Planner provisioning for user groups lost in Shared services

Similar Messages

• No provisioning of User Group for authorization field in user master

  We are implementing CUP 5.3 workflows. Both in manual proviosing and automated provisioning based on User Defaults the user group gets only provisioned to the Groups tab in SU01. The field User Group for authorization on the Logon data tab remains empty (field CLASS from system table USLOGOND, filling CLASS field in table USR02).
  In User defaults both under user default as on the user group tab the user groups have been defined. In manual provisioning the correct list of user groups get displayed for selection.
  Under field mapping in the Application field I only find User Group in user master maintenance, but not User group for authorization. However I would assume I do not need to use field mapping, as I want to automate this provisioning based on user defaults.
  Am I missing a configuration setting here? If so, where can I set it?
  I would assume the provisioning of this field is possible. RAR reports the user group also based on the User group for auhtorization and not from the Groups tab.

  S.Pados,
  I can assure you that what I said in my last response does provision the User Group For Authorization Check on the Logon Data tab; in fact, I was having the opposite issue where the Group tab was not being provisioned; however, I am ruunning AE 5.2 and you said you are running 5.3; maybe something did change or got lost in the releases; it probably is good to see what SAP has to say about this; I would hate to lose this capapbility when I upgrade to AE 5.3
  As far as using the custom field for multiple applications, would that field not be usable for any of the applications you would select in the request form?; if you are using the same table names in the different SAP systems (selectable by the application field on the request) would the drop down selections be whatever the table has defined for that system? I may not be understanding something here so I am just asking;
  It would be great to have a Group field automatically filled in by another selection to avoid the user involvement; I agree with you there; because of our concerns on users entering the AE request, our shop has decided to continue with the users submitting the request through normal email and the security administrators perform the AE entering; this way we have a better idea on something like the GROUP field; we have an option to include the original email as an attachment for justification of the request
  Sorry I could not be of more help
  Jerry
  Ryerson,Inc.

• Query for user group

  Dear Team,
  When I am creating  Query for user group via T-code  SQ01.
  Query     ZDEMO1    then Create
  This messege is comming .
  System setting does not allow changes to be made to
  object AQQU /ISDFPS/OM  ZDEMO1
  Why this messege is comming .
  Thanks
  manu

  Dear Manu,
  Please check in SE06 >> change system options >> if the system and the relevant object is in modifiable status.
  Cheers,
  Jazz

• Dropdown list (predefined list) along with provision for user to enter text

  Hi,
  Is there any provision in J2ME to have
  " a drop-down list , which contains predefined variables. if the user does not want to use those predefined variables, then a provision for user to enter text."
  thanks in advance

  Append Method
  I would create a box / div in Animate then when you publish it and put it on your page just append a form with an email input ( <input type="email></input>" ) and submit button.
  <form action="url">
    <input type="email" name="usremail">
    <input type="submit">
  </form>
  This page provides a lot of information on how to use Edge Animate and how to do more advanced things.
  http://www.adobe.com/devnet-docs/edgeanimate/api/current/index.html

• Provisioning of User Group to BI systems

  Hello there,
  I am struggling a bit to find any documentation of how the User Group (BAPILOGOND-CLASS) can be provisioned to a BI system. We are already provisioning Valid From (BAPILOGOND-GLTGV) and Valid To (BAPILOGOND-GLTGB) so was imagining that it would be straight forward to provision the User Group as well. Any ideas?
  Best regards,
  Anders

  Can't have any more open questions

• Externalise Users from Essbase to Shared Services

  Hi All,
  We have a issue with externalising users to shared services
  We have shared services on sun os 5.10 which is in a ssl (secure sockets layer) mode and Essbase installed on windows server 2003 sp1 which is in a non ssl mode and when we are trying to externalise users from essbase to shared services we are ending up with fallowing error
  Shared services_security_client_log
  *2009-09-14 14:54:47,957 ERROR [Thread-74] 30:1101:JNDI error.[Root Cause: [LDAP: error code 17 - cssProvisionedIdentity: attribute type undefined] ] com.hyperion.css.spi.impl.nv.AddLDAPEntity.add(Unknown Source)*
  *2009-09-14 14:54:47,957 ERROR [Thread-75] 26:1002:Invalid value for identity. Enter a valid value. com.hyperion.css.common.CSSUtils.checkValidArgument(Unknown Source)*
  *2009-09-14 14:54:47,957 ERROR [Thread-75] 31:1098:Invalid user identity format.[Root Cause: 26:1002:Invalid value for identity. Enter a valid value. ] com.hyperion.css.spi.impl.nv.NativeProviderDirMgmt.deleteNativeUsers(Unknown Source)*
  Thanks in advance,
  Ram

  After you copy the SQL Repository across to the new environment and log in with the owner account, you will be required to register the application with Shared Services. After registering with SS it should prompt you to "Migrate Users and Groups" which will do the migration for you.

• Error while adding users to a group created in shared services

  Hi All,
  I am using EPM 11.1.1.1.0.. When i log into SHared services as admin and create a group i get the following error when i try to add the user members to the group.
  "Servlet error: An exception occurred. The current application deployment descriptors do not allow for including it in this response. Please consult the application log for details."
  Can somebody please help....
  Regards.
  Alicia

  Hello Ritendra,
  i am also facing the same problem. i could not find some solution.
  if you got some solutions then please help me.
  i have installed oracle 9i as in W2K system.
  regards
  sudhir

• How to hide/show dashboards for user/groups

  Hi,
  Please help on how to hide/show dashboard menu/sub menu to users/groups based on their profile settings.
  thanks in advance.
  regards,
  kumar.

  Hi Jinu,
  1) Do some or all of those subreports span multiple pages?
  2) Do each of the Subreports start on a new page?
  If yes, for both, then here's what you need to do:
  1) Create a formula (@True) with this code:
  shared booleanvar SetStatus:= True
  2) Create another formula (@False) with this code:
  shared booleanvar SetStatus:= False
  Drag and drop the @True formula on the details sections for which you want the Page Footer to be suppressed.
  Similarly, drop the @False formula on the details sections for which you want the Page Footer to show up.
  Then, go to the Section Expert > Select Page Footer c > Click the formula button beside Suppress and use this code:
  shared booleanvar SetStatus;
  -Abhilash

• Deleting User/Groups in Info/Sharing&Permissions

  Recently duplicated original start-up drive using CarbonCopyCloner. Hadn't noticed before but a "wheel" group showed up under Sharing & Permissions in the Get Info window with "Read only" permissions. Also have (unknown) user with "Read & Write" permissions. Only myself and guest shows in Accounts pref pane. Have repaired permissions in Disk Utility on all my drives. Obviously, I'd like only myself to have permissions on my Mac. Can I just delete the names in the Get Info window without any consequences? Is there a more appropriate way to make myself the only user on account?

  OK, I think I have this figured out. My terminal skills aren't all that, but using man dscl I figured out how to manipulate this database to do what I want...
  First used this to see what was in the database of usernames/groups:
  sudo dscl . list /groups
  Found offending entries not wanted (username, _unknown, etc) and removed like so:
  sudo dscl . delete /groups/(name to remove)
  Did same for user accounts:
  sudo dscl . list /users
  sudo dscl . delete /users/(names)
  Seems to have worked to get rid of weird entries like _unknown and "nobody".. BUT Finder still includes this weird "(unknown)" with read permissions on every new file... What gives?
  So what I see in the database for users right now is thus:
  _amavisd
  _appowner
  _appserver
  _ard
  _atsserver
  _calendar
  _clamav
  _cvs
  _cyrus
  _devdocs
  _eppc
  _installer
  _jabber
  _lp
  _mailman
  _mcxalr
  _mdnsresponder
  _mysql
  _pcastagent
  _pcastserver
  _postfix
  _qtss
  _sandbox
  _securityagent
  _serialnumberd
  _spotlight
  _sshd
  _svn
  _teamsserver
  _tokend
  updatesharing
  _uucp
  _windowserver
  _www
  boinc_master
  boinc_project
  daemon
  mattcarrell
  root
  and for groups is thus:
  _amavisd
  _appowner
  _appserveradm
  _appserverusr
  _ard
  _atsserver
  _calendar
  _clamav
  _cvs
  _devdocs
  _guest
  _installer
  _jabber
  _keytabusers
  _lp
  _lpadmin
  _mailman
  _mcxalr
  _mdnsresponder
  _mysql
  _pcastagent
  _pcastserver
  _postdrop
  _postfix
  _qtss
  _sandbox
  _securityagent
  _serialnumberd
  _spotlight
  _sshd
  _svn
  _teamsserver
  _tokend
  updatesharing
  _uucp
  _windowserver
  _www
  accessibility
  admin
  authedusers
  bin
  boinc_master
  boinc_project
  certusers
  com.apple.accessremoteae
  com.apple.access_screensharing
  com.apple.access_ssh
  consoleusers
  daemon
  dialer
  everyone
  interactusers
  kmem
  localaccounts
  mail
  netaccounts
  netusers
  network
  operator
  owner
  procmod
  procview
  smmsp
  staff
  sys
  tty
  utmp
  wheel
  Where is (nobody) coming from then and why can't I delete it in file permissions (or even change its permissions to "NoAccess")... This is really problematic for me. I definitely am not understanding something here about permissions and where they come from..

• How many ways we can create authorization for user groups in sap query reports

  Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change  the users .So please suggest me how to restrict users outside of the user group.
  Please send me if u have any suggestions and useful threads.
  Thank You,
  Suneel Kumar.

  I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
  http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
  Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
  Use AUTHORITY-CHECK to restrict access to the database based on user.
  Press F1 on AUTHORITY-CHECK to find out how to use it in the code

• Active Directory Authentication and permissions for user group in APEX 4.0

  Hello,
  I am new to oracle APEX and I have searched the forum for active directory authentication for a user group and I am really confused about all the different threads. Can anyone please provide me the steps to follow; in order to implement AD authentication for a user group in Oracle APEX 4.0.
  These are the threads which i was looking at to get an idea like how AD authentication works but its really confusing for me.
  Help with Authentication (APEX_LDAP.AUTHENTICATE)
  Re: LDAP Authentication Via Groups
  Thanks,
  Tony

  You need to give it more than 30 minutes before bumping your own post. This is not an official support channel, so you need to be patient and wait for people to read, think and respond.

• WLS: more fine granularity for User, Groups, Roles

  Hi All,
  in order to organize different user, groups in WLS, I need to use/define more condition/attributes than standard WLS User and Groups.
  The Oracle WLS concept and OPSS is clear to me and I need some samples or practical cases.
  - Oracle Fusion Middleware 11.1.1.5, Security Guides http://docs.oracle.com/cd/E21764_01/security.htm
  - Oracle® Fusion Middleware Understanding Security for Oracle WebLogic Server 11g Release 1 (10.3.5) http://docs.oracle.com/cd/E21764_01/web.1111/e13710/toc.htm
  - Oracle® Fusion Middleware Securing Oracle WebLogic Server http://docs.oracle.com/cd/E21764_01/web.1111/e13707/toc.htm
  - Oracle Platform Security Services 11gR1 (White Paper)
  http://www.oracle.com/technetwork/middleware/id-mgmt/opss-tech-wp-131775.pdf
  Any idea?
  Regards,
  Moh

  Hello Suman,
  Try avoid denial based security rights assignment instead you can specify the  unspecifed. As Greg said
  Denied + Granted = Denied
  Denied + Not Specified = Denied
  Granted + Not Specified = Granted.
  You should not deny rights for HR End User usergroup, Instead make them as unspecified. If you do so the whenever the user part of both the groups , your security rights aggregation would be
  Granted + Not Specified = Granted.
  Make sure you follow the approach as above.  You can refer the blog below for how to structure the folder, report and User group hierarchy and effective maintenance of security
  BusinessObjects Administration - Content Management Plan
  Regards
  Mani

• Users detail extraction from Shared services.

  Hi Gurus,
  I want to extract all the users with their User id's, FirstName and LastName.
  I tried provisioning report but no luck with First and Last Names.
  Please suggest.
  Thanks.

  Thanks for the response John!!
  I have exported the foundation shared services.
  It shows the users from only Native group directory in resource folder.
  I want all the users from all the directories.
  Please help.

• Users not listed in Shared Services

  I've created a Hyperion Planning application 11.1.1, provisioning was done perfectly, while giving access via "*Access Control Report*" i couldn't select any user including native users like "admin", none of the users are found in the field available users or groups.
  Configured Hyperion applications including: Essbase, Planning, Shared Services and Workspace with SQL server 2000.
  Please suggest. Thanks in Advance.

  Hi John,
  We have created a planning application. I've given all the provisioning access to the the default user (Admin). While creating form i got an error "Security and/or filtering has resulted in a required dimension not being represented on this data form.". These are the turnarounds i've worked on this issue.
  1) Checked in Administration-->Application Settings -->Enabled use of the Application for "All users".
  2) In Assign Application Owner tab under select user, Admin user is selected.
  3) Checked in Administration-->Dimensions-->Account (dimension is selected). But, in "Assign Access" i didn't find any of the users (including Admin).
  4) I navigate to Shared Services Console and checked in the Planning application-->Access Control Report, in that also I didn't find any of the users in the field of "Available users or Groups"
  This is my First installation of Hyperion Version 11.
  Thanks,
  Edited by: reachsubbiah on Feb 14, 2010 9:26 PM

• How to migrate users from HUB to Shared Services

  Hi,
  We are upgrading Essbase from 7.1.6 to 9.3.1. In 7.1.6 we were using Hyperion HUB for provisioning and we are going to use Shared Services with External authentication for the provsioning from now on.
  My question is what is the best way of migrating users from Hyperion HUB to Shared Services.
  Thanks,
  MP

  After you copy the SQL Repository across to the new environment and log in with the owner account, you will be required to register the application with Shared Services. After registering with SS it should prompt you to "Migrate Users and Groups" which will do the migration for you.