Unassign users from a Org unit and reassign to another org unit

Hello Friends,
There are users in my org who are already assinged to a org unit through USERS_GEN transaction (from SU01 users) and are creating shopping carts for the past four months without any issue.
Now there is a requirement to assign few of the users to another org unit.
I have created that org unit but not sure how to reassign it to a new org unit.
I am new to SRM. Any help will be appreciated.

Hi Dihsa,
Thanks for the fast reply.
In that link it has been mentioned that users can be unassigned from a org unit through USERS_GEN txn or drag and drop.
I already unassigned a user by clicking on delete assignment in PPOSA_BBP. While I am trying to reassign the user through USERS_GEN to new org unit, I am getting the error: Central Person for this user already exists with E BBPU_MESSAGES 042 &.
After going through some of the threads I realized that I should not do like that for deleting a assignment.
Also I found one thread which is telling that ....new org unit has to be selected and then by clicking on the Assign button --> Incorporates..Postion.. a user can be reassigned.
Is it a right way to do that.... I don know how to unassign using USERS_GEN txn.
Also it would be great if you could help me to resolve the above error.
Please guide me.

Similar Messages

  • Is it possible to restrict the user from creating a sibling and allow him to ONLY create child nodes in DRM?

    When in a hierarchy, a user right clicks on a node to crate a new node, he has two options
    -Child
    -Sibling
    Is it possible to restrict the user from creating a sibling and allow him to ONLY create child nodes?
    Business cases:
    1. different level nodes need to have different prefixes.
    - Thus, the default prefix property definition uses the level number to assign a prefix
    - Also, a validation, to ensure the correct prefix, uses the level number
    But if the user can create a child and a sibling then the default prefix will only be right for a single case and not both.
    Thanks

    If the images are exactly the same size then make sure the layer with the mask
    is the active layer and in the other documents go to Select>Load Selection and choose
    your document with the layer mask under Source document and under channel choose the layer mask.
    After the selection loads press the layer mask icon at the bottom of the layers panel.
    MTSTUNER

  • Restricting user from taking printout, copying and taking screen shots

    Hi,
        In KM,   is it possible to restrict the user with read permission from taking printout, from copying the document, from taking screen shots for a document.
        If possible , how to achieve it.
        All helps will be appriciated.
    Regards,
    Shanthakumar.

    Hi,
    Once the user has read permission and able to view the document, there is no possibility to stop this user from taking printout, copying and making screen shots.
    Check this similar thread:
    https://forums.sdn.sap.com/thread.jspa?threadID=826025
    Regards,
    Praveen Gudapati

  • Can retrieve users from some sub OUs and from other sub OUs cann't

    hi,
    I am using Windows 2003 Active Directory Server and Jndi to access that in my application. I am using follwing code to retrieve all Users from a aprticular OU.
    ctx = new InitialDirContext(environment);
    SearchControls ctls = new SearchControls();
    ctls.setSearchScope(2);
    String attrs[] = {
    "sn", "givenName", "userPrincipalName"
    ctls.setReturningAttributes(attrs);
    String filter = "(&(objectClass=*))";
    String serachCriteria[] = {"User Container", "Admin Leads,OU=Administration,OU=User Container"};
    for(int i = 0; i < serachCriteria.length; i++)
    StringBuffer searchString = new StringBuffer("OU=");
    searchString.append(serachCriteria);
    searchString.append(",DC=india,DC=mycompany,DC=com");
    for(NamingEnumeration answer = ctx.search(searchString.toString(), filter, ctls); answer.hasMoreElements();)
    SearchResult searchResult = (SearchResult)answer.next();
    ....................and so on
    as can be observed in the bold text above, I have to specify the path of sub OU to retrieve users under that. Whereas apart from this sub OU, it is retrieving users from others sub OUs. The problem is, the code can access users from some OUs but not from other sub OUs
    Can anybody help?
    regards,
    Zaid

    Active Directory has a very rich access control model.
    Perhaps it may not have occurred to you, that you do not have list access rights to the child3 & child9 organizational units ?
    You may have access rights to all the leaf objects contained in child3 & child9, which explains why you can retrieve all the leaf objects when you explicitly bind to them, however you may not have list access rights to child3 & child9 which explains why you can't bind to it when iterating through parent1.
    What happens if you simply perform a one level search on parent1, using a filter (objectClass=organizationalUnit) ?
    If it doesn't retrieve child3 & child9, then perhaps you do not have list access rights for those two ou's.

  • Unassign user from a OIM Group using API/Java Code

    Hello OIMers,
    Can you please tell me how should I Un-assign a group membership through code?
    This is the case:
    When the user is deleted from Active Directory, I want to Unassign the User from a group, assume the name of the group is "FullTime Employees".
    Currently How I do this is Click on the User Profile in Admin Console then select Group Membership from drop down and then select unassign for that group.
    Please tell me how should I do the above task programmatically, This would solve my problem.
    Thanks everyone in advance.
    Regards,
    VSN

    Hi all,
    I am using the following api:
    uintgroupf = (tcGroupOperationsIntf)tcUtilityFactory.getUtility(db, "Thor.API.Operations.tcGroupOperationsIntf");
    uintgroupf.removeMemberUser(arg0, arg1);
    arg0 - is group key............Can you tell me how should I fetch this Group Key??
    Thanks.
    Regards,
    VSN

  • Can anyone help me figure why there is a popping sound when I move from an iphoto still image to a new video clip?  The sound has been removed from the video clips and there is another soundtrack underneath it all.  Help?

    My current project is like many I have created in the past.  I have removed the sound from my video clips and laid another soundtrack under the entire project.  Now, when I add an iphoto still image to the project, when it goes back into video there is a popping sound.  I've never had this happen in the past and have made many projects in the past just like this one.  Any way to troubleshoot this issue?  Thanks so much for your help.
    Ben

    What audio output are you using? What mac and version iMovie

  • How do I move organized photos from dropbox to iPhoto and share with another user on the same mac?

    I have about 3,500 photos sitting in dropbox and just purchased my first mac yesterday.  My husband and I each have our own Ipad and our own user id's on the mac.  I moved two of the folders to Iphoto and it shows up on my screen in the right folders.  However, on my Ipad, it shows all of them under one Photostream and not organized.  They don't show up on my husband's "side of the computer" at all. 
    So my questions are:
    1.  How does one mirror their file organization on the Ipad?
    2.  How does one share all of the folders with another user on the same Ipad so they can view folders, and add pictures to the folders if they like?
    Thanks!

    1.  How does one mirror their file organization on the Ipad?
    If you use the Photo Stream, the organisation in iPhoto will be lost - there is just one endless stream.  YOu could sync your photos using iTunes. Then you will see the synced albums in the Photos.app on the iPad.
    See this link:   iOS and iPod: Syncing photos using iTunes
    How does one share all of the folders with another user on the same Ipad so they can view folders, and add pictures to the folders if they like?
    On the same iPad?  Do you mean on the same mac?
    If you want to share an iPhoto library between two users on the same mac, the iPhoto library should be on a separate disk partition or even better, on a separate external disk. Then you can set the flag "Ignore ownership on this volume" to avoid permission problems. Both of you will be able to browse the iPhoto library and can edit the photos within.
    See this support document:  iPhoto: Sharing libraries among multiple users
    If both of you want to keep separate iPhoto libraries but share the photos, you could share selected albums as Shared PhotoStreams and invite each other to browse them. This would require iOS 7. Do you have iOS 7 on your iPad?  Each Shared Photo Stream will be shown as a separate album on your iPad .
         iCloud: Using and troubleshooting Shared Photo Streams
    Regards
    Léonie

  • How can i stop iPhone users from seeing my picture and home address and email on their phones? it just pops up. please help this stop.

    My boyfriend has the iPhone 6 (regular not plus) and my information such as email home address and a picture i took in photo booth on my laptop a few years ago is what what pops up on his phone? he has me stored under a different picture and name but when he got the iPhone 6 this other pic and all my info popped up when i called him? how is this so? can others see my information too? how can i make this stop? i do not want other to have access to that info. 

    See, that's just the thing...it isn't checked. It never was.
    It just keeps restoring the home page bookmarks for Safari, nothing more. I just downloaded an update for the NYTimes app, and it made my bookmarks reappear on the home screen again, so the only thing I can assume is that these are somehow linked to my Apple account...only question is, why?

  • Global Procurement by one business unit and recevied by other business unit

    Dear All
    I am going to implement centralized procurement, in which one business unit will buy the item and shipped directly to
    requesting business unit by the supplier.
    Will you please send me any setup document beside the one that is in metalink called Global Procurement.
    Thanks in advance for your help
    [email protected]
    Edited by: user12193359 on 02-ago-2012 7:06

    Hi
    If you are using inventory, costing is used automatically.
    IF you are using Purchasing, you receive the goods in inventory, so the costing kicks in automatically
    I have a document for global centralized procurement which shall help you.
    Let me know if you need it
    Regards
    emm

  • Changing user from one company code to another

    Dera all,
    we are currently using SRM 5.0.
    presently one user assigned to co.code X, we want to assign this user to co.code Y .he sholud get all the attributes of  co.code Y and should not carry any attributes of co.code X.
    Kindly help me out.
    This is very urgent...
    Thanks in advance
    Rgds
    GK

    Hi,
       You can then unassign the user from Co code X and assign  under the co.code Y  in the Org Structure i tracn PPOMA_BBP.
    BR,
    Disha.
    Pls reward points for useful answers.

  • Getting error while removinf user from AD group

    Hi,
    In AD User process definition, there is a default taks called :Remove user from Group. This task runs after another task called Organization Name Update . Whenever, an user is moved from one org to another org, his organization gets updated in AD user form and this task"Remove user from Group" runs. The work of this task is to remove the user from old groups. BUt the task is getting rejected and i see the below error in log files.
    11/07/04 00:24:17 Data AccessException:
    11/07/04 00:24:17 com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_ADUSRC_GROUPNAME from UD_ADUSRC where UD_ADUSRC_KEY = Description: ORA-00936: missing expression
    SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
    at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
    at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
    at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
    at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADREMOVEUSERFROMGROUP.implementation(adpADREMOVEUSERFROMGROUP.java:48)
    If anybody knows the solution for this then plz let me know.
    Thanks,
    Kalpana.

    I think the mappings and all would be correct. Here is what Kevin meant:
    - Let's assume the AD user account is a part of GroupA, GroupB and GroupC
    - Now on Change Organization completion if you invoke Remove user from Group then the adapter/process task has no way to know that which 3 of those groups has to be removed (or all 3 for your case)
    - Alternatively if you use API's to remove the group then this task would be invoked by the original OIM process/triggers and so the actual value would be known to adapter/process task.

  • Is there any way to prevent non-root users from rebooting the system?

    This question seems to be addressed many times on the web, but the problem is that none of the wannabe-howtos work on my system. In particular, this doesn't work and this doesn't work either, because (1) I need to keep policykit installed for udisks and other dependencies to function and (2) renaming (or removing) the file /usr/share/polkit-1/actions/org.freedesktop.login1.policy has (again) no effect on the users' ability to reboot and shut down the system. Even more surprisingly, adding the following to /etc/polkit-1/rules.d/20-disable-shutdown.rules has no effect at all:
    polkit.addRule(function(action, subject) {
    if (
    action.id == "org.freedesktop.login1.power-off" ||
    action.id == "org.freedesktop.login1.reboot" ||
    action.id == "org.freedesktop.login1.suspend" ||
    action.id == "org.freedesktop.upower.suspend" ||
    action.id == "org.freedesktop.login1.hibernate" ||
    action.id == "org.freedesktop.upower.hibernate"
    return polkit.Result.NO;
    As a result, ordinary users (not in the wheel group and with no special permissions) can simply reboot the machine by typing reboot. I remember that a simple polkit rule (as proposed on the Fedora forum) worked fine just a few months ago, but this doesn't work nowadays. The action IDs mentioned there are no longer listed in pkaction, so it's quite obvious that some changes (and bugs) have been introduced since then. I just need to prevent the users from rebooting the machine and to keep policykit installed. Is there any way to do this?

    karol wrote:Do said users have the ability to push the Power or Reset buttons?
    No, they don't.
    But come on, access permissions are a matter of principle rather than a matter of what you can possibly do with a hammer in your hand. That makes your question somewhat irrelevant to this issue. Imagine someone asking: "How can I protect my home directory from access by other users?" You would then probably ask: "Do said users have the ability to pull out the hard drive and mount it on their computer?"
    Even if the users had physical access to the ACPI buttons, rebooting the computer by mistake (via software) would still be much more likely than pressing (or even holding) the ACPI buttons by mistake.
    If I call rm -Rf / as a normal user, nothing should happen to the system in terms of availability to other users. Only my home directory and temporary files would vanish, but that's all. This is what permissions are there for. Similarly, when I type reboot as a normal user (no matter if I'm on SSH, on a local terminal or logged into KDE), it should be possible to simply disallow rebooting.
    The idea that users logged in locally can restart the computer may be fine for laptops under certain conditions, but it is a bad idea in almost all other cases. In a "kiosk" type environment, for example, the ability to reboot and get to the bootloader can be a huge security hole, unless all your disks are encrypted, and a huge "reliability hole" in any case. Suppose you use a desktop as a home server. You want everyone to be able to log in and to connect a USB flash drive (using polkit and udisks). But you simply don't want the machine to be rebooted. Why is such a simple thing so hard to do?
    Last edited by andrej.podzimek (2014-03-10 02:15:35)

  • Cannot remove deleted user from people picker - SharePoint Foundation 2010

    So I think I've read all the people picker articles here and I can't find a solution so I thought I'd start a new thread. Here is the issue:
    A user was deleted from Active Directory and removed from SharePoint Foundation 2010. The user was still showing in the People Picker within the site collection, so we have performed a few things to try and get rid of this user.
    User is deleted from AD
    User is deleted from SharePoint Site Collection
    Have tried stsadm -o deleteuser
    Have removed all mention of this user from UserInfo table
    User does NOT show in
    https://<SiteCollectionURL/_layouts/people.aspx?MembershipGroupId=0
    Cannot find any mention of this user anywhere.
    Ran a full crawl as we read on a forum somewhere that it might help.
    If I try and add the user back to SharePoint I get "The user does not exist or is not unique"
    If I try "stsadm -o deleteuser -userlogin DOMAIN\USER -url https://<sitecollectionurl>" I get "The user does not exist or is not unique"
    I am not sure what else I can try now. Can anyone help?
    Thanks,
    Vinny
    Vinny

    No other domain trusts that this user could be in.
    Just so everyone can stop with the warnings, we do NOT regularly delete users from the UserInfo table and fully are aware of the problems behind it, which is why it is so rarely done. But at times, you have to do what you have to do to help a customer, you
    know? This one user is the only one that was removed from the UserInfo table, but there are a few other users that are also deleted (from SharePoint, not manually from UserInfo) that are still showing as well. This one user included.
    There MUST be another place that the people picker gets it's information from. ALL of the user's old information still shows in the people picker (username, email address, display name), and yet none of that information exists anywhere other than in the
    People Picker. Mailbox is gone from Exchange, User deleted from SharePoint, User deleted from Active Directory. Is there no cache someone could point me towards that People Picker might store information in.
    Vinny

  • AD Group Membership with User From Domain Outside of Forest

    Here's one to twist your brain around -
    I have kerberos authentication using Active Directory working between a client's web browser and my web-app hosted in JBoss. I also have limited authorization working by checking group memberships using LDAP. This currently only works if all users are in the same domain. The ever-helpful adler_steven has detailed in another thread (http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15) how to do a group membership check for all Users/Groups in a single forest using the Global Context.
    I need to go beyond the domain and even beyond the forest and try to authorize a user from a trusted domain by checking if the user is a member of a group in my domain. Authentication works fine using kerberos. It's the authorization by group check I am having trouble with. I believe there are two ways to approach this:
    Approach #1
    Access the MS-specific PAC in the kerberos token from the client to get the group SIDs. The structure of the PAC is nicely defined in this article: http://appliedcrypto.com/spnego/pac/ms_kerberos_pac.html. However, I have no idea how to access the decrypted token. I pass the encrypted token that I receive from the browser to myGssContext.acceptSecContext(...) to complete the authentication.
    Question: Does anyone know how to get the decrypted kerberos ticket from there, specifically the authorization-data field?
    Approach #2
    Try to walk through the Active Directory structures in both domains using LDAP. In the domain group that I am checking, I can see a member attribute that references a foreignSecurityPrincipal object. The CN of this object happens to be the objectSID of the user I am looking for in the remote domain. Unfortunately, I have to check the remote domain server directly to verify that. The foreignSecurityPrincipal object itself does not contain any hint about what user it refers to aside from the SID (no originalDomainName attribute or something similar). It is feasible that I could walk the chain of references back to the remote domain AD server. That would require that my configuration include a list of remote domain servers to check (since I could have users from multiple trusted domains) and that my JBoss server have access to those servers.
    Question: Does anyone know of some other LDAP-related way of finding information about a user from a remote, trusted domain without having to hit the server for that domain directly?
    adTHANKSvance
    Eric

    You should be able to work back from the foreignSecurityPrincipal object :-) He says with a wry smile..
    This post prompts me to think whether one day someone will draw the entity relationship diagram for AD. Oh well, I've been procrastinating for years, a few more won't hurt !
    If it was a user from within the same forest, you should just be able to perform a search against a GC using the objectSID as the search filter. I've forgotten, but I don't think they will be represented as foreign security principals.
    Have a look at the post titled JNDI, Active Directory and SID's (Security Identifiers) available at
    http://forum.java.sun.com/thread.jspa?threadID=585031&tstart=150 that describes how to search for an object based on their SID.
    Now if it is a user from another forest, with which you have a trust relationship, then we begin the navigation excercise.
    You'll need obtain the user's SID (either from the cn or from the objectSID attributes) from the foreignSecurityPrincipal object. For example CN=S-1-5-21-3771862615-1804478405-1612909269-2143,CN=ForeignSecurityPrincipals,DC=antipodes,DC=com
    objectSID=S-S-1-5-21-3771862615-1804478405-1612909269-2143Then obtain the domain RID, eg.S-1-5-21-3771862615-1804478405-1612909269Next you will have to recurse each of the crossRef objects in the Partitions container, in the configuration naming context (which you will find listed in the RootDSE). The crossref objects that represent trusted domains or forests will have values for their trustParent attributes. A sample query would be something like//specify the LDAP search filter
    String searchFilter = "(&(objectClass=crossRef)(trustParent=*))";
    //Specify the Base for the search
    String searchBase = "CN=Partitions,CN=Configuration,DC=antipodes,DC=com";For each crossRef object, you can then use the dnsRoot attribute to determine the dns domain name of the forest/domain (if you want to later use dns to search for the dns name,ip address of the domain controllers in the trusted domains/forests), and then use the nCName attribute to determine the distinguished name of the trusted forest/domain.dnsRoot = contoso.com
    ncName = dc=contoso,dc=comPerform another bind to the ncName for the trusted domain/forest and retrieve the objectSID attribute, which will be the domain's RID. You may want to cache this information as a lookup table to match domain RID's with domain distingusihed names and dns names.String ldapURL = "ldap://contoso.com:389";
    Attributes attrs = ctx.getAttributes("dc=contoso,dc=com");
    System.out.println("Domain SID: " + attrs.get("objectSID").get());Once you find out which domain matches the RID for the foreignSecurityPrincipal, you can then perform a search for the "real user" .And then finally you should have the user object that represents the foreign security principal !
    Just one thing to note. Assume that CONTOSO and ANTIPODES are two separate forests. If you bind as CONTOSO\cdarwin against the CONTOSO domain, the tokenGroups attribute (which represents teh process token) will contain all of the group memberships of Charles Darwin in the CONTOSO domain/forest. It will not contain his memberships if any, of groups in the ANTIPODES forest. If Charles Darwin accesses a resource in ANTIPODES, then his process token used by the ANTIPODES resource will be updated with his group memberships of the ANTIPODES forest. Also you can have "orphaned foreignn security principal", where the original user object has been deleted !
    BTW, If I was doing this purely on Windows, IIRC, you just use one API call DsCrackNames, to get the "real user", and then the appropriate ImpersonateUser calls to update the process token etc..
    Good luck.

  • How to remove user from custom DLU Group

    Hi,
    I have created a DLU policy that creates a local user, and places this user
    in a custom local group (Group is already present on the system). Now I want
    to remove this user from this custom group and place it in another custom
    group. I have created a second DLU policy to place the user in the new
    custom group. The new custom group is added fine, but the old custom group
    assignment also remains. How should I set up the policy so that the user is
    removed from the old custom group, or is this not possible?
    Regards,
    Hen

    Hen,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
    - Check all of the other support tools and options available at
    http://support.novell.com.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://support.novell.com/forums)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://support.novell.com/forums/faq_general.html
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

Maybe you are looking for

  • How to put Video/DVD/games/eBook to Nokia

    Nokia phone still the NO.1 of all the phones, As a fan to Nokia phone, I want to share with you some tips to play Nokia. Only some experience of play Nokia phone, just enjoy it. This guide will show you how to put videos to Nokia, DVD to Nokia, games

  • GLs with open item management

    Dear All, I want to know, at the time of GL master creation, which GLs are to be maintained with open item management. Regards Swati

  • Mapping Problem with 2 ALV Tables after sorting

    Hi, I have a context node INCIDENTS with a sub-node SUB_INCIDENTS. The sub-node is filled via a Supply Function. Both nodes are displayed in separate ALV Grids on the same view, which works pretty well. The only problem I face is when I try to sort o

  • Install problems on Oracle 10.2.0.1

    I am trying to install on Oracle10.2.0.1 Suse linux 9.3 When I run the ./runInstaller I get an error Checking operating system version: must be redhat-2.1AS, redhat-3, suse-9 or suse-10 Failed <<<<< Exiting Oracle Universal Installer Any clues to wha

  • How can i hide 1 contact in 4g

    how can i hide 1 contact in 4g so if i call on this contact the number will not display in recant list..