CUP - Editing Auto Provisioning Email Content

Similar Messages

• AC 5.3 SP10 CUP Delaying Auto Provisioning Email

  All -
  Is it possible to delay the auto provisioning email? If yes, how?
  We have a scenario where security needs to perform certain tasks post user account set-up before the user logs on to the system (we don't want to auto provision & lock the user) and want to delay the automatic email sent to the user. Is this possible?
  Thanks,
  Daniel

  Daniel,
     Here is the email content:
  Your request #_!AUTO_PROVISION_REQNO#_! provisioning has been done. Your  account has been created.    Your ID is #_!AUTO_PROVISION_ID#_!  Your password in each system (Password/System):#_!AUTO_PROVISION_PASSWORD#_!
  It is part of cleanandinsert xml file, which comes with the installation. You can search for this and change the email content.
  Alpesh

• GRC 5.3 CUP auto provisioning of Mitigation Assignment in RAR

  Hello,
  Is there any other workflow that needs to be triggered for the auto provisioning of the Mitigation control id assignment to the userid in RAR system from CUP,  upon request completion?
  I created a request that after the final stage of sox approver, got auto provisioned roles assigned to the user id in the SAP system , but it also stated that auto provisioning failed and got re-routed to the detour path of the security admin as I configured in case of auto provisioning failure. When I look at the error log, it states:
  User Provisioning failed for System(s) : XYZ. Error Message : User type TE is unknown
     Role: ROLEA assigned to user: TESTER1 in System(s): XYZ.
  1). So, even though the approved role is being assigned to the user in the backend system, some other stuff is failing at auto provisioning. And I thought it might be the mitigation control assignment to the userid in RAR. I have the mitigation fields/objects active. But how do I ensure the auto-assignment of mitigation control ids also gets assigned on the same request upon sox approval?
  2). The other question is where is the value of the 'controller' stored when configuring a stage for workflow approver determinator in the sox approver stage? Where is this value picked up from? We don't want to use the RAR mitigation approvers or monitors, we want to use a custom approver id from CUP and then the control id to be assigned upon approval automatically to the userid in RAR via CUP request completion during auto provisioning. Is this possible? The only thing failing for us is trying to determine how to create the custom approver determinator for SOX approver in CUP since it asks for 'attribute' value for workflow type 'Compliant User Provisioning' which doesn't make sense for this.
  And then the above error even though the user role assignment is auto provisioning already but still giving the error as I listed above and re-routing to detour path instead of completing the request. Is it due to auto provisioning failure of mitigation control assignment in RAR?
  Thanks in advance,
  Alley
  Edited by: Alley1 on Sep 20, 2011 1:15 AM

  Hi Karell,
     Here is response to your questions:
  I can use the following CAD in an AE workflow: web service to fetch role approvers. I question this as it is merely a RE workflow service : No. As far as I know the web service is only for RE/ERM.
  Can the Risk Analysis be initiated in stage x automatically once stage (x-1) was completed. So no person involved, it is mandatory however, in my opinion there should be no extra person involved to actually press the button "Risk Analysis" : No. There is no way to automate the risk analysis part. Someone will have to click on the button to check for SoD violations. You can configure to run automatic risk analysis when the request is submitted but this is not 100% perfect. If someone adds or removes role during approval phase, it will invalidate the risk analysis which was run during request submission.
  Can somehow the Risk Owners defined in the RAR componed be asked to approve/reject risk that came out of the Risk Analysis described in my previous point. They should only be contacted when there is a risk indicated. : This is possible by following Babak's workflow.
  Regards,
  Alpesh

• CUP Provisions user to SAP successfully but gives "Auto-Provisioning" error

  Hi All,
  I'm getting an "auto-provisioning" error in CUP when a "Change Account" workflow is approved. The strange thing is, CUP does successfully provision the change to the SAP backend. Yet, the "New Account" provisions successfully without the error.
  Here is an example of the audit trail log from Change Account:
  Request submitted for approval by Dylan Hack(HACKDY) on 06/28/2010 17:14 
  Approved By Dylan Hack(HACKDY) Path AE_AUTO_APPROV_ERROR and Stage AE_AUTOPROV_ERR on 06/28/2010 17:14 
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
  Auto provisioned for request on 06/28/2010 17:14 
     User Provisioning failed for System(s) : DEV. Error Message :
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
  Request submitted for reroute by system on 06/28/2010 17:14 due to auto provisioning failure 
     Rerouted in the Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR to Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR
  Note: the role names were replaced with "xxxxxxx."
  The system log gives an error, but it is very vague:
  2010-06-28 17:14:34,682 [SAPEngine_Application_Thread[impl:3]_33] ERROR com.virsa.ae.service.ServiceException
  com.virsa.ae.service.ServiceException
       at com.virsa.ae.service.sap.SAPProvisionDAO.intializeWithChangeUserInputParameters(SAPProvisionDAO.java:762)
       at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3457)
       at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3419)
  Any ideas or suggestions?
  Current software level AC5.3 SP12.
  -Dylan

  Hello Varun,
  Thanks for the thought on this. We don't use User Defaults for Change Account, but do for New Account. You question prompted me to do more testing with very interesting results.
  Results
  New Account with User Defaults configured:
  User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
  New Account without User Defaults configured:
  User provisioned successfully, no Auto-Provision error.
  Change Account with User Defaults configured:
  User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
  Change Account without User Defaults configured:
  User provisioned successfully, Auto-Provision ERROR, Defaults NOT provisioned.
  In both New and Change Account, the configured User Defaults are NOT provisioned even though the user is provisioned. AC5.3 is on SP12, the RTA is VIRSANH SP12 and VIRSAHR SP10.
  For the Change Account, the user is always provisioned regardless of User Defaults; however, when no User Default is configured, the Auto-Provisioning error occurs. The User Defaults NOT provisioning is a real problem, the CUP error message, I can work around for now.
  What about on your side? Am I the only guy using SP12 here?

• CUP - Initiator for roles not requiring approval (i.e. auto provisioned)

  We recently upgraded to GRC 5.3, SP10 and started noticing that using CUP, for roles that should be automatically provisioned (i.e. no approval required), it is taking between 3 minutes 45 seconds to 5 minutes for the request to be successfully submitted and automatically approved with provisioning.   I was wondering if anyone is experiencing simlar system performance
  Our set-up for auto provisioned role requests is as follows:
  1.  Created initiator INI_NO_APPROVE using role for attribute
  2.  Created stage STG_NO_STAGE  with Approver Determinator = No Stage
  3.  Created path definition PATH_NO_APPROVE with number of stages =2 and initiator = INI_NO_APPROVE
  Thanks!

  F.Y.I.
  As per SAP's recommendation - we applied note:1423983 in all target provisioningn systems and this resolved the issue.

• Limitations of Auto-Provisioning through CUP (AE)

  Hi all,
  I am looking for some information on what are all the benefits and limitations of using auto-provisioning over manual provisioning for the backend systems through CUP (AE).
  We are implementing GRC AC 5.3 and it is organization's business decision whether we need the proviosing piece to be automated or not. However, I would like to get your suggestions based on your project experiences esp in a decentralized security administration where security admins are in different geographical locations and have to provision only for their user groups.
  Can we perform all the activities thro' auto-provision similar to a security administrator manually creating a user, assign appropriate user groups etc.,  or is there any limitation?
  Which approach would be better for decentralized administration?
  Appreciate your suggestions..
  Thanks
  Siri

  Hi Alpesh & Williams,
  The user default settings such as date, timezone, decimal etc can be configured through the 'user defaults' and 'user default mapping' . I see the option of assigning user  groups and appropriate parameters too.
  Say the user belong to user group AAA_XXX  and another user belongs to AAA_YYY, where
  AAA - location
  XXX - Dept
  I have configured these (location, dept) as required fields while entering the request in CUP .
  However, during run time how will the correct user group be assigned to the user. Is it through the user default mapping? Where do we maintain all the user group information that is available in the ECC system? Do we have to create user default, user default mapping for each user group??
  The documentation from SAP is not very clear .. Appreciate if you can provide some lights on this area.
  Thanks
  Siri

• CUP - How to handel requests with no auto provisioning

  Dear Friends,
  We are not using Auto-Provisioning in our CUP component.
  We don't know how to handle a situation when although the request was approved at all stages, the provisioning it self (which is executed manually) does not happen (for example, the security manger forgot to do the changes).
  How can we detect those differences ?
  And if we did detect them, is there a possibility to add some comments to a request that was fully approved.
  thanks
  Yudit

  Hi Yudit,
  Not exactly. It is some manual work.
  CUP>>Informer>>Provisioning
  Run these two reports (select specific period):
  Role Assigned / Removed
  User Processed
  Run t-code RSSCD100_PFCG_USER (You find this repot in SUIM).
  Use the same period as above.
  Export the report to Excel. If many entries, create a function to compare the results orilter the result by Action and compare to CUP reports.
  Good luck,
  Vit

• SP12: CUP: Error for requesttype "change" at auto-provisioning

  Hello,
  We have an error while auto-provisioning a change-request in CUP.
  The request stages can be approved correctly but after the last stage, the request is rerouted to administrator because of escape-route settings. (auto provisioning failures)
  So the audit trail reports an error at auto-provisioning, BUT in the backend-system the user was changed correctly.
  If we now want to approve the request on admin-stage, the error appears again. So we have a closed loop reaction.
  Any ideas?
  Does anybody have the same issue?
  Our client have the same problem with SP12 on the prod.system but in the dev.system (also SP12) we can create the request well.
  Thanks,
  Alexa

  2010-10-15 13:45:54,456 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@1794:getProvisioningStatusDTO() : OUT of the method
  2010-10-15 13:45:54,458 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@1827:getProvisioningStatusDTO() : OUT of the method
  2010-10-15 13:45:54,458 [SAPEngine_Application_Thread[impl:3]_32] DEBUG com.virsa.ae.accessrequests.bo.ProvisioningBO : autoProvision() :   : listMessagesForSysType,list size=1
  2010-10-15 13:45:54,459 [SAPEngine_Application_Thread[impl:3]_32] DEBUG com.virsa.ae.accessrequests.bo.ProvisioningBO : autoProvision() :   : listMessagesForSysType #0# element:com.virsa.ae.configuration.po.ApplicationLogPO@31cf3f2[userId=GRC_20,emailId=<null>,reqNo=716,system=LS_DI6_300,recDate=10/15/2010,changedBy=AKOLB,logAction=USER CREATE,newValue=GRC_20,description=<null>,error=true,singleMessage=false]
  2010-10-15 13:45:54,461 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@248:autoProvision() :  Preparing Provision to SAP ... DONE
  2010-10-15 13:45:54,463 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@277:autoProvision() : OUT of the method
  2010-10-15 13:45:54,465 [SAPEngine_Application_Thread[impl:3]_32] WARN   RequestBO.java@5924:autoProvisioningForApprove() : Exception occured during auto provisioning , error messages : [com.virsa.ae.configuration.po.ApplicationLogPO@31cf3f2[userId=GRC_20,emailId=<null>,reqNo=716,system=LS_DI6_300,recDate=10/15/2010,changedBy=AKOLB,logAction=USER CREATE,newValue=GRC_20,description=<null>,error=true,singleMessage=false]]
  2010-10-15 13:45:54,469 [SAPEngine_Application_Thread[impl:3]_32] ERROR  RequestBO.java@6665:approveRequest() : AutoProvisioning Exception, checking if the escape route is enabled
  2010-10-15 13:45:54,478 [SAPEngine_Application_Thread[impl:3]_32] ERROR  RequestBO.java@6681:approveRequest() : AutoProvisioning Exception, escape route is enabled, going for the escape route
  2010-10-15 13:45:54,490 [SAPEngine_Application_Thread[impl:3]_32] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : rerouteRequest() : AKOLB : INTO the method with toPathName : , poRequestDetails : com.virsa.ae.accessrequests.po.RequestDetailsPO@70e31b05[requestForOthers=false,userLookupEnabled=false,userIDFieldEnabled=false,userFirstNameFieldEnabled=false,userLastNameFieldEnabled=false,approverLookupEnabled=false,locationFieldEnabled=false,departmentFieldEnabled=false,emailFieldEnabled=false,telephoneFieldEnabled=false,companyFieldEnabled=false,employeeTypeFieldEnabled=false,managerTelephoneFieldEnabled=false,managerEmailFieldEnabled=false,managerNameFieldEnabled=false,requestorTelephoneFieldEnabled=false,requestorEmailFieldEnabled=false,requestorNameFieldEnabled=false,addRole=false,approveReject=,approveRejects=approveRejects,accessChanged=false,fileAttached=false,reqDataApplProvDTOs={com.virsa.ae.dao.dto.RequestDataApplicationProvisionDTO@46b5291a[reqNo=716,application=LS_DI6_300,provisionAction=ASSIGN_ROLES,userId=GRC_20,roleId=2,isProvisioned=true,isNew=false,LMD=<null>],com.virsa.ae.dao.dto.RequestDataApplicationProvisionDTO@1f9d8e3a[reqNo=716,application=LS_DI6_300,provisionAction=ASSIGN_ROLES,userId=GRC_20,roleId=3,isProvisioned=true,isNew=false,LMD=<null>],com.virsa.ae.dao.dto.RequestDataApplicationProvisionDTO@20e4920d[reqNo=716,application=LS_DI6_300,provisionAction=ASSIGN_ROLES,userId=GRC_20,roleId=4,isProvisioned=true,isNew=false,LMD=<null>]},accntValidationmsgs=[],connectionFailedSystems=,userExistSystems=,userNotExistSystems=,comm_method_type=,cstmFldName=,usersPOList=[com.virsa.ae.accessrequests.po.RequestUserPO

• GRC CUP 5.3 Auto provisioning Error

  Hello All,
  This issue is occurring in development system of GRC and works as expected in Quality systems.
  Development system of CUP Jco's connected to the development ABAP stack and
  Quality Systems of Cup Jco's connected to the QA ABAP stack .
  All the parameters and the configuration are the same in Dev and QA.
  Now the problem we have is at the last approval stage in the workflow after the approver approves the request (Create/Change) It is erroring out in Auto Provisioning stage with the below message :
  Error provisioning your request. Request no: 75. Error occurred in the system(s) : n/a, error details :
  DEVL1120-TEST_A-USER CREATE-Password is not long enough (minimum length: 10 characters)
  DEVL2120-TEST_A-USER CREATE-Password is not long enough (minimum length: 10 characters)
  If the same approvers goes back into the request and re-approves the Autoprovisioning is completed and the request is closed. For every last approver the first time he tries to approve the message he gets the above errors in development and does not receive the same error in QA.
  The password parameters in the ABAP stack and the Portal Security config are same in DEV and QA. I am not sure if I am missing any information. Any suggestion/Help is appreciated.
  Angara

  Raghu Thanks for your response. Yes I checked all the login parameters in both QA & DEV and compared to those that were user defined Vs Default they were the same with no difference. yet the problem occured in Development system.
  I finally figured out the issue and the surprising part was the error that was issued during auto provisioning is very misleading.
  Our Security team had prototyped CUA and connected to the same development client CUP was connected and forgot to remove the child system from the CUA after their demo was complete.
  By utilizing Debug log mechanisim, it showed the error as BAPI that is used by CUP to create the user was failing due to CUA locking the client with no ability to create the users in child system directly , The error displayed had no connection to the password lenght.
  Thank you all my issue has been resolved and back in business.
  Best Regards,
  Angara Rao

• CUP Auto Provisioning Error 260: User Comparison

  I am in the process of configuring the CUP 5.3 module within our ECC and SRM environments.  I believe the path and associated stages are established properly.  I have tested the auto provisioning functionality within both SRM and ECC.  As it relates to SRM, the auto provisioning functionality works without a hitch.  However, when I attempt to auto provision a user into our ECC environment, I receive the following error:
  Auto provisioned for request on 04/07/2010 13:41 
     New User: T00522 created on 04/07/2010 13:42 in System(s): DR4-300.
     User attributes changed for User : T00522 in System(s) :DR4-300.
     Role Provisioning failed for System(s) : DR4-300. Error Message : 260:User master comparison incomplete; see long text
  Speaking with out security team, the only time they have seen this issue was when they attempted to map a user, using PFCG, to a role.  However, I informed them that CUP uses SU01.  They have not experienced such an issue using SU01 and clicking on the user comparison button. 
  Interesting point:  The user record is created and roles assigned to user but have a red light indicator by the role within SU01.  However, when the next day rolls around the role has been changed to a Green light, profile assigned and everything is looking good.  Unfortunately, CUP can't seem to register this and when the Role Owner attempts to approve the role / user request again.  The same error occurs and until I can get around this error, the workflow is not closed out nor is the requester notifiied.
  Questions:
  (1)  How can I fix this issue, I assume it will require a security change to be made within the ECC environment?
  (2)  If this issue can't be fixed, can I get around this issue with a detour or other CUP error processing step?

  Denoted below is the log that corresponds to the 260 comparison error.  Does anyone know what access I am missing within the UME.  I have tested this provisioning process, manually, and do not run into a Comparison error within the SU01 screens:
  2010-04-27 13:44:54,748 [SAPEngine_Application_Thread[impl:3]_31] ERROR com.virsa.ae.service.ServiceException: 260:User master comparison incomplete; see long text
  com.virsa.ae.service.ServiceException: 260:User master comparison incomplete; see long text
       at com.virsa.ae.service.sap.SAPProvisionDAO.executeRoleOperation(SAPProvisionDAO.java:1706)
       at com.virsa.ae.service.sap.SAPProvisionDAO.assignRoles(SAPProvisionDAO.java:1458)
       at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionInNonCUA(ProvisionSAPUserDAO.java:1232)
       at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionRole(ProvisionSAPUserDAO.java:932)
       at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionUser(ProvisionSAPUserDAO.java:118)
       at com.virsa.ae.accessrequests.bo.ProvisioningBO.autoProvision(ProvisioningBO.java:216)
       at com.virsa.ae.accessrequests.bo.RequestBO.autoProvisioningForApprove(RequestBO.java:4572)
       at com.virsa.ae.accessrequests.bo.RequestBO.callAEExitService(RequestBO.java:5565)
       at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5339)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5191)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4984)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:941)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  2010-04-27 13:44:54,927 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.bo.RequestAuditHelper : logMajorAction() :   : intHstId : 3068
  2010-04-27 13:44:54,972 [SAPEngine_Application_Thread[impl:3]_31] ERROR no dtos exist which are in the same state as the passing dto
  com.virsa.ae.core.ObjectNotFoundException: no dtos exist which are in the same state as the passing dto
       at com.virsa.ae.workflow.bo.WorkFlowBOHelper.getIfUnapprovedPathExists(WorkFlowBOHelper.java:2662)
       at com.virsa.ae.workflow.bo.WorkFlowBOHelper.handleWFForNewPathStage(WorkFlowBOHelper.java:2516)
       at com.virsa.ae.workflow.bo.WorkFlowRequestRerouteHelper.rerouteRequest(WorkFlowRequestRerouteHelper.java:68)
       at com.virsa.ae.workflow.bo.WorkFlowBO.rerouteRequest(WorkFlowBO.java:614)
       at com.virsa.ae.accessrequests.bo.RequestBO.rerouteRequestForAutoProvisioningFailure(RequestBO.java:6897)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5239)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4984)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:941)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  2010-04-27 13:44:55,394 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.actions.RequestViewAction : confirmRequestApproval() :   : setting context to true, ending context
  2010-04-27 13:44:55,414 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataForwardDAO : findTransactions() :   : sbQuery : SELECT REQNO, REQPATHID, STAGE_NAME, FWDED_BY, APRVRID, ITERATION, FORWARD_TYPE, STATUS FROM VIRSA_AE_RQD_WPFWD WHERE REQNO = ?
  2010-04-27 13:44:55,486 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.SAPConnectorDAO : findAllActiveSAPConnectors :   :  going to return no of records= 3
  2010-04-27 13:44:55,495 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.OracleAppsConnectorDAO : findAllActiveORACLEConnectors :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,498 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.PACSConnectorDAO : findAllActivePACSConnectors :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,502 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.WSConnectorDAO : findAllActive :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,505 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.ApplicationDAO : findAllForContext :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,532 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataSODConflictDAO : findAllForContext(SqljContext ctx)  :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,535 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataSODConflictDAO : findAllForContext(SqljContext ctx)  :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,540 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataMitigationDAO : findAllForContext(SqljContext ctx)  :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,579 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.actions.RequestViewAction : pageLoad() :   : INTO the method
  2010-04-27 13:44:55,580 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.actions.RequestViewAction : pageLoad() :   : request number : 154
  2010-04-27 13:45:14,055 [SAPEngine_Application_Thread[impl:3]_18] INFO  com.virsa.ae.dao.sqlj.RequestTypeDAO : findAll :   :  going to return no of records= 20

• Auto provisioning users and send email notification to the users

  I currently have CUCM 10.5 setup to auto register phones and I use Cisco prime provisioning 10.5 to auto provision the users.
  Self provisioning is setup and users can call the IVR number enter the self service ID, which is their DN.
  what I would like to do is send an email notifying  the end user of their setup and how to use their telephony device Example (Self-service ID: 8888, auth code: 3333) is this possible from Prime Provisioning or CUCM.

  Thanks Jamie
  Wishful thinking I guess. It would have been seamless if they added that form of email notification to end users when auto provisioning. Anyways to get around that I used MS word mail merge and used the same spread sheet I used to batch provision the users to send the Self-service ID to the email contacts.

• CUP auto provision to position

  Hello Experts
  I hope you can help me on this issue. We have just implemented CUP (SP14) and have set up auto provisioning, indiirect to a position.
  Despite this CUP is provisioning all requests directly to the User ID. There are no error messages to indicate that provisioning to the position has failed or even if it has been attempted. All back end funtionality is standard and working when tested manually. The CUP logs are not showing anything that I can decipher. It is as if the auto provision configuration indirect to the position is being ignored.
  Any ideas what could cause this behaviour?
  Thanks
  Barry

  Hi Jwalant
  Thanks very much for the reply,
  I am using SAPHR as the data source and for authentication. However we only want the user id to authenticate.
  Auto provisioning is set to indirect with position for Global and by System and I have tried Provisioning at end of request and at end of each path. This should work without using the personnel number in the authentication shouldn't it?
  The users Hr information is being pulled into the request without problem. It seems that CUP is making no effort to provision to the position, it just does it to the user every time.
  Any ideas?
  Thanks
  Barry

• Is it possible to limit what fields can CUP update during Auto-provisioning

  I have configured CUP to do Auto-provisioning after all the stages have been approved. However, our client requirement is to not to update some fields in user master  e.g: User Valid Start date and End Dates. Is it possible to restrict CUP to update only the required fields  and not all fields during auto provisioning process?
  Can you please let me know if this possible in CUP?
  Thanks
  Anand

  Alpesh,
  Currently my User details source is pointing to SAPHR . I have made the valid start date and end date hidden in the request form. However, CUP pulls the info anyway and updates SU01 record during the auto provisioning. I guess hiding the fields may not work.
  Please let me know if you have find any solution from your sources.
  Thanks
  Anand

• Auto Provisioning backend and appropriate portal group in CUP

  Hi gurus
  Can we autoprovision backend roles and the appropriate pcd group in GRC. I have a task that should do the following
  1. User creates a request in CUP for backend R/3 or ECC role
  2. The approver approves the request
  3. User gets the backend role and the appropriate portal pcd group by autoprovisioning.
  I have done portal provisioning in the past where in user has to select the portal role he wants. But in this case he has to select the backend role and CUP should automatically provision the portal pcd group to him/her. How do we do this? I know we have to map the backend roles to the Portal PCD groups but at what stage?
  The user id in this case is same as LDAP, CUP, Portal and backend system.
  Any document in this regard?

  Hi Frank
  Sorry to ask but how to map roles. When I click Role Mapping I see
  System, Role selected by user
  Buttons - Add main role, delete main role
  Then next screen is again System, Role/Group name etc
  I am guessing in the first instance system we have to select the R/3 system? and role is the R/3 name then click Add main role?
  In the next page we have to select the Portal system and then the role/group name of the portal?
  Correct me if I am wrong

• EBusiness Suite User "Auto-provisioning" and  "Self-Request" Problem

  I have two types of OIM User, Staff and Contingent
  Staff (Role = Full-Time)
  Contingent (Role = Contractor / Role = Consultant)
  Resource Object: eBusiness Suite User
  Here's my RO configuration:
  Auto Pre-populate: true
  Allow Multiple: true
  Self Request Allowed: true
  Allow All: true
  Auto-Launch: true
  EBS Connector, by default has two forms:
  UD_EBS_UO: Object Form
  UD_EBS_USER: Process Form
  I have requirement which will auto-provision eBusiness Suite User resource to Staff users.
  Originally, UD_EBS_OU is the table name used by the RO. For auto-provisioning to work, I have implemented it this way:
  First, I have defined a User Group for Staff and assign an Access Policy to it (for users with Role == Full-Time).
  Then, I have detached Object Form UD_EBS_UO from the RO. This way, when Staff user is created in OIM, it is automatically provisioned with eBusiness Suite User, though it won't have a Resource Form, only a Process Form. Process Form fields are automatically pre-populated with values (via my Pre-populate adapters).
  Now my problem is during Self-Request. Contingent user doesn't get auto-provisioned with EBS RO, but he can self-request for it. Problem is, since I detached the Object Form from the RO, user is not seeing any form during request. And I have a requirement that approver of the request should also be able to view/modify the details of the request form. But that is not possible now that Object Form does not exist for this RO.
  Is it possible that Self-Request and Auto-Provisioning works both ways under the same Resource Object? How do I configure that? Appreciate your quick response and help. :)
  Edited by: user10202544 on Feb 10, 2010 3:27 AM

  Yes I have set permissions to all users for the Object Form.
  It is required for me to have both Self Request and Auto-provisioning work for eBusiness Suite RO.
  During approval, however, the approver needs to see the Object Form (where he can view/modify its values before approving it). That's impossible for me since I detached the Object Form from the Resource Object. I need do to this for auto-provisioning to work.
  It seems that it doesn't work both ways. Any other suggestions?