Can MDM users & roles be managed by IDM

Similar Messages

• MDM Users & Roles

  Hello All,
  I am trying to document all of the users and roles that are provided by the default installation of MDM 5.5 SP3.  I haven't been able to find anything specific regarding the users but with the roles I have found the following:
  -Business Expert
  -Master Data Administrator
  -Master Data Expert
  -OCI Subscriber
  I am also wondering what type of server MDM Server runs on.  By that I mean, does it run on NW Web Application Server 6.40?  I've gone through all the documentation on the marketplace and haven't found a clear answer.  It might be there, but I'm kind of overloaded on documentation.  I would just install MDM and play around with it but I don't have the software or hardware to do it at this time.
  Any help would be greatly appreciated.
  Thanks,
  Chad

  Subbu,
  Thanks for the information.  I found more documentation that leads me to a few other questions:
  1. When opening the MDM Console, are you prompted with a username/password or does the software just open up?  From what I've read, I would assume that the software just opens up and any authentication takes place when you mount a server (if the server is password protected).
  2. From what I have read and seen in diagrams, it looks like tcp/ip is used to communicate between the GUI clients and the
  MDM server.  Do you know if the authentication process between the two is encrypted or is it in clear text?
  3. When mounting a MDM server, I noticed that the MDM console user has to have administrator privileges for the machine on which the MDM server is running.  Is the MDM Console user an Operating System (Windows, UNIX) user?  I noticed that you start a MDM server with the "mds" account in UNIX and in Windows any account with Administrator privileges will work. SO does that mean the user I type in to mount the server has to exist in the operating system on the MDM server and has to have administrator privileges in order to mount the MDM Server?
  Thanks,
  Chad

• How check the user roles in Business Partner edition screen?

  Hello Masters,
  I'm having a little problem figuring out how to check the user roles to allow modification in some fields.
  At the 'Manage Organizational Data' screen ('Manage Business Partners' -> Business Partner Data -> edit). I need to check the user roles to let him change the 'Tax Numbers' values. The values can be changed only if the user is a administrator; otherwise it must only show the value.
  I checked the HTML Template and found where I can restrict this edition option, but the problem is that I don't know how to check the user roles here. Maybe there is a function to do this?
  Any ideas of how I can do it? Is there any magical BAdI to check this?
  Thanks in advance,
  José Omar

  Hi José Omar,
  there is no BADI for this...
  You have to change the standard code to display only tax data if the SY-UNAME does not have correct role.
  You can retrieve user roles with BAPI_USER_GET_DETAIL, or access directly the activity groups table.
  Rgds
  Christophe

• Query user roles and access

  hi,
  How can query user roles and access in whole database? I want to list username, status, rights, and role
  thanks
  P

  Hi,
  The data dictionary view dba_users has one row per user.
  The data dictionary view dab_role_privs has one row for every distinct combination of user and role that actually occurs ion your database,
  Are you interested in system privileges? See dba_sys_privs.
  Are you interested in individual grants, like the privilege to UPDATE a given table, or the privilege to execute a given stored procedure? See dba_tab_privs. (Don't be fooled by the name; it's not just for tables.)
  I hope this answers your question.
  If not, post some CREATE statements, that create tables, roles, and whatever else you want, and some GRANT statmeents that grant privileges on those objects. Pos the results that you would want to get from those objects and grants.

• SSO and how to Managing User Roles/Privileges with Forms using Oracle db

  We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
  In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
  Questions:
  -- Do we have to create users/passwords in both OID and application database?
  -- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
  Any advice and/or direction would be greatly appreciated.
  Thank you,
  Mika
  Edited by: user11846198 on Sep 1, 2009 1:41 PM
  Edited by: user11846198 on Sep 1, 2009 1:53 PM

  Yes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
  Greetings.

• How can I add a user Role member that is from a different domain

  We are currently building out SCOM 2012 R2 to provide monitoring as a service to some of our customers.  As of now we have the RMS on our own department's domain (Domain A) which we have full control of and we have a gateway server that is on the company
  wide domain (Domain B) so that we can monitor other departments devices as the leverage this system.
  Monitoring is working just fine on both domains and we are just working on fine tuning SCOM so that we can roll it out as a service we offer to our customers.  One of the next steps we are working on before rolling it out is giving specific users access
  to view only their own devices, dashboards, and groups.  So I created a Read-Only profile and went to add a user to test it out, but that user is on Domain B and SCOM is unable to resolve this account.  I'm seeing Event ID 26319 with Error Code 1332.
  How can I get SCOM to discover devices on a different domain so that I can give them different permissions for accessing the Operations Console and/or Web Console?  Is this possible?
  Here is the Error I'm seeing.
  Log Name:      Operations Manager
  Source:        OpsMgr SDK Service
  Date:          2/4/2015 1:11:59 PM
  Event ID:      26319
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      xxxxx.xxxx.xxxxxxxx.xxx
  Description:
  An exception was thrown while processing UpsertUserRolesV2 for session ID uuid:f3b4015e-9583-4237-b7a6-406826434553;id=40.
   Exception message: The creator of this fault did not specify a Reason.
   Full Exception: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException:
  Unable to resolve the user [email protected] associated with the user role. Error code 1332. Check your active directory configuration.).
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="OpsMgr SDK Service" />
      <EventID Qualifiers="49152">26319</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-04T21:11:59.000000000Z" />
      <EventRecordID>172748</EventRecordID>
      <Channel>Operations Manager</Channel>
      <Computer>xxxxx.xxxx.xxxxxxxx.xxx</Computer>
      <Security />
    </System>
    <EventData>
      <Data>UpsertUserRolesV2</Data>
      <Data>uuid:f3b4015e-9583-4237-b7a6-406826434553;id=40</Data>
      <Data>The creator of this fault did not specify a Reason.</Data>
      <Data>System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException:
  Unable to resolve the user [email protected]  associated with the user role. Error code 1332. Check your active directory configuration.).</Data>
    </EventData>
  </Event>
  Thanks for any help I can get in resolving this issue.
  Jake

  The SCOM Management Server is in Domain A.  I've tried it already and it has failed.  
  So just to clarify the method I used was to go to Administration>Security>User Roles.  Then New User Role>Read-Only Operator.  In the Create User Role Wizard I then gave the User Role a name, Clicked "Add" under User Role Members.
   Then the Select Users or Groups window pops up and I changed the Locations from Domain A to Domain B and searched for the user, which it's able to find, then clicked "OK" to add it to the User Role members which it does just fine.  On
  the next page which is Group Scope I checked the one group I want this account to have access to and then click next.  This brings me to Dashboards and Views where I click the radio button for "Only the dashboards and views selected in each tab are
  approved" and chose the folder of dashboards I want this account to access and then click next.  This brings me to the Summary and I click "Create".  At this point it thinks for a moment then closes out the wizard but the new Read-Only
  Operator does not appear.  I then look in Event Viewer and see the Event I pasted above.
  Am I doing something wrong here?  Any guidance on how to get around this issue would be much appreciated.
  Thanks,
  Jake

• Solution Manager 4.0 Solution Monitoring User -Roles-Profiles for Satellite

  Hi All,
  I have installed Solution Manager 4.0 (OS -Linux ,Database - DB2) .
  Now i need to connect solution manager to the R/3 4.6C
  Satellite Systems (DEV, QAS ,PRD) for Solution Monitoring
  and Service level Reporting .
  I have read the configuration guide , but unable to get clear idea .
  1) what users (alos type of user -Dialog , Service, Communication etc) do i need create in DEV , and Test in QAS  for solution Monitoring  .
  2) what exact roles /profiles need to be assigned to these users in satellite systems .
  3) what users/roles /profiles needs to be done in SOLMAN system
  i have applied all the required plug ins and support packs
  in satellite systems and solman 40 ..
  Please advice  . Your response will be a great help for me .
  Satish

  Hello Satish,
  Just clarify, if u have meant connecting the satellite systems for EWA reports to be precise. Early watch Reports. If its is the case, then repond so that i can putin my inputs which may be helpful for you in this config.
  Rgds,
  Sri

• Pull User Role from identity manager in BPM process

  Hi,
  How can I pull user name, user role from different identity manager in order to configure hierarchy workflow in BPM process? can any one guide me on that??
  Regards,
  Amik

  I'm having the same problem on WebLogic 10.3

• User role to access configuration management in NWA

  Hi,
  What USER role is required to create the destination information in configuration management in NWA. When I access NWA, I only have access to SOA management which has only Monitoring tools with role SOA technical ADmin.
  I need this to convert IDOC XML to flat file.
  thanks
  Prashanth

  Hi Prasanth,
  I am not sure about the exact role but, the ABAP role "SAP_NWA_FULL" & Java role "NWA_SUPERADMIN" will certainly help. This is the role that i had when i was trying a similar scenario.
  Please take a look at the following link which might be helpful:
  http://help.sap.com/saphelp_nwpi71/helpdata/en/45/c7ca8e89e45592e10000000a1553f7/content.htm
  You can infact ask your Basis team to help you out with this.
  I hope this helps.
  Regards, Gaurav.
  Edited by: Kumar Gaurav on Nov 9, 2010 5:57 AM

• User Role Management Setup

  Hi All,
  I'm currently performing a setup in User Role Managment around roles for a department. We've identified 11 roles we need to create and the responsibilities that need to be assigned to the roles.
  We've created a Role Category so all our setups can be easily identified and reported on.
  Then we've created 11 roles in Role & Role Inheritence, then assigned the responsibilities. And from there, assigned the role(s) to the users.
  Is this the general way of creating roles etc? I haven't been able to find a BR100 that i can compare our setup to. I don't want to start progressing the setup into our UAT environment if my setup is fundamentally flawed.
  Cheers,
  Russell H.
  Origin Energy.

  Hi,
  Please refer to "Oracle Applications System Administrator's Guide - Security" manual for the steps and the guidelines you need to follow.
  Oracle Applications Documentation
  http://www.oracle.com/technology/documentation/applications.html
  Regards,
  Hussein

• UMX - Enabling the Remove button on User Role Management screen

  Hi,
  I tried looking everywhere on how to enable the Remove Button on the UMX Role Screen. Please advice me if anyone knows about this. Appreciate it.
  Navigation
  1 User Management Responsibility
  2. Users tab -> look for any user -> click on update button on the search result
  3. on the Roles tab , you will see a list of role assigned to the user , on the far right , there will be a Remove column with all the icon grey out. (How do i enable this???)

  Laurent wrote:
  Hi,
  I tried looking everywhere on how to enable the Remove Button on the UMX Role Screen. Please advice me if anyone knows about this. Appreciate it.
  Navigation
  1 User Management Responsibility
  2. Users tab -> look for any user -> click on update button on the search result
  3. on the Roles tab , you will see a list of role assigned to the user , on the far right , there will be a Remove column with all the icon grey out. (How do i enable this???)You cannot remove a role and you will have to end-date it (click on the plus sign with the "Show" text > Set "Active To").
  To revoke a role from the user, you must end-date the role. If the role is an inherited role, you can only remove it by removing the role from which it originates in the role inheritance hierarchy. You can view a role's inheritance hierarchy by clicking on the Show hyperlink next to the role.
  Assigning Roles to or Revoking Roles from Users
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156460.htm#366082
  Thanks,
  Hussein

• Cisco Security Manager Local RBAC Authentication Radius assign user role

  Is it possible to use Cisco Security Manager with local RBAC, authenticate the user to Radius and retrieve it's role from Radius. Getting the authentication to work isn't the problem, but is it also possible to return the role the user has (i.e. Super Admin) via Radius, without having to create all the users one-by-one in the local CSM database with the correct role.
  Can i use a certain Cisco-AV-Pair attribute to return the user role via Radius?

  I just got asked to look at the same situation by one of our security people.
  We have exactly the same problem but it reports a username of "*****" and we are running CSM 4.7 (upgraded last week)

• From which table we can get the Role of the User in SRM

  Hi  All,
      I need to prepare a report which displays the user and his role in srm. So from which table i can get  the role of the user if i have the Userid.
  Thanks
  Channappa Sajjanar

  Hi
  t- code
  SUIM->rOLES->BY USER ASSIGNMENT
  SELECT WITHASSIGNMENT OF USER = username
  AS A OUTPUT YOU MAY GET ROLE ASSIGNED TO THAT USER.
  if you want which FM - you debug while executing this report.
  regards
  Muthu

• End User Role for Service Desk in Solution Manager

  Hey,
  I am launching the Service Desk functionality for my End Users. One thing that i want to know of is the role that I should assign my user in Solution Manager to access his message. E.g.
  I have a user 'A' who creates a message from any system in my landscape:Test, QA, Dev or Production. Now this message reaches in Solution Manager and is assigned to a certain Support Team according to the rules I defined. Now the personnel of Support Team needs some feedback from the end user who created the message. For that the user 'A' has to log into Solution Manager, access his message and enter the details which the Support Team requested.
  I want to know that what Role should i give to this user 'A' so that he is able to access ONLY the messages that he created i.e. "Reported by" field showing user 'A'; and is able to view and edit them.
  If I give him the role SAP_SUPPDESK_CREATE and SAP_SUPPDESK_DISPLAY, he is just able to see the messages, all of them, but is not authorized to edit any. Please help me out in this matter as i need a solution asap.
  Regards,
  Bilal Nazir

  Hi Nazir,
  Create a role and add this t-code manually.
  CRM_DNO_MONITOR - Transaction Monitor
  This is will definitely solve your problem.
  Feel free to revert back.
  Thanks and Regards,
  Ragu
  ERP,
  Suzlon Energy Limted, Pune
  Extn: 2638
  +919370675797
  I have no limits for others sky is only a reason

• On the web how can I check the user role to display the form suitable for this role i

  Hello
  How can I check on the web the use role to display the a form for each role
  Example
  If the admin login I display admin_form.fmb and if user login I display
  user_form.fmb
  Thankx
  Tamer

  In my forms I hide tab pages according the role using something like the following script in the WHEN_NEW_FORM_INSTANCE trigger.
  So the user can not navigate to tabs which are vorbiden by his role.
  CURSOR users_roles_cur IS SELECT granted_role FROM user_role_privs
  WHERE username=(SELECT user FROM dual);
  user_roles_rec users_roles_cur%ROWTYPE;
  IF users_roles_cur%ISOPEN
  THEN
  CLOSE users_roles_cur;
  END IF;
  OPEN users_roles_cur;
  LOOP
  FETCH users_roles_cur INTO user_roles_rec;
  EXIT WHEN users_roles_cur%NOTFOUND;
  MESSAGE (user_roles_rec.granted_role);
  PAUSE;
  IF RTRIM(user_roles_rec.granted_role,' ') = 'BLA-BLA'
  THEN
  tb_pg_id := FIND_TAB_PAGE('activity');
  IF GET_TAB_PAGE_PROPERTY(tb_pg_id, visible) = 'FALSE' THEN
  SET_TAB_PAGE_PROPERTY(tb_pg_id, visible, property_true);
  END IF;
  END IF;
  END LOOP;
  CLOSE users_roles_cur;
  Other solution may be is to use an initial form which only will detect the user role and run the appropriate form.
  Other solutions are also possible.
  Joseph