Create User under a particular organization

Hi,
After running reconciliation i need to create the UNMATCHED users in IDM under a particular organization.
I have configured the reconciliation policy to create the user in IDM.
By default it is creating the user under Top organization. But i need to create it under a particular
organizantion without using a custom post reconciliation workflow.
Can anyone of you experts suggest?
Edited by: jjIDM on Feb 4, 2009 11:15 PM

Hi,
You have to set proxy administrator in Reconcillation Policy and assign a form to that proxy admin.
u have to write this code in that form which you have assigned to proxy admin.
<Field name='waveset.backgroundSave'>
<Display class='Hidden'/>
</Field>
<Field name='waveset.organization'>          
     <Expansion>
     <block trace='true' name='kkkkkkkkkk'>
     <s>Organization Name</s>
     </block>
     </Expansion>
</Field>
Then run your reconcillation Process from the Proxy Admin.
Edited by: negiqueries on Feb 5, 2009 7:49 AM

Similar Messages

  • Create users under Administration Server Create user and Refresh users options are disabled

    We have installed and configured 11.1.2.2 successfully, Essbase in standalone mode.
    When we try to create users under Administration Server Create user and Refresh users options are disabled. Please let me know how to create EAS users?
    Thanks,
    Satheesh.

    Please find below response.
    1.You can create users from EAS console using maxl, if you have not externalized the users .
    When we create using Maxl it will create for 'ESSBASE Servers' users but we want to create additional administrator users under 'Administrator Services' --> 'Users'. At the moment default 'Admin' users is created under 'Administrator Services' --> 'Users'.
    2.  you have installed your essbase in a stand -alone mode  , then the option of creating users will be enabled and you can give appropriate provision to applications.
    Yes. But the create users is disable for Admin.
    3. Through which url are you accessing EAS console is it http://Servername:19000/workspace/index.jsp ?
    http://prod-server:10080/easconsole/console.html
    Please suggest.

  • Iplanet delegated admin creates users under ou=people only

    hi,
    ldap tree has ou=people and ou=others under o=dom.com
    how can we create a new mail user using iDA (iplanet version) under ou=others?
    by default, the user in ida is created under ou=people.
    thx

    The "ou=people" branch is an accepted standard for holding user accounts. What you're doing will require that nearly EVERY application/utility you encounter will require some type of hack or custom configuration.
    I don't think iDA can search multiple branches like that. In fact, most apps I've seen can only search one branch. If you want iDA to only search/create users in "ou=others", I'm guessing thats a config parameter.. Where it is and what it's called, I don't know.
    HTH,
    Roger S.

  • ACE: Read users under a particular User Group

    Hi Experts,
                        We have a requirement, in which we want a particular view to be displayed only to few particular users, who are present in some Custom Defined ACE User Groups.
      Can someone please provide me with the Function modules/ Coding part, by which i can get all the users of a particular User Group of ACE (say 'ZCRMADMIN' in our case), that we define in SPRO->Basic Functions -> ACE.
    Thanks in advance,
    Rohit

    Hello, Rohit!
    First of all read these blogs:
    The concept and implementation of CRM-ACE
    Configuration & Implementation of CRM Access Control Engine (ACE)-Part 1
    Then in this blog there are code samples:
    Configuration & Implementation of CRM Access Control Engine (ACE)-Part 2
    If you will steel have any questions, post it here, I'll try to help you.
    Best regards,
    Artur Litvinov.

  • How to get all users under an organizations?

    Hello everyone.
    Just want to know if anyone knows how to get all users under a particular organization.
    From the Search User form, I found they may kind of user such attribute conditions:
    MemberObjectGroup
    is in
    XXXX(organization)
    But unfortunately, the "is in" is not a valid AttributeConditionOperator, so besides using "recursive" self-written function, anyone knows any possible buit-in trick?

    Here is my solution:
    <Rule'>
        <RuleArgument name='organization'/>
        <RuleArgument name='context'/>
        <block>
            <defvar name='orgs'>
                <new class='java.util.ArrayList'/>
            </defvar>
            <invoke name='getChildObjectGroupNames'>
                <invoke name='getObject' class='com.waveset.ui.FormUtil'>
                    <ref>context</ref>
                    <s>ObjectGroup</s>
                    <ref>organization</ref>
                </invoke>
                <ref>orgs</ref>
            </invoke>
            <append name='orgs'>
                <ref>organization</ref>
            </append>
            <invoke name='getUsers' class='com.waveset.ui.FormUtil'>
                <ref>context</ref>
                <map>
                    <s>conditions</s>
                    <list>
                        <new class='com.waveset.object.AttributeCondition'>
                            <s>MemberObjectGroups</s>
                            <s>in</s>
                            <ref>orgs</ref>
                        </new>
                    </list>
                </map>
            </invoke>
        </block>
        <MemberObjectGroups>
            <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
        </MemberObjectGroups>
    </Rule>

  • AM console - Unable to create Users

    I'm unable to create users under any organization through AM console. I'm getting the following error in amProfile_ldap.
    12/04/2006 10:19:03:585 AM CST: Thread[service-j2ee-2,5,main]
    WARNING: DirectoryServicesImpl.createUser(): Internal Error occurred. Unable to create User Entry
    com.iplanet.ums.UMSException: Unable to add the entry "uid=scott,ou=People,o=testorg,dc=test,dc=com"::null. Root exception is
    netscape.ldap.LDAPException: error result (65); Object class violation
    at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4866)
    at netscape.ldap.LDAPConnection.add(LDAPConnection.java:2851)
    at netscape.ldap.LDAPConnection.add(LDAPConnection.java:2866)
    at netscape.ldap.LDAPConnection.add(LDAPConnection.java:2816)
    at com.iplanet.ums.DataLayer.addEntry(DataLayer.java:432)
    at com.iplanet.ums.PersistentObject.addChild(PersistentObject.java:722)
    at com.iplanet.am.sdk.ldap.DirectoryServicesImpl.createUser(DirectoryServicesImpl.java:998)
    at com.iplanet.am.sdk.ldap.DirectoryServicesImpl.createEntry(DirectoryServicesImpl.java:1490)
    at com.iplanet.am.sdk.ldap.CachedDirectoryServicesImpl.createEntry(CachedDirectoryServicesImpl.java:349)
    at com.iplanet.am.sdk.AMObjectImpl.create(AMObjectImpl.java:1001)
    at com.iplanet.am.sdk.AMPeopleContainerImpl.createUsers(AMPeopleContainerImpl.java:190)
    at com.iplanet.am.console.user.model.UMCreateUserModelImpl.createUser(UMCreateUserModelImpl.java:356)
    at com.iplanet.am.console.user.UMCreateUserViewBean.createUser(UMCreateUserViewBean.java:490)
    at com.iplanet.am.console.user.UMCreateUserViewBean.handleBtnCreateRequest(UMCreateUserViewBean.java:368)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
    at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
    at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
    at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
    at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
    at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
    at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
    at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
    at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
    at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
    at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
    12/04/2006 10:19:03:597 AM CST: Thread[service-j2ee-2,5,main]
    In CachedDirectoryServicesImpl.getAttributes(SSOToken entryDN, attrNames, ignoreCompliance, byteValues) (cn=dsameuser,ou=dsame
    users,dc=test,dc=com, o=testorg,dc=test,dc=com, [sunRegisteredServiceName], true, false method.
    12/04/2006 10:19:03:598 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getAttributes(): found all attributes in Cache.
    12/04/2006 10:19:03:598 AM CST: Thread[service-j2ee-2,5,main]
    DirectoryServicesImpl.getRegisteredServiceNames() Registered Service Names for entryDN: o=testorg,dc=test,dc=com are: [iPlanet
    AMSessionService, iPlanetAMAuthMembershipService, iPlanetAMAdminConsoleService, iPlanetAMAuthService, iPlanetAMPolicyConfigSer
    vice, iPlanetAMAuthLDAPMultiService, iPlanetAMUserService, iPlanetAMAuthAnonymousService, iPlanetAMAuthConfiguration, iPlanetA
    MAuthLDAPService, SunPortalDesktopService, sunAMAuthSAMLService, srapGatewayAccessService]
    12/04/2006 10:19:03:599 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getOrganizationDN() - looping Organization DN for entry: o=testorg,dc=test,dc=com
    12/04/2006 10:19:03:600 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getOrganizationDN(): found OrganizationDN: o=testorg,dc=test,dc=com for: o=testorg,dc=test,dc=com
    12/04/2006 10:19:03:631 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.doesEntryExist(): entryDN: uid=amAdmin,ou=People,dc=test,dc=com found in cache & exists: true
    12/04/2006 10:19:03:642 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getOrganizationDN() - looping Organization DN for entry: o=testorg,dc=test,dc=com
    12/04/2006 10:19:03:642 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getOrganizationDN(): found OrganizationDN: o=testorg,dc=test,dc=com for: o=testorg,dc=test,dc=com
    I'm really not sure what change caused this to happen. I can't import any user specific ldif files through DS console as well. I appreciate if somebody guides me how to correct this?
    Thanks in advance,
    lakshmi

    Lakshmi.Panala wrote:
    I'm unable to create users under any organization through AM console. I'm getting the following error in amProfile_ldap.
    12/04/2006 10:19:03:585 AM CST: Thread[service-j2ee-2,5,main]
    WARNING: DirectoryServicesImpl.createUser(): Internal Error occurred. Unable to create User Entry
    com.iplanet.ums.UMSException: Unable to add the entry "uid=scott,ou=People,o=testorg,dc=test,dc=com"::null. Root exception is
    netscape.ldap.LDAPException: error result (65); Object class violation
    at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4866)
    at netscape.ldap.LDAPConnection.add(LDAPConnection.java:2851)
    at netscape.ldap.LDAPConnection.add(LDAPConnection.java:2866)
    at netscape.ldap.LDAPConnection.add(LDAPConnection.java:2816)
    at com.iplanet.ums.DataLayer.addEntry(DataLayer.java:432)
    at com.iplanet.ums.PersistentObject.addChild(PersistentObject.java:722)
    at com.iplanet.am.sdk.ldap.DirectoryServicesImpl.createUser(DirectoryServicesImpl.java:998)
    at com.iplanet.am.sdk.ldap.DirectoryServicesImpl.createEntry(DirectoryServicesImpl.java:1490)
    at com.iplanet.am.sdk.ldap.CachedDirectoryServicesImpl.createEntry(CachedDirectoryServicesImpl.java:349)
    at com.iplanet.am.sdk.AMObjectImpl.create(AMObjectImpl.java:1001)
    at com.iplanet.am.sdk.AMPeopleContainerImpl.createUsers(AMPeopleContainerImpl.java:190)
    at com.iplanet.am.console.user.model.UMCreateUserModelImpl.createUser(UMCreateUserModelImpl.java:356)
    at com.iplanet.am.console.user.UMCreateUserViewBean.createUser(UMCreateUserViewBean.java:490)
    at com.iplanet.am.console.user.UMCreateUserViewBean.handleBtnCreateRequest(UMCreateUserViewBean.java:368)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
    at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
    at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
    at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
    at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
    at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
    at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
    at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
    at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
    at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
    at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
    12/04/2006 10:19:03:597 AM CST: Thread[service-j2ee-2,5,main]
    In CachedDirectoryServicesImpl.getAttributes(SSOToken entryDN, attrNames, ignoreCompliance, byteValues) (cn=dsameuser,ou=dsame
    users,dc=test,dc=com, o=testorg,dc=test,dc=com, [sunRegisteredServiceName], true, false method.
    12/04/2006 10:19:03:598 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getAttributes(): found all attributes in Cache.
    12/04/2006 10:19:03:598 AM CST: Thread[service-j2ee-2,5,main]
    DirectoryServicesImpl.getRegisteredServiceNames() Registered Service Names for entryDN: o=testorg,dc=test,dc=com are: [iPlanet
    AMSessionService, iPlanetAMAuthMembershipService, iPlanetAMAdminConsoleService, iPlanetAMAuthService, iPlanetAMPolicyConfigSer
    vice, iPlanetAMAuthLDAPMultiService, iPlanetAMUserService, iPlanetAMAuthAnonymousService, iPlanetAMAuthConfiguration, iPlanetA
    MAuthLDAPService, SunPortalDesktopService, sunAMAuthSAMLService, srapGatewayAccessService]
    12/04/2006 10:19:03:599 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getOrganizationDN() - looping Organization DN for entry: o=testorg,dc=test,dc=com
    12/04/2006 10:19:03:600 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getOrganizationDN(): found OrganizationDN: o=testorg,dc=test,dc=com for: o=testorg,dc=test,dc=com
    12/04/2006 10:19:03:631 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.doesEntryExist(): entryDN: uid=amAdmin,ou=People,dc=test,dc=com found in cache & exists: true
    12/04/2006 10:19:03:642 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getOrganizationDN() - looping Organization DN for entry: o=testorg,dc=test,dc=com
    12/04/2006 10:19:03:642 AM CST: Thread[service-j2ee-2,5,main]
    CachedDirectoryServicesImpl.getOrganizationDN(): found OrganizationDN: o=testorg,dc=test,dc=com for: o=testorg,dc=test,dc=com
    I'm really not sure what change caused this to happen. I can't import any user specific ldif files through DS console as well. I appreciate if somebody guides me how to correct this?
    Thanks in advance,
    lakshmiWhat you need to do is to check directory logs in order to see what is the specific object class violation. If your AM instance was working before, something nasty should have happened in directory. Check logs and schema files.
    Regards

  • EBP Security -  Users under single org unit

    Hi All,
    My Client has a question on EBP Security and I want you experts to help me in this regard, as I did not work on it before.
    Initial screen of transaction code USERS_GEN, its better says to limit number of users under a single Organizational Unit to 200, just to avoid performance issues.  (EBP Version 4.0)
      Right now my client has over 300 users under a single Organizational Unit and they are planning to add more. They want to find out, what potential problems or performance issues can be expected if, they go beyond 200.
    Thanks in advance.
    MK

    There is no performance involved in the number of users sharing the same org unit.
    The number of different Org Objects  in a single role make an impact on performance, but can be ignored.
    What has an impact is the number of Org units you want to segregate on as it will impact the number of role variants to create and maintain, this is not a system performance issue, but a personnel/cost issue!

  • How to get list of Users under an Auth Group (for executable Programs)?

    Hi experts.  I have a requirement to get a list of all users under a particular Auth Group for Program Objects.
    Goal of this requirement is to identify the users allowed to use/access a program - we're doing some sort of Program Inventory and we'd like to identify the users per program, via the Auth Group. 
    So question is:  Which tables hold data about Program <-> Auth Group <-> Users, and how are they linked?
    I know this is Basis/Security stuff, but I was thinking of developing a report program to output the information needed.
    Thanks in advance.
    Edited by: George Esquerra on Nov 17, 2011 10:24 AM

    This is available in the standard via tx SUIM - user - users by complex selection criteria - by authorization values.
    If you enter auth object = S_PROGRAM and value = auth group, you will get the list of users.
    You can analyse how this program finds the information and incorporate it into your own logic.
    Thomas

  • Any reason NOT to create subfolders under user folder?

    I'm switching over from a 5+ year old MacBook Pro to a new one. I do a lot of audio recording and production work. On my old machine, which was my first Mac, I created a subfolder 'Recordings' under my user folder (let's say it's named "bob"). I don't remember why I did that. Probably I was thinking well, this stuff isn't documents.
    On the new machine, running Yosemite, I discovered that Apple in it's wisdom had made my "bob" user folder hidden, which meant I had to go figure out how to show it because there are some audio plugin settings files I needed to add manually from the old machine into my user/ Library area. Did that.
    BUT... I'm wondering if there is some reason why Apple changed the user folder to hidden (other than "you dumb users don't need to know about this stuff"), and specifically, if I should avoid creating any subfolders under my user folder? I would really rather not have my 'Recordings' folder  inside the Documents folder, but I guess I can if there's some good reason not to create subfolders under 'bob'.
    Thanks in advance.

    They didn't make it hidden (like the Library sub folder), but I believe it is no longer included in the sidebar by default. Probably for the reason you state. As you've found, you can add it back through Finder Preferences menu.
    Matt

  • Automatically create users (SU01) from organization (0105)

    In our organization, we will have the user id populated in the 0105 record.  How do I have the system automatically create the user record (SU01) from the 0105 record?  I have looked at the HRUSER transaction, but I don't understand how to run that.  Wondering if: a) other companies have done what we are trying to do, and if so, did they use HRUSER, and b) if HRUSER was used, do you have a clear step-by-step on how you use it?
    Thanks in advance!

    1) I have a client that create a subscreen for infotype 0105.
    This has a button to automatic create the user.
    2) HRUSer:
         If you have employees who do not have SAP users, first create SAP users for them and then authorize them to use SAP ESS.
         In the Set Up and Maintain ESS Users (Overview) screen, choose:
    u2022     Employees without users.
    If you choose Background, the Attributes of Users to be Created screen appears.
    If you choose Overview, the Create Users for Persons screen appears.
    u2022     Select a person and choose Create User. The Attributes of Users to be Created screen appears. Choose Execute.
         You must decide how you would like your employees to log on to SAP ESS.
         The user group ESSUSER is a fixed user attribute. It is used to distinguish between SAP ESS users and other system users, such as administrators.
         You can change user attributes in the Set up and Maintain ESS User (Start) screen. In the Attributes of Users, you can modify the Password field. The default is INIT. In the User Group field, the entry ESSUSER is fixed. You cannot change this because it is important to differentiate users authorized for SAP ESS from other users. In the Role field, the SAP role (which you have copied into your namespace) is the default.
         SAP delivers a user exit, which you can use to determine your own password routine and user name. SAP delivers user exit Exit_saplehus_001 as part of the HRESSW4 enhancement. This user exit enables you to change the name and password that the user installation tool creates for each SAP ESS user that is generated.
         Existing users keep their attributes, such as user group, password, date and decimal format and start menu. The existing setting are not overwritten.

  • How to create users group under jazn realm

    Dear Experts,
    I am in need to create two groups of users under jazn.com realm. From my knowledge I have checked Enterprise Manager console. There is no option to create users group. What I have to do to create new users group. Please
    suggest that.
    Also suggest me, what is the maximum amount of users can we define under jazn.com realm.
    Thanks,
    Rajesh

    Rajesh
    check <Soasuite_home>\j2ee\oc4j_soa\config\system-jazn-data.xml. Add the role(your role name is your group name) and add the users to that group.
    You can do this from em, but if you want to add the properties like phone number, mail details, then you will need to change in the file.
    Nirav

  • Restrict list of Organizations on Create User form

    Running OIM 11.1.1.5.0.
    We have a couple of companies using our OIM for delegated administration. In the Create User form, if the user searches for an organization they see a list of all of our organizations not just the ones that they can place a user in.
    If they place a user in an organization that is not in their auth policy they receive an error:
    "You are either not authorized to create user in XXX organization or not authorized to create user in XXX organization without specifying a value for manager."
    Is there any way to restrict the list of organizations in the search to the list in their auth policy?

    I have have this:
    Company A
    -- Department A1 (although these are actually set as Organization type Company in OIM)
    -- Department A2
    Company B
    -- Department B1
    User Management Auth Policy for AdminA:
    -- Data Constraint - Users who are members of Department A1, A2
    But when AdminA uses Create User he gets a list of all Company and Department names in the Organization search popup.
    Do I take it from your reply that this is supposed to work and it's something that I have setup incorrectly then?
    Edited by: Ewan on May 4, 2012 7:37 AM

  • Can we maintain user under  Local or Backend purchasing organization in Srm

    Hi Experts,
    Using scenario : Classic &5.0
    Can we maintain users under  Local or Back end purchasing organization in Srm ???
    Like
            Purchasing organision in Srm
            User 1
            User 2
                 Purchasing Group 1
                  Purchasing Group 2
    Or
    Have to maintain users under Purchasing group???

    Hi,
    Purchasers are maintained under Purchasing group and not Purchasing org. These Purchasers will have the responsibility to procure different product categories for different departments.
    Regards,
    Nikhil

  • Approval for creating users in an organization

    Hi,
    We have a requirement where approval is required for creating users in Organisation X. Also, the admin has to fill in a field SSN before approving the request. We have implemented this by changing the approval form. But the admin can still approve by selecting it from the approval list directly (without viewing the form), where he wouldn't be prompted for SSN. Is there any way to avoid this so that admin has to provide SSN before approving?
    Thanks,
    Teena

    Hi Jason,
    The WebLogic LDAP realm implementations (both -- V1 and V2) have only read access on your LDAP server.
    You are recommended to use your LDAP server's own management tools to create groups and users on the LDAP server.
    Joe Jerry
    Jason Howard wrote:
    Hi,
    I am trying to determine whether or not it is possible to create users in an LDAP
    Realm.
    The documentation makes it clear that it is not currently possible with LDAPRealm
    V2, but it is ambiguous as to whether it can be done with LDAPRealmV1.
    My attempts to do this have been met with the following runtime exception:
    Servlet failed with Exception
    java.lang.UnsupportedOperationException: group modification not supported at weblogic.security.acl.DefaultGroupImpl.addMember(DefaultGroupImpl.java:39)
    The method addMember is being called on an implementation of the interface Group.
    This Group object is being returned without exceptions from the method getGroup(java.lang.String
    name) from an instance of weblogic.security.acl.CachingRealm
    The instance of CachingRealm is caching the LDAPRealm V1 pointing at an iPlanet server.
    NOTE: I can confirm that the configuration of the LDAP Realm is correct because I
    can see the users and groups contained within from the weblogic console.
    Can anyone confirm one way or the another, whether LDAPRealmV1 supports the ability
    to create users and add them to groups.
    Regards
    Jason

  • How to enable create user option in portal under user administration?

    Hi,
    In Portal, in user administration tab, always the create user and Copy to  New user option is disabled, how can i enable those?
    -Siva

    If the AS ABAP is your datasource for your users there is NO WAY you can create users in the portal UME.
    &#9679;     If the UME has read-only access, you cannot modify user attributes stored in the ABAP system, like first name and last name. You can modify attributes stored in the UME database, like street. Even if read-only access is assigned, users can still change their own passwords.
    &#9679;     If the UME has read-write access, you can create users using the tools of the J2EE Engine. Users created in this way are stored as users in the ABAP system. Extended user data that cannot be stored in the standard ABAP user record is stored in the database of the UME.
    in the read/write access the users are created only in the ABAP side and not the java. If you have the read access you cannot create users in the abap side. hence you need the SAP_BC_JSF_COMMUNICATION role to create users in the AS ABAP.....
    Trust me .......bottomline ....you cannot create users in the JAVA UME if you have AS ABAP as your datasource !!!!
    hope this helps..
    \m/

Maybe you are looking for