DAP and Delegated Management

Hi,
I am starting learning DAP, Mandated DAP and delegated management but it is bit tricky and i could not get them fully.
Mandated DAP Verification allows a Controlling Authority to own a Security Domain that always requires to
authorize a load process. This ensures that only Load File Data Blocks authorized by the Controlling Authority
may be loaded on cards that contain this Security Domain.
DAP Verification allows an Application Provider to own a Security Domain that requires authorizing a load
process. This ensures that when associating a Load File to this Security Domain, the Application Provider must
have authorized the Load File Data Block. This authorization may also serve as a means for a Security Domain to
control the access to some of its services.
Delegated Management allows Application Providers to perform Card Content changes (load, install and
extradite) with pre-authorization from the Card Issuer. Applications Providers can also delete Executable Load
Files and Applications associated to their on-card Security Domains without pre-authorization from the Card
Issuer.Above is the text i have copied from GP2.2 and need assistance in it's understanding.
Can anybody explains their usage, implementation and purpose ?
Thank you,
Regards

DAP is a way to have a trusted party sign your applet code so that it can be verified by the card when you load your cap files. There is a public key in the SD that handles verification that will verify the signature from a secure private key.
Mandated DAP means that all code loaded onto the SD must have a DAP signature.
Delegated management is a way to give a trusted third party a token that they can use to load and install applications onto an SE. They can only load and install what they have tokens for.
- Shane

Similar Messages

UWC/CE 6.3 and Access Manager 7.1 SSO sometimes fails (seems like a bug)

PREAMBULA: I started writing this post thinking that our AM SSO setup was at fault in some step. As I was gathering data, checking the doc-links and config files and finally sniffed the servers for HTTP dialogs, I grew pretty sure there's a bug in UWC/CE, AM SDK or Web Server Policy Agent, whatever implements the AM SSO session checking.
In short, as written below, our "sunmail" server can POST a broken cookie to AM server, if the cookie originally contained a "plus" character. The "plus" is replaced by a "space", invalidating the session check. As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here. I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
Is there some known bug or workaround that matches this description?
Nevertheless, for completeness' sake I kept the description of our setup. Maybe it's at fault after all :)
We have an installation of JCS5 with the latest patches as of early July 2008. And as the subject implies, we have problems with AM SSO in UWC/CE web-interface. I have reported them before, then they seemed fixed (not occuring for several tests in a row), but as time has shown, something wrong is still there.
So I'll try to go into deeper detail now, as we've may have overlooked some nuance... Then again, as my sniffer research below shows, this may be an engine bug and these setup details are irrelevant.
Our setup is split into several Solaris 10 full-root zones hosted on several servers, some of the components are enroute to HA (perhaps we made some mistakes on this part of the way?)
So, we have the following software stack:
1) two MMR Directory Servers (DSEE 6.3 = DSEE 6.2 from JCS5 + 125278-07__DSEE_6.3__x86x64 + 125277-07__DSEE_6.3__x86_sol9 patches) working in zones on two different servers. Except for one time when a manually forced ZFS rollback corrupted one of the server instances, no problems here.
2) two zones with Directory Proxy Servers (6.3, exact versions as above) running at port 389 provide the clients with an illusion that they have a stable Directory Server, even if one of the actual servers is currently rebooting ;)
These DPS zones are hosted on two different servers as well and are primarily used by LDAP clients (JCS components) running in other zones on the same respective servers.
3) A zone with Sun Web Server 7.0U1 and Access Manager 7.1 (+ 126357-01__AM71_x86 patch) and Delegated Admin 6.4-4.01 (from JCS5 + 121582-18__COMMCLI64__x86 patch).
At the moment there is one such zone (named "cos-psam-01.domain.ru" in the logs below), but we expect(-ed) it to become two similar zones as per AM HA setup.
Zones listed in (1-3) use private IP numbers, they belong in our internal DMZ.
Zones listed in (4-5) below use public (routed) IP numbers, they belong in our external DMZ.
4) A zone with Sun Web Server 7.0U1 used primarily as a reverse-proxy server (optionally with a load-balancer libpassthrough.so plugin) successfully used for other hosted projects. One of its configurations now passes connections from an externally routed IP address published as "psam.domain.ru" to "cos-psam-01.domain.ru", per AM HA setup, so HTTP clients believe they work with an Access Manager instance. This zone has a backend interface with a private IP address to communicate with the actual AM instance.
In AM configuration (both LDAP and file-based) we have configured a site ID with the publicly known name and mentioned both names (psam and cos-psam-01) in organization's realm/dns aliases.
5) A zone with the rest of the Sun Java Communications Suite 5, as in Messaging Server 6.3 (6.3-6.03 64-bit: ci-5.0-1.03_solx86_x64__Messaging_Server_6.3-2 + patch 126480-09__MSG63__x86-64), UWC/CE 6.3 (from JCS5 + 122794-17__UWC63-4.01_core__x86), Instant Messaging 7.2 (from JCS5 + 118790-29__IM72__x86-1 + 118787-28__IM72__x86-2), Calendar Server 6.3 (from JCS5 + 121658-28__iCS63__x86). The web-components (UWC/CE, IM, /httpbind) are deployed in a Sun Web Server 7.0U1 as well.
This zone is named "sunmail.domain.ru" and has a routed IP address for direct external access to its servicess.
The AM SDK part is also patched (126357-01__AM71_x86); it points to the load-balancer name ("psam.domain.ru") as an actual AM server.
# imsimta version
Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pc
While setting up this server set we tried to use AM SSO as the user login method, but it works unreliably.
"Unreliably" means that while most of the time entering a correct uid and password in Access Manager login page ("http://psam.domain.ru/amserver/UI/Login") does redirect a user back to "http://sunmail.domain.ru/uwc/auth" along with a new cookie, and the user is redirected again to his or her mailbox, sometimes the user receives the UWC/CE login page. Entering the same uid and password here does log him in, but it breaks the whole point of SSO and only increases the end-user routine required to log in :\
We have also seen the "missing mail tab" problem - if the users point the browser to any hostname different from "sunmail.domain.ru" (i.e. www.mail.domain.ru which is equivalent in DNS), they have only the Address book, Calendar and Options tabs; no webmail. So far this is resolved by Policy Agent forcing The One name of the server.
Here's the configuration we did specifically for AM SSO:
1) in AMConfig.properties of "sunmail" and "cos-psam-01" we set up
com.iplanet.am.cookie.encode=false
am.encryption.pwd=<the same value>
all hostname-related parameters point to "psam.domain.ru"
2) in AMConfig.properties of "cos-psam-01" a number of FQDN equivalence entries are added (so it does not redirect to a server hostname unknown to visitors):
com.sun.identity.server.fqdnMap[publicname-or-ip]=psam.domain.ru
com.sun.identity.server.fqdnMap[cos-psam-01.domain.ru]=cos-psam-01.domain.ru
3) in "msg.conf" on "sunmail" (entries added via configutil):
local.webmail.sso.amcookiename = iPlanetDirectoryPro
local.webmail.sso.amnamingurl = http://psam.domain.ru:80/amserver/namingservice
local.webmail.sso.singlesignoff = yes
local.webmail.sso.uwcenabled = 1
service.http.ipsecurity = no
(perhaps some more options are required? Looking for confirmation about: local.webmail.sso.uwclogouturl local.webmail.sso.uwccontexturi local.webmail.sso.uwchome service.http.allowadminproxy )
4) Configured Web Policy Agent for Sun Web Server, so that users without an AM session are required to get one. Set up per [http://msg.wikidoc.info/index.php/AM_redirection_using_Policy_Agent], except that com.sun.am.policy.agents.config.notenforced_list points to the many names our server can go known by.
5) Updated the logout URL in /opt/SUNWuwc/webmail/main.js:
--- main.js.orig        Sat Jan 26 07:52:09 2008
+++ main.js     Mon Jul 21 01:06:29 2008
@@ -667,7 +667,8 @@
function cleanup() {
   if(laurel)
-      top.window.location = getUWCHost() + "/base/UWCMain?op=logout"
+//      top.window.location = getUWCHost() + "/base/UWCMain?op=logout"
+      top.window.location = "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
   else
       exec('logout', '', 'exit()')
@@ -1707,7 +1708,8 @@
   if(lg) {
         url = document.location.href
         url = url.substr(0,url.indexOf('webmail'))
-        uwcurl = url + 'base/UWCMain?op=logout'
+//      uwcurl = url + 'base/UWCMain?op=logout'
+        uwcurl = "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
   exit()
}6) Calendar SSO - per docs...
According to ngrep sniffing,
1) the browser goes to "http://sunmail.domain.ru/uwc/auth" without any cookies
2) receives a redirect and goes to "http://psam.domain.ru/amserver/UI/Login?gotoOnFail=http://sunmail.domain.ru:80/uwc&goto=http%3A%2F%2Fsunmail.domain.ru%3A80%2Fuwc%2Fauth"; sends no cookies either.
3) The first response from the "psam" server (as redirected from "cos-psam-01") sets a few cookies while rendering the login page:
Set-cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; Path=/
Set-cookie: AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
Set-cookie: amlbcookie=02; Domain=.domain.ru; Path=/
4) The browser requests the login page resources (javascripts, images, etc) using these cookies, as in this header line:
Cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; amlbcookie=02
5) The browser POSTs the login request to "/amserver/UI/Login" and receives a redirection to http://sunmail.domain.ru:80/uwc/auth
Set-cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
Set-cookie: AMAuthCookie=LOGOUT; Domain=.domain.ru; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
6) The browser requests "http://sunmail.domain.ru/uwc/auth" using the newly set cookie (looks like the old one to me though):
Cookie: amlbcookie=02; iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#
7) The "sunmail" web-server checks the AM session validity with the same "psam.domain.ru". It sends a series of POSTs to /amserver/namingservice:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="685">
<Request><![CDATA[
<NamingRequest vers="1.0" reqid="324" sessid="AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#">
<GetNamingProfile>
</GetNamingProfile>
</NamingRequest>]]>
</Request>
</RequestSet>(receives a large XML list of different Access Manager configuration parameters and URLs)
...then a double-request to /amserver/sessionservice:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RequestSet vers="1.0" svcid="Session" reqid="686">
<Request><![CDATA[
<SessionRequest vers="1.0" reqid="678">
<GetSession reset="true">
<SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
</GetSession>
</SessionRequest>]]>
</Request>
<Request><![CDATA[
<SessionRequest vers="1.0" reqid="679">
<AddSessionListener>
<URL>http://sunmail.domain.ru:80/UpdateAgentCacheServlet?shortcircuit=false</URL>
<SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
</AddSessionListener>
</SessionRequest>]]>
</Request>
</RequestSet>As a result it receives an XML with a lot of user-specific information (the username, LDAP DN, preferred locale, auth module used, etc.)
!!!*** Now, the problem part ***!!!
8) And then "sunmail" POSTs a broken cookie to "psam" (note the space in mid-text, where the "plus" sign was previously). As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here.
I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. I looked over the large XML responses to the two previous requests, whenever they mention the session cookie value, the "plus" is there.
For the most detail I can provide, I'll even paste the whole HTTP packet:
POST /amserver/sessionservice HTTP/1.1
Proxy-agent: Sun-Java-System-Web-Server/7.0
Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#;amlbcookie=null
Content-type: text/xml;charset=UTF-8
Content-length: 336
Cache-control: no-cache
Pragma: no-cache
User-agent: Java/1.5.0_09
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Host: cos-psam-01.domain.ru
Client-ip: 194.xxx.xxx.xxx
Via: 1.1 https-weblb.domain.ru
Connection: keep-alive
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RequestSet vers="1.0" svcid="session" reqid="258">
<Request><![CDATA[<SessionRequest vers="1.0" reqid="254">
<GetSession reset="true">
<SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</SessionID>
</GetSession>
</SessionRequest>]]></Request>
</RequestSet> The server's error response is apparent:
HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 31 Jul 2008 05:49:50 GMT
Content-type: text/html
Transfer-encoding: chunked
19b
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ResponseSet vers="1.0" svcid="session" reqid="258">
<Response><![CDATA[<SessionResponse vers="1.0" reqid="254">
<GetSession>
<Exception>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=# Invalid session ID
AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</Exception>
</GetSession>
</SessionResponse>]]></Response>
</ResponseSet>On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
For reference, here's a working final request-response (one with a good cookie, as received by the load-balancer web-server). Request looks a bit different:
POST /amserver/sessionservice HTTP/1.1
Cookie: iPlanetDirectoryPro=AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#;amlbcookie=null
Content-Type: text/xml;charset=UTF-8
Content-Length: 379
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Java/1.5.0_09
Host: psam.domain.ru
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RequestSet vers="1.0" svcid="session" reqid="281">
<Request><![CDATA[<SessionRequest vers="1.0" reqid="277">
<SetProperty>
<SessionID>AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#</SessionID>
<Property name="uwcstatus" value="active"></Property>
</SetProperty>
</SessionRequest>]]></Request>
</RequestSet> ...and the response is OK:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ResponseSet vers="1.0" svcid="session" reqid="281">
<Response><![CDATA[<SessionResponse vers="1.0" reqid="277">
<SetProperty>
<OK></OK>
</SetProperty>
</SessionResponse>]]></Response>
</ResponseSet>

There have been a few reports of the same behaviour with other customers - specifically with the handling of the encoding of "+" characters to " ". It relates to how cookie encoding/decoding is performed (as you have already observed).
The solution for these customers was the following:
=> AM server/client side:
Ensure that com.iplanet.am.cookie.encode=false in AMConfig.properties and AMAgent.properties on all systems.
=> AM client (UWC) side:
- Set <property name="encodeCookies" value="false"/> in /var/opt/SUNWuwc/WEB-INF/sun-web.xml. This will prevent UWC from trying to urldecode the cookie it receives and therefore stops it turning the + into a space e.g.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'file:///net/wajra.india.sun.com/export/share/dtd/sun-web-app_2_3-1.dtd'>
<sun-web-app>
   <property name="encodeCookies" value="false"/>
   <session-config>
      <session-manager/>
   </session-config>
   <jsp-config/>
<property name="allowLinking" value="true" />
</sun-web-app>Regards,
Shane.

XI3.1 and delegated admin?

hi,
we have two distinct project. each project must have delegated admin (manage user and group) : each admin must see only its users and groups...
we have apply this :
1/create specific admin groups
2/ create specific acces level (view object/general +add objects/content folder all rights/system user all rights/system usergroup)
3/ on user and groups/manage top level security/all group :
add the two admin groups and apply acces level
4/ on each group and subgroup remove acces on the admin group that does not (because each admin group is in inherited rigth...)
this work, but not for for user level, delegated admin can't create user and if we apply top level security acces level , the admingroup can see ALL user. it's not that we want...
have you ideas?
thank's

Hi Phil!
I think it is designed as is - but did you try to use Windows AD Groups.
You can enable specific windows AD groups to BO. These will be created automatically the first time they logon, or you can trigger an AD refresh. So the users are created automatically.
You admins could then have the rights to see the users only and to see/edit their own set of Groups, where they can put these users to. Also you can define which admin sees which objects (reports, universes, connections, ...)
But: you will get an issue if you loose/change your AD connection to your server, then everything must be redone.
ciao Hakan

Combined Report for Purchasing and Inventory Management.

Hi All,
Is there any standard SAP Report available where I can get all the information related to Purchasing and Inventory Management in one.
Like Material,Purchasing details of the material (vendor, price etc ) and Inventory Management (Stock qty and value etc.).
Regards,
kumar

I don't know any. We have one Z or if you want you can make a simple query.
Best regards.

Business Event Brochure in Training and Event Management?

Hi Guru's
My client has a requirement as follows. The training administrator decides the Business Event Types which for which superiors can book their subordinates or not. Those events are stored at a particular place. Once the administrator stores them, a mail should be triggered to all the superiors. Thus superior can have a list of event types for which he can book his subordinates. When he books for such events, a mail should be triggered to his subordinates regarding the training event. If an employee books for an event, a mail should be triggered to his superior for approval.
How is this possible? According to me, those events will be "Included in Brochure" (in Business Event Type Infotype). Am I right?
Please suggest me.
Points assured!
Thanks in advance.

Hello ,
see the links it might help :
Business processes of Training and Event Managment
Training and Event Management
Lots of workflow

TEM and FI/CO (Training and Event Management)

Hi All,
I wish to track actual cost per event in PE (TEM - Training and Event Management). Was considering having a Internal order per Instance of event. Have any Idea on how to set up something like this?
Appreciate all ideas,
LB

Hi Dean,
using internal orders you have to consider that sending and receiving cost center have to in the same company code.
If you do not want to distribute the costs to FI/CO but only report them, you can use the cost items provided by TEM. We have set up something similar for our plants in South Europe.
We have created some cost items and fill them manually with the training costs. Additionally we have created a report that evaluated this costs and combines them with the employee costs (derived from salary).
Best regards
Michael

How to incorporate training and event management module in ess1.0

Hi all,
I am implementing ess1.0 on EP6.0, NW7.0, ecc6.0.
now in ess1.0 i could not find traing and event manag. module, but i found it in ITS version of ess.
how can i incorporate 'traing and event manag' module in ess1.0??
do i need to download two version of ess?...i doubt if its feasible!...can anybody guide me on this?
I am new to portal, and hence trying to learn thing in EP ESS...please throw in your help ASAP
Regards,
JJ

hi all,
can anybody please throw some light on the above query?
i m trying to search in forum but i am unable to find any reasonable answer to this.
Regards,
JJ

Course Catalog in Training and Event Management

Hi TEM Gurus,
My client wants that users can see only courses of training and event management business catalog in ESS, they can't book or do any activities related to TEM. How we can put restriction for that requirement. We are using ITS services PV7I and PV8I.
Could you please update me as early as posisble ?
Thanks and Best Regards
Puneet

Hi Dear,
Thanks a lot for quick reply. Could you please give me details inofmration .. How to do changes in the system..
How to disable book and cancel functionality from the portal.
Thanks and Best Regards

PMS and Training and Event Management

Hi Gurus,
Our one the of the client implementing PMS and Training and Event Management.
Could anyone suggest me what are the questions need to be asked in initial meeting with the client.
and if anyone has configuration documents on PMS and Training and Event management please forward to me,
my id would be [email protected]
Regards,
Rajesh Soma

The prerequisites of PMS is OM and PA is mandatory,
PMS is just like an interaction between the manager and the employees in an enterprise, based
On his work they are going to put some rating etc.
In the standard system employee called as “Appraise” Manager called as an “Appraiser” and Manager’s Manager called as Higher level manager “Part Appraiser “ can be a self-peer & customer they can save & provide their Comments to the “Appraiser”
First you take the requirement form client side what are the process and how Appraisal system in client then you have to prepare one sheet like Preparation ,Planning,Process
for business functions and other check below :-
HCM, Performance Management (Flexible) 01 - SAP Documentation
HCM, Performance Management (Predefined) 03 - SAP Documentation
check below once :-
Tcodes for PMS Basic Setting
OOHAP_BASIC      Basic Appraisal Template Settings
OOHAP_CATEGORY      Appraisal Category Settings
OOHAP_CAT_GROUP Category Group Settings
OOHAP_SETTINGS_PA PA: Settings
OOHAP_VALUE_TYPE Standard Value Lists
T codes for PMS Process
PHAP_ADMIN     Administrator - Appraisal Document
PHAP_CATALOG     Appraisal Template Catalog
PHAP_CHANGE     Change Appraisal Document
PHAP_CREATE     Create Appraisal
PHAP_PREPARE     Prepare Appraisal Documents
PHAP_SEARCH     Evaluate Appraisal Document
start your work with above things any other post here again ......

Appraisals & training and event management problem

Hi gurus.
I'm trying to configured the integration between Appraisal and Training & Event management (Appraising a Business Event and Attendee Appraisal
I set an attribute HAP00 REPLA = A .
But two problems occurred.
1.
The definition of Appraisal catalog for employees is no problem. But I have a problem with definition of Appraisal catalog for Business event and for Attendees.
Through the definition of Appraisal catalog via SPRO (Training and Event Management/Recurring Activities/Appraisals/Edit Appraisals Catalog) its possible to create an appraisal templates only for employees (it looks like that, because there is only Category group Personnel Appraisals and its not possible to add new category for example Attendee Appraisal).
Can somebody help me where I can define appraisal templates for Event management or how can I get the Appraisal catalog category groups - Appraising a Business Event and Attendee Appraisal?
2.
I set the attributes SEMIN EVAEV/EVAPA to the values 2/3 in connection with table T77BF.
When I run tcode PV33 or PV34 the matchcode of appraisal templates contains the list of all object type VA. The problem is that when I run tcode PV33 I dont want to see all appraisal templates, but only for appraising a Business Event.
It is possible to configure that so? If yes, how.
Thanks in advance.
Regards

Hi,
1. transaction LSO_CATALOG
Regards and Groetjes,
Maurice Hagen

Regarding training and event management queries

hi experts,
in my company we have ess in which training and event management module is working fine.i need to develop a report in which training booked against employee through tc-psv1 means in sap-r/3 and through ess means tc-pv8i will come.means saggregation for sap r/3 and ess will come.
please help me regarding this.
how will i identifie that training has been booked against employees through sap r/3 or ess on what paramenet we will identifie.
plz help me....
is there any function module;....

solved by own

Need Report in Training and Event Management

Dear All,
I want a report in Training and Event Management consisting of attendee name and training date and venue details, price for training event and would like to know any standard report available.
Kindly let me know the std report name.
Thanks and Regards
Suresh,V

Hi!
for all reports try T-code : SAP1 ( Report Selection ) & SAP2 ( Info catalog ) here you will get all the standard reports available for that module .
Regards
Sheetal
Edited by: sheetal Gulati on May 14, 2009 7:51 AM

Extraction and loading of Training and Event Management data (0HR_PE_1)

hello,
I've got the following doubt:
before BI 7.0 release, extractor 0HR_PE_1 extracts event data (eventid, attendee id, calday,...) but if you load straight to cube 0PE_C01, as Calendar year/month needs a reference date (for example, event start date), you'll get total duration of event in hours or days refered to event star date.
So in a query filtered by month, you get total duration of an event that starts in the filtered month but it couldn`t end until few months later o year later, so you don´t get appropiate information.
Example:
Event calday Hours
10004377 20081120 500 but from event_attr event end date is 20090410.
In a query filtered by 200811 you get total duration time (500 hours when in 200811 event hours have been 20) or if you filter by any month of 2009 you don´t get information of duration of that event.
I had to create a copy of standar cube (without calday, only Calendar year/month, Calendar year in time dimension) and disaggrate data creating as many entries for an event as months lasts and adjust calculation of ratios duration of event (duration of event in each month/ total duration of event).
The question is: Is there any improvement or change on business content in BI 7.0 to treat Training and Event Management data? Has anybody had to deal with that?
Thank you very much.
IRB

Hi,
TEM data is stored in HRP tables.
You can load the catalog by creating LSMWs for objects Business event group (L), Business event types (D), Locations (F), Organizers (U) as per requirement.
LSMW for tcode PP01 can be used to create these objects.
To create Business Events (E) you can create LSMW for PV10/PV11.
To book attendee create LSMW for tcode PV08 as here you can specify the actual business event ID which reduces ambiguity.
tcode PV12 to firmly book events
tcode PV15 to follow up
Hope this helps.
Regards,
Shreyasi.

Email on Training and Event Management

Dear all,
I would like to know are there any email supported in Training and Event Management Module.
For example, after HR administrator help book courses for staff, system will trigger an email notification to staff mailbox with certain course detail information
Regards
Bill

Hi Bill,
In your case the event for triggering the email notifications will be when the booking is done. So before booking, for the object like Business event type and/or business event group some relationship exits. Once you do a booking of course, additional relationship will be created in different objects. Not exactly sure about the relationship code, but you can easily find out from hrp1001.
So yoor program will check for this partcular relationship, and if it exists then will send mail notifications.
Thanks!
Regards,
Chetan Shriraj Wahane

Training Need - TN in Training and Event Management

Hi
Did any one worked on Training Need (TN) in Training and event management? I have the below question.
For France there is a legal requirement to capture some 1.6 % of the employee annual gross salary towards training cost. So where to record the training cost of the employee in Training and event management and is there any link with payroll.
Logically it sounds as it does. but where and how is it connected with payroll.
Please revert if you know the solution.
Brs
Kenu.

Hi
In Table V_T77TNM_DC
We need to have the below entries
TNM                                              CL_HRTNM_VALO_COMPUT_GUI_FR
TNM       HRTNM00_REPMOD        CL_HRTNM_VALO_COMPUT_GUI_FR
TNM       MP168400                       CL_HRBAS_INFTY_1684_GUI_FR
TNM       RPCTNM9S_REP            CL_HRTNM_INFTY_1036_GUI_FR
Regards
Kenu

DAP and Delegated Management

Similar Messages

Maybe you are looking for