Can FDM user maintenance be automated through backend?
We have a FDM environment with 2 FDM apps for 3000 entities and about 700 users. You might have figure out that maintaining security across large number users since each one has to be done manually across both apps. Now we are about to start using FDM for our planning application and the security scenario gives us a nightmare.
Has anyone automated FDM security maintenance? Is it through APIs or SQL backend?
Any help would be really appreciated.
I have multiple FDM applications as well as a test environment. I usually sync all of the production App to the other pieces and override certain sections for instance :
A.) Production - This is production Actual Reporting App
B.) Budget - This is a Budget FDM App. I want to keep all of the users, locations, etc. However, as we use multi-load, I don't care about the individual maps. Instead I map everything to * as the multi-load templates use our HFM accounts.
I have a SQL script I wrote which copies the necessary details from A to B and then I do an update to set every location of the proper type to have a parent map for a special location I called BudgetLocation.
I also have FDM app C.) Tax
Tax is an EXACT copy of actual. The reason I keep it separate from the normal production app; however, is they load to production HFM server but to different scenarios. End users (no offense) are not aware enough to realize what Scenario (category) they are in so things get messy if we are not paying attention.
I made a more generic SQL Server Stored Procedure that copies a GOOD NUMBER (BUT NOT ALL) of the FDM tables. This will copy users, groups, locations, mappings, etc. It does not copy Categories, or other System tables (periods, currencies)
Additionally, keep in mind if you have any custom scripts, you will need to sync the /Data/Scripts folder....
If you use this, great; however, USE THIS AT YOUR OWN RISK. I AM NOT RESPONSIBLE IF YOUR SERVER BECOMES SELF AWARE AND ATTEMPTS TO TAKE OVER THE KNOWN UNIVERSE. Seriously though, use this at your own risk........ so test it. It works for me. (NOTE this works for SQL 2005 and newer only, not 2000)
-=-=-==-=-=-=-=-=
-- NOTES
-- ##TARGETDB## - Replace this with the name of the Database that you want to SYNC
-- ##SOURCEDB## - Replace this with the name of the Database that is the data source
-- disable referential integrity
EXEC sp_MSForEachTable 'ALTER TABLE ? NOCHECK CONSTRAINT ALL'
--Clear User Security
TRUNCATE TABLE ##TARGETDB##.dbo.tSecUserPartition
TRUNCATE TABLE ##TARGETDB##.dbo.tStructPartitionLinks
delete from ##TARGETDB##.dbo.tStructPartitionHierarchy
TRUNCATE TABLE ##TARGETDB##.dbo.tDataArchive
TRUNCATE TABLE ##TARGETDB##.dbo.tDataCheck
--Attempt to clear out the tDataMapSeg tables
EXEC sp_MSForEachTable '
DECLARE @TableName VarChar(100)
Set @TableName = PARSENAME(''?'',1)
IF left(@TableName,8) = ''tDataMap''
TRUNCATE TABLE ##TARGETDB##.?
GO
--Attempt to clear ou the tDataSeg tables
EXEC sp_MSForEachTable '
DECLARE @TableName VarChar(100)
Set @TableName = PARSENAME(''?'',1)
IF left(@TableName,8) = ''tDataSeg''
TRUNCATE TABLE ##TARGETDB##.?
GO
TRUNCATE TABLE ##TARGETDB##.dbo.tLogActivity
TRUNCATE TABLE ##TARGETDB##.dbo.tLogProcess
TRUNCATE TABLE ##TARGETDB##.dbo.tDataArchive
delete from ##TARGETDB##.dbo.tSecUser
delete from ##TARGETDB##.dbo.tPOVPartition
TRUNCATE TABLE ##TARGETDB##.dbo.tBhvValEntItem
delete from ##TARGETDB##.dbo.tBhvValEntGroup
TRUNCATE TABLE ##TARGETDB##.dbo.tBhvImpItemFile
delete from ##TARGETDB##.dbo.tBhvImpGroup
-- RECOPY Data from Prod DB to Budget DB
insert into ##TARGETDB##.dbo.tBhvImpGroup
select * from ##SOURCEDB##.dbo.tBhvImpGroup
insert into ##TARGETDB##.dbo.tBhvValEntGroup
select * from ##SOURCEDB##.dbo.tBhvValEntGroup
insert into ##TARGETDB##.dbo.tBhvValEntItem
select * from ##SOURCEDB##.dbo.tBhvValEntItem
insert into ##TARGETDB##.dbo.tBhvImpItemFile
select * from ##SOURCEDB##.dbo.tBhvImpItemFile
insert into ##TARGETDB##.dbo.tPOVPartition
select * from ##SOURCEDB##.dbo.tPOVPartition
insert into ##TARGETDB##.dbo.tStructPartitionHierarchy
select * from ##SOURCEDB##.dbo.tStructPartitionHierarchy
insert into ##TARGETDB##.dbo.tStructPartitionLinks
select * from ##SOURCEDB##.dbo.tStructPartitionLinks
insert into ##TARGETDB##.dbo.tSecUser
select * from ##SOURCEDB##.dbo.tSecUser
insert into ##TARGETDB##.dbo.tSecUserPartition
select * from ##SOURCEDB##.dbo.tSecUserPartition
--Attempt to import data
SET IDENTITY_INSERT ##TARGETDB##.dbo.tDataMap ON
insert into ##TARGETDB##.dbo.tDataMap (PartitionKey, DimName, SrcKey, SrcDesc, TargKey, WhereClauseType, WhereClauseValue, ChangeSign, Sequence, DataKey, VBScript)
select PartitionKey, DimName, SrcKey, SrcDesc, TargKey, WhereClauseType, WhereClauseValue, ChangeSign, Sequence, DataKey, VBScript from ##SOURCEDB##.dbo.tDataMap
SET IDENTITY_INSERT ##TARGETDB##.dbo.tDataMap OFF
-- Update parent locations ...
-- This is used for my budget copy to get every location working for multi-load * mappings
--update ##TARGETDB##.dbo.tPOVPartition
--set PartParent = 'BudgetTemplateLoc'
--where
--PartName <> 'BudgetTemplateLoc' and PartControlsType = 1
-- enable referential integrity again
EXEC sp_MSForEachTable 'ALTER TABLE ? CHECK CONSTRAINT ALL'
GO
Similar Messages
-
ISupplier user Registration through backend
Hi All,
We are oracle EBS 12..1.3.
I am trying to automate iSupplier users through backend and my problem is kicking off workflow APPROVE to create the user.
FND_REGISTRATION_UTILS_PKG.publish_approval_event is the workflow to be fired. and it was returning 'N' always.
[http://karthikrajasekaran.blogspot.com/2008/09/objective-following-is-outline-for.html]
I am using FND_REGISTRATION_PKG.insert_fnd_reg_details,FND_REGISTRATION_PKG.insert_fnd_reg_details API's in my code to insert records for each iSupplier user.
Any ideas?
Thanks,
Raav.Hi,
Could something like this work:
Add to your user table registration id e.g. using sys_guid() and flag is registration confirmed.
Create register confirm page e.g. 250 and hidden item to page P250_REGISTER_ID.
Set page as public
Then send link like
http://yourserver:port/pls/apex/f?p=APP_ID:250:::NO::P250_REGISTER_ID:REG_ID
Change APP_ID to be your application id and dynamically REG_ID to be what you did generated from sys_guid() for that user.
Then create to page 250 after header process that check P250_REGISTER_ID and set registration confirmed flag to your user table.
You can have e.g. 2 regions with info on page 250 and show those according check of P250_REGISTER_ID and if user has already confirm registration and so on ....
This was shortly how it might be done/work. Hope it helps
Br, Jari -
Parallel How many times user can login to the SAP system through ITS
Hello all
We are using the ITS ---620 and following 46D R/3 system
R/3 system details:
Kernal :
kernel release :46D
O/S :SunOS 5.8 Generic_108528-05 sun4us
We would like to now, At a time How many times user can login to the SAP system through ITS
Kindly letus know if any one have idea about parameter which can restrict the end users to u201CNu201D times/ sessions.
Transaction SITSPMON/SMICM are not working in R/3 system as it is 46D.
We found that parameter u201Clogin/disable_multi_gui_loginu201D works with SAPgui logons.
System logons using the Internet Transaction Server (ITS) or Remote Function Call (RFC) are not affected by this Parameter u201Clogin/disable_multi_gui_loginu201D
I need similar parameter u201Clogin/disable_multi_gui_loginu201D for the ITS users.
ThanksI have searched all docs and notes.
Everytime the answer is PArameter for multi_gui_logonis not applicable for SAP Gui for HTML ( Browser )
The functionality does not exist for SAP Gui for HTML.
Regards, -
How i can send a mail to the user SAP Office mailbox through the spool.
hi all,
I have created an report and scheduled for background and it generated a spool now how i can send a mail to the user SAP Office mailbox through that spool.
please provide me the sample code if possible.
thanks.Read the spool number with this...
SELECT RQIDENT
INTO (T_TSP01-RQIDENT)
FROM TSP01
WHERE RQOWNER EQ SY-UNAME
AND RQCLIENT EQ SY-MANDT.
APPEND T_TSP01.
ENDSELECT.
Use this FM RSPO_IRETURN_RAW_DATA to read the content of the spool into an Internal Table...
Finally use this FM SO_OBJECT_SEND to send the mail to an SAP Office user...
Greetings,
Blag. -
How can reset password of bulk users in one time through AD or script?
how can reset password of bulk users in one time through AD or script?
Hello Mr. Lovely,
Do you have ActiveDirectory Module which shipped with Windows Server 2008 R2? If you have it, you can complete this task very easily.
#First, you need to import ActiveDirectory Module
Import-Module ActiveDirectory
#Second, generate a SecureString which contains the password.
$securePwd = ConvertTo-SecureString -String "P@ssw0rd!" -Force -AsPlainText
#Third, find the Active Directory users ,and use Set-ADAccountPassword for resetng the password.
Get-ADUser -Filter {Name -like "Test*"} | Set-ADAccountPassword -NewPassword $securePwd
Also, you can review following link for more details about the Active Directory cmdlets.
Active Directory Cmdlets in Windows PowerShell
http://technet.microsoft.com/en-us/library/ee617195.aspx
Best Regards,
Greg Gu
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
C# Code that can add user directly to the AD through custom share Point form
Hi
Here is my requirement. Can anyone resolve???
Trying to build a Visual web Part in which system administrator can add user directly to the AD through custom share Point form.
Please help in doing this...Hi
Use DirectoryEntries.Add Method
https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx
Or
www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
Or.
www.morgantechspace.com/2013/10/create-new-active-directory-user-in-c.html?m=1
Regards, Rajendra Singh If a post answers your question, please click Mark As Answer on that ost and Vote as Helpful http://sharepointundefind.wordpress.com/ -
Can we get user's phone number through coding
HI, I want to know that, how can we get user's phone number through coding and is it possible to send sms to some number without concerning to user. I required this for developing the mobile tracker application which will detect that the phone is stolen.
The developer forums are here: http://devforums.apple.com
Documentation for iOS developers is here: http://developer.apple.com/devcenter/ios/index.action -
Hi there,
some days ago I purchased an Airport Extreme router with disk to move my iphoto library there and free space of my crowded macbook pro.
Everything was working well (iphoto takes a little bit longer to start and quit) but now I can't see my photo library through my apple tv.
It keeps loading the library forever.
Is there any problem doing that?
Thanks
jmHelp,
Thanks for the quick answer and for the welcome.
Yes I selected it in the iTunes sharing options (in fact several times, with resets in between just in case)
I think that it's related to the size of the library (more than 8 gb) and e fact that is in a remote disk (in the AirPort Extreme)
Hope anyone has the solution :-))
Thanks again!
Jm -
how to register a new responsibility in apps through backend. please give me the full details about it
Hi,
From backend you can add a responsibility to a user using FND_USER_PKG package, and there are so many hit in the google. Let me point out 1:
http://manoharbabuapps.blogspot.com/2013/08/how-to-add-responsibility-from-back-end.html
I personally dont know of any API where you can create a responsibility from backend, but from front end you can create. Steps detailed in following link:
Oracle Applications: creating responsibility in oracle apps R12
Thanks &
Best Regards,
Asif -
Hi, SDN Fellows.
This should be a Basis question. But I only able to find this category (Netweaver AS) to write this post.
Our current user management engine is taken the user data source from the ABAP System (CRM system).
I know that I can do the user maintenance tasks through TCode: SU01.
I just wonder where I can see the log for all the user management activities, i.e. 1) User account creation; 2) user account deletion; 3) user profile modification and etc for particular period.
Another question, can I see this activity through portal too? Assuming I am having Super Admin role portal.
Thanks,
KentHi Kent,
You can view the information in SU01-->Information----> change documents for the user your 1,2, and 3 can be viewed here.
This information you can't see in the portal even you had super user access.
Regards,
Hari. -
Mass User Maintenance in Portal
Hi All,
is there a way to do mass user maintenance in EP (7.01) just like we use SU10 in the ABAP stack? We need to change the user mapping for system access for all users (400+) for MDM catalog integration.
Any help is appreciated.
MarcoHi Pavan,
If your requirement is just to assign user groups to a single user who exists in the Portal, you can do that through Identity Management by searching for the user and by modifying the assigned groups.
If the user does not exist in the Portal and you wish to import the user and assign the groups simultaneously, you can use the Import feature of UME. Using the import functionality, all the user information will get imported, including the roles and groups assigned. Please refer to the below format:
[User]
uid=userid
last_name=Lastname
first_name=Firstname
language=en
accessibility=0
role=pcd:portal_content/com.sap.portal.xxx;
group=Administrators;
Hope this helps!!!
Regards,
Anurag -
Changing Configuration Table to user maintenance table
Hi SDN team,
I recall that there was an OSS note that described the procedure to change a table in configuration to a user maintenance table. We have a scenario where the purchasing group table is maintained via IMG and the business process wants to maintain this as a master data table. Can anyone either walk me through the process of setting this up or point me to the OSS note that references this functionality?
Thank you.
NguyenCommunicate your approach and dont forget the newbie who may join your company in future !!!
if one is not aware that you maintain customizing tables in production, and does customizing as usual in developement system and transports the changes, then he may create a lot problems.
It happened to me personally. I was not aware that purchasing groups had to be maintained in production system as I joined a new company. (But still the request for a new purchasing group is send to IT) . so I just took the free next number in dev-system and transported to production. And here I overwrote an entry that was only present in production......... -
Can two users access the same bootcamp (win os) instance?
We are two users who are using our imac and we both have own user names in mac os. I created a bootcamp partition with windows xp on it. Can both users access the same partition and create their own user spaces within xp?
Will that work also if we use Parallel or virtual box? (access the same user data as in boot camp?)
I would like to have the option for each user to access their windows data either through bootcamp or through the virtual tool.
Message was edited by: gss2
Message was edited by: gss2gss2 wrote:
What do you mean Virtual box it will not run on its own partition? I have a virtual box running on my desktop and it runs just fine ...own partition?? I don't understand.
Running on its own partition means that the installed OS has its own formatted portion (partition) of the hard drive. A virtual machine does not have its own partition. It creates a virtual partition (a file on the computer) that simulates a file system (partition). So Virtual Box, or any other virtualization software, does not run Windows, or any other OS in its own partition. -
Removing the responsbility of user maintenance from the DBA
Suppose you were working with a customer whose DBAs refuse to be involved with user maintenance, i.e. creation and deletion of users, password maintenance, role and privilege assignment etc. What technology and/or approach would you recommend?
Some random thoughts along this line:
1. Ask the DBA to create one user with CREATE USER and ALTER USER privileges, and give that user access to SQL*Plus so that he can run the queries to create and maintain users himself. Obvious downside: Someone else has to know SQL, at least a few SQL statements, or have a custom user interface built for them that wraps the SQL statements. Is this really such a bad solution?
2. LDAP or OID. I don't understand enough about either of these two technologies to truly be able to discuss the pros and cons. How exactly do they work in a Windows network envionment, perhaps one with or without Active Directory and/or Windows Groups? Can they really allow someone other than the DBA to create users, maintain passwords and maintain roles and privileges? If so, doesn't the person in charge of assigning roles and privileges to users have to have CREATE USER or ALTER USER privileges anyway? Really, why would this be such an improvement over solution #1?
3. Any other approaches and/or experiences along this lines anyone wouldn't mind sharing?
Appreciating any and all insights,
DTXCFTHanks sybrandb.
On #2, suppose the application is set up in such a way that by default all of the security is handled in the database, i.e. when the application is installed and the scripts run to create the database it creates roles like these:
cst_role_product_editor
cst_role_product_admin
cst_role_product_viewer
cst_role_order_viewer
cst_role_order_admin
cst_role_order_editor
cst_role_store_viewer
cst_role_store_editor
cst_role_store_admin
in other words, for each object type in the database (stores, products, orders, coupons, catalogs etc.) all of these roles are created at the database level, and by default, each individual user has to be created using a CREATE USER command with the proper roles assigned.
If I take an application like this to the client and they say they want to implement LDAP and/or OID, when the people who create these users outside the database as you mention,
1) Does it create any additional actual Oracle users, and
2) Can LDAP and OID handle actually assigning these users to specific Oracle roles?
And one more question - can you explain what exactly is a proxy account to a rookie like me who thinks proxy sounds like the name of a night club you'd find in Las Vegas?
Sorry to impose so much but I do appreciate the help. -
How to prevent users from taking print through ME23N
Hi Everyone,
Please guide me for the following query:
How can we restrict users from taking print through ME23N as through print preview in ME23N user is provided an option of taking print of the document.
Please guide with authorization object information.
Please guide.
Thanks and RegardsHi Dear,
Consult with ur BASIS person.he can help u ........
thanks
Maybe you are looking for
-
Questions about iPod photo and Apple Protection Plan
I have an iPod photo and an APP that expires May 2007. My iPod's battery has permanently run out and I plan to use my APP and send it to Apple. Here are my questions: 1. What is the best way to contact them about sending my iPod to them? 2. Does the
-
Correcting useful life of an asset in previous year
Hi, We have implemented SAP last year in April at one of our sites. At the time of initial upload of assets, we made a mistake and some of the assets were uploaded with incorrect useful life. Till date every month we were running depreciation based o
-
Hi, I have an iPhone 5s, sometimes when I'm using an app(game) I am unable to quit the app. The funny thing is: the app is still working fine, doesn't hang and I can still interact with it, but I just can't quit it or access multitasking( be it using
-
Is there a way I can tell if the unlock worked?
I just followed the instructions to unlock an old iPhone 3gs that I want to take on vacation overseas. I didn't get any sort of message when I was done. I don't want to be stuck overseas figuring out an unlock w/o my normal gear. Is there a way to te
-
SQL Statement error - Kindly help!
Been scratchin my head but still can't figure why it's failing ..Trying to populate the space usage for the relevant tablespaces: Get the below error. Kindly advice? column free_space_mb format 9999999.999 column allocated_mb format 9999999.999 colum