Creating Roles in SAP ECC for autority in BO

Similar Messages

• Sender Port Error in SAP ECC for IDoc

  Hi,
  I am creating scenario IDOC -> XI -> JDBC with Customer Master IDoc.
  After sending it with we19 he said "IDoc sent to SAP system or external program".
  In we02 and we05 the IDOC it says "Data passed to port OK".
  But in SM58, the IDoc ends in error saying
  Transaction IDX1: Port SAPIDST100, client 600, RFC destination contains error.
  What I identified that the port SAPIDST100 is the sender port in the IDoc being send. However, for PI we do not need to maintain sender port.
  Business Systems:
  Sender : SAP ECC
  Receiver: SAPPID
  Kindly provide your inputs.
  Thanks
  Rahul

  Hi Rahul,
  thanks for the information that your scenario is working fine.
  But i want to clarify some points:
     - If you send out an IDoc from an ECC system, the senderport is filled with SAP+<system-id> by the SAP IDOC API,
       i.e.  if your system id is "ABC", the senderport is "SAPABC"
        => your senderport SAPIDST does not match this template, so i assume you entered the value for the senderport
       manually in the idoc test utility WE19
     - if you send out an idoc, only the receiver port must be created in transaction WE21, it is not necessary to create
       the senderport in WE21, this is not necessary and did not solve your problem
    - the idoc was send from ECC (application system with application IDoc metadata) to an XI/PI system (basis system      
      without application idoc metadata
     The IDoc adapter on the pi system must analyze the IDoc segments and must know the idoc application metadata,
     but this is not known. So the idoc adapter on PI side looks at the senderport to identify the sender.
     In transaction IDX1 an rfc-destination can be configured to point to the sendersystem with that senderport
     With this rfc-destination  the IDoc adapter tries to read the idoc aplication metadata from the ECC system and stores it on PI side.
     If there is no rfc-destination configured in transaction IDX1 on PI side you get the error mentioned in your request.
     I assume that in transaction IDX1 somebody configured the correct RFC-Destination.
  I hope this clarification helps you to understand the error and the solution.
  Kind regards,
  Andreas Dahl

• SAP_AUDITOR* roles on SAP ECC 6.0

  Dear all,
  I am trying to check some roles existing in the Note 451960, which refer to some audit roles.
  Looking for those role in my system (PCFG role name SAP*AUDITOR) I did not get the list of SAP standard roles .
  Do you have some idea why? and what I should do in order I can have those standard roles  in my system?
  I will appreciate any help in this regard.
  Thanks in advance.
  FedeX

  >
  FedeX wrote:
  > Dear all,
  >
  > I am trying to check some roles existing in the Note 451960, which refer to some audit roles.
  >
  > Looking for those role in my system (PCFG role name SAP*AUDITOR) I did not get the list of SAP standard roles .
  >
  > Do you have some idea why? and what I should do in order I can have those standard roles  in my system?
  >
  > I will appreciate any help in this regard.
  >
  > Thanks in advance.
  > FedeX
  Put one more * and you'll find them.  PFCG->SAPAUDITOR

• SSO-BW-BOE : creating roles on SAP BW systems

  Hi
  http://wiki.sdn.sap.com/wiki/display/BOBJ/HowtocreateCRYSTAL_ENTITLEMENTSAP+role
  As per this link we created a role Webi_entitlement
  And assigned security for user Test.
  But when you look at the referred sap integ installation guide - pg 80 says as below :
  Authorisation Object : Authorization Check for RFC Access (S_RFC)
  Field : Name of RFC to be protected (RFC_NAME)
  Value : BDCH, STPA, SUSO, SUUS, SU_USER, SYST, SUNI, PRGN_J2EE, /CRYSTAL/SECURITY
  Although we have done as advised for role creation, the above was a bit unclear.
  Because everywhere the example is given only for crystal.
  And we are only looking at Web Intelligence.
  And we are not sure as to what these values really are meant for.
  Whether it is the same for Webi too.
  Or whether it is supposed to be different.
  We are not clear.
  Hence, Can anyone advise :
  1) what these values represent :  BDCH, STPA, SUSO, SUUS, SU_USER, SYST, SUNI, PRGN_J2EE,
  and why are we adding these values ?
  2) also why is there a comma at the end  before a forward slash : what is the significance ?
  e.g. there is a comma after prgn_j2ee / username / security
  PRGN_J2EE, /CRYSTAL/SECURITY
  Can anyone please clarify the need or the reason for this comma at the end ?
  Or is it just a way, it works,
  SO.
  A comma has to be included  as stated in the guide ?
  Or is it a typo error ?
  Many thanks.
  Kind regards
  indu
  Edited by: Indumathy Narayanan on Jun 8, 2011 8:09 AM

  Hi Indu,
  The values BDCH, STPA, SUSO, SUUS, SU_USER, SYST, SUNI, PRGN_J2EE, /CRYSTAL/SECURITY are all standard values .
  These values are necessary to check the authorization for rfc connections.
  If u want to fetch data from ecc to bi , you should have authorization to access ecc data through rfc connection and that authorization is provided by using this object S_RFC .
  Basis consultant  can clearly explain u what all these values refers to..
  /CRYSTAL/SECURITY :This is as per standard and you need to provide the value as it is ...
  @Sri

• Creating Purchase Requisitions in ECC for CRM Service Items

  Hi,
  We are implementing ECC6.0 and CRM5.0 for a client.
  In this implementation we require to create a scenario for Procurement of services.
  I have maintained the basic settings in CRM and ECC.
  But i am still unable to generate a Purchase Requisition for the service order created in CRM for service material of type DIEN.
  Looking forward to help.
  Thanks and Regards,
  Rekha Dadwal

  Hi Rekha,
  We are still struggling to create a purchase requisition in ecc from service order.
  I know you should have faced gthe same problem and I understand you might have solved it as well. Please guide us if possible on the same.
  rightnow we are facing the error in which the system is tryig to create a purchase requisition but it is picking a default purchasing organisation 0001 from somewhere... and trying to check its assignement with the material plant.
  is there somwhere we assign a default purchasing org in crm ecc integration... or where is it picking up this default purchasing organisation...
  i will award you with points
  Surendra More

• View ui layout in sap ecc for web dynpro applications is not loading

  hi experts,
  I have an issue while creating a view in WDA.
  I can see the View pane with buttons & properties, but when i'm trying to insert an element, error occurs.
  Is it the prolem with IE (my IE version is 7.0.5730.13 ) or GUI or something else ?
  Can you please help me out to solve this issue.
  regards,
  prabhanjan
  Edited by: prabhanjangeevanagari on Oct 3, 2011 9:39 AM

  Those are all script errors, also check for the hosts entry for the server details that you are working on. Check with the basis team, before that in Drivers\etc\hosts file you should have an entry for this server that you are working on.

• Transport Mechanism in SAP Cloud for Customer

  Dear All,  Do we have a mechanism to move newly created roles in SAP Cloud for Customer, from D?? to Q?? to P?? !? If not, is there an alternative methodology to move security roles Or if nothing exits, do we have a timeline as to when we can expect an alternative solution ? Please share. Thanks raj

  Hello Raj,
  Instead of recreating the roles, you can use the Migration Templates available. These are excel templates which can be downloaded from the tenant . Under the Activity List in Implementation Projects, you could go to Integrate and Extend and choose Migration of Business Roles to upload this excel. This is a step by step mechanism which will allow you to migrate your business roles instead of recreating each role manually. Pre-requisite of this is that you need to make sure you have scoped the system properly allowing for this.
  Hope this helps.
  BR
  Nikhil

• Create Roles with acess control in SAP MDM

  Hi Experts,
  I am new to SAP MDM.I want to know how to create roles with access control for various users in SAP MDM.
  Thanks,
  Manoj

  hi,
  in the console; you can create roles with access control and you can assign these roles to users.
  follow this path:
  Console --> repository --> Admin node --> roles,
  here you can create new role. for role here you can maintain
  1. role detail
  2. Functions --here you can restrict the particular role ,  none / Execute the functions.
  3. Tables/fields  -- here you can give access to the role Read only / Read and write, and you can apply constraints also.
  and follow the links:
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  hope this may help you,
  Regards,
  Srinivas

• Postings in SAP HR for creating delta records for Time Management

  Hi Experts,
                    I am trying to test delta load for SAP HR Time Management Datasources. I am fairly new to SAP HR and need some help.
  Where do we create postings in  SAP HR for creating delta records which can be imported to BW. This is for the data sources 0HR_PT_1 and 0HR_PT_2.
                 Any help is appreciated. Will assign full points
  Regards
  Sunil Kumar.

  Hi,
  In order to test the above data sources you need to have some employee enter his time details or change the entered time details.  That will create some delta records for the planned or actual times.  CAT2 transaction should help entering the time details in SAP. 
  Hope it helps.

• TIPS(42) : SCRIPT FOR CREATING ROLES

  제품 : SQL*PLUS
  작성날짜 : 1997-02-10
  TIPS(42) : SCRIPT FOR CREATING ROLES
  ====================================
  REM
  REM SCRIPT FOR CREATING ROLES
  REM
  REM This script must be run by a user with the DBA role.
  REM
  REM This script is intended to run with Oracle7.
  REM
  REM Running this script will in turn create a script to build all the roles
  REM in the database. This created file, create_roles.sql, can be run
  REM by any user with the DBA role or with the 'CREATE ROLE' system privilege.
  REM
  REM Since it is not possible to create a role under a specific schema, it is
  REM essential that the original creator be granted 'ADMIN' option to the role.
  REM Therefore, such grants will be made at the end of the create_roles.sql
  REM script. Since it is not possible to distinguish the creator from someone
  REM who was simply granted 'WITH ADMIN OPTION', all grants will be spooled.
  REM In addition, the user who creates the role is automatically granted
  REM 'ADMIN' option on the role, therefore, if this script is run a second
  REM time, this user will also be granted 'ADMIN' on all the roles. You must
  REM explicitly revoke 'ADMIN OPTION' from this user to prevent this from
  REM happening.
  REM
  REM NOTE: This script will not capture the create or grant on the Oracle
  REM predefined roles, CONNECT, RESOURCE, DBA, EXP_FULL_DATABASE, or
  REM IMP_FULL_DATABASE.
  REM
  REM Only preliminary testing of this script was performed. Be sure to test
  REM it completely before relying on it.
  REM
  set verify off
  set feedback off
  set termout off
  set echo off
  set pagesize 0
  set termout on
  select 'Creating role build script...' from dual;
  set termout off
  spool create_roles.sql
  select 'CREATE ROLE ' || lower(role) || ' NOT IDENTIFIED;'
  from sys.dba_roles
  where role not in ('CONNECT','RESOURCE','DBA', 'EXP_FULL_DATABASE',
  'IMP_FULL_DATABASE')
  and password_required='NO'
  select 'CREATE ROLE ' || lower(role) || ' IDENTIFIED BY VALUES ' ||
  '''' || password || '''' || ';'
  from sys.dba_roles, sys.user$
  where role not in ('CONNECT','RESOURCE','DBA', 'EXP_FULL_DATABASE',
  'IMP_FULL_DATABASE')
  and password_required='YES' and
  dba_roles.role=user$.name
  and user$.type=0
  select 'GRANT ' || lower(granted_role) || ' TO ' || lower(grantee) ||
  ' WITH ADMIN OPTION;'
  from sys.dba_role_privs
  where admin_option='YES'
  and granted_role not in ('CONNECT','RESOURCE','DBA', 'EXP_FULL_DATABASE',
  'IMP_FULL_DATABASE')
  order by grantee
  spool off
  exit
  REM ---------------------------------------------------------------------------

  One thing that stands out as being undesirable as far as best practices go is that you are placing code on objects (using the on() approach).  The proper approach is to assign instance names to your interactive objects and use them to place all of your code on the timeline where it is readily visible.  In doing so you may just find that alot of the code you show can be modularized into functions that can be shared by different objects rather than having each one carrying a full load on its back. You may find you can pass arguments to shared functions that make the same functions capable of supporting interactions with different objects
  Your on(press) call performs an unnecessary conditional test.  If you change the condition to be   if (project._currentframe != 25) you can avoid this.
  In your on(rollOver) call's set of conditionals, you have some lines that repeat in each condition, so they can be moved to the end outside the conditionals.
  Your on(release) call has the same issue as your on(press) call.  Also the overrun use of the _parent target is an indication that most of the code in this call would likely serve you better sitting in the _parent timeline, and your button could just call that function

• Using the Open Catalog Interface (OCI) between SAP-ECC 6.0 and SAP-MDM

  Hello ASUG Community.
  I'm working on an SAP-MDM project where we will configure the OCI interface between SAP-ECC 6.0 and SAP-MDM.  The business requirement will be to punch out to SAP-MDM's catalog from SAP-ECC for expensed items (e.g., no material master record exists in SAP-ECC).
  The data that will be returned to SAP-ECC will be purchase price info, material group, short text, & our global SAP-MDM item number.
  The question I've been trying to design around is "where to store the SAP-MDM item number"?
  I've looked into creating a custom filed on EKPO but now feel that a configured text field will be the best solution from an SAP-ECC point of view (less effort on the SAP-ECC side from a development perspective, no need to regenerate the EKPO table, etc.).
  The question I'd like to pose to ASUG is.... Does anyone have experience or an opinion to offer using this functionality?  It seems that I will have to code in a user exit or BAdi to insure that the SAP-MDM item numbers are returned to the appropriate text field on my POu2019s.  Or can this be done using the standard OCI functionality?
  I found OSS note 1347656 which references BADI "ME_CATALOG_INTERFACE" but I'm not sure if this right path to go down or if this would be the correct place to code non-conforming OCI mapping requiremetns.
  Any insight would be most appreciated.
  Thanks.  Sincerely,
  Rich Wortmann

  I would suggest you create a new field for this as you may require thois going forward for reporting as well. Text fields are difficult to report.
  Sorry not sure about the BADI to use.

• PO approval process in ECC for extended classic scenario

  Hi All,
  At this moment we are using SAP ECC for procure to pay process. In the existing system set up, our ECC purchase order goes for approval via SAP enterprise portal(EP). We are planing to implement SRM 7.0 Extended classic scenario, so that user can take the advantage of creating PO in their web portal. We don't want to disturb our existing ECC PO approval process at this point of time.  
  So our requirement is :
  User will create PO in SRM. Same PO will replicated in ECC and the PO will goes for approval in in ECC and the PO output will generate in ECC. Can it me possible in extended classic scenario ?
  Thanks in advance.
  Regards,
  Jennifer
  Edited by: Jennifer Batty on Aug 8, 2011 5:08 PM

  Hi Jennifer,
  Since SRM PO will be leading PO in extended classic scenario, why donot you design the process controlled workflow in line with the existing release strategy that you are using for ECC PO?
  Thanks and regards,
  Ranjan
  Ranjan Sutradhar

• Data security (Data from SAP BW) for AD users

  Hi  All,
  I have a scenario.
  BO env : Business Objects 3.1 Sp3
  Sap Integration kit Sp3
  My target is to implement AD SSO & also provide data security for data from SAP BW. Currently there are no roles & authorization defined in the sap System. My plan was
  Step 1:-  Implement AD SSO in Business Objects
  Step 2:  Map the AD users in SAP system
  Step 3:- Crate roles in SAP System
  Step 4:-  Assign the users roles
  Steps 5:- (Not sure) :-  Map the users (Now in SAP) to BO & then aliases them with the users from AD.
  Pleas let me know if this would be correct approach... if not please suggest.... I am kind of new to SAP BO integration with experience in BO admin

  Step 1: Setup Windows AD SSO on your BOBJ server
  Step 2: Import Windows AD groups in BO
  Step 2-  Setup Server-side SNC between BO and your SAP system
  Step 3:- Create roles in SAP System and import them in BO
  Step 4:-  Assign SAP users the created roles
  Step 5: - In the CMC create SAP aliases for your Windows AD accounts
  Step 6: - Setup your reports and/or universe connections to use SSO.
  For more information on server side SNC check the installation guide of the integration Kit.
  Regards,
  Stratos

• Show SAP ECC document in CE

  Hi experts,
  In CE portal I want to show/update/create document from SAP ECC. In ECC I can use CV01, CV02 or CV03.
  Can you tell me how I can do it in CE Portal.
  Are there some tools that I can reuse?
  Thank you in advance for your help.
  KR
  Francois

  Any Idea?
  I am new in composition environment, can you give me general information about how to do this?
  Thank you in advance.
  Edited by: François BECKER on Mar 23, 2011 2:46 PM

• Replication of a BP in CRM as a FI Vendor in ECC for Grants Management

  Hi,
  We are implenting SAP CRM 7 with SAP ECC for Grants Management, integrated with FI AP (we're not using PSCD).
  For BP replication we followed the next steps, however something looks it is incorrect because my BDOC still shows errors:
  The middleware settings had been completed between the CRM and the ECC system.
  - Site, Suscription and replication from CRM to SAP ECC are in placed
     -The next replication object are activated:
      -All Business Partners (MESG)   (BUPA_MAIN)
      -All Busines Partner Relationships (MESG) (BUPA_REL)
      -All Business Transactions (MESG)
      -Grantor Program Management
  Also we implemented the next steps:
  1) Define the number ranges for BP groupings in CRM: This number range would be internal in CRM and External in ECC.
  CRM (IMG) -> Customer Relationship Management -> Cross-Application Components -> SAP Business Partner -> Basic Settings ->
  Number Ranges and Groupings
  2) Since the BP would be replicated as a BP in ECC we define the same number ranges in ECC too:
  ERP (IMG) -> Customer Relationship Management -> Cross-Application Components -> SAP Business Partner -> Basic Settings ->
  Define Groupings and Assign Number Ranges
  3) Activate the post-processing framework: (Business processes CVI_02 and CVI_04 in Component AP-MD)
  ERP (IMG) -> Cross-Application Components -> General Application Functions ->Postprocessing Office -> Business Processes->
  Activate Creation of Postprocessing Orders
  4) Activate PPO Requests for Platform Objects in the Dialog:
  ERP (IMG) -> Cross-Application Components -> Master Data Synchronization -> Synchronization Control -> Synchronization
  Control -> Activate PPO Requests for Platform Objects in the Dialog
  Edited by: Lyda Osorio on Oct 9, 2009 7:25 AM

  For CRM I had the following FM activated:
  BPOUT     BUPA     100000     CRM_BUPA_OUTB_RENTED_ADDRESS     X
  BPOUT     BUPA     200000     BUPA_MWX_BDOC_CREATE_MAIN     X
  BPOUT     BUPA     300000     CRM_BUPA_OUTB_MARKETING_ATTR     X
  BPOUT     BUPA     400000     VEND_MWX_CREATE_MAIN_BDOC     X
  BPOUT     BUPA     1000000     BUPA_OUTBOUND_MAIN     X
  BPOUT     BUPR     100000     BUPA_MWX_BDOC_CREATE_REL     X
  BPOUT     BUPX     1000000     MDS_BUPA_OUTBOUND     X
  CLEAR     BUPA     1000000     BUPA_OUTBOUND_CLEAR_FLAGS     X
  CRMIN     BUAG     100000     CRM_BUAG_MWX_PROCESS_EXT_STRUC     X
  CRMIN     BUPA     90100     CRM_BUPA_INBOUND_SET_BUAG_FLAG     X
  CRMIN     BUPA     1000000     BUPA_INBOUND_MAIN_CENTRAL     X
  CRMIN     BUPA     1100000     CRM_BUPA_INBOUND_MAIN_MD     X
  CRMIN     BUPA     1200000     CRM_BUPA_BDOC_MAP_MAIN     X
  CRMIN     BUPA     1400000     CRM_BUPA_KOREA_INBOUND_MAP     X
  CRMIN     BUPA     2000000     ABA_FSBP_INBOUND_MAIN     X
  CRMIN     BUPR     1000000     BUPA_INBOUND_REL_CENTRAL     X
  CRMIN     BUPR     1100000     CRM_BUPA_INBOUND_REL_MD     X
  CRMIN     BUPR     1200000     CRM_BUPA_BDOC_MAP_REL     X
  CRMOU     BUAG     100000     CRM_BUAG_MWX_FILL_EXT_FROM_MEM     X
  CRMOU     BUPA     1000000     BUPA_OUTBOUND_BPS_FILL_CENTRAL     X
  CRMOU     BUPA     1200000     CRM_BUPA_OUTB_BPS_FILL_MD     X
  CRMOU     BUPR     1000000     BUPA_OUTBOUND_BPR_FILL_CENTRAL     X
  CRMOU     BUPR     1200000     CRM_BUPA_OUTB_BPR_FILL_MD     X
  CRMOU     BUPR     1300000     CRM_BUPA_BDOC_BPR_FILL_DATA     X
  EXTR     BUAG     100000     CRM_BUAG_MAIN_GET_ID_LIST     X
  MERGE     BUPA     1000000     MERGE_BUPA_CENTRAL     X
  MERGE     BUPA     2000000     MERGE_BUPA_FINSERV     X
  MERGE     BUPR     1000000     MERGE_BUPR_CENTRAL     X
  PXYIN     BUPA     1000000     BUPA_INBOUND     X
  R3AOU     BUPA     100000     BUPA_MWX_BDOC_UP_CURRSTATE_SET     X
  XIIN     BUPA     1000000     ABA_BUPA_MAP_PROXY_TO_DDIC     X
  XIIN     BUPA     2000000     ABA_FSBP_MAP_PROXY_TO_DDIC     X
  XIIN     BUPA     2100000     ABA_FSBP_MAP_PROXY_TO_DDIC_1     X
  XIIN     BUPR     1000000     ABA_BUPR_MAP_PROXY_TO_DDIC     X
  XIOUT     BUPA     1000000     ABA_BUPA_MAP_DDIC_TO_PROXY     X
  XIOUT     BUPR     1000000     ABA_BUPR_MAP_DDIC_TO_PROXY     X