O=0:TCPTransportConnection[addr=192.168.240.157,port=55178,local=55170] RT=0:P=342534:O=0:TCPTransportConnection[addr=192.168.240.157,port=55178,local=55170] RUNNABLE
Finalizer thread Finalizer thread RUNNABLE
WT=10 WT=10 RUNNABLE
main main TIMED_WAITING
IpMonitor IpMonitor TIMED_WAITING
Invocation:Management:EventDispatcher Invocation:Management:EventDispatcher TIMED_WAITING
Invocation:Management Invocation:Management TIMED_WAITING
DistributedCache DistributedCache TIMED_WAITING
JMX server connection timeout 52 JMX server connection timeout 52 TIMED_WAITING
RMI Scheduler(0) RMI Scheduler(0) WAITING
Thread-6 Thread-6 WAITING
stop JMX Server on shutdown stop JMX Server on shutdown WAITING
Logger@9228429 3.7.1.7 Logger@9228429 3.7.1.7 WAITING
PacketReceiver PacketReceiver WAITING
PacketPublisher PacketPublisher WAITING
PacketSpeaker PacketSpeaker WAITING
WT=7 WT=7 WAITING
WT=9 WT=9 WAITING
-----------------------------------------------------------------------------------------------------------------------------------------------Briefly
PacketListener1 PacketListener1P PacketListenerN - listening IO threads for TCMP transport protocol
Cluster|Member(Id=1, Timestamp=2013-04-05 10:45:44.655, Address=192.168.240.157:8088, MachineId=50044, Location=site:,machine:TMTEST-PC,process:5316, Role=CoherenceServer) - main thread for cluster service (discovery, node joing / leave, etc)
IpMonitor - IP monitor, participates in death detection scheme
Invocation:Management:EventDispatcher - Event dispatch thread for distributed JMX service in Coherence
Invocation:Management - main thread for distributed JMX service in Coherence
DistributedCache - main thread for DistributedCache cache service
Logger@9228429 3.7.1.7 - Coherence async logging thread
PacketReceiver - Thread dispatching incomming network packets
PacketPublisher - Thread sending out packets via TCMP
PacketSpeaker - Thread sending out packets via TCMP (offloads some work from PacketPublisher for better core utilization) -
Error when generating the text environment
Hi Friends,
When iam logging on to SAPGUI iam able to lauch the gui but no text elements are being displayed the screen is completely blank and when i try to execute any transaction or perform any action.. the following error is getting displayed.
Err:sapgui:620
Error when generating the text Environment.
Please provide me the necessary help.
Regards
KhaiserHi,
Just a suggestion (not sure it will work) - upgrade your SAPGui to the latest one e.g. 7.10 or patch it.
Do you see text elements if accessing the sytem using DE language ?
Regards,
Mike -
How to get list of Roles assigned to each User
Hi,
I have to create a list containing Roles assigned to each user in xMII 11.5.
Need your help !
Thanks in Advance !
Regards,
AlokAlok,
Did you search (sometimes it is also good to make sure to search the forum for All threads not just the default time window)?
https://forums.sdn.sap.com/click.jspa?searchID=22562502&messageID=5969490
https://forums.sdn.sap.com/click.jspa?searchID=22562502&messageID=4890045
More info from the help docs: http://help.sap.com/saphelp_xmii115/helpdata/en/Connectors/IlluminatorSystemConnector.htm
Regards,
Jeremy -
MDM5.5 Upgrade to MDM7.1 - Data Unique In Each Environment
I have been reading the SAP documents concerning upgrading from MDM5.5 to MDM7.1.
We have 3 separate systems (dev, qa, prod). We have vendor data that is unique to each environment. For example, vendor 0080000123 might be ABC Inc in dev, DEF Inc. in QA, and XYZ Inc. in prod.
The SAP MDM7.1 Upgrade Guide (page 11) says to archive the production MDM5.5 system and unarchive it on a new dev MDM7.1 install. This would populate my dev/qa systems with production data. Then the ports would also be production values (versus those used in dev/qa today).
Is this the process everyone is using? I figured I would archive my dev repository, install MDM7.1, and then unarchive the dev repository and update it....same on qa server, same on prod server.
Thanks in advance for any recommendations.
KeithHi Keith,
Uograde from 5.5 to 7.1
1. Archiv ethe repository in MDM 5.5
2. Install MDM 7.1
3. Create a new repository by unarchiving
4. Update the reposiotry
5. Verify and repair the reposiotry.
Regards,
Pramod -
How to move the code and deploy the code from Dev environment to SIT.
Hi,
I have a requirement.
I want to move the components and deploy the code from dev Environment to SIT environment using Ant Script for AIA.
Before doing this is any pre-requisites required?
Can you please help on this,how to do?
Thanks in advance.Further to add to Anish Statement follow the steps to easily migrate the code to different environment.
Steps:
First log on to the EM Console and export the Composite Flow as a SAR file to a location.
In Jdeveloper create a project using the same name of a SAR file like - ProcessSalesorderFlow
import the project using the option import the composite using a SAR File.
After import , then click on the composite and then generate the config plan.
In config plan add all the url changes using the search and replace Tags.
And in case if you have a JCA Adapters the same has to be taken care in SIT environment why because during deployment a lookup happens and deployment fails if it dont find the JNDI Name.
Take the SAR file adn config plan seperately from JDeveloper.
Now open em console again and then deploy it using the config file and SAR file.
Thanks,
Venugopal SSS RAJA -
"Account Generator" you can read budget account from item level
Dear Values Consultant.
I am reading from oracle purchasing user guide that if you deal with "Account Generator" you can read budget account from item level
How I can enable this functionality "account generator to gets a budget account from Item Level)
Or it is already defaulted enable in the application
If it is default enable, how to use this functionality, what the setup required to reach to this point
thanksIt is Oracle standard functionality. Account generator can be customised as per need.
Define your Accounting Flexfield structure for each set of books.
Define flexfield segment values and validation rules.
Set up Oracle Workflow.
Choose whether you want to use the default Account Generator
processes
Then do one of the following for each set of books:
Choose to use the default Account Generator processes.
Customize the default Account Generator processes, test your
customizations, and choose the processes for a flexfield
structure, if necessary. -
My wife and I both have an iphone. We initially set them up under one apple id account. When we text sometimes we will receive each others text messages from others. Example I will text a friend...she will not see my text but the reply comes to both of us. It seems to be random which ones. Any ideas how to correct this
Yup, get your own AppleID.
The messages that are being sent to both phones are technically not text, they are Apple's iMessage. They use the data part, not the texting part. So if you have an iPad or a Mac computer, you can send/receive the iMessages there too.
KOT -
Unable to generate XML's for BLOB datatypes from Concurrent program
Hi All,
I've a requirement to print images on rtf layout. Images are uploaded by end user through attahments men
there are getting stored in fnd_lobs tables.
for printing blob images we need to convert them into CLOB and generate XML's.
I've done the conversion through a function and calling the function in the select query which is generating XML when i run it from toad.
SELECT xmlgen.getXml(
'SELECT file_id,mob_getbase64String(file_data) photo
FROM fnd_lobs
WHERE file_id = 2490481'
,0
) FROM dual;
But the same thing we i registered as concurrent program (SQL*Plus) the program is running into error.
Output file
The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and then click the Refresh button, or try again later.
Invalid at the top level of the document. Error processing resource 'https://dbtdev5i.oracleoutsourcing.com/OA_CGI/FNDWRR.e...
Input truncated to 17 characters
^
Log file
Concurrent Manager encountered an error while running SQL*Plus for your concurrent request 10868311.
Review your concurrent request log and/or report output file for more detailed information.
Can anyone help me through on how to bypass this error and generate XML's.
Thanks in Advance
JanaHi Priya..,
I have changed the query and registered in apps and now i am able to generate XML's of the blob image and the same is getting printed on the tempate..
DECLARE
v_colb CLOB;
v_query VARCHAR2(1000);
BEGIN
v_query := 'SELECT file_id,mob_getbase64String(file_data) photo
FROM fnd_lobs fl,
fnd_documents_vl fd
WHERE fd.media_id = fl.file_id
AND (fd.end_date_active IS NULL
OR fd.end_date_active > SYSDATE)
AND fd.security_type = 2
AND fd.security_id = fnd_profile.value(''GL_SET_OF_BKS_ID'')';
--FND_FILE.put_line( FND_FILE.LOG,v_query);
v_colb := xmlgen.getxml (v_query, 0);
--DBMS_OUTPUT.put_line (v_query);
FND_FILE.put_line( FND_FILE.OUTPUT,v_colb);
END;
/ -
unable to delete Role from User ID in SAP SOLMAN production system but able to from DEV with the same authorization, pls suggest
Hi,
For SU01 role removal, you do not need S_USER_AGR with 02, and as you mentioned both authorizations available in production, if so trace should not show you the S_USER_AGR with 02 with RC=04.
I would recommend to do role comparison for the user performing the activity. and then check if you have the S_USER_AGR with 02 in user buffer SU56.
But ideally it should not ask you S_USER_AGR for 02 through SU01, so please take help of abaper to debug it.
Also put trace in non-prd to see if S_USER_AGR is getting checked with 02 for removal through SU01.
BR,
Mangesh -
Has anyone noticed how easy it is to read a passcode that lights up with each key you press from across a room? Is there a way to stop keypad from lighting up on iPhone 4S, iOS 7.0.3?
Has anyone noticed how easy it is to read a passcode that lights up with each key you press from across a room? Is there a way to stop keypad from lighting up on iPhone 4S, iOS 7.0.3?
Maybe you are looking for
-
I updated firefox a couple weeks ago, but updating has never caused this problem. I installed a program to help the computer run more efficiently, called "Fix-it Essentials," and that may have caused the problem, though it didn't for the first couple
-
How to use a patched version of pdftex?
Hello, I would like to use a patched version of pdftex to be able to compile PDF/A compliant documents. Patch is here, and the compilation works without problems. However, I do not manage to use that compiled version of pdftex. Using the instructions
-
Can an AppleTV3 be connected to a Sony A/V Receiver with the HDMI cable via Video 1 and not directly to a TV?
-
How to make a variable global to use in all of my cfm page?
I have a problem with the variables. i need to use a variable " loginrecord" in all of my cfm pages, its created in my login.cfm and the value of this needed in other page and maybe i need to change it . in ASP simply we can use SESSION to make a va
-
Light weight Java IDE needed linux only
Hi, I'm looking for a light weight java ide that will run on linux. An editor with some basic options such as auto-compelte like in jbuilder and eclipse, doesn't have to have a gui designer but would be nice if it could handle packages and such. I'm