CUP 5.3: unlock account type request

Similar Messages

• SharePoint 2013 web service: Error while sending claim based authentication request (The corresponding SID in the domain is not part of the intended account type)

  We are using .asmx services for SharePoint features such as comments, and rating.
  Service
  Feature   used
  http://<<hostname>>/_vti_bin/socialdataservice.asmx
  Commenting, Rating
  http://<<hostname>>/_vti_bin/UserProfileService.asmx
  For out of box workflows
  In SharePoint 2013,
  SharePoint – 80  web application is on claims based mode and user is logging in with windows authentication. With logged-in client context used to call SharePoint's default web service, we are getting below error message from
  web service (Social data and user profile services).
  Server was unable to process request. ---> The corresponding SID in the domain is not part of the intended account type.
  When the service is accessed using console application with Visual Studio credentials (logged in user), we are able to access the service. Below is the code snippet
  using   (SocialDataService
  service = new  
  SocialDataService())
                    service.Credentials =
  CredentialCache.DefaultCredentials;
  SocialCommentDetail detail =   service.AddComment("<<url>>",
    "Test Comment",
  null,  
  null);
  Are SharePoint 2013 web services not supporting request coming with claim based authentication web application?
  Thanks, Pratik Agrawal (MAQ Software)

  While this applies to 2010, I believe the same is true with 2013:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/925e5f46-317f-46d3-bc55-c67f07eb2372/call-sharepoint-web-services-using-claimbased-authentication?forum=sharepointgeneralprevious
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• EUP Personalizaion - Delete/Lock/Unlock account

  Hi,
  I have followed a couple of links herein over EUP personalization, but didn't find the solutions on one scenario:
  If I am going to raise the request for Delete/Lock/Unlock account then there is no need to have the tabs: Risk violation and custom tabs as enabled. So, is there any way to make these tabs disabled/invisible.
  Would appreciate quick and positive response.
  Thanks,
  Ameet

  Neeraj,
  I doubt if you understood my question.
  My concern is with restricting the tabs: Risk analysis and Custom tabs while raising the request for Delete..lock..unlock account.
  I am aware of the procedures to follow through for making risk-analysis-criteria as visible/non-editable or so.. But that is not which I need to get clarifications on.
  I tried to make the template based request where I don't find any option to make the tabs (risk analysis and custom) to make invisible once you are raising request for delete/lock/unlock account. As these tabs are irrelevant for such request types.
  Hope this is clear to you now!!
  Ameet

• Maintaining different values for Accounting Type (KOART)

  Hi experts,
  I have several accounting tcodes such as FBV0, FB03, FB08, FV65,FV60 in one parent role.
  FV60, FV65 are added to this role as FBV0 is checking internally for this authorization object. 
  All these tcodes share a same object  F_BKPF_KOA which differ by activity and the accounting type (KOART).
  The KOART field is an org level field defined by SAP and I have entered D,K,S as values.
  But the auth object values should be different for the accounting types.
  i.e  03 for D,K,S
       01,02,03,77  for S
       03,77 for K
  All the derived/child roles for this parent should also have the same document type as the parent. How can I achieve this as this object is maintained at the org level.
  I could not delete this obj from being an org level element as it is defined by SAP.
  Appreciate your response.
  Thanks
  Kee

  > If KOART is an org field you cannot differentiate between authorized activities for each of the KOART values in one role. Whether you maintain values in the parent or not only matters if you're planning to assign the parent roles to users or if you just use them as templates.
  >
  Parent Roles should not be assigned to any users. It should only be used as Template to grant and control Non-Organization Level authorizations centrally (you can see these option in Parent roles). Concept of Parent-Child role is to avoid creating same roles where all authorization field values are exactly same and differs only for Organization Values (different Site / Branch Office specific constants). So we can maintain the Org. levels as different sets for a single Parent role as I already explained.
  For more details:  Note#314513 - PFCG: Maintaining individual organizational levels
  Note#532695 - PFCG: Incorrect organizational level values in derived roles
  >
  > Please elaborate on this one. I think we're running into an urban myth here....
  >
  > Organizational levels are only instruments to assist in building roles. For the final profile it does not matter whether a field is organizational or not. It will not influence the behaviour of the authority-check.
  For the final profile it matters during loading of User authorization data to User Buffer. Think about the Parameter values stored for a particular user. How it behaves for all Objects containing a particular Auth. Field and providing default assignment for that user whenever he tries to perform any action where this field is required to populate.
  If we delete any Object from SU24 proposal then it doesn't mean that the check will not be carried out or the Org. Field contained in that object will not be populated with it's values. I tried to make this clear to the requester.
  Regards,
  Dipanjan
  Edited by: Dipanjan Sanpui on Jun 8, 2009 7:49 AM

• G\L Account types

  Hi,
  what are the types of G\L Accounts? What is the T.code to create the g\l account at the chrt of accounts level?
  what is meant by Group account?
  Thanks.

  Hi,
  G/L accounts can be devided by the following account types: Assets, Liabilities, Fund Balances, Expenses, and Revenue
  Asset, Liability, or Fund Balance Accounts
  If the request is for an Asset, Liability, or Fund Balance account, establish the account in SAP and establish a corresponding Balance Sheet Account in the Classic system. Also maintain the mapping between the G/L Account and the Balance Sheet Account.
  Revenue or Expense Accounts
  If the request is for a Revenue or Expense Account, set up a corresponding Primary Revenue or Cost Element in the Controlling module (CO) of SAP and an Object Code in the Classic system. Also maintain the mapping between the G/L Account and the Object Code.
  Employee Benefit, Allocations, or Overhead Expense Accounts
  If the request is for Employee Benefit, Allocations, or Overhead Expense accounts, no SAP G/L Account is needed. However, set up a Secondary Cost Element in SAP Controlling and an Object Code in the Classic system. Also maintain the mapping between the Secondary Cost Element to the Object Code.
  You can create it with T code FS00.
  Thanks

• GRC Unlock Account - BUG ?

  Hi All,
  This is regarding an issue we found in our GRC system.
  A UserID has been locked in ECC system sometime back.
  For example: Valid From - 01-Jan-2014 and Valid To - 05-Jan-2014
  UserID is in locked state and validity dates are as mentioned above.
  Now User wants this account to be unlocked and raising a GRC Unlock Request.
  User is selecting the system during Unlock Account creation and system is added with validity dates as shown below.
  Valid From - Today's date
  Valid To - 05-Jan-2014 [Existing UserID Valid To date in ECC system]
  According to me validity dates for the system should be added as shown below
  Valid From - Today's date
  Valid To - 31.12.9999
  Is this a bug? or Is this the standard behaviour? I hope this would be issue for most of the customers.
  Please provide your suggestions on this.
  Regards,
  Madhu.

  Hi Alessandro and Colleen,
  Thanks for your inputs.
  Actually the issue is, the same unlock process is working with VALID TO date as 31.12.9999 in GRC 5.3.
  Now after upgrading to GRC 10.0, this was changed. Hence users are raising it as a concern.
  I understand that system cannot recognize VALID TO date as it can be any date depending on customer requirement, but  since it was working in 5.3 client is expecting the same in 10.0
  While raising termination requests they are updating valid To date to the same day and submitting the requests.
  For the terminated users, later if they need access again, Unlock account request is being raised and here they are not selecting any VALID TO date as it was updating with 31.12.9999 Valid To date in GRC 5.3 and now it is updating with VALID TO date based on SU01 record.
  We raised this to SAP and I assume that this could be desired behavior as mentioned by you. Once SAP also confirms we will include this in our training material to make users used to it.
  If there was any update from SAP will keep you posted.
  Regards,
  Madhu.

• Why can't iOS Mail create POP account type?

  I've created a new email address with my ISP.
  I've created a new email account on my desktop Mac (Mail 8.2).
  Now I tried to add the new email account in my iPad (iOS 8.1.3), but it doesn't give me the option to pick POP as account type. The credentials checks out and it becomes an IMAP email account! The Option modifier key doesn't seem to apply.
  What am I missing?

  No. It does not exist because "many people prefer it". It exists because email providers simply haven't killed off that service yet. POP3 is ancient. It was never designed to be used with multiple devices. You stand a higher chance of losing information when it doesn't play nice with the 'leave messages on server after download' request, which was tacked on to the standard as an afterthought, than you do using IMAP or Exchange protocols.
  The only reason it still exists at all is because it doesn't cost the providers anything to leave it turned on. It's there. It "works", more or less... why bother disabling it?
  1. That has more to do with how you manage your email than anything else. I'd much rather file it into a folder that makes sense than wade through hundreds of emails in my inbox trying to remember what I've already dealt with and what I haven't.
  2. No, IMAP retrieval is not "glitchy". That's a problem with your email provider. Not IMAP.
  3. False. Your perception of it may be different, but POP3 is not inherently "faster" than IMAP.
  4. Or you could you know... just make backups on a regular basis.
  I use multiple gmail accounts (IMAP), and multiple Exchange accounts. Having to manually manage those on multiple devices would be a nightmare. I don't want to have to delete or file something more than once. Life's too short to waste time like that.

• Handling Composite Type Requests

  Hey Gentlemen,
  It's an honor writing my question in a forum that contains the best brains in the Identity management field hoping that you will help me in dealing with a problem i'm currently facing in a project i'm working on.
  The scenario i'm working on is that when the Synchronization engine adds or removes a user from a security group in FIM Portal an action workflow should run to execute different actions depending on which security group this user was added to, for example,
  if the user was added to the Enable AD Security Group then an action workflow will trigger to execute a script to enable the user that was added to the security group AD Account.
  After implementing this scenario, i noticed that when only one update is propagated to the FIM MA all my action workflows and scripts work fine because this single request will contain all the information i need (Target Group, Person added to the group),
  but when two or more updates is being populated those requests are joined in a composite request and then separated in the portal because each one of those requests will trigger a different workflow. 
  However when the requests gets separated they will only inlcude the target group and don't inlcude the GUID of the Person added to the group and therefore all my custom workflows and scripts fails.
  Does anyone of you have any idea of how could i force the synchronization engine not to join the requests in a composite type request?
  Thanks in advance,
  Majd

  Hey Brain, thanks for replying to my question, let me explain further the problem i'm facing:
  The request i want to process is coming from a BHOLD Management Agent which adds a user to a security group in the mataverse, when an export is done on the FIM MA management agent i'm most interested in knowing the GUID of the member added to the group,
  below is the request parameters of a single request coming from the synchronization engine to the FIM Portal.
  <RequestParameter xsi:type="UpdateRequestParameter"><Target>263ea811-748f-42f6-8bd1-f8ae68397d0f</Target><Calculated>false</Calculated><PropertyName>ExplicitMember</PropertyName><Value
  xsi:type="q1:guid">f5588f39-edb0-4668-a0aa-590488a6fba4</Value><Operation>Create</Operation><Mode>Add</Mode></RequestParameter>
  you can notice the GUID of the member added to the security group, however when the Synchronization engine combines them into one request and i try to run a custom script of workflow the requests get separated but without a GUID attribute as in the request
  parameters below.
  <RequestParameter xmlns:q1="http://microsoft.com/wsdl/types/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="SystemEventRequestParameter"><Target>09f4b1f5-401f-4d46-8ae7-327a776e737b</Target><Calculated>false</Calculated><WorkflowDefinition><Value>14678a3c-4e4f-4d8a-9d85-6ed36c9065a9</Value></WorkflowDefinition></RequestParameter> 
  Notice that the GUID of the person added is missing which makes my whole custom workflows and even email templates fails because i depend on the value of the [//Delta/ExplicitMember/Added] which is not present in this request parameter.

• Trying to change account type in MAIL to allow POP3 to connect to my Yahoo?

  Can anyone help me with this mail feature...
  I am trying to add my yahoo mail account to the MAIL option/ feature on my MAC, and it is not letting me without signing up to Yahoo Plus account.
  However, I have found this site:
  http://help.yahoo.com/l/us/yahoo/smallbusiness/bizmail/pop/pop-03.html
  and
  http://www.emailaddressmanager.com/tips/mail-settings.html
  Which states you can enter it through POP3 account type.
  I have tried this By going to MAIl> PREFERENCES> ADD ACCOUNT.
  then when I add in account type from the drop down menu it only has POP available and NOT POP3 option like it states in that web site to use.
  And when I try to add the account I get this message:
  Logging in to mail server “plus.pop.mail.yahoo.com” failed. This server may require an additional fee for Yahoo! POP access. For more information, visit Yahoo! Mail Plus. If you continue, you might not be able to receive messages.
  So I have tried to continue and just add the outgoing and ingoing info that the site stated and I still can't get it to work. I think the main problem is getting the POP changed to POP3?
  How do I do this. So I can use my yahoo account on the MAIL feature.
  Is there a new updated MAIL feature? I have the MAIl Version 4.1 (1076)?
  Does this only let you use Yahoo Plus mail? I don't want to upgrade since it charges you a fee to have this e-mail account.
  Any information?
  Kelli

  So at the previously mentioned web-site: It stated
  Yahoo! Mail Settings
  Yahoo Mail offers standard POP3 access for receiving emails incoming through your Yahoo mailbox, by using your favorite email client software. To setup your email client for working with your Yahoo account, you need to select the POP3 protocol and use the following mail server settings:
  Yahoo Incoming Mail Server (POP3) - pop.mail.yahoo.com (port 110)
  Yahoo Outgoing Mail Server (SMTP) - smtp.mail.yahoo.com (port 25)
  POP Yahoo! Mail Plus email server settings
  Yahoo Plus Incoming Mail Server (POP3) - plus.pop.mail.yahoo.com (SSL enabled, port 995)
  Yahoo Plus Outgoing Mail Server (SMTP) - plus.smtp.mail.yahoo.com (SSL enabled, port 465, use authentication)
  The top one--- I thought is for regular Yahoo mail and the other is for Yahoo Plus mail?
  SO this is not correct there are not 2 different servers? The only way to get it is by signing up through Yahoo Plus? Wow I thought there was a different way.
  thanks~

• Account type M and G/L account with open item management not permitted

  Hi,
  I am getting the following error while applying VL02N (PGI) is "Account type M and G/L account with open item management not permitted".  Before I got an error like posting period and I have closed those posting periods 2008/08 and 2008/07.   Now I am getting this error. 
  Please provide the solutions to overcome this and I want to execute the full transaction.
  Thanks in ADVANCE.
  Kishore

  Hi Kishore,
  Please check these threads
  Account type M and G/L account with open item management not permitted
  Re: Account type M& GL with open item managment not permitted error
  Posting to G/L accounts with open item management are not permitted
  Hope this would help you.
  Good luck
  Narin

• Do not enter an account number for a masked account type

  Good Morning
  1)
  I am trying to give some account number in open / close posting period window. From acount field (Lower limit of the G/L account numbers ) is not accepting the value. I have also tried with ZZZZZ and many other options. Can any one help what could be he reason ?
  This is the Error Message
  Do not enter an account number for a masked account type
  2) Who is responsible to create the Authorization Group? What is FICO consultant role here ?
  Eg: I want to give some privileges to one of the users in Management to open and close the posting period for all the nominals for all posting periods.
  who creates the Authorization Group
  Regards
  Amar

  Hi,
  1, For account group the error may be comimg because already data is created. In lower limit donot enter ZZZZZ as it is considered as the highest value.  You can try the lowest account number.
  2. Creating a role is job of bais based on the FICO tcode given by FICO consultant. For special privilages to a role you can ask to basis guy to create a separate role and assign to user.
  Regards
  Milind Sonalkar

• Does anyone have documentation regarding the distribution accounting type of APAF?

  The AP Accounting Entry Type (distribution accounting type) as delivered by PeopleSoft we are most familiar with is "APA" which stands for Accounts Payable Accrual.  We are not able to find any reference or documentation regarding AP Accounting Entry Type "APAF".  However, after analyzing the AP payment accounting transactions associated with APAF, we believe that the APAF type only shows up when a credit is deducted from a payment.  The AP voucher that has the APAF type is the last voucher that indicates that the entire credit amount has been applied to that particular payments.  A credit amount may take several vouchers to be fully applied.  Documentation or authoritative information would be helpful. 

  Apple generally does not publish names and phone numbers of their employees. Take a look at the "Partnership Proposals" area of this web page:
  http://www.apple.com/itunes/companies/
  Regards.

• Message no. F5350 account type/account for invoice reference does not match

  Hi SD Experts
  Getting error message when the Billing document is released to accounting.
  "Message no. F5350 account type/account for invoice reference does not match item"
  Client is having 6.0 version , I have checked OSS notes, only available for upto 4.7 version.
  Please help to solve this issue.
  Thanks/karthik

  have you checked which account type is maintained in respective G/L account which supposed to be hit once invoice is released . eg: check in Reconcilation account assigned in Customer Master in FS00, Reconcillation account for accoun type should be - D= Customers.
  similarly for other accounts such as "Revenue account"  & check Field status group assigned in G/L account in FS00.
  Check & revert

• Period 001/2010 is not open for account type S and G/L 799999

  Hi friends
  I am in SD. I am trying to create stock for newly created material, movement type 561. system give error Period 001/2010 is not open for account type S and G/L 799999.
  I use the T. Code OB52, i am confuse which combination i.e. variant, A, from Account, To Account, from per. 1 Year, To period, Year, from per. 2 year, To Period, Year, I should choose, can some one send me detail reply and solution which may display after this t. code OB52. I also have questin which movement type i should use.
  Using T.Code MMPV, i have created new period (from company code 1000, To Company code 1000, period 01, Fiscal Year 1020.
  I was reading previous solution, one of them was i should close period 2009. I tried to do this using using MMPV, i entered fiscal year 2009. Error display  The specified year 2009 is not the current calender year.
  Thanks
  Raj

  Hi
  Hope you are doing this in test server
  If this is a real time issue this needs to be addressed by a FI consultant
  First see for your company code what is the posting period varient maintained in OBY6
  Say if it is 1000
  Then in OB52
  Maintain a setting like this
  1000-S-BLANK-ZZZZZZZZZZ-1--2010122010-13--201016--2010
  Then save it
  This is for Account type S that is GL accounts
  Preferably maintain the same for      A,   + ,   D,   K,   M,   V
  Regards
  Raja

• Creating a GL account in FS00..error to update the "P&L Statmt Account Type

  I am creating a GL account in FS00, i have given all required fileds, but while saving, it is showing an error to update the "P&L Statmt Account Type"...where shd i update the Account type. I have selected the Account group and selected radio button P&L Statement Acct. Pls help.

  Hi,
  please create the *retained earning account first before creating the P&L accounts.
  Use Transaction Code OB53.
  Thanks,
  Nitin Aggarwal
  Please assign points if helpful.