Policy Subjects: No filtered roles found in sub organisations?

Similar Messages

• Break sap standard role into two sub roles

  hi,
  i have one SAP standard role. now i want to break this role into two  sub roles. how shall do it.
  please suggest me.
  regards
  ramesh
  Edited by: Ramesh Sammiti on Jul 31, 2008 11:00 AM

  Hi Ramesh,
  When you say that you want to split the SAP Standard role into two roles:
  1.Do you mean to say that you want to split the transactions and authorization data of the SAP Standard role into two separate Z* or Y* roles?
  2.Do you want to copy the SAP Standard role into two different Z* or Y* roles and then modify the authorization data according to your company's requirements?
  In the above two scenarios you must copy the SAP Standard role into Z* or Y* roles in PFCG transaction with the appropriate naming convention and make necessary changes in both the transaction data and the authorization data.
  Please be clear which SAP Standard role you are willing to split into roles and i can provide more details.
  Hope this helps.
  Regards,
  Kiran Kandepalli

• Cisco ISE LDAP - Error Subject userid is not found

  Greetings Experts!
  Problem:
  I have configured ISE Admin Access authentication to a LDAP External Identity Store. BIND Tests to Primary and Secondary LDAP Server is successful. I have configured the major/top domain (DC=test,DC=company,DC=com) ) to see if a user id is found but is not. When I do the same BIND test (same service account credentials) using "ldp" utility in Windows 7 I can find the users under the Base DN Container as well as absolute path (
  OU=Users,OU=TestDept,OU=TestEnv,DC=test,DC=company,DC=com) to the actual DN container.
  Directory Organization Configuration on ISE:
  Subject SearchBase DN: OU=Users,OU=TestDept,OU=TestEnv,DC=test,DC=company,DC=com
  Group Search Base DN: DC=test,DC=company,DC=com
  Error noticed on ISE Debug Log is:
  Server,24/02/2014,08:13:38:869,WARN ,1225325456,cntx=0056723840,user=TESTUSER,LdapSubjectSearchAssistant::checkForErrors: subject TESTUSER is not found,LdapSubjectSearchAssistant.cpp:158
  When tested on a Windows machine
  c:\>dsquery user -name TESTUSER
  "CN=TESTUSER,OU=Users,OU=TestDept,OU=TestEnv,DC=test,DC=company,DC=com"
  Am I missing something here?
  Thanks a lot in advance.
  Srini

  Found the problem.
  After analysing various packet captures, I noticed that ISE is placing a userPrincipalName LDAP search query for the UserID provided during Logon. When I simulated the same LDAP query using LDP utility on Windows 7, it didn't give me any results however, it did if the filter was for sAMAccountName or CN. I checked the userPrincipalName values in our Domain Controller and found that we are using <userid>@<domainname> format. I then tried to login using <userid>@<domainmain>, it worked.
  Note that we do have Groups and Attribute options in LDAP Identity store but those values don't come into action unless userPrincipalName search is successful. Also, I noticed that Groups and Attributes are mainly used for Authentication Policies and to reach that point/step, we first have to get a success response for"userPrincipalName" search.
  I have submitted a TAC case to see if there is any way I can place a sAMAccountName search query instead of userPrincipalName LDAP filter.

• Does idm support maintenance of access manager's group/role/filtered role

  The xml of Access Manager Realm Resource Adapter has object types group, role and filtered role with object feature list,create, update and delete. Does that mean with the adapter installed, we can make use the idm to maintain the access manager's group/role/filteredrole? Is there any customization/configuration needed in order to provision these features in idm?
  Thanks,

  1. The AM agent can return ldap attributes after authentication. What you can do is use Sun Directory Server Proxy to provide a virtual view of both LDAP and your DB to AM.
  2. Sun Role Manager is a tool for role mining and attestation, ie it helps with compliancy verifications which is required by many businesses these days. Sun Identity Manager does not need Sun Role Manager if you just want to provision roles for your users, however, as it appears to be the case in your envirionment, the roles created by IDM are exported to SRM for compliance verifications.

• Filtered Role

  Can filtered role be used to filter users in the external ldap.
  I hav added another datastore in access manager which is also used for authentication of users. Now i want to create a role for making policies. It is not possible to select individual users as the number of users is very high.
  So i created a filtered role. But this filter role in not filtering users from the external ldap, its applying filter only on users listed in the AM's ldap.
  Any suggestion for doing it?
  Thanks in advance

  Other LDAP just means Sun DS running on a separate machine, other than the Sun DS used by AM for its own DIT.
  The AM is running in realm mode.
  I couldn�t find the Access Manager Patch 1 on sun download site. Can you please provide me the URL?
  I am getting the option of �Filtered Role� in Access manager but as posted in earlier in this thread, the filtered role in unable to filter users from the external ldap. The filter is only applied to the users which are there in AM DIT. I want to apply the filter on the users which are there in the �external ldap� added through data store.
  Hope I am clear with my problem.
  Please advice.
  Thanks

• Filtering role and workset content

  Hi All,
  We have the requirement for filtering role and workset content, for that I have followed one sample example from below sdn blogs link
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/3367e690-0201-0010-d285-c69bd884c9f3
  I want to do the same for the departments also,  can you guys please guide me how it can be done.

  Hello,
  Can you guide me on the same.
  Thanks & Regards,
  Pravin

• Error :Purchasing info record not found in purchasing organisation

  Hi,
  after invoice verification with T.Code MIRO,
  Goods issue for consumption: with T.Code MB1A
  it display error message: purchaseing info record not found in purchasing organisation, pls tell me steps to correct it.
  thanks in advance
  ramesh.

  Dear Azis,
           Double Click on the serial no of the Component you will get the  inforecord fieldin the Purchasing tab. But this is only for Stock Materials.
  Please recheck again your components.
  Regards,
  Shareeq
  Edited by: K M AHAMED SHAREEQ HUSSAIN on Oct 13, 2009 2:42 PM

• MDG-Supplier : "role vendor requires purchasing organisation data"

  We are implementing MDG-S with the vendor UI.  (MDG 6.1)
  Has anyone come across this error while creating vendor "role vendor requires purchasing organisation data".
  This is preventing the creation of a vendor with just the general data.
  Any suggestions to resolve this ?
  Regards,
  Vinay

  Thanks Archana,
  Yes, FLVN01 has been configured. Is there a diff value that should be used for vendor UI.

• Crystal Report: Save a Crystal Report to BW, no Roles found

  Integrating BusinessObjects Enterprise and BW:
  - Some configuration works have been done
  - Crystal Report can connect to BW
  when [Save a Crystal Report to BW], then Connect to BW,
  Dialog "Save a Crystal Report to BW" show up, but in Roles Description : "No Entry Found"
  somebody any ideas, thanks!

  Hi,
  please check the following thread:
  [No roles in Crystal Reports available;
  Regards,
  Stratos

• Filtering Role Content by Attributes

  Hi All,
  I'm trying to implement advanced Role Content Filtering, by setting Attributes (country, department etc.) to content and users. To do this I need to deploy and assign Java Filters (Factorys and Services). So I wanted to ask if somebody can give me some links to code examples of such Java Filters and maybe to this whole topic.

  Hello-
  The following two links should help you out.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ep/code-samples/filtering%20role%20and%20workset%20content.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/5021a57d-0601-0010-6097-ec94a09c626d
  Marty

• Swap roles Pub to Sub and Vica Versa

  Hey Guys
  Is there a way to swap roles between two CUCM servers in a single cluster?
  Pub to Sub and Sub to pub
  Could you just do a physical move of the VMs and then re-IP them?
  Any idea appreciated, cheers Mike

  Supported Features of VMware vSphere ESXi, VMware vCenter and VMware vSphere Client
  http://docwiki.cisco.com/wiki/Unified_Communications_VMware_Requirements#Supported_Features_of_VMware_vSphere_ESXi.2C_VMware_vCenter_and_VMware_vSphere_Client
  Read the above about moving VMs between hosts.
  And yes, you can change the hostname and the IP of the servers, but that won't affect their role as Deji already mentioned.
  Follow the guide on how to change IP/hostname available on CCO for your CUCM version.
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• Filtering roles in Detailed Navigation PDK

  Hi all,
  We have developed detailed navigation PDK for a site say Site1; I have another site say Site2.
  The two sites are linked to different desktops using URL aliasing. These two sites(dektops) have their own set of roles.
  A user has acces to both the roles and also has WPC editor role. When he goes to Site1, drag and drops the Detailed Navigation PDK component to a page, he is seeing the roles associated to Site2. Can we restrict the roles displayed in Detailed navigation based on the filter ID? ( here I am talking about default WPC role without any URL aliasing)
  Hope I explained the scenario clearly, if not please ask.
  Regards,
  JK

  Have u tried checking this
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/17968de1-0a01-0010-1f9f-c090fbc7001a

• Filtering out pictures in sub-folders when browsing a volume

  Hello all. Here what I'm hoping to do: if, for example, I want to add "image.jpg" which is in folder "MyPictures"
  But I have a lot of other pictures in the MyPictures folder--and more importantly, many, many more in subfolders:
  MyPictures>Folder1
  MyPictures>Folder2
  MyPictures>Folder3>Subfolder2.1
  MyPictures>Folder4
  and so on. In the Import screen, if I select MyPictures, it not only shows me thumbnail previews of the images in MyPictures, but of those in ALL the subfolders therein.
  Is there any way to show the previews of the selected folder ONLY, and not the subfolders it contains?
  FWIW, this is LR 3.2 on Mac OS 10.6.5

  In the Import dialog, there's a checkbox at the top of the Source panel that says 'include subfolders' - turn that off.  If you ever need the same in the main Library module, it's Library menu > Show Photos in Subfolders.

• Edge 2013 role with exchange 2010 organisation

  Hi,
  I have installed an edge 2013 cu5 stand alone in DMZ. I have an exchange 2010 cas server and separate database server on the intranet. How am I suppose to manage the edge 2013, since ecp it not installed as a part of this role?
  I'm not yet upgrading to cas2013, so I do not have ecp. Can I install ECP seperatly on the edge2013?
  Best regards,
  Ruud Boersma
  MCITP Enterprise administrator

  Hi,
  As Steve mentioned above, in Exchange 2013, we have to configure the Exchange 2013 Edge Transport role through Powershell in the Exchange Management Shell.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• Settlement profile not found for purchasing organisation 50000663 and BP

  Hi Experts!
  I hope you are fine.
  I need help with error in my TM. When I'm try generate Settlement Document, the system show me this message:
  I've already configured CHARGES PROFILE with this Purch. Org:
  My freight order type, is set for my FDS TYPE too:
  This is my configuration for FSD TYPE:
  This is my configuration for FREIGHT SETTLEMENT PROFILE:
  Anyone have idea why my settlement don't work?
  Thanks a lot.
  BD
  Renato

  Hello, Marcelo.
  Where I find this?
  Is it don't charge profile?
  Can you help me with this information?
  Thanks a lot.
  Best Regards.
  Renato