Admin Approval

Similar Messages

• How to publish an Admin-Approved InfoPath template to 2 different site collections, and retain same internal column names

  Hi,
  I am wondering how best to publish an InfoPath form as an Admin-Approved template, to both Site Collection 1 (SC1) and Site Collection 2 (SC2). Some fields are promoted to SharePoint columns.
  I have already published my form to SC1, by choosing Publish to SharePoint Server > chose SC1 > Admin-approved > chose to publish to columns I had created manually on SC1 (these columns had relatively user-friendly internal names such
  as 'Form_x0020_Status' etc, which I reference in xsl + code). I then uploaded the template in Central Admin as Admin-Approved, and activated the feature on SC1. This all worked fine.
  However, if I then go to activate the feature on SC2, it creates columns with different internal names (GUIDs), which means my xsl + code won't work. If I try creating columns manually on SC2 before publishing, it still creates new GUID columns.
  This of course must be because on feature activation on SC2, it cannot find the exact columns specified in the template (which was published to SC1), so it creates new ones.
  In that case, what is the best way to publish an Admin-Approved template to 2 different site collections? One option is to create the columns using code, and deploy them to both sites as a feature, ensuring all IDs are the same. But should this be necessary, is
  there any option available using only InfoPath and SharePoint?
  Thanks for reading.

  Check these similar threads
  Republish
  existing InfoPath Form to a different SharePoint Site
  How
  to Programmatically Publish an InfoPath 2010 Template (.xsn) to Multiple SharePoint Sites
  Hope it will help
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

• Confirmation n-step Admin approval workflow

  Hello friends,
  We struck up in setting up admin workflow with the badi BBP_WFL_ADMIN_APPROV.  We have activated the workflow WS10400020 and we could able to determine approvers in that badi and able to pass the approver into output parameter of badi et_agent. Approvers are getting determined in the confirmation and able to approve it.
  But we need to have two step approval in that badi. Is the admin workflow (WS10400020) one-step approval workflow? Can we have two - steps in this workflow? In the badi, we are determining two approvers and all the approvers are getting passed into et_agent which is then getting passed to first step in the approval process. We would like to pass one of the approver in to next step.
  Could you please advise me on that?
  Thanks,
  Arun

  Masa,
  Thanks for your reply.
  Can we manually add approvers in case of confirmation one or two step approval workflows? Can we replace an approver who already there approval preview with an adhoc approver? In my case, both the feature is not working. Just want to know is this a standard process or we have a fix for that.
  Thanks,
  Arun

• In UCM, can I keep the documents invisible before admin approves it

  Guys,
  I have an idea.
  User A uploaded a document to UCM, but I don't want the document shows on UCM until administrator approves it.
  Is there anything I could do to make it happen?
  Thanks
  Henry

  Is the workflow in UCM, or there's another tool to build it?
  I fould this article about workflow in UCM, the author used an applet.
  http://www.packtpub.com/article/oracle-universal-content-management-set-up-change-workflows
  Do you think it will work? Or there's a better way.
  Many thanks

• Bypass System Admin approval

  Guys,
  I am new to OIM,so trying to learn upthings.I created a dummy resourse and created 2 level approval wkflows.Now before going to manager for approval it goes to xelsysadm queue.How to by pass this?
  Thanks
  ---

  Thanks for your response..However when I try to attach the tccompleteTask,and save it it raises an error "Updating the System Validation Task not permitted.Data validation vailed.the event handler could not be run.data will not be saved.
  Any help on this?

• Why is Admin Approval Needed to Share Folders Between 2 Standard Accounts?

  Dear OS X users,
  Please give this question due consideration because it's a fundamental question about the underpinnings of OS X which I've asked many people but no one seems to have a good answer. I have 3 accounts on my Mac. They are as follows:
  - pete (standard account)
  - wanda (standard account)
  - mac admin (admin account)
  It's logical that if Mac Admin creates a file/folder, he needs to set the permissions for it so that others can read/write to it. But imagine Pete and Wanda collaborate together on a project. Imagine Mac Admin creates a folder called /Swap with read-write permissions for all. Pete then creates a sub-folder without setting any particular permissions and then logs out. Then imagine Wanda logs in and wants to access the Pete's newly created folder. When doing so, an authentication prompt appears asking Wanda to enter an administrator's login details.
  *Why doesn't it ask for Pete's authentication details? Why does it need an administrator's login details? Mac Admin has nothing to do with it.*
  Now if you extrapolate this scenario to include a business enterprise where you may have lots of groups/teams with members all collaborating. It's ridiculous to involve an administrator for every trivial request of this kind e.g. a file permission change.
  Please don't simply recommend sharing via USB or upgrading to Leopard. (I hated Leopard and 'upgraded' back to Tiger). I'm looking more for explanations than workarounds.
  Thank you in advance.
  MrLinguaFranca.

  The short answer, of course, is that admin privileges are not needed (so long as you are the owner).
  The long answer is that administrator privileges are required to change the owner of a file or folder, or to change the group of a file or folder (if you are not the owner or aren't a member of that group). To change the permissions on a file, one must be an administrator or the owner of the file.
  In your scenario, Pete creates a folder, but forgets to make the folder read-write for others. Wanda is prompted for the administrator password because she doesn't have permission to access the folder until Pete says so. The default behavior on the Mac is to secure the folder.
  The reason it doesn't ask for Pete's authentication details is the same as if it were Windows, Linux, Solaris, etc. Wanda is asking permission to override Pete's settings. If Pete wanted Wanda to access the file, he would have done so. So, logically, Wanda requires administrative privilege to supersede Pete's wishes. Wanda should NEVER have to be party to Pete's credentials because doing so compromises Pete's account entirely (nor the administrator's credentials -- if the folder has permissions that deny her access, she needs someone to grant the access, not someone else's credentials so that she can grant access to herself by assuming the role of the other party).
  This is different from the case when you are accessing a network share. In that scenario, the connection to the remote machine does not know who's accessing the share and must require authentication to determine who it is dealing with. The correct way to implement network shares would be to have Wanda always authenticate as her self and never use the credentials of another. Once she's logged in as herself, the remote server can determine what she's permitted to access on the basis of her identity and the permissions on the files.
  This is how file security works (not just OS X).

• Why must other users must get admin approval to start Firefox?

  Since I had upgraded to latest firefox version, the desktop firefox icon includes a shield and asks for administrator permission to open. I also recently had problem with Windows 7 update process which required many steps to correct; but that was at least a week before my firefox upgrade.

  Sorry, I didn't mean to click the button "I have this problem". I have a problem with my mouse. Anyway, yes this is not uncommon. Windows 7 is a very secure operating system because it is completely paranoid about every program. As far as I am aware, this is not Firefox's fault.

• Approval on updation of a document

  Dear experts
  I have a query. Can we create a workflow for the updation of already approved document?
  Scenario:
  Person1  : Publish a doc. D1 (goes for approval)
  Admin     : Approves it
  Person1  : Make changes to doc. D1
  at this point of time is it possible to send the doc for approval again?
  Or will this happen once we enable Approval process for that doc?
  Regards
  Aparnna

  Hi Aparnna,
  If approval has been switched on, each change on an approved document will put this changed document into the starting point of the workflow again.
  For endusers (with only read permission on that document), that means that the document isn't published any more (as long as it isn't published by approval again).
  If versioning has been activated, it's a bit different. In this case, the end-users always see the last document in the version list which has been published: If V1 has been published, and somebody creates a V2 of the same document by changing it's content, this V2 has to be approved again, and as long this hasn't been done, end-users still see V1. As soon as V2 has been approved, end-users will see V2.
  Hope it helps
  Detlev

• InfoPath form opens in the browser instead of InfoPath Filler when a link is clicked from the Approval Task email

  I have an admin approved InfoPath 2010 form that is web enabled. It is published to a SharePoint 2010 Forms library and an Approval Workflow is attached to it.
  The form needs to open up in the InfoPath Filler with the Workflow Task bar at the top so users can approve the task from within the form and not go to Tasks list to do so.
  Here's a problem I am experiencing: sometimes the form opens in InfoPath Filler and sometiems it opens in the browser when the link to approve the form is clicked form the email that is sent by the workflow.
  Windows 7, IE 9, MS Office 2010:
  The form opens up in InfoPath filler like it supposed to. The Workflow task bar is there for users to approve the form.
  Surface Pro with Windows 8.1, IE 11 and MS Office 2013
  The form opens up in the browser and there is no Workflow task bar at the top.
  Things that I've already looked at and tried which didn't solve the issue:
  - The forms library is exclusivly set to open documents/forms in the Client Application
  - Set the browser compatibility mode in IE 11, that doesn't work too well, because you have to do it every time you open the browser.
  - Setting browser compatility in IE 11 reintroduced another issue, of multiple login promts, which was fixed by entering the SharePoint site in question into the Trusted sites by a group policy. Adding the site to trusted sites made the forms open up in the
  browser.
  - Researched compatibility issues with InfoPath and Windows 8.1, cannot find anything.
  - Researched compatibility issues with InfoPath 2010, Windows 8.1 and SharePoint 2010, also didn't find anything.
  Can someone offer a suggestion on how to fix this problem, preferably with no code, because we are not allowed to put custom code on the server?
  I need to force InfoPath form to open in InfoPath Filler when the link to the form is clicked from the Workflow email. Also the login prompts should not pop up. Need it to work on all the platforms: Windows 7, and Surface Pro Windows 8.1.
  Thank you.

  Hi,
  Thank you for your response.
  [Steps about how to capture the capture the fiddler log]
  ===========================================
  1. Download fiddler from
  http://fiddler2.com/
  2. Install fiddler and launch fiddler.
  3. When the fiddler be launched, the log will be enabled automatically.
  4. You can click “X” to remove all the records before you reproduce the issue.
  5. If the web site has been configured to https. Please enable https option:
               Click “Tools” -> “Fiddler Options”            
  Switch to HTTPS tab, then check “Capture HTTPS CONNECTs” and “Decrypt HTTPS traffic”.
  6. Then repro the issue.
  7. Click “File”->”Capture Traffic”, uncheck the Option “Capture Traffic” to make sure the “
  ” is not shown, that mean the logs has been stopped.
  8. Click “File”->”Save” ->”All sessions”, save the file.
  Any quesitons, please let me know.
  Best Regards,
  Dats Luo

• Cannot View Doc from Outgoing Payment under Approval Procedure messages

  Hi Experts,
  Both Originator and the approver cannot view the some of the pending and rejected documents when they are trying to edit the docuemtns from the approval procedures messages and approval decision reports.
  In effect, the approval cannot approvbed the documents as he cannot check the document for approval. The documents can be viewed from the payment draft dopcument. It will be tedious for the approval to go back and forth to draft document and approval decesion report.
  I already check the authorization for outgoing payment they both have full authorization. I can view the document as a super user. I need to know what other authorization do I need to check
  Both originator and  approver has full acess on outgoing payment since some of the documents can be viewed som3 documents cannot bew viewed.
  Please help. We are in the data catch up mode for October 2009.
  We are using 2007B PL10
  Regards,
  Amy
  Edited by: Sandra Callanta on Oct 20, 2009 11:06 AM

  Hi
  Login with userid who will approved the document
  Go in Admin > Approval Procedure > Approval Decision Report >
  Select first check box " No Decision Yet"
  select the pending one and approved it > update > ok
  Thanks
  Kevin

• OIM Self Registration without approval

  Hi All,
  I am very new to OIM, I need to know how to do self registration without an admin approval.
  I just gave shot by adding those mandatory fields from the approval form to the self registration form by editing the
  formmetadata.xml. but i get a bunch of exceptions and the request itself is not getting registered, i couldnt see any pending approval tasks in the admin screen for that particular self registration.
  I went through this post
  OIM - auto approval of self registration
  From that i could get that i need to create a task adpater and populate the other mandatory fields
  which aren't captured in the self registration screen.
  But is it the only way of doing it??
  Please let me know how to do it (any method).
  or any pointers would be helpful.
  Thanks in advance.

  HI Nitesh,
  Thanks for the reply,
  What i did is I added the mandatory fields to the self registration page, The probllem was with the value which i had passed during the self registration.
  For user type, i gave it as "Full-Time Employee" , but the actual value is "Full-Time" when i gave the correct value
  it worked.
  To summarize, i just added the madatoy fields like org name, user type and role to the sefl registration page
  and gave the correct values while registering and it worked.
  i am sure i cant live with this for a long time, I have to start work on the adapters.
  Thanks.

• App Locker: admin user (non-admin token) unexpected run behavior

  As an administrative user with a filtered token (not choosing Run As Admin), when I double-click an .exe residing in a location that no App Locker rule would allow a non-admin token to run - I expect to see the application blocked by App Locker, but it runs
  instead.
  Background:
  No App Locker rule exists that would allow the .exe file's location (on my administrative user's desktop) or any of the other .exe's I'm able to run from my user's profile directory. I checked several of these with ProcExp and they all show
  BUILTIN\Administrators = DENY on the security tab.
  The only App Locker rule that would allow me to run this is the default rule for BUILTIN\Administrators.
  I have verified with ProcExp that the current Explorer.exe is running with a filtered token (BUILTIN\Administrators is denied).
  My administrative user is a member of a group, Workstation Local Admins, which is a member of BUILTIN\Administrators. I am not expecting this to match the Default rule for BUILTIN\Administrators.
  UAC group policy is configured as follows and I have verified this policy is applied to this system and registry keys have been set to match by group policy processing: ENABLED -> [Admin Approval Mode, Only elevate UIAccess applications...secure locations,
  Run all administrators in Admin Approval Mode, Switch to secure desktop when prompting..., Virtualize file and registry write failures...]; DISABLED -> [Allow UIAccess applications to prompt...without using the secure desktop, Detect application installs...,
  Only elevate executables...signed and validated]; PROMPT FOR CONSENT -> [Behavior of the elevation prompt for administrators..., Behavior of elevation prompt for standard users]
  AppIDSvc is running and seems healthy
  all rules categories are set to enforce
  So what is going on here? App Locker event log happily reports that all these "were allowed to run" - but how are the rules evaluating to allow them to run?
  born to learn!

  > Admin), when I double-click an .exe residing in a location that no App
  > Locker rule would allow a non-admin token to run - I expect to see the
  > application blocked by App Locker, but it runs instead.
  This guy experienced the same issue:
  http://superuser.com/questions/744350/applocker-and-uac-on-windows-8-1
  Seems to be a design change in W8, although I couldn't find any
  information about it...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Roles for Admin Approvers

  (1) I'd like to give a user an admin role that'll allow him to see all work items that are in approval waiting status so that he can forward or complete the work items on behalf of the true approvers when they are out of office.
  (2) Or that when no approver is found in the approval table in the N-step approval badi, the work item is to be forwarded to this admin approver so he can take appropriate actions.
  Can I achieve both? If so, what role(s) should this admin have in order to do this? And is there any other attribute or customizing I need to do to enable this?
  Thanks much,
  SN

  Hi
  Which SRM Version are you using ?
  1) I think, the user is having authorization role problem
  Purchaser worklist is :
  - either in BBP_POC (process purchaser order -> worklist tab)
  - or in the sourcing cockpit transaction
  or Do this
  Also, try assigning the role SAP_EC_SC_ADMIN_PURCHASER to the relevant user and then chk it out.
  Also check, in the Extended search option, include the options, Bought on behalf of as checked ('X') and Include Completed Shopping carts as 'X' with Time Frame - (LAst Year) and Status = ALL
  Refer to Transaction BBP_MON_SC (Monitor Shopping cart ) to check it whether it's pending in with whom and at what status.
  Also, alternatively, you can refer to BBP_PD transaction, Specify the Shopping cart number there in the Object_ID field and you will get the details. Find this SC in transaction BBP_PD and double click on Organization field.
  There is a list of purchasers who has access to this SC via sourcing cockpit.
  2) Implement BBP_WFL_APPROV_BADI to send items to Administartors.
  First check whether the approval_table[] is initial.If so,you will have to populate the table approval_administrators so that the SC is sent to the default administrator if the approvers are not found.
  Also make sure in the field "approval_agent",you are assigning the username as "USXXXXX".
  Populate the APPROVAL_ADMINISTRATORS[] table in the BADI with the 'US' followed by SAP user name. It will go to the administrator inbox.
  <u>See related SAP OSS Notes / links -></u>
  Note 978709 - Administrator receives no work item for the BADI workflow
  Shop on behalf - SECRETARY role
  <u>Hope this will help. Do let me know.</u>
  Regards
  - Atul

• Setup Approver List in LMS 3.1

  Hi All, Has anyone setup approval feature in LMS3.1. I want it to setup for my customer. Customer wants that helpdesk will create a job and then it should come to Network Manager for approval and without approval job should not be executed.
  Can anyone explain me how does it work and what is the requirement to achieve this and what are the step involve in it.

  Help desk users typically don't create jobs.  This task usually falls to Network Operators.  They would create a job, then before the job could run, it would require approval from someone on the approval list.  That approver need not have any other access to LMS except to approve jobs (i.e. they would only be given the Approver role).  If the job is not approved by the time it is scheduled to run, then it will be canceled.
  To setup an approver list, you need to first add users to LMS with the Approver role.  Then go to RME > Admin > Approval > Create/Edit Approver Lists, and create a list.  You can assign an approver list to a various job-based task under the Assign Approver Lists TOC task.  Finally, go to Approval Policies to enable the approver feature for a given job-based task.
  I highly recommend you first review the context sensitive online help in RME so that you fully understand the flow of maker (the job creator) and checker (the job approver).

• Unable to install MSI as domain admin

  I have windows 10 installed and i am a domain admin. I am simply trying to install the flash update a .msi file manually from my c: drive. UAC is disabled. It says i don't have sufficient rights.
  On msi files there is no run as administrator option on the context menu. Please note i don't want to run as administrator, what i want to be able to do is run a setup file and install a program, very simple.
  Ok further information on this massive task of installing an msi file.
  I  am domain admin, I have added my account to local admins group directly and restarted. Still does not work.
  Strangely if i run the msi as a different user by holding down shift and then running it as another domain admin account then it decides that i have rights and installs the file.
  If the response is turn UAC on or run windows as a non admin user, don't bother replying. I don't want to waste my life ok'ing UAC prompts or typing in windows admin user accounts all day.
  I do not mind running an admin account, I want to disable all the fake security that UAC brings with it, so that i am not prompted constantly to do basic things.

  Hi Johnmclain,
  Does the local admin have such issue?
  Check the following two security polies about elevated prompt:
  User Account Control: Detect application installations and prompt for elevation  
  ---Disabled
  User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode 
  --- Elevate without prompting
  Alex Zhao
  TechNet Community Support