Backend roles neeed for user to access ESS related services
Dear Experts-
Can any one of you please point me to a document or let me know what exact role need to be assigned for a user on backend for him to access all ESS related services in Standard deployment.
read the note 857431
1129412 ESS: Authorizations and roles for WD services in ERP EHP3
844639 MSS: Authorizations and roles for WD services in ERP 2005
785345 Copying authorization default values for services
612585 New: Authorization default values for ext. services
The following roles were delivered for ESS with ERP 2005:
SAP_ESSUSER_ERP05: Single role, containing all non-country-specific
functions.
SAP_EMPLOYEE_ERP05_xx: Single role with the country-specific
functions. Each country version has its own
role (with xx = country ID). The corresponding
composite role is SAP_EMPLOYEE_ERP05.
Similar Messages
-
4016: User/Role relationship for user
Hi Guru,
I have a requirement to send email notifications to mulitple users.
I created a adhoc role and tried assigning the users to the role but I am getting this error. I am on R12.1.3
4016: User/Role relationship for user
Where do I pick the user to assign it to the role. Should I use wf_users, fnd_user.
I have the user_name in fnd_user and the name iin wf_users is the same.
v_role_name := 'XX_CUSTOM_ROLE'
v_role_display_name := 'XX Custom Display Role'
wf_directory.createadhocrole(role_name => v_role_name
,role_display_name => v_role_display_name
,role_description => null
,notification_preference => 'MAILHTML'
,email_address => null
,status => 'ACTIVE'
,expiration_date => NULL);
for i in v_asset_manger(g_project_id)
-----------v_asset_manger is a cursor which picks up all the assets managers on the project--------------
loop
select wfr.name into v_full_name from per_all_people_f papf, fnd_user fu, wf_local_roles wfr
where papf.person_id = fu.employee_id
and wfr.name = fu.user_name
and person_id = i.person_id;
select count(name) into v_count from per_all_people_f papf, fnd_user fu, wf_local_roles wfr
where papf.person_id = fu.employee_id
and wfr.name = fu.user_name
and person_id = i.person_id;
if v_count > 1 then
v_name := v_full_name||' '||v_name;
v_full_name:= null;
else
v_name :=v_full_name ;
end if;
end loop;
wf_directory.adduserstoadhocrole(role_name => v_role_name,
role_users =>v_name);
wf_engine.setitemattrtext (itemtype => p_itemtype,
itemkey => p_itemkey,
aname => 'XX_ASSET_MANAGER',
avalue => v_name
Hi Sree,
THanks for your reply. user_name in fnd_user, the role in wf_local_rules are same.
ex. KSURNAJ in wf_local_roles is same as in KSURNAJ fnd_user
Activity Type Function
Error Name WF_DUP_USER_ROLE
Error Message 4016: User/Role relationship for user 'KSURNAJ' and role 'MAIL_TO_ASSET_MANAGERS-1' already exists.
Error Stack Wf_Directory.CreateUserRole(KSURNAJ, MAIL_TO_ASSET_MANAGERS-1, PER, 2680, WF_LOCAL_ROLES,0) Wf_Directory.AddUsersToAdHocRole2(MAIL_TO_ASSET_MANAGERS-1) Wf_Directory.AddUsersToAdHocRole(MAIL_TO_ASSET_MANAGERS-1, "MINUHYE KSURNAJ") XXPA_BUDGET_APPROVAL_WF_PKG.Inside my look XXXX(PABUDWF, 120524, 258610, RUN) XXPA_BUDGET_APPROVAL_WF_PKG.xx_assign_approver(PABUDWF, 120524, 258610, RUN) Wf_Engine_Util.Function_Call(XXPA_BUDGET_APPROVAL_WF_PKG.xx_assign_approver, PABUDWF, 120524, 258610, RUN) -
Add root user to access all server services?
Hi,
How do I add root user in snow leopard server to access all its services. I have a admin account from which i can access all services but looking for root user to access all server services.
When ever I'm trying to ssh using root it gives an error.
Please find the error output below.
arth:~ gulab$ ssh [email protected]
Password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Thanks,
Gulab PashaThe root account is, and should be, disabled. There is no need to log in as root.
If you require root-level privileges for any task, use sudo once you've logged in using your admin account. If you need a root shell, then:
sudo -s
is your friend.
There used to be a way to enable the root account under earlier OS versions. There may still be a way to do it in 10.6 but I've never bothered looking since it's not needed. -
User does not exist while accessing ESS/MSS services
Hi Experts,
I have super admin rights, ESS & MSS roles assigned to me. The services under ESS/MSS are not working in development server & production server. It is working fine in Quality server.
earlier it was working fine in dev server.
Now when i am clicking on any of the services under ESS/MSS say for eg: ess-->leave request -->leave request(service)
i am getting the following error. I have posted this question earlier but not yet solved
Critical Error
A critical error has occured. Processing of the service had to be terminated. Unsaved data has been lost.
Please contact your system administrator.
User TESTUSER does not exist in this period
com.sap.pcuigp.xssfpm.java.FPMRuntimeException: User TESTUSER does not exist in this period
at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:111)
at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:121)
at com.sap.pcuigp.xssutils.pernr.FcEmployeeServices.initPernr(FcEmployeeServices.java:257)
at com.sap.pcuigp.xssutils.pernr.FcEmployeeServices.onInit(FcEmployeeServices.java:220)
at com.sap.pcuigp.xssutils.pernr.wdp.InternalFcEmployeeServices.onInit(InternalFcEmployeeServices.java:249)
at com.sap.pcuigp.xssutils.pernr.FcEmployeeServicesInterface.onInit(FcEmployeeServicesInterface.java:135)
at com.sap.pcuigp.xssutils.pernr.wdp.InternalFcEmployeeServicesInterface.onInit(InternalFcEmployeeServicesInterface.java:183)
at com.sap.pcuigp.xssutils.pernr.wdp.InternalFcEmployeeServicesInterface$External.onInit(InternalFcEmployeeServicesInterface.java:243)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:920)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:889)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.attachComponentToUsage(FPMComponent.java:1082)
at com.sap.xss.hr.rem2.selection.VcRem2Selection.onInit(VcRem2Selection.java:228)
at com.sap.xss.hr.rem2.selection.wdp.InternalVcRem2Selection.onInit(InternalVcRem2Selection.java:249)
at com.sap.xss.hr.rem2.selection.VcRem2SelectionInterface.onInit(VcRem2SelectionInterface.java:161)
at com.sap.xss.hr.rem2.selection.wdp.InternalVcRem2SelectionInterface.onInit(InternalVcRem2SelectionInterface.java:144)
at com.sap.xss.hr.rem2.selection.wdp.InternalVcRem2SelectionInterface$External.onInit(InternalVcRem2SelectionInterface.java:220)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:563)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:437)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:195)
at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:429)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:700)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:269)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:772)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:707)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:261)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:154)
at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:220)
at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1248)
at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:353)
at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:551)
at com.sap.portal.pb.PageBuilder.wdDoRefresh(PageBuilder.java:595)
at com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:826)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:723)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:261)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:154)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
I have specific authorizations in the backend too
The overview page of both ESS & MSS are opening, area page is opening properly. this error is displaying only when i click on the services in the area page.
pls tell me how to access these services without this error???
Thanks in advance,
vvThanks to both of you for your quick replies.
The user ID in both the portal and backed are same and the same user is existing in the infotype 0105. with start date 1.11.2007 and end date as 31.12.9999
the user ID in portal created on 06.11.2007
when i checked the start date in the backend, it was not mentioned.
So i changed both the backend start date and infotype 0105 date to 09.04.2008 and end date as 31.12.2008.
still i am facing same problem. any help pls
regards,
vv -
How to create individual user to access the proxy service in osb
Hi all,
i have created a osb project. i need only one user to access the project with particular user name and password. The project should result in error if any other credentials is being given.
The challenging part is that it should return a error message even when the user name and password is left blank. can anybody help me to resolve this issue?I'm guessing you're getting a 401 error back in soapUI. If so, this is because soapUI needs to send some credentials which match that user exactly.
How would that user invoke the service normally - with an embedded WSS user / password in the request, or with an x509 cert + Identity Assertion? SoapUI will have to do the same as the client application does.
In our environment, we use client certificates as authentication. Soapui is very good at presenting a client certificate if you have a .jks keystore with an identity cert. Since the role will only accept a single particular user, you would either have to expand the role to allow some admin access or have a certificate which presents the same CN value ( to map with identity assertion).
If the client app uses username / password, the 'request properties' window ( lower left in soapui ) has properties for Username and Password which can be configured. This may allow soapUI to submit that user, but I haven't tested that.
There's also the "Aut" tab in the request window which also allows the same. -
MSS 60.1,What are backend roles required for Manager in Backend
Dear all,
I am configuring MSS 60.1.0 with R/3 4.70 and Portal 7.0. Portal user is connected to a PERNR in backend, this PERNR is a chief for a particular org unit. Can some body please suggest me what R/3 roles* I need to assign to PERNR in backend so that this PERNR has authorizations to execute iviews in MSS?
For example Manager Generic needs to be assigned to PERNR?
Thanks and warm regards,
Aditya.HI
you will have to create manager as portal role and assigned to them necessary worksets containing necessary worksets look into the PCD in migrated content and line *?? folder you will have necessary ESS and Mss packages. and all configs is related to iviews system properties and transactions and applications you need to do it .please do not forget to give points
with regards
subrato kundu -
Roles/authorizations for user to Solman Diagnostics.
We have a need to have non-administrator persons access our Sol Man
Diags environment. We do not want them to access with j2ee_admin
account.
How / what roles or authorizations do I assign to restricted users so
users cannot see the administration and setup tabs and not be able to
turn traces on?The roles for the end users are mentioned in the standard SMD guide pleas go thuroug it
-
HT5239 Where can I get Apple FIPS Role guide for user so that I can use the APIs from my application
I am trying to use Apple's FIPS certified crypto library's crypto APIs in my application to do the crypto operations. For that I was asked to refer the "Role Guide : User" in the nist document. But I couldn't find the same. Can I know where I can download the same.
The OS X and iOS programming documentation is the Cryptographic Services Guide, and related manuals.
AFAIK, what you're probably after is the Common Crypto stuff that's part of libSystem. See man CC_crypto for some introductory details of that, and there's a sample program available.
The devforums.apple.com developer forums and the developer.apple.com web site will be better resources for programming questions than are these ASC forums (and that includes my answer here!), and the Fed-Talk mailing list might be of interest for this question.
Given the usual arc these security questions follow, I'd suggest ignoring what I've posted here and directly contacting the Apple Developer Technical Services (DTS) folks, and ask for formal help with this. The folks I've worked with over the years that were looking for FIPS 140-2 crypto stuff and similar usually have a requirement for a paperwork trail involved, and that means direct contact with the vendor when you cannot local published formal statements. Not unofficial stuff from random folks like me posted here in ASC. (There's an Apple contact on that FIPS page, BTW.) -
Hi Guys
How do we remove the role Y.R3.IS-XX.xxxxxx from all test users (T-) and assign the role Y.R3.IS-XX.RPT_FI_XXXX to all test users (T-) in Q
Any input on this is highly appreciated
Thanks
SVHi,
I am just sending you a sample of how to delete role using SCAT. you can modify to delete User from Role.
Use T-Code SCAT.
You will be prompted with initial screen
Test case enter some name ex: Z_MASS_ROLE_DELETION
Click on Create (Blank page icon)
In the initial screen on left corner button TCD click on this for recording a transaction.
Enter T-code in PFCG
Click on -> arrow button to continue
In the next screen you will be displayed with PFCG screen
Enter the role Name which you want to delete
Click on the Delete button (Bin icon)
You will be prompted with message box with yes or no and cancel
Click on Yes
You will be prompted with information acknowledge it by click on continue
Now the role is deleted.
Click on Back button (F3)
You will prompted with Intial screen where you have enter T-code in the pop-up box (PFCG)
Click on RED small button to stop of recording the transaction
You will be prompted with next screen for Title.
Enter the Title ex: Mass Role Deletion
Click on SAVE button
Save as local object (click local object button)
Go Back by click F3 (Back arrow button on the menu)
Pop up box with save option appears save
Click on YES
You are ready with recording of T-Code PFCG
To create a variable click on the edit (Pencil icon)
In the next screen you will be prompted with
C Funct. Object Text
TCD PFCG Role Maintenance
Double click on TCD column
In the next screen you will have the following information
Test case Z_MASS_ROLE_DELETION PFCG Role Maintenance
Transaction PFCG Role Maintenance
Permitted msg.
Processing Mode
In the above screen click on FILED LIST button which is on top left menu bar.
In the next screen you will find the list of values check for the Variable part (ie role name what we have mentioned at the time of recording (TEST123 ROLE)
Role AGR_NAME_NEU 030 TEST123
Replace TEST123 with & (this is done for the variable to be replace in future for new values)
Go back (F3) twice into initial screen and save
In the initial screen SCAT first screen
Go to the menu
GOTO -> Variant -> Export
Export will create a Text file (Z_MASS_ROLE_DELETION.TXT) save it on your desktop for easy editing
Open with EXCEL above text file (Z_MASS_ROLE_DELETION.TXT)
You will find below values
[Variant ID] [Variant Text] &AGR_NAME_NEU
--> Parameter texts Parameter contents
--> Default Values TEST123
Changes to the default values displayed above not effective
Place the list of roles which you have decided to delete under the column TEST123
Just Save file for any message just click on yes button.
Come back to SCAT initial screen click on execute (F8) clock icon on the right corner of menu tab.
In the next screen you will have option to choose
Log Type Processing Mode Variants
Long Errors External From file Choose
Choose the file (Z_MASS_ROLE_DELETION.TXT) which was edited with new values
Then Execute all the roles which are in file will be deleted.
I hope this helps
Try this with test roles first then on the Actual roles
If you have any problems let me know
Cheers
Soma -
PLS HELP! Any ideas to make editable text on iPad easier for user to access?
I am finding it difficult to easily allow the user to edit the text to the risks on the below project on ipad? It is easy via click on browser preview, but very fiddly on ipad.
Does anyone know of any easier ways for the user to edit the text via touch on ipad?
Thanks!
https://www.dropbox.com/s/7i2xu9n0pv8qqf2/RISKRADAR%20EDGE_fin.zipHI there, your current implementation seems pretty legit to me. I was able to edit the text prety easily the first time, but then when I try to edit the text again, I can't seem to select the text. Not sure if your drag behavior is overriding the input text.
-
How to add bookmark button for user to access application
I would like to add a button that will be an 'ADD BOOKMARK' concept for the user so that they don't try to save the url that is generated at the time they run the application.
I am using Apex 4.0.
Is anyone familiar with this concept?
I see it a lot on the internet with other websites.
Thanks,
MaggieThis post is made for the future Apex users that need this info.
I discovered a fantastic website that helped me generate the code needed for my apex page to add a bookmark link. This website is:
http://www.webmaster-affiliates.net/bookmark-site_doit.php
This was my code used (be sure to replace the curly brackets with a pointed less than/greater than bracket):
{div align=right}{a href="javascript:window.external.AddFavorite('http://your.url.goes.here:7780/pls/apex/f?p=Graphics_Status', 'Graphics Status')"}Bookmark Site{a}{div}
I created a page region and put the above code in the source field. Worked fantastic.
Maggie
Edited by: mjhamilton on Sep 2, 2010 7:59 AM -
Expiry Notification for User Guest Access on WLC
Is it possible and where to configure warning notification sent to guest users that their account is about to expire?
Also, is there a function in WLC to specify the start date for a local guest user?
Thanks....That's not possible.
You may look into the NAC Guest Server for advanced features with guest users. Be aware that it's not tied to NAC necessarily. Not sure why they put "NAC" in the product name :-) -
I need to configure WSA Ironport for user to access FTP on port 2235
We have internal users who need to connect ftp on port 2235.
can anyone share the information on how to configure itHi,
First you need to make sure the traffic is going to the proxy server, i.e. WCCP is redirecting traffic or you're set up correctly fro explicit.
Then you need to mkae sure that FTP is allowed in the Protocols and User Agents and that port 2235 is in the HTTP connect Ports.
Thanks
Chris -
Planner provisioning for user groups lost in Shared services
Hi All,
Everything was fine. All of a sudden, no users were able to login in to planning.
On investigation it was found that all the planner/planning provision to the groups is lost in the shared services.
Digged into log for a while and couldnt find out any issues.
What could be the reason we lost user group security provisioning only to planning?
Could anyone please help on this?
Regards,
GGI used to have same experience every time migration happens from dev to UAT or prod etc.
After migration, registering with shared service will be successful. When i try to sync, migrate user identities (provisionusers.cmd) from shared service all user group info vanishes in planning (Add/Edit access page). i.e hsp_access_control table is truncated or all rows are dropped.
Then i have to set it up correctly. Guess this happens because usergroups have different id between different environments. When sync'g planning at target, it will not be able to recognize the wrong usergroup id of source system.
My assumption:
When provisionusers.cmd is run, planning fetches the usergroup provisioning information from shared services in to hsp_access_control planning repository table. could someone confirm the same?
Is there any other way to overcome this issue recurring on every time migration happens?
But the problem today was different: the provisioning is lost in the shared services itself which i havent witnessed so far. We didnt migrate recently, everything was file till 8 AM, but screwed around 8.10 AM. everything was up and running.
Cheers,
GG -
Category for COREid Identity/Access Management & Web Services - Please!
The COREid products do not fit into any of the existing categories - we need an IDM, Access & Provisioning category.
I believe she is looking for a category in these forums that deals strictly with the COREid Identity and Access product. This would include COREid provisioning. I would see COREid Federation and Oracle Web Services Manager having thier own categories. Obviously we are previous Oblix partners who were accustomed to these products having thier own sections in a forum. Is this planned? Is this already in place and we just aren't looking hard enough?
Thanks,
Ryan Squires
Maybe you are looking for
-
Custom file names of B2B generated edi files
All, We have an outbound 834 EDI being implemented and there are two SOA Composites processing these based on some business case and we have a requirement of naming B2B generated edi files for trading partners in the delivery channels based on the SO
-
Cannot search using Search Bar
when i search any word like LOVE at search bar at top right of the browser,it come out with this: The requested URL /search?q=LOVE&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a was not found on this server. i also cannot go t
-
Hi guys I'm from South Africa I recently upgraded my ipad2 from ios5 to ios7 Since then my iPad only works on one network It also says on the top left hand corner no service with 3G next to it Please advice on what it could be and how can I get it so
-
Videos bought on iPhone won't sync to computer and have now been deleted
I bought 3 videos on my iPhone and when I synced it to the computer, they don't appear in my iTunes and now they've been deleted from my iPhone - how do I get them back?
-
Since upgrading my XP laptop ITunes to 7.3 my music volumne, on my laptop, is half of what it used to be. HP Pavilion PC Laptop Windows XP Pro