Central User Management Implementation

Similar Messages

• User Management in XI implementation

  Hi,
  Could someone provide me the user management and authorization assignment in an XI implementation.
  What are the authorizations that shall be given to an XI developer. In our case the XI developer is doing admuin work also like SLD config etc. But still as an administrator I do not want to give him all the authorizations. Is there any standard XI implementation methodology?
  Regards,
  Shobhit

  Hi Shobit,
  you have several roles:
  SAP_XI_DISPLAY_USER
  SAP_XI_DEVELOPER
  SAP_XI_CONFIGURATOR     
  SAP_XI_CONTENT_ORGANIZER
  SAP_XI_MONITOR
  SAP_XI_ADMINISTRATOR
  SAP_SLD_CONFIGURATOR
  SAP_SLD_ADMINISTRATOR
  Most of them are composed from other roles. Look to transaction PFCG to see the single roles and a description.
  For Java stack authorisations have a look to Michals weblog
  <a href="/people/michal.krawczyk2/blog/2005/05/25/xi-how-to-add-authorizations-to-repository-objects: How to... add authorizations to Repository objects</a>.
  Regards,
  Udo

• How to start the Solution Manager Implementation

  Hi Gurus , I am in Solution manager implemnetation project , and i wanted built the exsisted landscape into Solman  so any one can help me out in this like where to and how to start.

  Hi Gurus, i wanted to implement these concepts
  Configuring Solution Manager
  Configuring Solution Manager
  1)      Solution Monitoring
  a       SAP EarlyWatch Alert
  a1      Setting-Up EarlyWatch Alerts    Y
  a2      Manually Executing Downloads    Y
  a3      Create Report and Display Session Details       Y
  a4      Save, Retrieve and Archive EarlyWatch Alert     Y
  b       Service Level Reporting
  b1      Service Level Reporting Change Mode     Y
  b2      Maintain General Settings       Y
  b3      Specify Systems and Contents for Service Level Report   Y
  b4      Select Business Processes for the Service Level Report  Y
  b5      Select Business Processes from the Business Process Monitoring  Y
  b6      Process Service Level Report Data Manually      Y
  b7      Create Service Level Report     Y
  b8      Create, Save and Archive Service Level Report Manually  Y
  b9      Process Service Level Report Session    Y
  b10     Send E-Mail Automatically       Y
  b11     KPI Calculation Y
  2       Configuring Alert Monitor
         Central System Administration (Part of ALERT Monitor)
  c2.1    MTE Classes and Attribute Groups        Y
  c2.2    Methods Y
  c2.3    Operating the Alert Monitor     Y
  c2.4    Actions in the Alert Monitoring Tree    Y
  c2.5    Selecting Nodes in the Alert Monitoring Tree    Y
  c2.6    Elements of the Alert Monitor   Y
  c2.7    General Properties of Monitoring Tree Elements  Y
  c2.8    Properties of Monitoring Objects and Attributes Y
  c2.9    Customizing the Alert Monitor   Y
  c2.10
  Changing Properties in the Alert Monitoring Tree
         Y
  c2.11
  Changing Properties in Customizing Transaction RZ21
         Y
  c2.12
  Triggering a Heartbeat Alert if No Values Are Reported
         Y
  c2.13
  Changing the Frequency of Method Execution
         Y
  c2.14   Defining, Releasing, and Transporting Methods
         Y
  c2.15
  Assigning Methods to MTE Classes or Individual MTEs
         Y
  c2.16   Assigning Methods to MTE Classes or Individual MTEs     Y
  c2.17
  Editing Monitors and Monitor Sets
         Y
  c2.18
  Creating and Editing Monitor Sets
         Y
  c2.19   Transporting Monitor Sets and Monitor Definitions       Y
  c2.20   Copying, Renaming, and Deleting Monitors        Y
  c2.21   Creating and Changing Monitors  Y
  c2.22   Rule Node: Rule Description and Use     Y
  c2.23   Defining Monitors with the DEFINE_R3_SYSTEMS/GET_MTE_BY_CLASS Ru        Y
  c2.24   Defining Monitors with the Rule GET_MTE_BY_CLASS_AND_OPTIONS    Y
  c2.25   Defining Monitors with the Rule GET_MTE_BY_CLASS_AS_VIRTUAL     Y
  c2.26   Copying a Monitoring Properties Variant Y
  c2.27   Create Monitoring Properties Variant    Y
  c2.28   Change Monitoring Properties Variant    Y
  c2.29   Activating a Monitoring Properties Variant      Y
  c2.30   SAP-DEFAULT     Y
  c2.31   Creating a New SAP-DEFAULT Variant      Y
  c2.32   Monitoring Multiple Systems     Y
  c2.33   Monitoring Multiple Systems: Defining RFC Connections   Y
  c2.34   Monitoring SAP R/3 3.x Systems  Y
  c2.35   Creating the CSMREG User        Y
  c2.36   Monitoring Multiple Systems with an Identical System ID Y
  c2.37   System Groups in the Alert Monitor      Y
  c2.38   Deactivating and Reactivating Monitoring Tree Elements  Y
  c2.39   Deleting and Restoring Nodes in the Alert Monitoring Tree       Y
  c2.40   Display Options of the Alert Monitor    Y
  c2.41   Saving and Resetting the Layout of a Monitor    Y
  c2.42   Extending the Shared Memory Area        Y
  c2.43   Setting Up a Central Data Cache         Y
  c2.44   Configuring the Caches of the Monitoring Architecture   Y
  c2.45   Working with All-Clears (Green Alerts)  Y
  c2.46   Displaying the History of the Threshold Values of Performance No        Y
  c2.47   Availability Monitoring with CCMSPING   Y
  c2.48   Installing Availability Agent CCMSPING  Y
  c2.49   Changing the Monitoring Frequency and Timeouts of CCMSPING      Y
  c2.50   Adding Systems to the Availability Monitoring Manually  Y
  c2.51   Finding and Correcting Errors with CCMSPING     Y
  c2.52   Configuring Availability Monitoring     Y
  c2.53   Creating and Changing Monitoring Rules  Y
  c2.54   Changing Monitoring Setting of Servers and Groups       Y
  c2.55   Using Multiple CCMSPING Agents  Y
  c2.56   Creating and Changing a Monitoring Pause        Y
  c2.57   Monitoring System Groups with CCMSPING  Y
  c2.58   Availability and Performance Overview Monitor   Y
  c2.59   Monitoring Log Files with CCMS Agents   Y
  c2.60   Structure of the Log File Template of the Log File Agent        Y
  c2.61   Example Log File Templates      Y
  c2.62   Logfile Monitoring Monitor      Y
  c2.63   Monitoring Selected Processes with SAPOSCOL     Y
  c2.64   Monitoring Response Times of Transactions or Clients    Y
  c2.65   Monitoring Database Tables with the Alert Monitor       Y
  c2.66   Self-Monitoring of the Alert Monitor    Y
  c2.67   Selected Alert Monitor Methods  Y
  c2.68   Forwarding Alerts to Alert Management (ALM)     Y
  c2.69   Interpreting a Text Attribute as File Name/URL and Display Content      Y
  c2.70   Displaying a Subtree as ALV Grid Control        Y
  c2.71   Defining an Automatic Alert Notification        Y
  c2.72   Auto-Reaction Method: Execute Operating System Command  Y
  c2.73   Setting Up Central Auto-Reaction Methods        Y
  c2.74   Installing CCM4X        Y
  c2.75   Activation in the background,if the Host restarts       Y
  c2.76   Creating RFC Connection Y
  c2.77   Copying File from Solution manager to agents    Y
  c2.78   Copying version for SAPCCM4X    Y
  c3      Central User Administartion(CUA)
  c3.01   Create manaintain landscape     Y
  c3.02   Creating RFC    Y
  c3.03   Create Logical clinets in SM1   Y
  c3.04   Field distribution parameters   Y
  c3.05   Transfering users from child system     Y
  2       Service Desk
  a       Set-Up Message Creation in Web Browser  Y
  b       Create support messages with NOTIF_CREATE       Y
  c       Process Messages in Service Desk        Y
  d       Search for Solutions to Support Messages        Y
  e       Copy Support Message into Solution Database     Y
  f       Forward Support Message to SAP  Y
  g       WebClient Interaction Center    Y
  h       Create Messages with Interaction Center WebClient       Y
  i       Process Messages in the Interaction Center WebClient    Y
  j       Service Desk for IT Service Providers   Y
  k       Using an External Service Desk  Y
  l       Connect an External Service Desk        Y
  m       Service Desk Customizing Error Analysis Y
  it's very high prioriety
  Cheers

• User Management Strategy

  Hi everyone,
  I would like to discuss with you about User Management Strategy for multi-site MII implementations. What is the best architecture for the UME instances when you have MII users both on the corporate level and the shop floor level?
  Consider we don't have a central MII server.
  Regards,
  Henry

  User management can cause some difficulties, mixing disconnected operation support with distributed MII servers, but wanting to use LDAP from corporate.  We all have used the term 'when SAP is unavailable' but what about 'when LDAP in unavailable' - the application may be buffered but the user logins would cause the issue.
  Aside from having some form of federated/replicated LDAP I think the only option would be some essential backup local users in UME.  I would imagine this would have been encountered with Enterprise Portal, or any other NW java apps in the past, but the potential for a distributed NW server (plant or region based) may be a bit different.  The configuration of a solution would be done inside UME, but the best practices in this regard are what you're probably after.
  I hope that some customers with more clear strategies in this area can share their insight in this thread.

• Training and Event Management Implementation based on competencies

  Dear Friends,
  My client is going ahead for Training and Event Managment Implementation. They have a basic requirement to start with and that is :
  1) They have done competency mapping for all its employees and they want that the competencies of each employees(along with the skill levels) to be recorded in the system and that has to be the starting point of using Training and Event Management module.
  2) They want, if the competencies can flow based on Job/ Position.
  3) Some identifier to the competencies, whther it has flowed from Appraisal or any other sources in the Final Training Needs.
  Kindly provide me help, as to how I will be able to achieve that and in what Infotypes the data pertaining to Training and Event Managment will be stored.
  If u all can kindly share with me the User Manuals and Configuration Docs of Training and Event Management, it will be of great help.
  Thank you all.

  Hi,
  Competencies can be stored as qualifications in PD and then by activation of PD PA intergration can be seen from pa30 infotype 24.
  Qualifications can be stored against a Job/Position and are called as the Requirements. They are seen as a separate Tab and to which ever position the person is linked to the corresponding qualifications of the position will appear in the requirements tab.
  You can maintain the proficiency and a note along with the qualification when assigned to a person.
  Also Appraisals can have qualifications in the template rather than criteria and criteria groups.
  Also after training is completed during the follow up we can create an appraisal and transfer the qualifications or simply transfer the qualifications to the employee.
  Regards,
  Divya

• Central Contract Management in case of Classic Scenario

  Hi,
  At our current implementation, requirement is to implement both Service procurement(with hierarchy) and Central Conract Management. I was exploring the possibility of utilizing Central Contract Management with Classic scenario.
  Will the Central Contracts created in this fashion be available in Sourcing Cockpit for the buyer to select against Purchase Requisitions? Will the Central Contract be visible at all in SRM in this case ?
  Please respond only with reference to Classic scenario.
  Thanks,
  Abhilash

  Yes the Central Contract will be available in the Sourcing Cockpit, both local and classic scenario's. Yes the Central Contracts will be available for the creation of Purchase Requisitions in R/3 and to assign SOS in R/3.
  Do know that for SRM 7.0 PI is required for setting up Central Contracts. This is promised to change with the release of EHP1 for SRM (due june 2010).
  Kind regards,
  Tim

• Error-IM258-This refers to an error in central status management.

  Dear All
  We have used the enhancement "MCI10001" for triggering the external E mail while scheduling the maintenance plan using T code IP10.
  System will fetch the E mail ID from the equipment master -partner function either Vendor or User responsible and sends the mail
  But while executing IP10 system throws an error message as follows
  Error Msg no: IM 258- Object does not exist (Status Management)
  This refers to an error in central status management.
  Kindly help on the above issue
  Regards
  Thyagarajan
  Edited by: thyagarajan krishnamurthy on Feb 18, 2011 11:10 AM
  Edited by: thyagarajan krishnamurthy on Feb 18, 2011 2:28 PM

  Dear,
  Please refer the OSS Note 437878 - Status data missing for PM/CS notifications .
  Regards,
  R.Brahmankar

• Multi-Site WAN With Centralized Call Manager

  The customer has HQ with 15 Branches. Head quarter has about 4300 Phones, and Branches has:
  Branch 1 = 420
  Branch 2 = 256
  Branch 3 = 385
  Brnach 4 = 298
  Branch 5 = 262
  Branch 6 = 171
  Branch 7 = 200
  Branch 8 = 97
  Branch 9 = 198
  Branch 10 = 254
  Branch 11 = 269
  Branch 12 = 224
  Branch 13 = 90
  I would still like to propose Centralized Call Manager Cluster with SRST, but little confused since the number of phones per branch is very high.
  What would be best deployment model for this type of scenerio along with VoiceMail and CER.

  Of course you can use CME/CUE, but the problem is that you need 3845 for SRST with CME/CUE, which cost a lot of money CISCO3845-CCME/K9 is $16495 plus CUE ($3000, not include voice mail subscriber box).
  So I will agree what people suggest here.
  I have centralized design (Publisher, subscriber) at Main Location, and another subscriber at remote site coz 500 users. I chose put subscriber there rather than use 3845 with SRST.
  They share voice box at Main site (Unified).
  The rest of remote site use SRST for backup.
  Large remote site with T1 PRI with SRST if WAN down.
  Small remote site with vic2-2fxo/4fxo with SRST if WAN down.
  You can read the SRND here:
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_implementation_design_guide_book09186a00806e8a79.html
  Also, you can design multiple cluster depends the location of main and branches. For example, half office located at West Coast, another half at East Coast. If I were you, I will create two clusters.
  Again, it depends a lot of things, for example bandwidth, round-trip delay etc...
  Hopefully, thats can help you.
  Ken

• Central User Administration Idoc's for a XI system

  Hello,
  We are setting up a Central User Administration (CUA) in Solution Manager. One of the systems that needs to be a child of this CUA is a SAP XI 2.0 system.
  The distribution of the Users is done by IDocs.
  Everything is working fine from the CUA to a SAP R/3 system.
  But when we make the XI 2.0 a child all the IDoc's are caught by the XI IDoc adapter in stead of going directly to the IDoc inbound handler of the XI system.
  Has anyone been able to send an IDoc to an XI 2.0 and bypassing the IDoc adapter and sending them directly to the XI IDoc Inbound handler?
  Any kind of info will be greatly appriciated.
  With kind regards,
  Leon Boeijen

  Hi Leon,
  to bypass the IDoc Adapter for specific IDocs you can specify these IDocs using the report IDX_SELECT_IDOCTYPE_WITHOUT_IS.
  Kind regards,
  Andreas

• Central Contract Management

  Dear SAP Experts,
  I have a few questions regarding our implementation of SRM and ECC.
  FYI, we are planning to use SRM 7.01 and ECC 6.05 as backend.
  We’re planning to utilize Central Contract Management functionality in SRM, where we negotiate the price in SRM then we distribute the contract to ECC. In ECC we create PR, which have reference to this contract (contract number in SRM is different with ECC). So this PR will have assigned source of supply, is it possible for us then to create PO automatically from tcode ME59? The reason we ask this because we see in documentation that every PO in ECC created with reference to contact in SRM, ECC will need to check first the current price in the SRM contract, so we would like to confirm whether it is working if we use ME59 (we plan to use ME59 as background job and unfortunately we don’t have the testing system yet to verify this).
  We’re planning to have PR created in ECC. However we would like to utilize MDM catalog as well. Is it possible that during PR creation we can select items from the catalog?
  We’re planning to have implement SRM 7.01 in 2 waves. In first wave we will only use Self Service Procurement and Strategic Sourcing (using classic deployment where the leading PO is in ECC). However in the second wave, we’re planning to implement SUS (Supplier Collaboration). In SUS, we would like to activate the business function, so the vendor will response RFx and participate in auction from SUS itself. The question is…is it possible for us to have it planned like this? For example, in first wave, the RFx and auction will use SRM server itself, however in the second wave, we will switch it to SUS. Our concern is that the switch will happen to the productive server already. Is this okay?
  Thanks
  Varian

  Hi,
  When you distribute the central contract to ECC system, it creates a new contract in ECC system.
  When you create PR, you can assign this contract as source of supply.
  Then automatic PO creation if your settings for automatic PO is maintained.
  In ECC 6.04 also catalog integration is possible. So for your version 6.05 there is absolutely no problem. The same OCI interface parameters have to be maintained in MM system for catalog.
  Your two stage implementation is absolutely possible.
  With Regards,
  Malay

• SRM 7.0 / ERP 6.04: Config. of Central Contract Management

  Hello,
  I want to configure the newly introduced integrated Procure-to-Pay Scenario Central Contract Management.
  I found SAP Note number 1268821 where all tasks are described in order to implement the previous scenario.
  For correct implementation, business function "Purchasing - SAP SRM Integration" (LOG_MM_P2PSE_1) activation is required in the ERP Systems.
  When I run SFW5 t-code in order to activate the previous business function, SAP system gives an alert message.
  What are the consequences of this business function activation ??
  Thank you
  Michele

  Hi Michele,
  I don't think there will be any consequences, we had certain warning messages aswell when we activated the business functions in ECC 6. Reading the warning messages we could conclude it wasn't any serious problem.
  Details on functionalities included in a business function can be viewed here: [http://help.sap.com/erp2005_ehp_04_sp/helpdata/en/42/fbded750e61febe10000000a422035/frameset.htm] -> Business Functions (SAP Enhancement Package 4 for SAP ERP 6.0) -> Business Functions in SAP ERP -> Logistics -> Materials Management -> Procurement - SRM Integration
  Kind regards,
  Tim

• User management

  Hi, i'd like to utilize the J2EE capabilities for user management in my web application. I had a look at the Tomcat security sample which provides automatic login whenever a user tries to access a protected resource. This looks promising but the only drawback here is how the list of users is kept: the list is hold in a xml file.
  My question now: is there any way to utilize the J2EE capabilities but have a list of users maintained in a database? I've searched the BluePrints patterns, read 'Designing Enterprise Applications' and the J2EE tutorial but found nothing about user management.
  Thanks in advance for your comments or pointers.
  Markus

  Check out the Tomcat documentation. Tomcat uses Realms to handle the security mechanism. By default a Realm is selected that gets all user information from an XML file. There is, however, an implementation of a JDBCRealm that gets its info from a database. I can't give it you a link.. but if you check out www.apache.org you should be able to find it.
  Good luck.
  Rune Bj�rnstad

• User management and Access Control in HCM Cloud

  Hello,
  Information is scarce about User management and Access Control in Oracle Cloud generally. Today, I have two questions :
  - How can I bridge HCM Cloud user store with my on-premise IDM or security repository in order to allow identty governance to flow to HCM Cloud service ?
  The only information I got was that you can declare manually and by bulk import through files my users. This is not really interresting as I have an automatic IDM with workflows and identity control on provisioning and de-provisioning.
  Is there a SPML or proprietary endpoint to do it automatically ? What are the prerequisites ? Do I have to implement OIM on my side ?
  - Once my users are created, how can I do webSSO from my internal security repositories to the HCM Cloud service ?
  I do not want to distribute new set of login / passwords to my users. Is it possible to do Identity Federation (SAML 2.0 or WS-Fed) with HCM Cloud service ? What are the prerequisites ? Do I have to implement OAM on my side ?
  I accept all pieces of information you can give me on this topic to help me understand the funcitonalites, limits and options offered by Oracle Cloud and more precisely by HCM Cloud service.
  Best regards,

  OIDDAS has limited capability of access control and information hiding. Presently, the permissions and privileges can be set at a realm level, and fine grained access control / information hiding cannot be done.
  At present, the only way to restrict view and access control is by appplying ACLs (which is not the safest bet).

• User management in SAP web AS Java

  My company currently has a user management concept in place for BASIS. These concepts follow the segregation of duties principle. So for example a system administrator can grant rights to end-users but he can't change content himself. This concept was put in place to comply with SOX.
  Now my company would like the same principles to be implemented in SAP web AS Java. I have searched the forums, blogs and notes, but i can't seem to find some best practices regarding the matter.
  As I have difficulties finding these I am wondering if it is perhaps not needed from a SOX point of view, as the web AS Java doesn't directly access content, does this make sense?
  Regardless of the SOX point of view I still believe the problem exists because anyone can mess up your portal environment if the user management is not handled correctly. So does sap have some best practices regarding user management in the web AS Java?
  Any feedback on these 2 questions would be great!

  Hi,
  when I hear these types of requirements I always think of IdM. Any IdM (not only from SAP) allows you to easily satisfy all SOX requirements. I understand that implementing IdM solution is not an easy task but you might get additional benefits from it like reduction of service desk calls and so on, not only compliance.
  Cheers

• User Management with IDM

  I am implementing an IDM solution from another vendor. The consultant is telling me that all user group management must now be accomplished with the IDM solution. And if group membership is changed with another method (ADUC or PowerShell), it will be overwritten
  by IDM upon the next change within IDM. the app wants to lead now that it is in place.
  I find real issue with this. I am loath to give up powershell and ADUC. Is this true? Do all IDM solutions require you to use them for all ongoing user management? Note: I am talking about group management mostly, not every possible aspect of user management.
  Is this how FIM works?
  Thanks,
  Paul

  The basic concept in FIM  is the same. If a group is managed by FIM it should only be managed by FIM.
  But please note that this can be implemented on a per group basis. Meaning that one group can be managed by FIM and another can still be managed by other ways. It is typical that some groups are managed by HR system (organisational groups), others are managed
  manually in AD and yet other groups are managed by FIM to take advantage of the dynamic groups and self-service aspects in FIM.
  The problem is called precedence in FIM, for each attribute on each object there is only one "winner". If FIM has higher precedence than AD for the member attribute for a specific group then FIM will overwrite any changes made in AD on the member attribute.