SOD for project team & end users

Similar Messages

• How to Use the same iview for both KM End User and the KM Administrator

  Hi friends,
  *This is my scenario :* How to Use the same iview for both KM End User and the KM Administrator but with different Context
  Menu Options.
  i followed these steps but im getting same context menu for both KM End User and the KM Administrator .
  Assign the role Content Administrator to the user km_admin. This is needed so that km_admin can change
  the presentation settings for the KM Folder u201EReports_kmFolder‟.
  Now, login with user km_admin. Navigate to the Km Folder reports_kmFolder through Content Administration
  -> Km Content. Click on Details link of the folder reports_kmFolder.
  Go To Settings -> Presentation. Click on the tab u201ESettings for You‟-> Click on button u201ESelect Profile‟.
  Select the radio button corresponding to u201Elayout Set‟, and choose u201EConsumerExplorer‟ from the dropdown.
  Click u201EOK‟.
  Select both the check boxes corresponding to Items Affected as shown above, and click u201ESave‟
  Now, remove the u201ESuper Administrator‟ role from the user km_admin and login with this user.
  How rto resolve this????
  Regards,
  Prasad.

  Hello Prasad,
  Most likely the user km_admin still has system principal roles assigned, even though you removed the Super Admin role, you should check that this user doesn't have any other admin roles, otherwise it will be considered a System Principal user and will therefore still have access to all content. For more information see http://help.sap.com/saphelp_nw70/helpdata/en/19/56f28fbd4e11d5993b00508b6b8b11/frameset.htm
  Try creating a new user with just read access to the content and you should see that it will not be able to make any changes etc.
  Regards,
  Lorcan.

• Tables for maintenance of end users in end user roles

  hi all
  i have a requirement to find out the tables involved in end user role maintenance based on the business process and step for the transaction solar02.
  thanks & regards
  srinivasulu.j

  Hi,
  As i already told you all the user names are coming from user master record which are stored in table
  USR01.
  Go to se11 enter table name USR01,and view its contents.
  Here you can get the list of all the user's present in solman server.
  normally basis team create users using pfcg or su01.
  Please reward points.

• Autharisation object for  project team for WBS element

  Hi all
  My client requirement is when they allotment project team for WBS element some of the user restrict to delete it from menu tab in CJ20N transaction code and particular user only delete it. could any one guide me under which object i can manage this authorization to restrict the user so that in menu tab delete tab is gray out.
  Regards

  Hi,
  Using ACL, you can give four authorizations like 'read', 'write', 'admin' and 'no authorization' for a user for the each element (object) of project.
  For a user, you maintain the ACL for the whole hierarchy(inheritance) or for individual element.
  You can maintain ACL for user group or for Organization Group instead of users as well.
  In the project profile in SPRO, we can see three radio buttons for ACL like 'No ACL', 'ACL (No Inhr.)', 'ACL (with Inh.)'. You choose according to your requirement.
  For more details please go through SAP Help. Explained in detail there.
  Regards,
  Gokul

• Best practice for low bandwidth end-users

  Hey guys,
  I'm new to CS and am about halfway through my planning stages for a web app.
  My end users will be predominantly on 256k-512k connections (yeh I know it sucks, but this is regional/rural Australia) and a fairly large proportion of those are going to be on satellite which is incredibly latent.
  Does anyone have some tips on keeping it lean and mean regarding coding or have any experience's they'd mind sharing?
  Cheers

  At JavaOne, I attended a great technical session on extreme web caching. He talked about ways to make sure the browsers cache the static information, such as images.
  Web Caching is very important for high traffic, high performance web site but few people know all the professional-level strategies. In this talk I'll share some of the tricks of the trade, including advanced tips from Yahoo's Mike Radwin.
  To get a good intro to cross-browser web caching techniques check out the caching tutorial at www.mnot.net.

• Looking for browser-based, end user  ad-hoc reports

  Hi all. We have need for an easy to use, browser based end-user reporting tool that can be hosted by CF10. We are spending a fantastic amount of time building custom tabular reports for our client and would prefer to give them a tool in our app that let's them build reports whenever they want. Do any of you know of any good reporting tools where the end-user could build their own reports?
  Thanks for your help.
  -Andy

  Hi Andy,
  You could try JReport.  Its a reporting and data visualization tool that let's anyone of any skill level create and modify their own reports and dashboards.  You can even embed them into other applications.  Let me know if you want to chat about it.
  JReport website: www.jinfonet.com
  -Dean
  dyao (at) jinfonet.com

• HELP! Converting fonts for preflight and end user review

  I want to make sure the fonts are either embedded or linked to the doc so the end user can review my file. Once it is ready for print, what are the steps to make it print friendly?

  If the client needs to edit the file, you need to send the original InDesign file. You can use the Package command in the file menu to gather all of the fonts (other than CJK or restricted fonts -- you'll see the warning) and images required for printing into folders along with the document. This does not alter the licensing requirements, though, that the other user must have their own license for each of those fonts to install them (which is why PDF is a much better solution in General as most fonts worth using allow embedding for viewing and printing in a PDF), as well as a copy of InDesign.
  Peter

• User Exit & BADI for controling the END user in co06

  Hi
  I HAVE SOME 2 DOUBTS
  1.  I  need a user exit /  BADI  for controlling the user to edit a specific document type in co06 (BACKORDER PROCESSING) .
  the control should be actve for specfic order type for specfic users
  2  DEPENDS ON ORDER TYPE I NEED TO CONTROL THE ALLOCATION , AND HOW TO CHECK THE SAFETY STOCK

  Answer cannot be Provided properly , so has to Post more questions . i am jus closing my ques??

• ChaRM: approving of a change request by various list of end users

  Dear, experts.
  Can I customize ChaRM so, that before initiating change request  a support message should be approved by  by various list of end users depending on component (component A - list 1, component B - list 2)?
  For example some end-user wants to change  established business-process. In this process are involved other end-users, so to trigger changes he have to ensure that other end-users are agree.
  can you suggest any profitable solution?
  thanks in advance

  Hey talgat,
  what you need is an action that uses pfac (it s a transaction for defining rooting rules). Thanks to this transaction you can define rules that will be based on different fields of ticket od crmd_order to assign the right person to the ticket
  There is a standard action that does those kind of things called SLFN0001_ADVANCED_FIND_PARTNER of action profile SLFN0001_ADVANCED available in transaction sppfcadm. You ll notice that this action uses rule id AC13200137. Well you ll need to define your action that will be alike with your own rule that you ll have predefined in transaction pfac.
  Use a copy of the standard rule AC13200137 to do your own; it will ease the task for you.
  PS: this link could maybe help your understanding
  Support Team Determination
  Hope this helps
  Regards
  Khalil

• Project Team System Authorization Standards

  hi
  i am new guy to security. we are in prepare preparation phase(Technical requirements design) of the implementation project.
  i want to prepare documentation for "authorisation standards for project team". and i have to define standards, policies for creating user master records for project team members
  please kindly suggest me and provide some documentaion regarding authorisation standards, roles of project team.
  thanks in advance
  Ramesh

  Hello Ramesh,
  You'll need to do more research within your project team. As Auke suggested, it is a good idea to interview the consultants and assess their needs. Once you know that maybe you can find some SAP roles that will get you on the way.
  Some things to keep in mind:
  What do you allow the consultants to do? Hopefully everything they're being paid for. Check with project management to see if they are not stretching their needs. They also know you're new to the stuff and will take advantage by asking as much as possible.
  What will you not allow them to do? This is to be decided based on risk assessment, done by management. Risks can be simple stuff like: how often do you make a backup? What are the costs in time and material to restore the system to the last sucessfull backup state? Are you using real data (with corporate and privacy risks) to test?
  If you block certain activities and this conflicts with the project progress, what then? Involve the decisionmakers in this design stage already.....

• Training To End User on AA ,  AP.

  Hi,
  i need to give the Traing to End Users on AA & AP next week,
  can any one help me how do i start, from which topic,
  or send me any meterail for Training to End Users. what type of questions
  will we get from them, how do i answer & manage them.
  please help me, very urgent.
  i will assign points.

  Prabodh wrote:
  You should always state the Apex version. And this case, because this is related to authentication, the Authentication scheme you are using.
  Assuming that you are using the Apex Built-in Auth scheme, you can achieve this by using User Groups feature and the APEX_UTIL.CURRENT_USER_IN_GROUP API.
  Here are the high level steps:
  a. Apex Builder > Administration > Manage Users and Groups
  b. Create 2 users UAT1 and UAT2
  c. Create 2 Groups UAT1Group and UAT2 Group
  d. Assign UAT1 user to UAT1Group and UAT2 to UAT2Group
  e. On the Home page of both the applications create a "Before Page Header" Branch that goes back to the Login Page. Make this branch conditional.This does not work, because in APEX you can go into any page after login bypassing the home page (like this http://apex.oracle.com/pls/apex/f?p=46417:9 where 9 is not home page)
  So this branch will not run.
  f. In "A" application you want only UAT1 to access , so use PL/SQL Expression type of condition in the above created branch that has the following code
  return NOT APEX_UTIL.CURRENT_USER_IN_GROUP('UAT1Group')So the user UAT1 will return False and the branch will not execute, but for others it will return True and send the user to Login page, which is access denied.
  Similarly, make the branch in B application condition for UAT2Group.
  Regards,

• End user permission ignored

  Hello,
  I have a problem with an end user permission that seems to get ignored: I wanted to demonstrate the usage of the end user permission and assigned a role to a User (for simplicity's sake as an entry point, no worksets, pages etc. involved) and enabled end user permission on the role for that particular user.
  Now when that user logs in he gets to see the according entry in the navigation bar as expected. However if I disable the end user permission, log out and again log in the user, he stills sees the link. The end user permission setting is simply ignored. Can someone shed light onto this, could there be something wrong with the installation)?
  I don't think this is an issue of permission inheritance (the role permissions are set explicitly anyway) or overlapping permissions due to membership in several groups - the user is only member of the single standard  group 'authenticated users'.
  Regards,
  Sebastian
  P.S. What's the use of a role assignment to a user without end user permission anyway (I mean why the option)? What happens if you don't add permissions on a Role for a certain user at all (I tried it, but the effect is the same as described above - end user permission seem to be irrelevant)?

  Hi Robert,
  thanks for your answer and for the link (and I thought I had read everything). I am not so sure however if I really understand the term 'runtime environment' for a user. I thought runtime vs. design-time meant the difference between the content a user sees when he is actually using the portal and the content an administrator has access to in the portal content catalog, i.e. a meta-environment accessible only through certain tools like the permission editor or similar.
  I don't understand what you want to express with "<i>It's used to restrict ... end user runtime environment</i>" and why the "Page Personalization" is an example.
  I realize that for roles the availability for a user is solely defined by the assignment of that role to the user - end user permissions have no effect on this. Confusing, because I tought this availability (i.e. showing links in the toplevel or detailed navigation) was what was meant by 'runtime environment' but I seem to be wrong here.
  The docu says "<i>for roles the end user permission setting does enable you to define which users/groups/roles are able to preview the role content using the portal design-time tools</i>". Again, I am confused, I thought this was exactly the meaning of design-time environment.
  Great if you or someone else could comment on this..
  Regards,
  Sebastian

• Monitor connected front end users

  Hi ,
  I have an application with access control list and table which holds application users / used for authorization etc ...
  at the database level I would like to see and know which session belongs to which fron end users!
  at the database level I can only see session id's and application's username which is htmldb_public_user.... and its unique for every user..
  lookin at Utilities>Database Monitor>Sessions page I can only see one developer connected! but cant see session or session id for front end users? is there anyway to find out the session info for this user?
  Thanks

  its the same question with a diffrence that he is trying to have diffrent applications login as diffrent username so he can trace applications individually(which is what im intrested in too) where as im more intrested in knowing the session id for each front end users who are viewing/inserting or deleting data through the applications! hope this makes sense!
  I dont undrestand below response!
  Bill,
  FYI, the engine does this for each database session:
  begin dbms_application_info.set_client_info(g_user); dbms_session.set_identifier(substr(g_user,1,(64 - length(g_instance)-1))||':'||to_char(g_instance)); dbms_application_info.set_module('APEX:APPLICATION '||to_char(g_flow_id),'PAGE '||to_char(g_flow_step_id)); exception when others then null; end;
  ...where g_user is the authenticated user, g_flow_id is the application ID, g_flow_step_id is the page ID, and g_instance is the Application Express sessionID. I don't know where to tell you to look for these markers but they will be associated with the database sessions that you're seeing which are owned by APEX_PUBLIC_USER.
  We are looking to move to a 4 RAC environment which is creating many questions concerning APEX architecture.
  I've seen all your other posts about this and IMO, there are no questions to be answered about the architecture of Application Express vis-a-vis RAC, and vice versa.
  Thanks
  Message was edited by:
  friendlier

• DPM 2012 End User Recovery - Extending AD Schema tool crashes with error

  Hi everyone,
  I deployed SCDPM 2012 R2 in my test environment, but it is an issue. When I'm trying to extend AD Schema by DPMADSchemaExtensionTool.exe, it stops to working with an appcrash message:
  Problem signature:
  Problem Event Name: APPCRASH
  Application Name: dpmdsacl.exe
  Application Version: 4.2.1092.0
  Application Timestamp: 51b1e89d
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.3.9600.16384
  Fault Module Timestamp: 5215fa76
  Exception Code: e0434352
  Exception Offset: 0000000000008384
  OS Version: 6.3.9600.2.0.0.272.7
  Locale ID: 1033
  Additional Information 1: 7644
  Additional Information 2: 7644cee486badc818e8a96bb7aba3bfd
  Additional Information 3: 2ddc
  Additional Information 4: 2ddcde93bf91b9ddbb6e1a89fb9b5892
  When I'm trying to do the same with cmd I get an error:
  C:\diagEUR>dpmdsacl.exe sc.local CN=MS-ShareMapConfiguration,CN=System,DC=sc,DC=
  local /A sc\dpm$
  Unhandled Exception: System.IO.FileLoadException: Could not load file or assembl
  y 'dpmdsacl, Version=1.0.523.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
  ' or one of its dependencies. Strong name validation failed. (Exception from HRE
  SULT: 0x8013141A) ---> System.Security.SecurityException: Strong name validation
  failed. (Exception from HRESULT: 0x8013141A)
  --- End of inner exception stack trace ---
  How can I fix this error?

  Hi Seth,
  I think your script will be useful, please share them
  Here it is. It does the same items that the DPM tool does to the domain, with a few extra steps noted at the top.
  We create a group that has the permissions on the container, with the hope that one day, this feature will be available (DCR submitted).  In our support model, we would rather delegate permissions to support personnel to modify group membership than
  modify ACLs on system containers.    Your opinion on this may differ, so, feel free to remove it.
  It also gives our support personnel permissions to modify the sharemap container - so they can enable DPM EUR servers later.
  Both of these have been working fine for preparing a domain / enabling EUR.  Preparing the domain is run by domain admin, then, we leave enabling EUR to our support staff.
  Remember, this is not supported, this just makes the same changes that the EUR tool does.  You should use the EUR tool from Microsoft.
  #Requires -version 2.0
  # File:      DPMEndUserDomainPrep.ps1
  # Version:   0.1
  # Purpose:   Domain Preparation for DPM End User Recovery
  # Tasks compelted by this script:
  #      -Create MS-ShareMapConfiguration container in System container of the domain
  #            -Create the security group (NETBIOS Domain Name) DPM End User Recovery servers
  #      -Give Create,Delete MS-srvShareMappingObjects, ListChildren permissions for the newly created group, on the new MS-ShareMapConfiguration container
  #      -Find <SUPPORT GROUP> group in the forest root, and grant full permissions to the MS-ShareMapConfiguration container
  Param(
    [string]$domain
  if ($domain -eq "")
   write-host ""
   write-host "Script Usage" -foreground cyan
   write-host "-----------------" -foreground cyan
   write-host "./DPMEndUserDomainPrep.ps1 -domain domain.com" -foreground cyan
   write-host ""
   exit
  $Title = "DPM End User Recovery Domain Prep"
  $Message = "Do you want to continue with domain prep for " + $domain + "?"
  $Yes = new-object system.management.automation.host.choicedescription "&Yes","Continue with Domain Prep for $domain"
  $No = new-object system.management.automation.host.choicedescription "&No","Exit the script"
  $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  $result = $host.ui.PromptForChoice($title, $message, $options, 0)
  If ($result -eq 1){exit}
  # Load the AD module
  Import-Module ActiveDirectory
  # Figure out our domain
   $root = (Get-ADRootDSE -server $domain).defaultNamingContext
  #Get netbios domain name
   $domainname = (Get-ADDomain -Identity $domain).NetBIOSName
  #SchemaIDGuid for MS-SrvShareMapping Class
   $ShareMapGUID = new-object guid c356f65b-5540-4d85-9aef-3a7ecae7a878
   $guidNull = new-object Guid 00000000-0000-0000-0000-000000000000
          $guidGroupObject = new-object Guid BF967A9C-0DE6-11D0-A285-00AA003049E2
  # Get or create the MS-ShareMapConfiguration container
   $ou = $null
   try
       $ou = Get-ADObject "CN=MS-ShareMapConfiguration,CN=System,$root"
   catch
       Write-host "MS-ShareMapConfiguration container does not currently exist." -foreground yellow
   if ($ou -eq $null)
       $ou = New-ADObject -Type Container -name "MS-ShareMapConfiguration" -Path "CN=System,$root" -Passthru
       write-host "Created Container $ou" -foreground yellow
       start-sleep -s 10
  #Create DPM End User Recovery servers group
   write-host "Creating group $domainname DPM End User Recovery Servers" -foreground yellow
   new-adgroup -path "cn=builtin,$root" -name "$domainname DPM End User Recovery Servers" -groupscope universal -groupcategory security -description "Members of this group are delegated permissions to change contents of the System\MS-ShareMapConfiguration
  container"
          start-sleep -s 10
   $ServerGroup = get-adgroup "$domainname DPM End User Recovery Servers"
   $ServerGroupsid = [system.security.principal.securityidentifier] $ServerGroup.sid
   write-host ""
   write-host "Created group $ServerGroup" -foreground yellow
  #Get <SUPPORT GROUP>in Forest Root
   $forestname = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Name
   #Check to see if <SUPPORT GROUP> group exists
   $SupportGroup = $null
   $SupportGroup = get-adgroup -server $forestname "<SUPPORT GROUP>"
   if ($SupportGroup -eq $null)
    write-host ""
    write-host "WARNING - <SUPPORT GROUP> Group does not exist in the forest root" -foreground red
    write-host "Permissions must be manually assigned to the MS-ShareMapConfiguration Container for the <SUPPORT GROUP>" -foreground red
    write-host ""
   $SupportGroupSID = [system.security.principal.securityidentifier] $SupportGroup.sid
  #Get current ACL for the MS-ShareMapConfiguration Container
   $OUacl = get-acl "ad:cn=ms-sharemapconfiguration,cn=system,$root"
  #Create ACE for adding permissions to newly created group to MS-ShareMapConfiguration container
   $ace1 = new-object system.directoryservices.activedirectoryaccessrule $ServerGroupsid, "CreateChild,DeleteChild", Allow, $sharemapguid,"all"
   $ace2 = new-object system.directoryservices.activedirectoryaccessrule $ServerGroupsid, "ListChildren", Allow,$guidNull,"all"
   $ace3 = new-object system.directoryservices.activedirectoryaccessrule $SupportGroupsid, "GenericAll", Allow,$guidNull,"all"
   $OUacl.addaccessrule($ace1)
   $OUacl.addaccessrule($ace2)
   $OUacl.addaccessrule($ace3)
  #Apply ACL
   write-host ""
   write-host "Setting ACLs on cn=ms-sharemapconfiguration,cn=system,$root" -foreground yellow
   set-acl -aclobject $OUacl "ad:cn=ms-sharemapconfiguration,cn=system,$root"
  #Get current ACL for the DPM End User Recovery Servers group
   $ServerGroupDN = $servergroup.distinguishedname
   $Groupacl = get-acl "ad:$servergroupdn"
   $groupace = new-object system.directoryservices.activedirectoryaccessrule $SupportGroupsid, "GenericAll", Allow,$guidNull,"all"
   $Groupacl.addaccessrule($groupace)
   write-host ""
   write-host "Setting ACLs on $servergroupdn" -foreground yellow
   set-acl -aclobject $Groupacl "ad:$servergroupdn"
   write-host ""
   write-host "Script Complete" -foreground yellow
  Seth Cohen

• Enable the visibility of parameter to particular end user

  Hi all,
  I have created one report, in that i am using parameter selection.
  Now my requirement is parameter selection should not be enabled for me and other users, but it should be enabled for a  particular end user.
  Thanks,
  Ranjith C.

  PARAMETERS : p1 type char10, p2 type char5.
  at SELECTION-SCREEN OUTPUT.
    LOOP AT SCREEN.
      if screen-name CP '*P1*' and sy-uname = 'USER_NAME'. "required username
       screen-active = 1. 
      elseif screen-name CP '*P1*' and sy-uname NE 'USER_NAME'.
       screen-active = 0. " this will make the entire field disapper .. screen-INPUT =0 only makes it not editable..
      endif.
      MODIFY SCREEN.
     endloop.
  posting a better code...
  Edited by: Soumyaprakash Mishra on Nov 10, 2009 4:56 PM