Automatic Role Provision tool in ECC

Hi All - In my company we have very tedious procedure for role provisioning, users sometimes get totally lost when requesting roles.
We have no budget to implement SAP Access Enforcer, is there any tool within SAP which provides role provisioning.
Or can you guys suggest me any ideas with which I can make things easy to users in role provision.
As for now our process is user have to manully find roles which they want from couple of 100 roles, than it goes to role owner for approval after approval Sec Admin assigns requested role to user.......
Can you guys suggest me some ideas on how to make this process not complex to users.
Thanks All!

Thanks Auke for quick response!
I should have been more clear, my bad! When I say users I mean my IS users (BA's, functional Architects, PM's). Actually they request roles for end users or for business.
I was thinking to create standard roles (composite) per module/business specific. I dont know weather this idea will be any easy. When user request access to ECC per there responsibilities/business we can assign standard composite role to kick start user......
And also question with your previous post :
"_secondly make a download of AGR_1251 select on object S_TCODE and ONLY your ENDUSER roles_."
Could you explain me a little bit more...sorry!
Thanks Again.

Similar Messages

  • Role of Developers in ECC 6.0

    Hi Gurus,
    Our company have recently moved from 4.7 to 6.0.
    1. What are the steps/points to be taken into considerations after the implementation, taking developer view into consideration...
    2. In terms of tools, what 6.0 has offered us, apart from traditional abap programing...
    3. Heard the thing that developers have more restricted use/value now in comarison to 4.7, are v , programmers in a danger of extinction, literally..
    Thanx,

    Role of Developers in ECC 6.0
    With every new version release SAP releases Version / Release note. You should check the changes made from release to release.
    You can find the difference in release notes of each SAP version.
    Here are the links.
    http://help.sap.com/saphelp_47x200/helpdata/en/fc/e3003deddfae4de10000000a114084/frameset.htm
    http://help.sap.com/saphelp_scm50/helpdata/en/28/b34c40cc538437e10000000a155106/frameset.htm
    http://help.sap.com/saphelp_erp2005/helpdata/en/43/68805bb88f297ee10000000a422035/frameset.htm
    Follow the life cycle of upgradation project:
    Hi , plz find the high level design of the upgrade life cycle.
    Activity
    Description
    SPDD adjustments (Adjustments in Data Dictionary objects)
    Adjustment of data dictionary objects
    Identify SPAU objects and Custom objects
    Prepare the list of SPAU objects and Custom objects
    Reassessment of effort for modification and adjustment activity
    Reassessment of effort required for modification and adjustment activity
    Object Tracking Sheet
    Prepare the object tracking sheet
    Modification and adjustments of
    SPAU and Custom objects
    Modification and adjustment activity
    Object Testing (typically for custom objects)
    Primary testing of object to avoid any short dump
    QA Objects and documents
    Quality Control of modification and adjustment
    Release Request
    Transport the request from DEV to QA system
    Delivery of Objects to Client
    Completed objects are delivered to the client
    Integration Testing
    Integration testing
    Rework Objects
    Objects requiring rework after integration testing by the client and receipt of feedback
    There are two types of Upgradation:
    1) Technical
    2) Functional.
    Technical: It is puerly relevant for ABAP development.
    First they will prepare Business Process Master List.(BPML).
    It contains what are the business process, transaction codes, programs etc.
    They will cross check whether the business process, transaction codes, programs etc are functioning properly in the existing system. If not, they will go for
    ABAP development in that System.
    Then they will go for user document preparation and user training documentation & Scripts.(Nothing but templates).
    While doing Upgrade You have to aware of all related program like BDC's , Screens related errors and all dictionary related problems.
    Some function modules may become obsolete, and some screens will change
    and some new fields will be added in the new versions etc.
    Also take care of SPAU and SPDD tcodes.
    You should be able to know about Unicode concept in sap.
    check this
    http://www.thespot4sap.com/upgrade_guide_v2.pdf#search=%22upGRADE%20STEPS%20-%20SAP%22
    also chk these 2 notes in service.sap.com
    Technical Upgrade is only a version upgrade without any functionality changes.
    The objects that are needed to be upgraded are:
    Includes
    Function Groups / Function Modules
    Programs / Reports
    OSS Notes
    SAP Repository Objects
    SAP Data Dictionary Objects
    Domains, Data Elements
    Tables, Structures and Views
    Module Pools, Sub Routine pools
    BDC Programs
    Print Programs
    SAP Scripts, Screens
    User Exits
    Reward Points if useful.

  • How do you reset the Apple ID to a new one for the automatic updates download tool?  It defaults to my old Apple ID, even though I have changed the Apple ID to the new one everywhere I can find.

    I have an original Apple ID from my personal iPhone and iPad.  I bought a MacBook Pro for business and the Apple Store clerk told me to use the old Apple ID to make setup faster and that I could change to a new one later.   So... I did all that and changed the Apple ID everywhere I can find a place to do so.  And everything seems okay, except the Automatic Updates download tool defaults back to my original Apple ID.  That old Apple ID is grayed out in the login, so I cannot seem to change it to download and update under my new, business-related Apple ID for my MacBook Pro.  What to do?

    Yes, absolutely, you can still use the old ID to update, etc., but I understood the OP to want to simply discard the old one and use only the new one. Maybe I misunderstood...
    And, actually just now re-reading the first post, it could be that the ID had only been associated with the iDevices, so if he established a new ID and associated that with the new MBP, I frankly have no idea if he can still use the old ID on that machine (based on him saying that the old ID is greyed out) - have not come up with this type of situation before.

  • VM Role Authoring Tool - Disable AdminCredential username and password in the UI and provide hardcoded value

    I am want to keep AdminCredential as a parameter in VM Role Authoring Tool but I do not want user to be able to able to provide the password. As an Enterprise, we have a password policy that we use for Admin Password. The reason i want to keep it as an parameter
    is because if we ever decide to change the policy, i do not have to go back and change it at 100 places it was used. I just change the parameter value and it gets applied everywhere.
    This is what i have tried so far:
    I added the AdminCredential parameter in the separate category. I made
    Configurable to No and provided DefaultValue
    in the format Administrator:Password1 in the parameter and imported the definition in the Admin Portal. Now Administrator:Password1 shows up in the username field and password is still editable.
    In short, if possible, i do not want users to see the AdminCredential parameter. If i cannot hide the parameter, i want to disable username and password fields and provide hard coded value for it.
    Is there a way to achieve what i am trying to do?

    The assumption with Azure Pack is that the OS is Server and the OS has been generalized.
    Now, in the Azure Pack world this local admin credential is actually a special credential.  You cannot take it away, but you can set a default value in the designer.
    If a default value is set, you may be able to hide it from the view definition (I am not sure, since this is a special parameter), but you cannot remove the parameter from the resource itself.
    And a credential in Azure Pack gets interpreted to a username plus password string.
    I have added secondary accounts that capture a password string and a username (as strings, not credentials).  But again, I am not positive that this is allowed.
    Sorry for not having a straight answer, maybe someone will jump in with a better one.
    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

  • It's posible the OID role Provisioning With OIM?

    Hi experts,
    I'm installing and configuring the OIM connector for OID. However I've found on the installation guide the next 'warnings':
    - Reconciliation of roles is supported only for ODSEE and Novell eDirecotory target systems.
    - Provisioning of roles is supported only for ODSEE and Novell eDirecotory target systems.
    then my question is: how can I provision OID roles to any user using OIM??? If I can't do role provisioning to OID, I cant see so much utility for this connector.
    My request its to provisioning roles that I've created on OID, using OIM interface.
    Has anyone done this?
    Thanks for you time.
    regards.
    Edited by: Daniel Cermeño on Sep 10, 2012 4:39 PM

    Hi Leoncio and Gyanprakash,
    Tanks for your response, thats make me feel more quiet.
    I have still one question about this. In the installation and configuration guide says:
    - If you are using the default connector configuration, for every group in the target system, create a corresponding organizational unit (with the same group name) in Oracle Identity Manager. This ensures that all groups from the target system are reconciled into their newly created organizational units, respectively.
    - You can also configure the connector to reconcile the groups under one organization.
    Then, when I run the reconciliation of OID groups in OIM. I obtain one organization with one resource representing my OID group. Or, if I prefer, I obtaion one organization with many resource that represents all my OID groups. However, I dont find how to provision this resources to my OIM users, cause I need that one user be part of one o more groups. If I put the user in the organization that represent my OID group, how I can provision more groups?
    Furthermore, the reconciliations of OID groups creates resources/organizations, but in my understending this no create OIM roles isn't?
    I'm sorry for my ignorance. This maybe is a trivial question, but I hope you can clarify this concepts to me.
    Thanks for your time.
    regards.
    Edited by: Daniel Cermeño on Sep 11, 2012 8:08 AM

  • Data Transfer Tool for ECC 6.0

    Hi All,
         Good Morning. I would like to know if anybody has had the opportunity to use this tool in ECC 6.0. If so, where did you obtain the software related to this tool?
    Please Advise.
    Kind Regards,
    Daniel A. La Mendola

    I am actually looking for where the program resides and if it exists for ECC 6.0.  I have found tons of documentation, but nothing on how to obtain the tool itself.
    If anybody can assist me in the endeavor it would be greatly appreciated.
    Thanks again for you help

  • VPT (Voice Provisioning tool 1.0.2) issue- Can't see device

    Hi,
    Just wondering if anyone has seen this issue with VPT 1.0(2). When the customer tries to add a new phone via Voice Provisioning Tool he can't select a device type as there isn't anything in the drop down section. I have attached screen snapshot. It iss talking to CCM 4.1(3)SR5d.
    I have seen the bug CSCsb40475 but the IIS restart didn't help. Any help would be appreciated.
    Cheers
    Ati

    VPT 1.0(2) does not support the CCM 4.1(3) version 2. Please remove the CCM 4.1(3) version 2 plug-in via the procedure described here:
    http://www.cisco.com/en/US/docs/voice_ip_comm/vpt/1xrelnotes/mig/vptrnote.html
    Make sure you are following the install procedure here when installing Unity 4.1(1) plug-in:
    http://www.cisco.com/en/US/docs/voice_ip_comm/vpt/1xrelnotes/mig/vptrnote.html

  • SAP GRC AC 5.3 Roles provisioning

    Dear all,
    Anyone knows if SAP BW, SAP XI, SAP WF and SAP SP are standard sopported by SAP GRC AC for the roles provisioning?
    Thanks for your help!
    Kind regards,
    Sergio

    Hi Sergio,
    let's put the answer the other way round to make it easy.
    AC 5.3 CUP can provision ABAP roles and UME/Portal roles. Not more not less.
    This means if you have a solution which needs additonal provisioning to be done (e.g. CRM business partner assignment) then CUP won't be able to do that.
    Best,
    Frank

  • Need Resource planning tool in ECC 6.0

    Hi
    i need to findout Resource Planning Tool in ECC 6.0,Can anybody help me how to findout RPT tool in ECC6.0.
    Thanks & regards
    Vikram Gopal

    Hello,
    Resource Planning
    Use
    Resource planning is a planning aid. If you only know the quantities of consumed resources (see also: Resources) you can use resource planning to plan activity-dependent or activity-independent primary costs or revenues by quantity. You can carry out detailed planning of a cost element by subdividing the cost element on the basis of the resources. The system valuates the given resource consumption with a price, which you can store separately in the system.
    You can also link resources to a material or to a base planning object. This means that a resource or a base planning object has been entered in the resource master record. For the valuation of resource consumption during planning, the system uses the price of the material, regardless of whether you have defined a price for the resource during pricing (see also: Pricing).
    http://help.sap.com/erp2005_ehp_02/helpdata/en/17/316cc3b43011d19296c8d204c10000/frameset.htm
    Regards,
    Sourabh

  • Automatically role up reporting when manager leaves

    Hi,
    How do we automatically role employees up to the next level of reporting relations when a manager is terminated & they are not moved?
    For eg: if my manager leaves, my reporting should automatically role up to my manager's manager.
    Please advise if there is some configuration or standard report to perform this activity.
    Thank you,
    Manish

    This is actually standard SAP behaviour. When a manager position is empty, SAP considers the manager to be the next manager up the hierarchy.  This is how eg. MSS and reports for managers work.  Also I believe the FM that finds managers work this way. 
    Note that for workflows, the switch WFLOW/VAPOS needs to be set for the system to skip the vacant manager positions and go one level up.
    Kirsten

  • Succesful commands for Provisioning Tool(CS6/PC)

    Hi,
    Have any of you guys had any luck using the Provisioning Tool to unserialize a CS6-installation?
    If so - what was the command line you used?
    We've tested various commands but none of them have been succesful.
    Some gives the return code 1 and a single one gives the return code 0.
    The one giving the return code 0 should work, but sadly it doesn't actually unserialize.
    Our CS6-package is made using AAMEE and packed as a serialized install.
    After the install we plan on unserializing the install, but have no luck doing so.
    The reason for this procedure is bad experiences trying to serialize a trial install of CS5.5.
    Kenneth

    Hi,
    First of all some basics about our procedure.
    We deploy a serialized version of Master Collection packaged using AAMEE3.0.
    Once successfully installed we run this command:
    adobe_prtk --tool=UnSerialize --leid=MasterCollection-CS6-Win-GM
    to unserialize Master Collection. This gives the return code 0 and leaves us with a trial version.
    We then want to serialize to eg. Design & Web Premium - using the Provisioning Tool - and the Master Collection CS6 Install using this command:
    adobe_prtk --tool=Serialize --leid=DesignWebSuitePremium-CS6-Win-GM --serial=xxxx-xxxx-xxxx-xxxx-xxxx-xxxx --adobeid=[email protected]
    This gives the return code 0.
    If we then use the Provisioning Tool to unserialize Design & Web Premium using this command:
    adobe_prtk --tool=UnSerialize --leid=DesignWebSuitePremium-CS6-Win-GM
    this gives the return code 6.
    According to the oobelib.log this should be due to the LEID not being valid.
    I don't have a clean oobelig.log and amt3.log at the moment, but could prepare one if you want to take a look at it.
    Is it no longer possible to serialize to a different package using the Master Collection-install?
    This procedure worked in CS5.5 where we use it today.

  • Role Provisioning failed for System(s) : Connector Name . Error Message : malformedRequest

    Hi Everyone we are facing following issue in GRC-SAC-SAE 5.3_16.3. So far our CUP was connected to Enterprize portal (7.01) and auto provisioning for group to users worked. However now it is not working with below error.
    Role Provisioning failed for System(s) : <Connector Name>. Error Message :
    malformedRequest
    Failed request now
    Successful request used to provision
    Regards,
    Arpan Paik

    Arpan,
    We used to get those "malformed request" errors. We dealt with them by requesting the portal to be re-booted during the weekend maintenance window, making the portal security changes manually, cancelling the CUP request and notifying the requester. It's not a great solution, I know, but it was all we could come up with at the time. Then they upgraded the portal to NW 7.31, which is incompatible with GRC 5.3, and we have to do everything manually, so our situation went from bad to worse. Good luck!
    Cheers,
    Gretchen

  • TR History Data Migration Tool in ECC 6.0

    Hi,
    Is there any tool is ECC 6.0 to migrate old 4.6C transaction data in to ECC 6.0?
    We want to configure a new ECC 6.0 system with TR-TM and migrate all transaction data from old system 4.6C to ECC 6.0. All configuration of 4.6C in TR-TM and FI-CO will be maintained in ECC 6.0
    Please advise if you know any such tool in ECC 6.0
    Thank you.
    With Kind Regards,
    Naresh B. Pandya

    Hi,
    Got it.  I have done a similar project from 4.0B to 4.6C a few years back and it was painful, as there were no tools available.
    In ECC6, SAP provides an elaborate set of tools, however the process will still be painful, as you would first need to customise your ECC6 box as per 46C customisation, but there will be a difference in customisation due to the fact that FSCM is now used for Treasury, where position management and business parters are handled very differently.
    The 46C data will now need to be treated as legacy, the only benefit will be that data availability in the form you want will be easy.
    After you activate the extension EA-FS as suggested earlier, you will see the node for Financial Supply Chain Management in the IMG.  Navigate as below for the data transfer process:
    Financial Supply Chain Management ->Treasury and Risk Management->Transaction Manager->General Settings->Tools->Legacy Data Transfer
    You will need to refer to the IMG help and the link below for help.
    [Legacy Data Transfer|http://help.sap.com/saphelp_erp2005/helpdata/en/56/d880392c58ab54e10000000a114084/frameset.htm]
    Cheers.

  • Automatic user provisioning

    Hi,
    I have done provisioning manually from OIM to AD sucessfully.
    Now i wants it to automate. For example if i create a user in OIM in abc org, then it should automatically provision to AD in the abc org.
    To achive this i did the below steps
    1. Create a rule abcRule in Rule designer - organization name=abc
    2. Create a org name abc in the OIM and AD.
    3. Create a Role in OIM abcUserRole assign the Rule abcRule to this Role
    4. Create a access policy abcPolicy
    assign the AD user to this policy
    Now create a user in OIM, user is created in OIM and a member of abcUserRole, user is not provision to AD. Geeting the error
    javax.servlet.jsp.JspException: Can't insert page '/layouts/tjspClassicLayout.jsp' : Connection reset by peer: socket write error
         at org.apache.struts.tiles.taglib.InsertTag$InsertHandler.doEndTag(InsertTag.java:902)
         at org.apache.struts.tiles.taglib.InsertTag.doEndTag(InsertTag.java:465)
    Can you please suggest me.

    These errors can be ignored. But your issue is that resource not get provisioned to user.
    role is assigned to user or not after creation? if yes then check provisioning process is initiated or not I mean resource available under resource tab or not even in provisioning status.
    Let me know the answer for above query so that I can help you for further proceeding
    share console log with us
    --nayan                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • OIM 11g Peoplesoft Roles provisioning issue

    Hi All,
    We have configured Peoplesoft Connector 9.1.1.6 to provision roles to Peoplesoft through access policy. We are not able to provision multiple roles into Peoplesoft. It just provisions first role to user in peoplesoft and errors when provisioning the other role. The role names are matching in peoplesoft and OIM, pulled into the lookup.
    Error on Server :
    Running CREATEUSER
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    <Dec 19, 2011 1:26:54 PM EST> <Warning> <PSFTUM> <BEA-000000> <oracle.iam.connec
    tors.psft.usermgmt.integration.PSFTUMUserProvisionManager : createUser : Exclusi
    on List Attribute lookup not initialized>
    Running MODIFYUSERROLE
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    Running MODIFYUSERROLE
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : modifyUserR
    ole : Unable to Save user profile>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : The value entered in the field does not match one of the allowable values.
    You can see the allowable values by pressing the Prompt button or hyperlink.>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : An error occurred while changing the value of the field.>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : An error occurred while changing the value of the field.>
    <Dec 19, 2011 1:26:57 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    Running MODIFYUSERROLE
    Target Class = oracle.iam.connectors.psft.usermgmt.integration.PSFTUMUserProvisi
    onManager
    PSProperties not loaded from file. Couldn't find file: pstools.properties
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : modifyUserR
    ole : Unable to Save user profile>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : The value entered in the field does not match one of the allowable values.
    You can see the allowable values by pressing the Prompt button or hyperlink.>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : An error occurred while changing the value of the field.>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    >
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <oracle.iam.co
    nnectors.psft.usermgmt.integration.PSFTUMUserProxyProvisionManager : errorHandle
    r : The value entered in the field does not match one of the allowable values.
    You can see the allowable values by pressing the Prompt button or hyperlink.>
    <Dec 19, 2011 1:26:58 PM EST> <Error> <OIMCP.PSFTUM> <BEA-000000> <=============
    =======================================
    Any pointers would be appreciated.
    Regards,
    Ashok

    Hi All,
    Any pointer.
    Regards,
    Ashok

Maybe you are looking for