Attribute group for user?

Similar Messages

• OBA4 FI tolerance groups for users - GL account

  Dear All,
  May I know where is the gl account defined for the permitted payment differences? If in FBKP, then which group to define?
  Thanks

  Hi
  Please use the below mentioned path to define tolerance groups for users and also refer to follow the below link
  For normal price difference clearing use the Tcode:OBXL
  http://www.scribd.com/doc/51496069/17/Assign-User-Tolerance-Groups
  for details please go through the below mentioned points
  SPRO>Financial Accounting>General Ledger Accounting>Business Transactions>Open Item Clearing>Clearing Differences>Define Tolerance Groups for G/L Accounts/Define Tolerance Groups for Employees
  Upper limit for posting procedure
  Maximum Amount Posted per Document
  Maximum permitted posting amount per document for this user group.
  The posting amount is the total of all debit items or, similarly, the total of all credit items.
  Maximum Posting Amount per Line Item
  Maximum posting amount permitted per customer or vendor item for this user group.
  Maximum Cash Discount Percentage Rate
  Maximum cash discount percentage rate which may be assigned by an employee of the user group.
  Use
  The percentage rate is checked during the entry, change and clearing of open items.
  Note
  The restriction does not apply to automatically created line items, for example, during payment settlements.
  Permitted payment difference
  Maximum Payment Difference for Revenue
  Payment differences to our advantage are allowed up to the amount entered here.
  The amount always refers to the local currency. Payment differences up to the amount entered here are posted automatically by the system as increasing the profit. The system creates line items to show this.
  Note
  In addition to the amount, you also enter a percentage rate in the Percent field. The lower limit is valid. If you only want to use absolute amounts or percentage specifications, then you must enter the maximum value in every other field.
  Note that you define these limits for your customers/vendors and your employees. The lower limit is valid.
  Example
  The local currency is USD. You have entered 30 USD in the Revenue field and 1 in the Percent field. For incoming payments up to 3000 USD, you accept an overpayment of a maximum of 1 percent. That means, amounts of 0 to a maximum of 30 USD are tolerated, depending on the incoming payment amount. For incoming payments over 3000 USD, you accept an overpayment of up to a maximum of 30 USD.
  Maximum Allowable Revenues from Payment Differences
  Differences when settling payments are accepted and posted automatically by the system up to the percentage rate entered here. The percentage rate is only valid if the difference is posted as a gain.
  The percentage rate is used for the maximum of the debit and credit totals of the items to be cleared.
  Note
  In addition to the percentage rate, you also enter an amount in the Revenue field. The lower limit is valid. If you only want to use absolute amounts or percentage specifications, you must enter the maximum value in every other field.
  Note: You define these limits for your customer/vendor and your employees. The lower limit is valid.
  Example
  The local currency is USD. You have entered 30 USD in the Revenue field and 1 in the Percent field. For incoming payments of up to 3000 USD, you accept an overpayment of a maximum of 1 percent. That means, amounts of 0 to a maximum of 30 USD are tolerated, depending on the incoming payment amount. For incoming payments over 3000 USD, you accept an overpayment of up to a maximum of 30 USD.
  Maximum Discount Adjust. for Gain from Payment Differences
  When clearing payments, any payment differences up to the amount specified here are corrected with the cash discount posting as long as the cash discount amount is large enough for the adjustment.  The value you specify here is used for differences that represent a gain.
  Regards
  Praveen  PC
  Edited by: Praveen Chirakkel on Apr 12, 2011 6:46 AM

• ISE: create rules with AD groups for Users and Computers

  Hello,
  We've just begun to work with ISE.
  Is it the good place to post on ISE, or there is a dedicated forum in another place?
  We'd like to create some rule depending of Computer member groups AND Users member groups from AD, but we meet some difficulties.
  We've created AD groups for Computers and Users depending of their Department:
  Users_1
  Users_2
  Computers_1
  Computers_2
  When we create some basics rules regarding one group only:
  - with a group Computers_x to attribute a specific VLAN to a computer (when no Windows session is opened), it runs correctly.
  - with a group Users_x to attribute a specific VLAN to an user (when Windows session is opened), it runs correctly.
  But when we create a rule regarding a group from Computers and one from Users, to attribute a specific VLAN to an user on a specific computer, this rule is not applied.
  Is it possible to use ISE on this way?
  Thanks for help.
  Regards,
  Chris

  Enable EAP Chaining— if  you want Cisco ISE to allow authentication of both machine and user in the same  EAP-FAST authentication.
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_80_eapchaining_deployment.pdf

• OBA3 (Customer / Vendor Tolerance) and OBA4 (FI Tolerancde Group for User)

  Hi Expert,
  With reference to the subject of this post, could anyone can highlight to me the actual difference between these 2 tolerance settings?
  I use OBA4 to set the payment different for cash discount and payment differences, and it works.
  Therefore, I wonder what is the main functions for OBA3?  Any inter-relation between this 2 tolerance settings?
  Both settings also have the section of "Permitted payment difference"...
  In OBA3, the help files says that ... "In this step, you specify the tolerances for vendors. These tolerances are used for dealing with differences in payment and residual items which can occur during payment settlement..."
  Kindly advise.
  Thanks and regards,
  Sbmel

  Thanks for the fast reply.
  Therefore, technically to say that if I want to limit the cash discount given or received, from vendor/customer, I can just create "OBA4 setup user wise, and you assign this group to user" ... and from this settings, I just need to create:
  Group: <Blank>
  Company Code: My desired company code
  Currency: company code currency (defaulted per company code)
  Cash Discount per line item to: 0
  and at the permitted payment difference section:
  Revenue: Cash discount adj to: 0
  Expense: Cash discount adj to: 0
  Right?
  Thanks
  Sbmel

• Restriction of sales group for users

  Hello,
  I need to restrict the sales group to different user using VA05,I tried so many ways but i am able
  to see the others data.
  We already created one authorization object and assigned in role.But we are not able to restrict
  the users.
  In our scenario the user named like dealers. one dealer can see the other dealers data.
  Please guide how to restrict the users at sales group.
  Thanks,
  Sivaprasad

  Hello,
  What I understand from your post is that you want to restrict the users to view the list of sales order - report using VA05 just for their sales group and not for others, as in your case your dealers are your end users and you want each dealer to be able to view for only his sales orders and not that have been issued to other dealers. Is that correct?
  You have created a custom object using field VKGRP on the basis of which you want to restrict the report. The object has to be defined in the standard program for VA05 for authority check and then included in the role. In this case you may have to create one role for each user or group of users for each sales group.

• Need attribute list for User object

  Hi All,
  Where can I find the attribute list for the object "User"? I need this for silent mode domian configuration.
  Thanks!

  Hi All,
  Where can I find the attribute list for the object "User"? I need this for silent mode domian configuration.
  Thanks!

• [SOLVED] Problems changing primary group for user

  Hello,
  I used the following command to add a new user
  # sudo useradd -m -g users -G audio,lp,optical,storage,video,wheel,games,power,scanner -s /bin/bash mel
  I think did
  #cat /etc/group
  and everything looked like it should apart from the user mel was not on the users group line
  e.g.
  storage:x:95:john,mel
  scanner:x:96:john,mel
  power:x:98:john,mel
  nobody:x:99:
  users:x:100:john
  so I tried
  # sudo usermod -g users mel
  still no effect
  is this normal?
  Last edited by mrLogan (2012-04-05 08:36:32)

  Gcool wrote:Try using "adduser" (interactive version) instead and see if the behaviour remains the same.
  I used
  #sudo userdel -r mel
  to remove the account
  and then used
  #sudo adduser
  and went through the prompts
  by default it wanted to add the users group as primary and I accepted it
  everything went fine , no errors but yet again the
  cat /etc/group shows
  storage:x:95:john,mel
  scanner:x:96:john,mel
  power:x:98:john,mel
  nobody:x:99:
  users:x:100:john
  dbus:x:81:
  interestingly if I do
  #sudo id mel
  I get
  uid=1001(mel) gid=100(users) groups=100(users),7(lp),10(wheel),50(games),91(video),92(audio),93(optical),95(storage),96(scanner),98(power)
  I am officially freaked !

• Umw attribute responsible for user ID in SAP Logon Ticket

  In a typical portal login using the login module stack "ticket", I understand that j_user and j_password are used to login at the BasicPasswordLoginModule.
  With our UME running against an LDAP server, what attribute is responsible for the user ID of the generated SAP Logon Ticket at the CreateTicketLoginModule? It could be j_user or userid of the principal type account or the uniquename or loginid of the principal type user.
  Thanks,
  Florian

  i think it is by default but if you are using qoutes then you have to give it in upper case.
  select matnr into mara-matnr from mara where matnr = 'abc'.
  will not fetch any value here you have to give 'ABC'.
  regards
  shiba dutta

• Consistency error for user in PPOSA_BBP , no error in HRALXSYNC

  Hi Experts,
  For the same user when we run the report HRALXSYNC in SE38 , everything is green but when we check the same user in PPOSA_BBP it gives error "Attribute check for USER failed" .
  I have two queries,
  1)Why is the mismatch between the two checks  i.e. in HRALXSYNC report and PPOSA_BBP
  1)How can we see what is the exact error.
  Regards,
  Anubhav

  Hello Anubhav,
  What version of SRM?
  Execute the transaction:bbp_bp_om_integrate for the user,
  after the result comes,whith some data in red,right?
  Now scroll towards right..
  select the User's consistency row and there is an optiion at the end of tool bar,
  with 2 arrows shoWing downwards(Start Repair),just select the user and click on it.
  see what happenS
  ArshaD
  Edited by: arshad ahmed on Jul 23, 2009 3:52 PM
  Edited by: arshad ahmed on Jul 23, 2009 3:54 PM
  Edited by: arshad ahmed on Jul 23, 2009 3:55 PM

• Different groups for different syncing rights possible?

  Hi,
  is it possible to configure datasync for one group syncing all mail and appointments and for an other group only syncing appointments?
  Do I have to setup two datasync servers, or could this be solved by an additional connector?
  Markus

  Originally Posted by markus
  Hi,
  is it possible to configure datasync for one group syncing all mail and appointments and for an other group only syncing appointments?
  Do I have to setup two datasync servers, or could this be solved by an additional connector?
  Markus
  When i used Data Sync 2 years ago, i created two edirectory groups:
  1 for users only to sync Appointments and 1 group for users to syncing all things
  this worked fine for us, but now with the new GW Mobility 2.0 this works not anymore. I have no option to configure rights with groups.
  Would Novell bring back this option or is there a way to define default-sync settings for all users newly added to the system ?

• Problem with LDAP authentication for users in a group

  I've gone through several forums attempting to find a solution, but I still can't get authentication to work for users in a particular group within AD. Our ASA is running 9.1(2), and the domain controller is a Windows Server 2012 R2.
  I can configure the VPN connection, so that all users can authenticate just fine; however, when I setup the group, there appears to be success, but I'm reprompted to authenticate, and it eventually fails:
  [6707]  memberOf: value = CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com
  [6707]          mapped to IETF-Radius-Class: value = GroupPolicy_COMPANY_SSL_VPN
  [6707]          mapped to LDAP-Class: value = GroupPolicy_COMPANY_SSL_VPN
  [6707]  msNPAllowDialin: value = TRUE
  I'd be grateful if anyone can point me into the right direction and show me what I'm doing wrong. Thank you.
  ldap attribute-map AuthUsers
    map-name  memberOf IETF-Radius-Class
    map-value memberOf "CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com" GroupPolicy_COMPANY_SSL_VPN
  aaa-server LDAP protocol ldap
  aaa-server LDAP (COMPANY_PROD_INTERNAL) host 10.10.100.110
   ldap-base-dn DC=COMPANY,DC=com
   ldap-scope subtree
   ldap-naming-attribute sAMAccountName
   ldap-login-password *****
   ldap-login-dn CN=LDAPAuth,CN=Users,DC=COMPANY,DC=com
   server-type microsoft
   ldap-attribute-map AuthUsers
  group-policy NOACCESS internal
  group-policy NOACCESS attributes
   vpn-simultaneous-logins 0
   vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
   webvpn
    anyconnect ask none default anyconnect
  group-policy GroupPolicy_COMPANY_SSL_VPN internal
  group-policy GroupPolicy_COMPANY_SSL_VPN attributes
   wins-server none
   dns-server value 10.10.100.102
   vpn-tunnel-protocol ikev1 ikev2 ssl-client
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value SPLIT-TUNNEL
   default-domain value net.COMPANY.com
   webvpn
    anyconnect profiles value COMPANY_SSL_VPN_client_profile type user
  tunnel-group COMPANY_SSL_VPN type remote-access
  tunnel-group COMPANY_SSL_VPN general-attributes
   address-pool COMPANY-SSL-VPN-POOL
   authentication-server-group LDAP
   authorization-server-group LDAP
   authorization-server-group (COMPANY_PROD_INTERNAL) LDAP
   default-group-policy NOACCESS
   authorization-required
  tunnel-group COMPANY_SSL_VPN webvpn-attributes
   group-alias COMPANY_SSL_VPN enable
  tunnel-group COMPANY_SSL_VPN ipsec-attributes
   ikev1 pre-shared-key *****

  I just figured it out. Under "group-policy GroupPolicy_COMPANY_SSL_VPN attributes", I had to add "vpn-simultaneous-logins 15". Apparently, it was using the value "vpn-simultaneous-logins 0" under the NOACCESS group policy.

• Change Reference Attribute - "Manager" for multiple users

  Hi,
  I have a scenario in which I have to create a workflow to change a reference value attribute - "Manager" for multiple users in one go. Is it possible to achieve this with workflow. If yes, then how?
  Regards,
  Manuj Khurana

  Hello,
  not out of the box, since in workflows and custom activities you can only access the reqestor and target object direcly.
  But you can develop your own custom activity that fits you need, or do it with powershell custom activity.
  I did a very similar thing, to be able to change users group membership from the user UI, so I have also edit objects other then requestor and target in a workflow.
  Since both (manager and member) are reference attributes you maybe find this article helpful:
  http://social.technet.microsoft.com/wiki/contents/articles/19615.fim-2010-r2-how-to-manage-group-membership-from-the-user-ui.aspx
  I used this powershell activity in my solution:
  http://fimpowershellwf.codeplex.com/
  Regards
  Peter
  Peter Stapf - ExpertCircle GmbH - My blog:
  JustIDM.wordpress.com

• Could we have same name's for User and Groups in Active directory

  When iam trying to create a user name " Logistics " under a OU, I am getting a error
  "The pre-windows 2000 logon name you have chosen is already in use in this domain. Choose  aother pre-windows logon name, and then try again"
  We already have a group by the name " Logistics "
  Could we have same name's for User and Groups in Active directory?
  Thanks in Advance

  sAMaccountName attribute is unique. So, the short answer is you cannot.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• How to change the groupType attribute of a user group object?

  I'm trying to change the "groupType" attribute, of a user group object, from 'Distribution' to 'Security' (and the group scope is set to 'Global').
  The CAD bit mask value needed would be: 0x80000002 (Decimal -2147483646).
  How to change/modify the "groupType" attribute for this user group object?
  Thanks,
  UD

  Attribute attr= new BasicAttribute("groupType", "-2147483646");
  items[0]=new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
  ctx.modifyAttributes(dn, items);
  --does not work.
  javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002141: SvcErr: DSID-031A0B56, problem 5003 (WILL_NOT_PERFORM)
  Is it possible to modify it?
  Thanks,
  UD.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• ADS MA : the XML exported file (export to log file) doesn't export Distinguished Name in the attribute member for a group

  Hello,
  I am facing a weird issue during the export of a group to a log file (xml).
  I have configured my ADLDS management agent such as the export run profile exports data into a XML Ffile:
  Everything is fine in the XML, I see my new accounts, the attributes updated for accounts but for an unknown reason the group which should contains accounts does
  not contain the DN values.
  It contains the tags <dn-value> and <dn> but <dn> is empty
  e.g:
  <delta operation="update" dn="CN=GroupX,OU=Users,DC=ZZZZ">
   <anchor encoding="base64">XDSQDQDQ</anchor>
   <dn-attr name="member" operation="add" multivalued="true">
    <dn-value>
     <dn/>
    </dn-value>
    <dn-value>
     <dn/>
    </dn-value>
   </dn-attr>
  During the export, FIM updates the attribute "member" of the group:
  Member attribute seems to be caught by FIM during synchro profile and export profil bt not translates correctly in the final xml file.
  Any ideas?
  Thanks for your reply.

  Thinking the same thing as David - sounds like a bug - but that's curious because I've never had a problem with the AD MA doing exactly the same thing, albeit with FIM R1 most recently.  What version of FIM are you using, and have you checked the
  release notes of any subsequent versions to see if any such issue is mentioned?
  Bob Bradley (FIMBob @
  TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM