Creation of BP with default role

Hi ,
   I have a requiement where in I want a Business Partner to be created with a default role ,i.e CRM006. I can do this in GUI with the help of authorizations.
But the same does not work in PCUI.
My requirement is whenever a user creates a Business Partner, Role CRM006 automatically gets assigned to it.
please sugest something.
Help will be apreciated.
Regards
Sourabh Verma

Hi PREMKUMAR LNS,
you can easily implement BADI: BADI_CRM_BP_UIU_DEFAULTS
IF_UIU_BP_DEFAULTS~GET_DEFAULT_VALUES
and write something like this:
assign cr_me->('TYPED_CONTEXT') to <typed_context>.
  if sy-subrc = 0.
    lr_typed_context ?= <typed_context>.
    if lr_typed_context is bound.
      assign lr_typed_context->('HEADER') to <context_node>.
      if sy-subrc = 0.
        try.
            lr_node            ?= <context_node>.
          catch cx_sy_move_cast_error.  "EC_NOHANDLER
        endtry.
        if lr_node is bound.
          lr_coll_wrapper ?= lr_node->collection_wrapper.
          if lr_coll_wrapper is bound.
            try.
                lr_current ?= lr_coll_wrapper->get_current( ).
                check lr_current is bound.
controllo la tipologia di account
                zbp_category = lr_current->get_property_as_string( 'BP_CATEGORY' ).
               zbp_group    = lr_current->get_property_as_string( 'BP_GROUP' ).
                if zbp_category = '1'.
                elseif zbp_category = '2'.
              Set default role at creation to "Relation"
                   break domino.
                    zobp_category = lr_current->get_property_as_string( 'BP_ROLE' ).
                    if  zobp_category is initial.
Here you are setting the default role   
                  lr_current->set_property( iv_attr_name = 'BP_ROLE'
                                   iv_value = 'BUP002' ).
                    endif.
                else.
                endif.
              catch cx_sy_move_cast_error.
            endtry.
          endif.
        endif.
      endif.
    endif.
  endif.

Similar Messages

  • Restricting administrator tab to user created with default role OIM 11g R2

    Hi,
    I have a query, if we create a user in OIM 11g R2 without any admin role and then login to Self Service screen (Identity) with the newly created user, we can see the Administration Tab is visible to the user.
    Is this mean that by default user is having admin role assigned to him to do some of the admin activities.
    Please let me know how to control this behavior and not to show the Administration tab to the user until and unless he is having some admin roles assigned to him.
    Please help.

    You can hide Administration tab for normal users using EL's. By default users will get this tab when they login to identity console even though admin role is not assigned to them. But if you do any operation on any users, request will be raised accordingly.
    Check this link to configure EL's http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#autoId18

  • RE: Default role config in CUP

    Dear Experts,
    I got a problem with default role configuration. Please help me in resolving the issue.
    I want to configure defaults for all request types like new account and change account as well. Also I what the option "Create if user does not exist" to YES.
    This means when ever change account workflow is executed for the existing users, default roles are getting assigned redundantly. is there any way to fix this problem.
    My solution is to schedule "PRGN_COMPRESS_TIMES" job so that system will delete all redundant roles. Please advise if there  is any other alternative. Client is insisting to have the option "Create if user does not exist"in Auto provisioning enabled.
    I appreciate your help.
    Thanks,
    Raj

    Hi
    Set the below parameters it never assign the role for change request.
    it is working in our system.
    CUP---->Configuration->Roles>Default Roles-->Request type = New Hire

  • Issue with defaulting Business Partner Role while BP Creation

    Hi,
    I am having a simple requirement that while creating any contacts, the Business Partner role and authorization group will be defaulted.
    Now 1st was trying to wrtite code in the enhancement spot : CRM_UIU_BP_ENHANCEMENT --> badi CRM_BP_UIU_SAVE --> Method ON_SAVE_EVENT (Event handler for save event ).  But sometimes it is triggered, some times not. When it it triggered, transaction is giving a dump.
    Again, I tried to write code in badi BUPA_GENERAL_UPDATE. There also, I am getting the same error  " The COMMIT WORK processing must not be interrupted. "
    I am writing this code in the method :
    *Call this BAPI to fill the memory
        CALL FUNCTION 'BAPI_BUPA_CENTRAL_CHANGE'
          EXPORTING
            businesspartner = ls_but000-client.
      CALL FUNCTION 'BUP_MEMORY_BUT000_GET'
        EXPORTING
          iv_partner      = ls_but000-partner
        IMPORTING
          es_but000       = ls_bus000_upd
        EXCEPTIONS
          not_found       = 1
          parameter_error = 2
          OTHERS          = 3.
      IF ls_bus000_upd-augrp IS INITIAL.
        ls_bus000_upd-augrp = '9000'.
      ENDIF.
    *   Populate new BUT000 data
      CALL FUNCTION 'BUP_MEMORY_BUT000_FILL'
        EXPORTING
          is_but000       = ls_bus000_upd
        EXCEPTIONS
          parameter_error = 1
          OTHERS          = 2.
    I can't understand why this dump is coming? Please help if there is any other way to defaulting roles..

    Hi Suchandra,
    Are you trying to default Business Roles & Authorizations at the time of SAVE of a new CP?
    If yes, then everytime you click on SAVE button on CP Create Screen the Save BADi will be triggered.
    Cases when its not getting triggered please debug into the event handler method of view-BP_CONT/BPCONTOverview->EH_ONSAVE method.
    In this method at line (below) the save badi is triggered:-
    IF cl_crm_uiu_bp_tools=>save( ir_message_service = lr_msg_service ) = abap_true.
    In the above method - CL_CRM_UIU_BP_TOOLS=>SAVE( ) the save event handler is triggered :-
    * trigger ON_SAVE for registered handlers
      raise_save_event( ).
    If you want the default to happen when you navigate to CP Screen , you'll have to put the defaulting code in an implementation of a different badi - BADI_CRM_BP_UIU_DEFAULTS.
    - Dedeepya
    Edited by: dedeepya reddy on Nov 15, 2011 2:07 PM

  • Use of default XACML with custom role mapper and authorization provider

    Hi,
    Is it possible to use the default XACML provider for custom role mappers and authorization providers when role information will be provided via an external application ( not an LDAP or RDBMS server )?
    My custom providers will be communicating with the external application via an API that accepts user credentials and will return decisions whether the credentials were successfully authenticated as well as returning a list of roles for the authenticated user.
    Once the roles and the subject are cached, will the default XACML provider be able to use them to make role mapping and authorization decisions?

    I see 2 approaches. First, write a custom authenticator that stores the role information in the subject either by creating a custom java.security.Principal that is stored in the Subject or by saving it in PrivateCredentials of the Subject. Then right a custom role mapper that knows how to get the role information from the Subject and return a role Map. The default XACML Authorizer will then work with the role information in the role map.
    Second approach is to write a custom role mapper that looks up the role information based on the Subject and returns a role map.
    The chosen approach depends on where you're getting the role information from.

  • Content area should be a white area/page with the first/default role

    Hi All,
    Pealse help me
    When user logs in to the Portal, content area should be a white area/page with the first/default role
    Thanks,
    Jyothi.

    hi,
    simple way, create a static HTML page with your company logo (or empty page) and upload to KM, assign it to existing Home role as a KM document iview that loads first.(make entry point - yes).
    assign the role to everyone group with property -sort priority 10 for role (low compared to all other roles)
    regards,
    mahesh.

  • Default role with membership login

    I am creating a new instance of our portal. Right now, I have the login set to membership. If I create a new user, I get a serious desktop error. (error below)
    I noticed when I go into the admin this new user has no role assigned. How do I set it up so the user would get the look from default?
    09/17/2003 09:06:51:387 AM EDT: Thread[Thread-185,5,main]
    ERROR: JspRequestDispatcher:
    javax.servlet.ServletException: Problem processing JSP: /header.jsp
    at com.sun.portal.providers.jsp.JspRequestDispatcher.getJspResource(JspRequestDispatcher.ja
    a:164)
    at com.sun.portal.providers.jsp.JspRequestDispatcher.include(JspRequestDispatcher.java:97)
    at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:408)
    at jsps.etc._opt._SUNWps._desktop._iConnect._default_en_US._JSPTabContainer._html._tab_js
    ._jspService(_tab_jsp.java:85)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
    at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:692)
    at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:672)
    at com.sun.portal.providers.jsp.JSPProvider.getContent(JSPProvider.java:471)
    at com.sun.portal.providers.containers.jsp.tab.JSPTabContainerProvider.getContent(JSPTabCon
    ainerProvider.java:535)
    at com.sun.portal.desktop.context.PSContainerProviderContext.getContent(PSContainerProvider
    ontext.java:367)
    at com.sun.portal.desktop.context.PSDesktopContext.getContent(PSDesktopContext.java:957)
    at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:493)
    at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:303)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.jav
    :897)
    at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1065)
    at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:959)
    09/17/2003 09:06:51:402 AM EDT: Thread[Thread-185,5,main]
    ERROR: DesktopServlet.handleException()
    com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=tab.jsp, java.lang.In
    exOutOfBoundsException: Index: 0, Size: 0
    at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:709)
    at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:672)
    at com.sun.portal.providers.jsp.JSPProvider.getContent(JSPProvider.java:471)
    at com.sun.portal.providers.containers.jsp.tab.JSPTabContainerProvider.getContent(JSPTabCon
    ainerProvider.java:535)
    at com.sun.portal.desktop.context.PSContainerProviderContext.getContent(PSContainerProvider
    ontext.java:367)
    at com.sun.portal.desktop.context.PSDesktopContext.getContent(PSDesktopContext.java:957)
    at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:493)
    at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:303)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.jav
    :897)
    at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1065)
    at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:959)
    java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
    at java.util.ArrayList.RangeCheck(ArrayList.java:486)
    at java.util.ArrayList.get(ArrayList.java:302)
    at com.sun.portal.desktop.util.SmartList.get(SmartList.java:132)
    at com.sun.portal.providers.containers.jsp.tab.util.TabData.getSelectedTabName(TabData.java
    157)
    at com.sun.portal.providers.containers.jsp.tab.JSPTabContainerProvider.getSelectedTabName(J
    PTabContainerProvider.java:344)
    at com.sun.portal.desktop.taglib.container.tab.GetSelectedTabNameTag.doStartTag(GetSelected
    abNameTag.java:21)
    at jsps.etc._opt._SUNWps._desktop._iConnect._default_en_US._JSPTabContainer._html._tab_js
    ._jspService(_tab_jsp.java:130)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
    at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:692)
    at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:672)
    at com.sun.portal.providers.jsp.JSPProvider.getContent(JSPProvider.java:471)
    at com.sun.portal.providers.containers.jsp.tab.JSPTabContainerProvider.getContent(JSPTabCon
    ainerProvider.java:535)
    at com.sun.portal.desktop.context.PSContainerProviderContext.getContent(PSContainerProvider
    ontext.java:367)
    at com.sun.portal.desktop.context.PSDesktopContext.getContent(PSDesktopContext.java:957)
    at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:493)
    at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:303)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.jav
    :897)
    at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1065)
    at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:959)

    It seems like "serious desktop error" is actually
    caused by header.jsp and has nothing to do
    with the fact that user has no roles assigned
    (which is the "default" role for new portal user)
    Cheers,
    Alex :-)

  • Default role  with password - reality check

    I support the database for an application. We upgraded from Oracle10 to Oracle11 9 months ago. Then recently we applied the OCT CPU.
    The application admin says that they have a program that has recently stopped working that worked after the Oracle11 upgrade.
    The application user has a default role which has a password. Is that possible? A default role with a password. Would this have ever worked in any version of Oracle?

    Default role with password is a feature even available with Oracle XE. Default roles are activated without requiring role password in Oracle 10.2:
    SQL> drop user admin cascade;
    User dropped.
    SQL> drop user test cascade;
    User dropped.
    SQL> drop role rwp;
    Role dropped.
    SQL> select * from v$version;
    BANNER
    Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product
    PL/SQL Release 10.2.0.1.0 - Production
    CORE    10.2.0.1.0      Production
    TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
    NLSRTL Version 10.2.0.1.0 - Production
    SQL>
    SQL> create user admin identified by oraclexe;
    User created.
    SQL> grant create session, create table to admin;
    Grant succeeded.
    SQL> grant unlimited tablespace to admin;
    Grant succeeded.
    SQL> grant create user to admin;
    Grant succeeded.
    SQL> grant create role to admin;
    Grant succeeded.
    SQL>
    SQL> create user test identified by oraclexe;
    User created.
    SQL> grant create session to test;
    Grant succeeded.
    SQL>
    SQL> connect admin/oraclexe;
    Connected.
    SQL> create table t(x varchar2(10));
    Table created.
    SQL> insert into t values('admin OK');
    1 row created.
    SQL> commit;
    Commit complete.
    SQL> create role rwp identified by oraclexe;
    Role created.
    SQL> grant all on t to rwp;
    Grant succeeded.
    SQL> grant rwp to test;
    Grant succeeded.
    SQL>
    SQL> connect test/oraclexe;
    Connected.
    SQL> select * from session_roles;
    ROLE
    RWP
    SQL> select * from admin.t;
    X
    admin OK
    SQL> insert into admin.t values('test OK');
    1 row created.
    SQL> commit;
    Commit complete.
    SQL> select * from admin.t;
    X
    admin OK
    test OK
    SQL>There have been changes between Oracle 10.2 and 11.2 because the same script fails in 11.2 unless the role is set with the password:
    SQL> drop user admin cascade;
    User dropped.
    SQL> drop user test cascade;
    User dropped.
    SQL> drop role rwp;
    Role dropped.
    SQL> select * from v$version;
    BANNER
    Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
    PL/SQL Release 11.2.0.1.0 - Production
    CORE    11.2.0.1.0      Production
    TNS for Linux: Version 11.2.0.1.0 - Production
    NLSRTL Version 11.2.0.1.0 - Production
    SQL>
    SQL> create user admin identified by oraclexe;
    User created.
    SQL> grant create session, create table to admin;
    Grant succeeded.
    SQL> grant unlimited tablespace to admin;
    Grant succeeded.
    SQL> grant create user to admin;
    Grant succeeded.
    SQL> grant create role to admin;
    Grant succeeded.
    SQL>
    SQL> create user test identified by oraclexe;
    User created.
    SQL> grant create session to test;
    Grant succeeded.
    SQL>
    SQL> connect admin/oraclexe;
    Connected.
    SQL> create table t(x varchar2(10));
    Table created.
    SQL> insert into t values('admin OK');
    1 row created.
    SQL> commit;
    Commit complete.
    SQL> create role rwp identified by oraclexe;
    Role created.
    SQL> grant all on t to rwp;
    Grant succeeded.
    SQL> grant rwp to test;
    Grant succeeded.
    SQL>
    SQL> connect test/oraclexe;
    Connected.
    SQL> select * from session_roles;
    no rows selected
    SQL> select * from admin.t;
    select * from admin.t
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> insert into admin.t values('test OK');
    insert into admin.t values('test OK')
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> commit;
    Commit complete.
    SQL> select * from admin.t;
    select * from admin.t
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL>
    SQL> set role rwp identified by oraclexe;
    Role set.
    SQL> select * from session_roles;
    ROLE
    RWP
    SQL> select * from admin.t;
    X
    admin OK
    SQL> insert into admin.t values('test OK');
    1 row created.
    SQL> commit;
    Commit complete.
    SQL> select * from admin.t;
    X
    admin OK
    test OK
    SQL>10.2 Security Guide says:
    If you are granted a role protected by a password, then you can enable or disable the role by supplying the proper password for the role in a SET ROLE statement. However, if the role is made a default role and enabled at connect time, then the user is not required to enter a password.
    11.1 and 11.2 Secuirty Guide says:
    If a user is granted a role protected by a password, then you can enable or disable the role by supplying the proper password for the role in the SET ROLE statement. You cannot authenticate a password-authenticated role on logon, even if you add it to the list of default roles. You must explicitly enable it with the SET ROLE  statement using the required password.
    Edited by: P. Forstmann on 20 févr. 2010 10:28

  • Creation of a second Exchange 2013 server on a different site (with the roles of MBX and CAS) fails on prepare active directory and prepare schema.

    Hello everyone
    I have a network infrastructure  consisting of 3 sites, site A, site B, and site C. i have 2 domain controllers on every site, and the AD roles are on the primary domain controller on site A. On site A I have an Exchange 2013sp1 CU6.
    I want to create a second Exchange on Site B, with the roles of mailbox (the exchange on Site A will be first DAG member and the Exchange on Site B will be the second member of the DAG) and CAS.
    First question: Is my  thought correct about installaing on the same server mailbox and CAS server?
    Second question: how many DAG witnesses I need for the DAG? One per site, or one in general (for example located on site A)
    Third question: When I am trying to perform “Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms”  I receive the error
    “ Setup encountered a problem while validating the state of Active Directory:
     The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema can't be executed.  See the Exchange setup log for more information on this error. For more information, visit:
    http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
    I tried  to run the PrepareSchema from  the ISO of Exchange 2013 SP1 and form the extracted content of Exchange 2013SP1 CU6 archive, but still receive the same error. Any ideas?
    Thanks in advance.

    Thank you for your answer,
    I have tried to run "Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms”  from
    Exchange 2013 CU6 media, but I still receive  the error:
    The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema
    can't be executed.  See the Exchange setup log for more information on this error. For more information, visit:http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
    any ideas?

  • How to preset fields in TA BP with default values

    Hi!
    I want to fill few fields in transaction BP with default values.
    This should be if there`s a new business partner to insert.
    If i can do this depending on the selected role it was the best
    First i thought on SPA/GPA-parameters ... but then i can`t do it in depence on the selected role.
    In customizing i can tell only if a field should be displayed or not, for input or not, ... but no values to insert.
    Is here anybody with a good idea for me?
    Thanks a lot in advance.
    Best regards,
    Ingo
    Edited by: Ingo Schmökel on Jul 1, 2008 7:20 PM

    Hi,
    There is one possibility which requires an enhancement of the
    BDT event ISDAT and a call to the function module
    BUP_BUPA_FIELDVALUES_SET. This means that an ISDAT function module needs to be written (transaction BUS7) which calls the function module BUP_BUPA_FIELDVALUES_SET with the needed values that are to be defaulted. You can read the role value using BUS_PARAMETERS_ISSTA_GET (T_RLTYP).The fields which are possible can be found in the DDIC structure BUSDEFAULT. However this is limited only to the fields inside this structure.
    Thanks and warm regards,
    Smita.

  • How to preset fields in a transaction BP with default values

    Hi!
    I want to fill few fields in transaction BP with default values.
    This should be if there`s a new business partner to insert.
    If i can do this depending on the selected role it was the best
    First i thought on SPA/GPA-parameters ... but then i can`t do it in depence on the selected role.
    In customizing i can tell only if a field should be displayed or not, for input or not, ... but no values to insert.
    Is here anybody with a good idea for me?
    I`ve posted my question first in crm-section but i think here it`s better
    Thanks a lot in advance.
    Best regards,
    Ingo

    Hi,
    There is one possibility which requires an enhancement of the
    BDT event ISDAT and a call to the function module
    BUP_BUPA_FIELDVALUES_SET. This means that an ISDAT function module needs to be written (transaction BUS7) which calls the function module BUP_BUPA_FIELDVALUES_SET with the needed values that are to be defaulted. You can read the role value using BUS_PARAMETERS_ISSTA_GET (T_RLTYP).The fields which are possible can be found in the DDIC structure BUSDEFAULT. However this is limited only to the fields inside this structure.
    Thanks and warm regards,
    Smita.

  • Inspection lot creation during GR with respect to Purchase Order

    Dear Experts,
    Here is my Question
    Inspection lot creation during GR with respect to Purchase Order
    Inspection type 01 set in the material master
    inspection lot will be created during GR for a Purchase order
    from my understanding for every GR a inspection lot will be created
    No batch Management
    but the requirement is irrespective to GR qty and number of times of GR
    we need inspection only one inspection lot
    For Instance
    There is a PO for 1000 kg no batch management
    now i do GR for 100 kg for 10 times with different dates
    now i need to have only one inspection lot
    not 10 inspection lot for each 100 kg
    can any one suggest a solution, please advise my understanding is correct
    Many thanks
    Raj

    Dear Raju,
    There is a solution for that .The setting can be done two ways, either in the material master or in the configuration
    1) Material Master
    MM02> QM View> Inspection Setup> 01> Control Insplot> 'X' An inspection lot for each purchase order item/order item 0r  An inspection lot for each material document and material
    a) 'X' An inspection lot for each purchase order item/order item
    This Means
    This setting is limited for use with the inspection lot origins 01 and 04.
    An inspection lot is only created during the first goods receipt for each PO item or production order.
    b) '1' An inspection lot for each material document and material
    If you set this indicator, the system creates only one inspection lot for a material document (in a goods receipt transaction) for each material. This setting is useful, if several purchase orders or partial deliveries are processed for the same material in a goods receipt transaction.
    2) You can do this default in the config
    SPRO > Quality Management >  Quality Inspection > Inspection lot creation >  Define Default values for inspection type > 01> Control Insp lot
    Hope this helps
    Regards
    gajesh

  • GRC 10.0 - Auto Approve default roles

    Hello All,
    Could you please help out me in the below scenarios.
         1) We have maintained default roles in NBWC- Access Management - Default roles.
         Also set the parameter 2038 to Yes- Auto approve roles without approver.
    In MSMP we have maintained Escape path if approver is not found at the role level.
    As default roles have no approver maintained request is taking the Escape Path which should not happen.
    We just want to auto approve the defualt roles and other than defualt roles request should take escape path if no approver found.
         2) In other action its quite same as the above one.
         When we are using provisioning type REMOVE for role removal. Request also takes the Escape path as Defualt roles has no approver.
    Once the ,Manager at first stage is approved, request should close for the removal type access.
    Please advise. Thanks in advance.

    In your custom initiator, you need to have mapped out all the scenarios of which path each line item in your request goes to.
    The condition columns can be an array of attributes, i.e. Request Type, Role name, Role Connector (System the Role is in), Functional area etc.
    In your case, if you want "default roles" auto approved, easiest thing to so is create an empty path (i.e. No stages) and have the initiator set so that if the "Role Name" is "X" (i.e. your default role), go to the path with no stages.
    BRF plus Flate Rule - GRC Integration - Governance, Risk and Compliance - SCN Wiki

  • ARQ: Default Role Provisioning Problem in Access Request???

    Hi,
    This Business Scenario is very common to have default role(s) assigned to a User at the back end system. So I have the same requirement. In achieving this, I followed below thread here:
    MSMP Issue - GRC 10
    I have also followed the note#1616092  for configuring the Default Roles.
    I have performed below activities:
    1. Param#2009 = YES
    2. Param#2010 = 001
    3. Param#2011 = REQUEST
    4. Param#2013 = SYSTEM
    5. Param#2038 = YES
    6. Imported a test role and NO ROLE OWNER is maintained.
    7.In NWBC->-AM->RM, I maintained a test role as a default.
    Now when I raise a request, application is successfully adding the default role to the request. However, the problem I am facing is that, one Manager approves the request, it is getting failed.
    The Audit Log says that, the STAGE is "Completed" but I could also see "No Agent Found, Cancelling path XYZ (in stage no. 002- GRAC_ROLEOWNER)
    May I know what I am missing here? Why I am getting error and how can I resolve it?
    Please advise.
    Regards,
    Faisal

    Hi Faisal,
    sorry for late resposne I was away traveling.
    default roles are being added by default to access request
    Yes, these roles are added to the access request.
    FN: OK
    and this roles are following your normal paths which I guess assumes manager and role owner.
    How such roles (not having role owner) will follow the normal path Manager->Role Owner if we are enabling routing (Rule ID: GRAC_MSMP_ROUTE_NO_ROLEOWNER) at manager stage level? Can you please help me understand this?
    FN: OK If you enable routing it will go to routing path. I have understood your post as you put in question the behavior of default roles and my point was - they act exacly the same like regular roles.
    - request is going to detour path
    Does it answer my question?
    FN: My point was default roles like all other will go to detur path (assuming you setup it globaly)
    Deafault roles can have separate path (in my case) where only supervisor is approving it.
    Instead of "GRAC_MSMP_ROUTE_NO_ROLEOWNER"  I believe we can have our own rule to have a separate path for such default roles based upon business requirement. Correct me, if required.
    FN; correct
    It was design in way that initiator rule based on role crtivality is sending this rule to separate path without role owner.
    Again, I believe you have enabled your custom rule here to achieve your business requirement instead standard rule id.
    correct
    If you do not have separate path - this role like any other will follow standard path you have.
    Here, I had used a stage called "ZNO_STAGE_PATH" for routing the system line item, which does not have any owner. I used the same path ID for "GRAC_MSMP_ROUTE_NO_ROLEOWNER"Rule ID and it is working fine as of now.
    FN: good
    My question is that, do you think if I don't use "ZNO_STAGE_PATH" as Path ID for "GRAC_MSMP_ROUTE_NO_ROLEOWNER" Rule ID, should it follow the standard Manager->Role Owner path and these default roles get approved and assigned automatically?
    FN: You should use the path ZNO_STAGE_PATH as path ID for routing rule.
    If the role does not have role owner it will not allow you the even get to Role Onwer stage - request will be detured.
    My point from the begining was - instead of using the routing rule - in our case we used separate path for default roles without role owner:) only consisted with manager stage. Again your approach is different but also will work.
    Then which Path ID should I use for "GRAC_MSMP_ROUTE_NO_ROLEOWNER" Rule ID, as it is mandatory?
    Should I use my current path for New/Change Account where at Manager level this was routed due to non availability of role owner?
    Are you asking for default roles?
    Please advise.
    Regards,
    Faisal

  • Creating physical standby db through grid control 11g fails with "default listener is not running"

    On step 4/6, i am getting error like below
    ErrorExamine and correct the following error(s), then re-try the operation.Default Listener in Grid Infrastructure - The default listener in the grid infrastucture is not running.
    I have the listener running on grid user and grid home, 11.2 in both primary and standby.
    During these steps till 4, its no where asked for grid user password.
    Not sure how it will detect the grid home listener.
    Listener is running with default port 1521 on both the servers primary and standby
    On the step 4 screen the other option for default listener is non-default listener and its pointing to db home and not grid home.
    So i guess oracle is looking for the listener to be up on the db home and not on grid home causing the issues,
    if so how to fix this ?
    I am using role separation, separate user for grid and oracle homes grid and oracle user and all are on 11.2.0.1 db + grid

    Hello again;
    Check the solution in this: ( and note the multiple versions of oracle it covers )
    UNABLE TO FIND GRID INFRASTRUCTURE LISTENER (Doc ID 1483234.1)
    Best Regards
    mseberg

Maybe you are looking for

  • After installing latest version of ITunes, can't access ITunes Store

    I've recently downloaded the latest version of Itunes (9.2.1.5) as since doing so I cannot access the ITunes Store. Prior to downloading this laterst version, I had no trouble with access. I've tried deleting the download and re-installing it, and I'

  • IP Phone restart and reset issue

    Dear All, Can someone help me here? Our IP phones are getting resetting and restarting frequently. Details are given below, but its not affecting our active calls. 9:38:38a 14: Name=SEPECC882B0AD77 Load= SCCP45.9-0-3S Last=UCM-closed-TCP 9:38:38a 18:

  • Viewing PDF. In Safari

    In Safari, PDFs stop loading at bottom of display.  How do you get entire document to load?

  • Seeing parse errors increment with KAL-AP

    Client I am doing work for as two pair of ACE 4710 appliances.  On the pair I am trying to put into production, I am seeing a large number of parse errors for the kal-ap stats.  I am not sure what these mean.  When the ACE is put into production, the

  • Passing Params from Mutiple Class in a Single Script

    Hi Folks, there is a scenario where there are many parameters (optional and mandatory parameters) , which are to be used across different functions with in a child script called CHDS So I want to create a separate class ABC with in the same script an