Central User Administration Idoc's for a XI system
Hello,
We are setting up a Central User Administration (CUA) in Solution Manager. One of the systems that needs to be a child of this CUA is a SAP XI 2.0 system.
The distribution of the Users is done by IDocs.
Everything is working fine from the CUA to a SAP R/3 system.
But when we make the XI 2.0 a child all the IDoc's are caught by the XI IDoc adapter in stead of going directly to the IDoc inbound handler of the XI system.
Has anyone been able to send an IDoc to an XI 2.0 and bypassing the IDoc adapter and sending them directly to the XI IDoc Inbound handler?
Any kind of info will be greatly appriciated.
With kind regards,
Leon Boeijen
Hi Leon,
to bypass the IDoc Adapter for specific IDocs you can specify these IDocs using the report IDX_SELECT_IDOCTYPE_WITHOUT_IS.
Kind regards,
Andreas
Similar Messages
-
Hello,
i want to realize a central user administration between two different SAP Systems.
In an testing environment i realized it between two logical systems with different mandants in one SAP system.
Now it should work between two hosts. For example SAP1 192.168.150.1 and SAP2 192.168.150.2. What are the differences i have to consider?Lets take two systems with SIDs: SA1 and SA2.
1. Cerate logical system name SA1MNDT100 on SA1 identifying mandant 100 on SA1
2. Assign it to mandant 100 in system SA1
3. Then on SA2 you have to tell that there is system named SA1MNDT100 ready for communication, so you must create logical system name SA1MNDT100 in SA2 but you dont assign it to any mandant (because from SA2 point of view it is a remote system)
4. Then on SA2 create the RFC Destination with exactly the same name as your logical system defined in step 1 SA1MNDT100 pointing to hostname or ip of SA1/mandant 100 (this links remote logical system name with remote SAP system SA1)
5. Then on SA2 create different system name SA2MNDT500 indentifying mandant 500 on SA2
6. Assign it to mandant 500 in system SA2
7. Then on SA1 you have to tell that there is system named SA2MNDT500 ready for communication, so you must create logical system name SA2MNDT500 in SA1 but you dont assign it to any mandant (because from SA1 point of view it is a remote system)
8. On SA1 cereate the RFC Destination named SA2MNDT500 pointing to SA2/manadt 500.
Hope this clarifies your doubt.
-- Grzegorz -
Central User Administrator in SAP 4.7
Which the steps for configuration of the CUA (Central User Administrator) in version SAP R3 4.7... Nobody know....
Try this:
http://help.sap.com/saphelp_nw2004s/helpdata/en/08/ed591f9ff00343952f11a7b707f28a/frameset.htm
Hope it helps. -
Central User Administration using EP
Hi,
Can any body tell me how we can do central user Administration using EP. My landscape has multiple SAP systems, BW system and EP system. How should we go about it?
Any help?
regards,
SujeshHI Sujesh,
EP is not able to serve as a hub for central user administration in my opinion.
You can connect EP to several user stores like LDAP servers (including Microsoft ActiveDirectory) and SAP Systems.
So
a) you store all your users in an LDAP and connect all your SAP systems to that LDAP
b) you declare one of your SAP systems as central user administration (CUA) "master", connect all other as "slaves" and connect the EP UME to the master
But in any way - there is no GUI inside the EP where you can administer all user related things like roles from all systems, etc. This can only be done in an ABAP system.
Hth,
Michael -
Problem setting up Central User Administration
I'm having an issue setting up CUA successfully. I have all of the systems setup in SALE, all of the RFC's are working properly, all green lights setting up and saving the child system in SCUA. When I create a new user in the Central system, I have the new, "Systems" tab. I choose the child system, then go into Roles but everytime I try to add a role, I get the error, "Role Z_* does not exist in system QASCLNT300 (child). I've executed the, "Text comparison from child sys" several times. I choose QASCLNT310 (Central) for the Receiving system, execute and get a green light for, "Central System QASCLNT310:OK". I am still unable to add any roles to the child client and the roles definately exist in the child client.
Hello Bob,
If this issue is frequent you can schedule jobs to syncorinise role information from chid to central system:
1.You execute the report SUSR_ZBV_GET_RECEIVER_PROFILES in the central system using transaction SA38, or schedule it regularly as a background job to collect the changed roles and profiles from the child system. You can specify the receiving system using the input help
2. You execute the report SUSR_ZBV_GET_RECEIVER_PROFILES in the child system using transaction SA38, or schedule it regularly as a background job to send the changed roles and profiles to the central system. You can leave the input fields empty, as the data of the child system is always sent to the central system, regardless of the entries.
Hope this will help you but advisable is to re-confiure CUA again because it should not prompt for text comparion unless frequent role creation is occuring.
Cheers,
Rupali Bajpai -
Integration directory : select IDOC interface for WAS business system
Hi,
While adding a receiver determination for an WAS business system, I do not get any IDOC based message interface from the design repository proposed for my business system in the popup dialog.
The only interfaces that appear are for the non SAP standard SWCV that we added to the business system. But no interface for the APPL 5.0 SWCV ( or BASIS 7.0 ) appears.
In the SLD this component is correctly listed for that WAS .
If I remove all the default search criteria , eventually, the in terface appears but after selecting it I get a message saying :
"Message Interface does not exist in any software components installed on this business system "
Since everything looks ok in the SLD I'm puzzled. How does this look on other systems ?
Any ideas
( The business system was updated from APPL 4.70 / BASIS 6.40 to APPL 5.0 / BASIS 7.00 some time ago but I don't know how it look before the upgrade of the business system )
rgds
DirkHi Bavesh,
Yes, It's correctly listed. I did not manually link these components to the technical/business system. This happened automatically by the SLD data collector service. I also cleared the SLD cache several times,
rgds
Dirk -
Is it possible to have one central user defined exchange rate for a project
When i create deliverables for a project. It asks for an exchange rate type. On entering user i am prompted to enter an exchange rate.
Is it possible to use the exchange rate setup at the workplan level for all deliverables rather than entering the rate at each deliverable.?Hello
The exchange rate value you set in the workplan is only used for converting planed amounts entered in foreign currency. There is no standard functionality to configure a default value for USER conversion type.
Could you further elaborate on the business requirement? Why do you use conversion type as USER for events, and not a centralized conversion type managed on the GL daily rates?
Dina -
Central User Administration (CUA): Remote Change of User
Dear experts,
I have following CUA scenario within my company:
We have a CUA which provides a couple of R/3 daughter systems/clients. Further we have a HR system stand-alone-system which is also integrated in our CUA.
I tried to create a ABAP on the HR system which is changing the user masta data (especially the roles of a user) on the CUA system via RFC BAPI´s on a regular basis. Unfortunately it´s doesn´t works, because I don´t know the correct BAPI´s to change die CUA data. BAPI_USER_ACTGROUPS_ASSIGN changes only the locale R/3 user roles...
In my opinion the CUA specific user roles are in table USLA04 - which will be doesn´t changed.
Maybe somebody had the same requirements in the past and can help me? Thank you in advance!
My coding so far:
REPORT zzh_t_role_change_zbv.
PARAMETER: i_pernr TYPE pernr-pernr DEFAULT '90000007',
i_usrid TYPE sy-uname DEFAULT 'SCHEFFLM',
i_date TYPE sy-datum DEFAULT sy-datum.
DATA: lt_bapi_return TYPE STANDARD TABLE OF bapiret2,
lt_profiles TYPE STANDARD TABLE OF bapiprof,
lt_activitygroups TYPE STANDARD TABLE OF bapiagr.
DATA: ls_bapi_return TYPE bapiret2,
ls_profiles TYPE bapiprof,
ls_activitygroups TYPE bapiagr.
DATA: lv_zbv_sysid TYPE sy-sysid,
lv_zbv_clnt TYPE sy-mandt,
lv_zbv_logsys TYPE uszbvlndsc-sendsystem,
lv_zbv_rfc_dest TYPE rfcdes-rfcdest,
lv_usrid_zbv_get(10).
lv_usrid_zbv_get = i_usrid.
*--- Zentrale Benutzerverwaltung: Zentralsystem des Users ermitteln ---*
CALL FUNCTION 'SUSR_ZBV_CENTRALSYSTEM_GET'
EXPORTING
delivery_model = lv_usrid_zbv_get
IMPORTING
central_system_sysid = lv_zbv_sysid
central_system_clnt = lv_zbv_clnt
central_system_logsys = lv_zbv_logsys
central_system_rfc_dest = lv_zbv_rfc_dest
EXCEPTIONS
duplicate_central_system = 1
new_system = 2
OTHERS = 3.
*** Errorhandling
IF sy-subrc NE 0.
ENDIF.
*--- Existenz des Benutzers prüfen ---*
CLEAR: ls_bapi_return.
CALL FUNCTION 'BAPI_USER_EXISTENCE_CHECK' DESTINATION lv_zbv_logsys
EXPORTING
username = i_usrid
IMPORTING
return = ls_bapi_return.
*** Errorhandling
IF ls_bapi_return-id EQ '088'. "Benutzer existiert nicht
*** close RFC connection
CALL FUNCTION 'RFC_CONNECTION_CLOSE'
EXPORTING
destination = lv_zbv_logsys.
EXIT.
ENDIF.
*--- Rollenzuordnungem zum Benutzer lesen ---*
CLEAR: lt_bapi_return.
***************SUSR_ZBV_ROLES_RESOLVE
CALL FUNCTION 'BAPI_USER_GET_DETAIL' DESTINATION lv_zbv_logsys
EXPORTING
username = i_usrid
* IMPORTING
* ADDRESS =
* LASTMODIFIED =
* ISLOCKED =
TABLES
profiles = lt_profiles
activitygroups = lt_activitygroups
return = lt_bapi_return.
*** Errorhandling
LOOP AT lt_bapi_return INTO ls_bapi_return.
ENDLOOP.
IF ( ls_bapi_return-type EQ 'A' ) OR
( ls_bapi_return-type EQ 'E' ).
*** close RFC connection
CALL FUNCTION 'RFC_CONNECTION_CLOSE'
EXPORTING
destination = lv_zbv_logsys.
EXIT.
ENDIF.
*** Gültigkeitszeitraum von Rollenzuordnung setzen
CLEAR: ls_activitygroups.
LOOP AT lt_activitygroups INTO ls_activitygroups.
ls_activitygroups-to_dat = i_date.
MODIFY lt_activitygroups FROM ls_activitygroups.
CLEAR: ls_activitygroups.
ENDLOOP.
*--- gesamte Aktivitätsgruppenzuordnung ändern (zeitlich abgrenzen) ---*
CLEAR: lt_bapi_return.
*SUSR_USER_LOCAGR_ACTGROUPS_ADD
*SUSR_USER_CHANG
*CALL FUNCTION 'BAPI_USER_ACTGROUPS_ASSIGN' DESTINATION lv_zbv_logsys
* EXPORTING
* username = i_usrid
* TABLES
* activitygroups = lt_activitygroups
* return = lt_bapi_return.
*--->SUSR_USER_LOCAGR_ACTGROUPS_PUT
*--->SUSR_USER_PROFS_BUFFER_SAVECHK
*--->SUSR_ZBV_USER_SYSTEM_SAVE
*--->SUSR_USER_BUFFERS_TO_DB
*--->SUSR_USER_GROUP_BUFFERS_TO_DB ????
*--->SUSR_USER_PROFS_BUFFER_TO_DB ????
*--->SUSR_USER_LOCPRO_BUFFER_TO_DB ????
*--->SUSR_UM_USR_AGR_BUFFERS_TO_DB ????
*--->SUSR_UM_USR_SYS_BUFFERS_TO_DB ????
*--->SUSR_USER_AGR_BUFFER_TO_DB ????
*--->SUSR_USER_LOCAGR_BUFFER_TO_DB ????
*Anmerkung: Profile werden nicht berücksichtigt, da diese eigentlich nicht
*mehr in Verwendung sein sollten (nur noch Rollen)
*--- Rückverteilung der geänderten Userdaten an Tochtersysteme ---*
*SUSR_ZBV_USER_SINGLE_SEND
*SUSR_ZBV_USER_SEND_BACK
*SUSR_USER_DISTRIBUTE
*** close RFC connection
CALL FUNCTION 'RFC_CONNECTION_CLOSE'
EXPORTING
destination = lv_zbv_logsys.Try BAPI_USER_LOCACTGROUPS_ASSIGN
-
User administration - read rights for customizing
Hello,
is there s. th. like a only-read-right for the whole customizing img or do I have to get the rights for all the different t-codes inside the img?
Thanks a lot in advance,
HansiHi Mark,
s.th. like this. The point is I'm new to right management. But there must be s.th. like a profile with which I get the right to see all the transactions related to the img or not? Our admin is saying we have to specify which transactions we need exactly which is quiete annoying. Instead I need a possibility to say: "Give me read-rights for this profile" and I can look after the customizing myself... Is there a way???
Thanks a lot.
BR,
Hansi -
NWA 7.1 - User Administration with regards to Roles/Groups
Hello,
Environment = NWA 7.1 , Java Stack Only , No Central User Administration
Situation = One group of individuals responsible for developing and maintaining Java Roles & Groups
(Permissions). Another group of individuals responsible for maintaining Users and
allocating the above Roles & Groups to the Users.
In accordance with various documentation (ie. http://help.sap.com/saphelp_nwpi711/helpdata/en/4a/e06f429c789041e10000000a1550b0/frameset.htm) I have set up a Role which includes the actions: UME.Manage_Roles, UME.Manage_Groups, UME.Manage_Users, UME.Manage_All_User_Passwords & UME.Read_All. This Role is intended for the second group of individual mentioned above.
The problem is however that with the mentioned actions they can not only allocate an user to a Role or Group but also delete the Role/Group from the system. Without the above actions in the Role it is not possible to assign Users to a Role/Group.
This leads me to the question if it is possible to split these two various areas of responibility or does NWA 7.1 view both activities as residing in only group (documentation to this effect would be helpful). If not, which actions will ensure that only Users can be administered but the rights to the system (Roles/Groups) can not be tampered with.
Many thanks in advance,
JayHi Jay,
UME.Manage_All Provides permissions required by an overall user administrator.
These include:
u2022 Administration of users belonging to any company and
possibility of assigning users to companies
(In a multitenant portal, even if a tenant user is assigned this
action, he or she will still only have access to users, groups,
and roles in his or her tenant.)
u2022 Group management
u2022 Role assignment
u2022 User mapping
u2022 Import and export of user data
u2022 Manual replication of user data
To set up delegated user administration, overall user administrators
must belong to a role to which the UME.Manage_All action is
assigned.
In portal installations, any role that includes the UME.Manage_All
action automatically has Role Assigner permissions on all portal roles in the portal installation.
Try this.
Regards,
Gowrinadh -
Can I use iCloud to since many users to one account for my business and have me as a administrator to oversee and change my employees calendars and contacts??
Go to System Preferences and click Sign Out, select Delete at all the prompts, then sign back in with the changed ID? (Your iCloud data will disappear from your Mac when you sign out and choose Delete, but will still be in iCloud. Provided you are signing back into the same account your data will reappear on your Mac when you sign back in.)
-
Regd : How to find Validity date for a user in central user system
Hi Experts;
I want to get the list of users with profile SAP_ALL with following details like validity ,user type ,user name ,user id..
I can get through SUIM for each individual systems.Its very difficult to login to each system ,generate the report.So I prefered to go for Central system
But if I use central user system I have no option to find validity and user type for the system ( SUIM - > Cross system application )
I have also tried to the table USRO2 ( which gives only the list of users in the central system )
So is there any possible ways to find the Users with profile SAP _ALL with validity date in the central user system. So that I can easily generate it as one report instead of logging to each and every system
Regards
Sanjeev.SHi Ruchit
Thanks for your reply. I want to find the validity date of all users having SAP_ALL
profile of all child system connected through central user system .So it is possible
to do that in Centrals System by executing the report?
If I execute that report in Central user system will it give the details of all child
system connected to central system
I think it will give only the result of Central system and not the child system connected to Central system.Please clarify me.
I can execute the report by logging to each child system ,but it takes very long hours for me since there are many system in my landscape.
Awaiting for your reply.'
Thanks
Sanjeev.S -
BI Dashboard - access denied for user to path /users/administrator/_portal/
Hi,
While I am within OBI EE, I try to access My Dashboards and I get this error message:
" access denied for user to path /users/administrator/_portal/dashboard layout.
Error Details
Error Codes: O9XNZMXB "
I have looked in other forums and found a solutions which was to delete cookies and then restart the system whole. It didn´t work at first. After a while, the system would allow me to access My Dashboards but then....
....I wasn´t able to access the shared filters that are on the network, thus impeding my others dashboards to work.
Does anybody know what the correct procedure for having this work is?
Thanks in advance,
Javier RinconHi...
go to Catalog Manager.
Open and navigate to particular folder (_portal in shared)
right click that and go to permissions.
In left pane are you able to see the presentation Administrator ??
If then, check what kind of permission Administrator has (full control or not), if not.. add Administrator into this pane from right pane (In the right pane, You can see the user by Unchecking the check box present below show groups only check box.)
you didn't tell with whom you logged in?
If administrator then follow the steps i mentioned,
else... same steps but instead of administrator check it for particular user.
Thanks & Regards
Kishore Guggilla -
User Administration for End User
Hello Everyone,
I needing that a end-user can only insert other users in the user group where it is administrator.
Somebody to know as if makes this?
Thanks.Lucas,
As far as I now, there is no possibility to differenciate users in a group.
This means that if you can't differenciate users belonging to a group, you will not be able to identify if he is administrator or not of the group. So it will not be possible to assign him a specific role that will allow him to populate users in that group only.
For your information, you can use the role "pcd:portal_content/administrator/user_admin/delegated_user_admin_role" to allow user to :
- create other users
- top grant roles for with they have the "Role Assigment" permissions
- but not to populate groups (what could lead to security problem, ie you can make your self member of Administrators group, and so have the SuperAdmin role)
Hope this help
Vincent -
User administration reporting for BOE 4.1
Hello,
I'm interested in creating user administration reports within the BOE 4.1 CMC.
The type of reports I'd like to create are:
- list all users, and their status
- list groups users belong to
- list when users changed and who changed them
Are these type of user administration reports available by default, or do they need to be created from the CMC schema?
I have been working with a developer on the reports available through the 'audit' database, but it doesn't appear to capture this information.
Appreciate the help.
PaulAll these are from CMS DB. Not in Audit DB. You can use SDK to build these reports.
You can refer below link for how to extract the information using query builder.
BusinessObjects Query builder queries - Part II
Maybe you are looking for
-
HP OFFICEJET PRO 8600 FAX phone cord
I am trying to setup the fax capability on my HP Officejet Pro 8600 all in one printer. I have digital phone service and my phone cord runs from my internet modem. I did the setup and the test failed due to 'Phone Cord COnnected to Correct Port on
-
Got "Can't load AMD 64-bit .dll on a IA 32-bit platform"error on 64-bits VM
Hello all: I created a jnlp file, which includes a executable jar and a wrapped dependent jar of two DLL files inside. When I launched JWS, I received the error: "Can't load AMD 64-bit .dll on a IA 32-bit platform". Now the basic facts: 1. the JVM is
-
hi all can we put the option of long text in in ie03
-
Hello! I am trying to indicate ProgressBar during download the binary file. But ProgressBar is not working.Please help me! * BinarySaver6.java * Created on 2003/08/30, 14:46 import java.net.*; import java.io.*; * @author masaki public class BinarySav
-
We have one cloud with 3 seperate users. How do we seperate individual info, downloads and contacts?