SAP Roles and Profiles provisioning
Hi all,
I am trying to provision SAP CUA using the SAP UM Connector.
User gets provisioned, but its role and profile do not get assigned.
The tasks "Add Role" and "Add Profile" are seen as completed.
But the roles and profiles are not seen in SAP.
Thanks in advance
Any inputs from anyone ???
Similar Messages
-
what is role and profile in SAP?
how we can diffferentiate both?Hi Swati,
Role refers to the collection of associated activities (privilages) such as transactions, reports and so on. There are 2 types of Roles, Standard Role and Derived Role. While profile is a set of authorizations that are valid for the transactions defined in that role. Roles contain no actual access. They contain a role menu composed of transaction codes. These transaction codes are then mapped into the profile automatically by profile generator. When a role is generated (once created) the profiles are created automatically by profile generator. Every transaction code is different and may require different numbers of accompanying authorization objects to execute. A single profile can only contain 150 authorizations. Once that number is exceeded the profile generator will automatically create a second profile, sorted alphabetically by object name.
Please refer the below links:
The specified item was not found.
Re: difference between profile and role
Difference between Role & Profile
Regards,
Sreedhar -
Compliance Calibrator Design - Roles and Profiles
Hi guys,as you know SAP's authorization concept involves generation of Roles into Profile before it can be assigned to a User. In CC, i wonder why is there a need to segregate Roles and Profiles into 2 seperate functions. Isnt it already sufficient to analyse roles instead of profiles? Profile are names which is too technical which i feel should be omitted unless really necessary.
Well, unless it is to cater for indirect assignment where profiles are granted to position/org unit etc... I will also be trying out whether there is a difference when you only batch analyse a Role and intentionally excluding the 'profile' whenever a new role is created. Will the system work fine when i do a role analysis?
Cheers!I agree that profiles are old fashioned and should be phased out. The system has to stop people from being able to maintain profiles directly and assign them directly before they do this though. SAP_ALL etc can be converted and assigned as a role. It would make the whole authorisation concept just that little bit easier. We are talking about a German company though!
Also, you don't need profiles for indirect assignment. You can relate roles to the position using PFCG! Click on the organisational management button on the user-tab, next to the user comparison button.
Using profiles (ie, maintaining directly and assignment) is highly recommended against. -
VIRSA tables for users, roles and profiles sync?
Hello,
I am in a customer, implementing CC 5.2. At the first time, we tried CC 5.2 in DEV environment, and when everything was OK, we redirect RFC connectors to QA environment.
After doing user, roles and profiles sync in DEV and in QA environment too, I have 4.500 user (1.100 from DEV + 3.400 from QA) when I recover all users "*" with "user level - risk analysis" from the "Informer" tab.
It seems that "users, roles, profiles, sync" works like and "APPEND", but I did a COMPLETE syncronization not an INCREMENTAL.
If I start an analysis for QA environment, CC works properly and only analyse QA users (3.400). But I would like to clean CC tables (users, roles and profiles) in order to have a clean copy of QA in CC.
Which VIRSA tables (users, roles and profiles) I need to clean?
It is necessary to do the same with authorization and text objects? Which would be these tables?
Thanks in advance,
VictorHi all,
SAP GRC Support provides a script which allows you to remove a connector since it does delete all data link to it. Anyway, I would recommend a deep analysis of it and find out if it does what you really want to do.
Víctor, if what you want to do it is just to remove all user, role and profile master data (stored in tables VIRSA_CC_SYSUSR and VIRSA_CC_GENOBJ) you could upload a text file using data extractor functionality with the delete field set to X. Doing so user, role and profile master data will be removed from CC database.
In order to use data extraction functionlaity you connector must be of type "File Local".
Be careful about removing data directly from DB since, as Prem states, you might loose the DB consistency.
Hope it helps. Best regards,
Imanol -
Webservices roles and profiles r/3
Hi gurus i have a little problem i guess
i develop a web service and i want that an extern client use this webservice.
the basis consultan has created an user and he has assigned the sapall and sap new profile and the role.
the client executes the webservice without problem, but i dont want that the user has this profiles, i need to restric the prmissions of the user created by the basis consultant
and when the basis consultant take out the sap all and sap new profile and assing other profile an role the webservice cant be executed, the error is that the user has not permission to execute the function group zsd001.
Does any one knows which roles and profiles does the basis consultant has to assign to the user?
thanks.thanks gurus
-
Su01 recreate old user - lost roles and profiles
Situation: a person's sap account was deleted, but now that person needs it again with the same sap access as before
when you recreate an old sap user account in su01,
sap gives a message "found old user information, do you want to reacreate this".
Press yess, then all is copied except roles and profiles (empty)....
You can find them back via the menu : information<change dcuments for users.
Is there a way to make sure that roles (and/or profiles) are instantly copied from the old records of the sap account (like
the name, email user group, user parameters, etcetera)?
Regards,
ABCNo. There is no such feature.
The solution is not to delete the user but rather lock the ID and move it to a "retired" user group where it is protected. From there you can restore it again easily.
Cheers,
Julius -
I would like to download a list of all users and what roles and profiles each has. I did it once before but now I can't remember the table names. Can anyone help?
Hi,
Roles:
SAP_BW_DEVELOPER
Profile:
SAP_ALL
S_BW_D____
S_BW_D____1
Authorizations are
S_Rs_Admwb_a
S_rs_adw_a
S_rs_exp_a
S_rs_wb_all
Links for user roles:
http://help.sap.com/saphelp_nw2004s/helpdata/en/52/6714b6439b11d1896f0000e8322d00/content.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/42/271d24d86211d2961a0000e82de14a/content.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/e4/15e48efd6c11d296430000e82de14a/frameset.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/d3/559a4271c80a31e10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/4e/52b74065448431e10000000a1550b0/frameset.htm
For profiles and authorisations:
http://help.sap.com/saphelp_nw2004s/helpdata/en/52/67151e439b11d1896f0000e8322d00/frameset.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/20/efcbfed8a511d397110000e82de14a/frameset.htm
Also chk this link..
http://www.bwexpertonline.com/archive/Volume_04_(2006)/Issue_10_(Nov_and_Dec)/V4I10A2.cfm?session=
screenshots..
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
Hope this helps,
regards
CSM reddy -
Developing security Roles and profiles
Hi Team,
Can you guys let me know how to develop security roles and profiles. We are rolling out for a company in Japan, and the congif is completed. We are in the process of developing test cases ans also security roles and profiles for users? Can somebody guide and help me on this?
Regards,Hi,
Use Tcode = PFCG -->then create any customized roles and profiles for any users on module based.
user masters: USR01 to 09, UST04,
profiles: USR10, USR11, UST10S, UST10C,
authorisations: USR12, USR13, UST12.
password exceptions USR40.
History tables(may not be applicable but FYI): users: USH02, USH04,
profiles: USH10, auths USH12.
R/3 Security Tcodes
End User Transaction Code Menu Path Purpose
SU3 System > User Profile> Own Data Set address/defaults/parameters
SU53 System > Utilities > Display Authorization Check Display last authority check that failed
SU56 Tools --> Administration --> Monitor --> User Buffer Display user buffer
Role Administration Transaction Code Menu Path Purpose
PFCG
Tools --> Administration --> User Maintenance --> Roles Maintain roles using the Profile Generator
PFUD Work on SAP check indicators and field values
Select: Copy SAP check IDu2019s and field values
Installation
1. Initial Customer Tables Fill
Upgrade
2a. Preparation: Compare with SAP values
2b. Reconcile affected transactions
2c. Roles to be checked
2d. Display changed transaction codes
SU24
Same as for SU25:
Select: Change Check Indicators > Maintain Check Indicators>Maintain
Regards,
Srini Nookala -
Difference between Roles and Profiles
Hi,
What is difference between Roles and Profiles?
Thanx in advance..
jitenderHi,
It is a simple hierarchy level difference for grouping levels of authorization and the need avoid maintenance on a large number of individual authorizations on a user level.
In SAP, authorizations are grouped together into profiles. These profiles usually represent some sort of functional access (i.e. Create customer master records). The profiles can then be allocated roles which group the individual functional access into a more abstract level of a role (i.e. accounts clerk). Roles are then assigned to users based on their specific responsibilities.
More information is available on the help portal: http://help.sap.com
Cheers,
Mike. -
Hi Guru.
I need this: I wish to export the new and the modified roles and profiles to an external non-SAP system. This non-SAP system is able to receive iDoc message.
Is it possible? Can I find n the SAP system the change point and the iDoc to do this?
Regards
Manuel Chiarellinot for roles. no. you can:
transport them
up-/download them
RFC-copy them
but not idoc them. -
Hello,
Could you please provide information on "security roles and profiles "
I would appreciate.
Regards,
AlexRoles give you authorization to specific area of the system. Use TC pfcg and you will see different setting for a role.
In specific Role -> Authorization -> click on Display Authorization Data.
Here all specific InfoArea, Cube, ODS, Reporting componets: display, execute and other security rules are defined.
User Section: defines who has access to this role.
Multiple authorization are combined to create an Authorization Profile. You defined a profile at TC su01 and under profile section.
Hope that helps.
thanks.
Wond -
I am new to SAP and BW. A goal of mine, straight from my GEM form, is to "Increase my knowledge of the security in the SAP application by understanding SAP roles and how they apply to Business Warehousing". Please point me to websites, books, white papers, etc.
[email protected]Zip
Please check these links and hope it helps
http://help.sap.com/bp_biv235/BI_EN/documentation/Authorization_BW_Proj.pdf
http://help.sap.com/saphelp_nw04/helpdata/en/52/671595439b11d1896f0000e8322d00/frameset.htm
Thnaks
Sat -
Hi Experts,
Could you guide me on how to activate a role and profile? Kindly suggest to me the proper procedure of doing this.
One more thing experts do you have any idea on what tcode used to change a password for multiple user's? Could you give to me as well the proper procedure of doing this.
Regards,To activate a profile, choose Profile Activate on the Profile List screen. If an active version of the profile exists, you will see the active and maintenance versions of the profile so that you can verify the changes.
New or modified profiles must be activated before they can be assigned to users or become effective in the system.Activation copies the maintenance version of a profile to the active version. If the activated profile already exists in a user master record, the changes to it become effective as each affected user logs onto the system. Changes are not effective for users who are already logged on when the profile is activated.
For it to take effect, you must hand over your role to the User Management Engine. You do so by activating the user role.
To activate a user role, choose Activate User Role ( ). To undo, choose Deactivate User Role.
If u want to change password number of user at a time .For my kind of information its not possible need to change password indivisualy.
Reg.
Deepak -
After BI 7.0 Upgrade, Authorization Roles and profiles are not visible
Hi Gurus,
We have an issue with authorization roles and profiles are not visible for all end users with new Bex Analyzer (BI 7.0) tool. But still they can see these roles with old Bex Analyzer ( Bex 3.5) tool.
As a developer I have SAP_ALL acces and I can see all authorization roles in new BEx Analyzer (BI 7.0).
I verified in SU01 for user access and every are assigned there roles and they are green.
Do we need to add any new authorization object to fix this issue, please let me know
Thanks and appreciate your help.
Thanks
Ganesh Reddy.
Edited by: Ganesh Reddy on Oct 26, 2009 4:41 PMHi Ganesh,
check the behaviour, if you assign
S_USER_AGR
ACT_GROUP = "..name of the assigned role.."
ACTVT = 03 (for "display")
b.rgds,
Bernhard -
After BI 7.0 Upgrade, Roles and profiles are not visible
Hi Gurus,
We have issue with the roles and profiles, all our users doesnt see any roles or profiles in Bex Analyzer, under there user access after BI 7.0 Upgrade.
When I go and check there profile in SU01 and I can see all roles are assigned but not able to see in the Bex Analyzer reporting tool.
Do we need to do any configuration settings after BI 7.0 upgrade to visible roles. This problem with every user.
Your help will be really appreciated.
Thanks
Ganesh Reddy.
Edited by: Ganesh Reddy on Oct 22, 2009 5:19 PMHi Mohan/Vijay,
Sorry for little bit late. I have all authorization roles access, and users dont have that access. Difference between our roles is I have SAP_ALL and SAP_NEW.
But when they login with old bex analyzer they can see all roles, but not with new bex analyzer.
Please some suggest me still I need to run SU25.
Thanks
Dayaker Reddy.
Edited by: Ganesh Reddy on Oct 26, 2009 10:19 AM
Maybe you are looking for
-
What is the best family plan option. Currently have one smart phone with 30gb of data and 3 basic phones. Also have home phone for $20/month. Current plan is 700 shared minutes and unlimited texting. My bill is close to $200/month, looking to lower i
-
Indicated instalation path of the aplication in JNLP file
Hi everybody, First of all, i would like to apologize about my english. Sorry about it. I got a problem with a deploymet of an application using Java Web Start. My application deploys correctly but i need a way to indicate where's the path i want to
-
I have been told that if i install cd Spin Doctor I do not need a key. Yet I am asked for one when I try to open it. Roxio support tell me to clean out my cache s .That there may be reminants of older versions of Toast. How do I do this?
-
I have successfully made front row read my video_ts folder, using aliases in the /USER/Movies folder, of legal copies I own. I have a slight problem though. One of the movies is 'Naked Gun 33⅓ - The Final Insult' and this is the name of the folder wh
-
Problems installing iTunes 10.4.0.80
I have tried everything listed on the support website to install iTunes. Uninstalled all Apple products and deleted folders (including Temp files) multiple times with no luck. The install hangs with a few percentage to go. The status doesn't list any