Delete ABAP system from IdM

Hey guys,
We have a server here which has outlived it's usefullness and will be removed.
Is there any decent way to remove all reference to this system (roles, privileges, etc)?
Thx in advance,
Jonathan

Hi
I solved this by "reverting" the Initial-Load jobs (manually create a new job with lots of sub-passes)
See here: How to remove system & relevant entries from IdM
BR
Michael

Similar Messages

How to delete file systems from a Live Upgrade environment

How to delete non-critical file systems from a Live Upgrade boot environment?
Here is the situation.
I have a Sol 10 upd 3 machine with 3 disks which I intend to upgrade to Sol 10 upd 6.
Current layout
Disk 0: 16 GB:
/dev/dsk/c0t0d0s0 1.9G /
/dev/dsk/c0t0d0s1 692M /usr/openwin
/dev/dsk/c0t0d0s3 7.7G /var
/dev/dsk/c0t0d0s4 3.9G swap
/dev/dsk/c0t0d0s5 2.5G /tmp
Disk 1: 16 GB:
/dev/dsk/c0t1d0s0 7.7G /usr
/dev/dsk/c0t1d0s1 1.8G /opt
/dev/dsk/c0t1d0s3 3.2G /data1
/dev/dsk/c0t1d0s4 3.9G /data2
Disk 2: 33 GB:
/dev/dsk/c0t2d0s0 33G /data3
The data file systems are not in use right now, and I was thinking of
partitioning the data3 into 2 or 3 file systems and then creating
a new BE.
However, the system already has a BE (named s10) and that BE lists
all of the filesystems, incl the data ones.
# lufslist -n 's10'
boot environment name: s10
This boot environment is currently active.
This boot environment will be active on next system boot.
Filesystem fstype device size Mounted on Mount Options
/dev/dsk/c0t0d0s4 swap 4201703424 - -
/dev/dsk/c0t0d0s0 ufs 2098059264 / -
/dev/dsk/c0t1d0s0 ufs 8390375424 /usr -
/dev/dsk/c0t0d0s3 ufs 8390375424 /var -
/dev/dsk/c0t1d0s3 ufs 3505453056 /data1 -
/dev/dsk/c0t1d0s1 ufs 1997531136 /opt -
/dev/dsk/c0t1d0s4 ufs 4294785024 /data2 -
/dev/dsk/c0t2d0s0 ufs 36507484160 /data3 -
/dev/dsk/c0t0d0s5 ufs 2727290880 /tmp -
/dev/dsk/c0t0d0s1 ufs 770715648 /usr/openwin -
I browsed the Solaris 10 Installation Guide and the man pages
for the lu commands, but can not find how to remove the data
file systems from the BE.
How do I do a live upgrade on this system?
Thanks for your help.

Thanks for the tips.
I commented out the entries in /etc/vfstab, also had to remove the files /etc/lutab and /etc/lu/ICF.1
and then could create the Boot Environment from scratch.
I was also able to create another boot environment and copied into it,
but now I'm facing a different problem, error when trying to upgrade.
# lustatus
Boot Environment           Is       Active Active    Can    Copy
Name                       Complete Now    On Reboot Delete Status
s10                        yes      yes    yes       no     -
s10u6                      yes      no     no        yes    -        Now, I have the Solaris 10 Update 6 DVD image on another machine
which shares out the directory. I mounted it on this machine,
did a lofiadm and mounted that at /cdrom.
# ls -CF /cdrom /cdrom/boot /cdrom/platform
/cdrom:
Copyright                     boot/
JDS-THIRDPARTYLICENSEREADME   installer*
License/                      platform/
Solaris_10/
/cdrom/boot:
hsfs.bootblock   sparc.miniroot
/cdrom/platform:
sun4u/   sun4us/ sun4v/Now I did luupgrade and I get this error:
# luupgrade -u -n s10u6 -s /cdrom
ERROR: The media miniroot archive does not exist </cdrom/boot/x86.miniroot>.
ERROR: Cannot unmount miniroot at </cdrom/Solaris_10/Tools/Boot>.I find it strange that this sparc machine is complaining about x86.miniroot.
BTW, the machine on which the DVD image is happens to be x86 running Sol 10.
I thought that wouldn't matter, as it is just NFS sharing a directory which has a DVD image.
What am I doing wrong?
Thanks.

SU01 Parameters across ABAP systems using IDM

Anyone have some ideas on how to handle SU01 Parameters across multiple ABAP systems ?
Our difficulty is that the parameters required in the ERP system do not exist in the SOLMAN system so I cant create a 'global parameter' list for a user in the MX_PARAMETER and let IDM send it out everywhere.
Parameter examples are ;
/RWD/LANG=EN
MOL= 13
thanks

We looked at creating a PARAM<system number> type field and then changing all the required provisioning tasks, but after a closer look, we decided that parameters on the main ERP/HCM system will be done with an ABAP program. So immediately after HRUSER process has created the SU01 record, the abap program inserts inserts the required 30 or so PIDs according to the HR area. Other reason for doing it this way is that once the PID's are assigned to the user, the user can then change some of them via their transaction screens. So we didn't want IDM changing or even tracking the PIDS after the initial creation.
All other systems had minimal use of parameters and these will be done manually.
Would be a great addition to the IDM application if it did politely handle differing PIDs in multiple ABAP systems !

Error when deleting EncryptionKey objects from /idm/debug

I have multiple EncryptionKey objects sitting in a dev environment of IDM 7.0. Is there a reason why I can't delete any of these unused/unneeded EncryptionKey XML objects manually via the /idm/debug page?
When I do, I get the following error:
ERROR: com.waveset.util.WSAuthorizationException: Delete access denied to Subject Configurator on EncryptionKey: 2F2C30920F6F7DE9:-3D5367A0:113073CC878:-7F1D.
If you're asking why -- it's because I think some of these keys are causing other issues in my environment and am trying to rule out all possible causes.

Hi,
I would recommend filing a TAR in this one. The only ora-22813 error involving workspace manager and geometry columns that I know about involves queries that need to sort data for which the size of the geometry column was >30k. Does the execution plan for the delete statement involve any kind of sort? However, this is an old 9.2 bug, that I believe was fixed for all 10.1 and newer releases.
Does the same error happen if you do not use the subquery?
Regards,
Ben

Deleting Logical system from BD54

Hi ,
I have created 2 logical systems in BD54. now I want to delete that logical systems. When I am trying to delete that logical systems..i am getting the msg " Logical Systems <Logical System Name> must not be deleted".
Whats the problem nd how to delete it.

Hi Vijay,
Goto-BD54--> Click on the Position -->provide you logical system name..Then press enter
Select logical system which you want to delete----> press Minus symbol in the application tool bar --> enter.
Thanks,
Nelson

How to delete backend system data from GRC,GRC 10 AC

Hello experts,
we have connected multiple ECC systems to GRC by creating connectors with respect to each system and
currently we are using,now due to some reasons customer requested to delete complete data from
one of the ECC system from GRC.
we are using only access control with all components
please suggest how to delete all relevant data
from GRC system
Thanks
GRC Admin

Hi,
You can use program GRAC_DELETE_ACCESS_RULES to achieve your requirement.
2075597 - How to delete specific system from SPRO
Regards,
Madhu.

Users mapping between EP and ABAP system

Hello
I'd like to ask for some guidance in my quest
Current situation looks like this:
I've configured UME in AS Java to work with LDAP as read only data source. Then I've configured SPNego to run SSO - It works, users from MS AD can log into portal.
Now I have application in WD which authorizes via EP/AD - works fine.
And next step is users mapping between AD and ABAP backend (serving some BAPI's for WD app)
I've found a bunch of help pages starting from
http://help.sap.com/saphelp_nwce711/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
But somehow it's quite complicated to achieve this mapping. I've tried to set RFC destinations logon type to user mapping but without succes.
Can anyone point me to some more clear example or give path to configure this scenario? Is there a way of configuring this with NWA or some XML file editing is required?
Any help will be appreciated.
BTW: whole environment is in version 7.11
Best regards
Maciej

There is no equivalent to SPNEGO on the ABAP side.
If your goal is to propagate the user, then possible options are:
-> Wait for SAML 2.0 or invest now in a SAML 1.0 provider.
-> Use the same kerberos ticket for the EP as what your ABAP system will accept: route = SNC and 3rd party libraries.
-> Issue SAP logon tickets for the ABAP system from the EP, and use these in your WDA.
Another option is to expose the service with saved logon data in the ICF. If the service is just a wrapper for the BAPI, then you can also consider using trusted RFC between the service and the backend, but this might not be acceptable for your service.
I have only done experimental stuff with this and some of the above is not released yet. Also consider the consequences, even if it "does work"...
Cheers,
Julius

Delete Role Assignments directly from an ABAP System

Hi folks!
I'm working on a synchronization job and I have a particular challenge, delete Roles assigned to a user in the ABAP System.
Our use case is this: IDM is regarded as the authoritative source and as such if the user has a privilege in IDM, it should be in the backend. Easy enough!
However if the privilege is not in IDM but is in the back-end, it needs to be removed. Is there a way to do this in IDM? From what I saw in the Framework, we are assuming that the role already exists in IDM.
I suppose the work around would be to assign and then remove the matching privilege in IDM, but I really don't like that at all, for a number of reasons.
I looked in the business suite and plain ABAP portions of the framework. I'll take a more detailed look and also check the RDS, but I get the feeling this will be a toughie.
Thanks for your help!
Matt

Hello Matt,
so you want to remove local administrated role?
If the object really is to undo the local administration, I would do this:
Create a batch job, the passes would be a FromSAP, a ToGeneric and one/two ToSAP
At first a cleaning pass (the ToGeneric one) which fixes all incorrect assigned privs (re-add directly or remove, depends on what you want/need). The source tab query and destination tab script have to be written though (I guess that is the most time consuming part of the job during implementation)
The pending privs have to be considered in the provisioning script (I would prefer our own written script over the SAP delivered anytime)
Copy the Read ABAP pass for users. Remove everything but the logonuid and the role assignments (profile assignments only if needed, too). Maybe use a different table name like sap<repName>userAssignRecon. If the system is very large, this pass has to be optimized filters
Copy the role provisioning pass from the in-use plugin (SAP or adjusted one) and adjust it like this:
Source tab query: A query which selects all mskeys of users that have more assigned in the sap table as in the link view. Using the Identity Store so everything of the identity is selected
Destination tab: Remove the profiles as you haven't mentioned them. If needed I would do the same for profiles as for the roles in a second pass with the profileAssign table.
Best regards
Dominik

Provisioning of roles to ABAP system deletes role assignments in backend

Hi all,
following scenario:
user has role A in an ABAP system which is connected to IDM. Assignment of role A to the user is not in the identity store.
Now you assign role B via workflow to the user and IDM provisions this new assignment to the ABAP system.
What will happen is that the user will get role B but assignment of role A will be deleted.
This happens because in the job "SetABAPRole&ProfileForUser" the connector attribute "roles" will only consist the role assignments which are in the identity store. All assignments in the ABAP system which are not yet in the IDS will be overwritten.
This behaviour can be very critical. If you still allow role assignments directly in the backend system and you read these assignments e.g. once a day to the IDS - but in the meantime assignments have been done via workflow - you will lose data.
My customer wants to assign roles both directly in the system and also by workflow. Every night an ABAP update job runs which writes new assignments to the IDS.
Do you have any idea how I could solve this? Is there a way NOT to overwrite assignments with the ABAP connector field "roles"? I tried to use multivalue operator but this didn't do the trick.
I hope I was able to describe my problem properly and you have answers...
Best regards
Jörn Kaplan

No, there is not a way to avoid that IdM replaces the role assignment in ABAP with the current assignments as know by IdM. IdM is the master!
This is not directly an issue of IdM: The standard BAPIs in ABAP (up to release 7.0) offer "replace all role assignments" but not "add role assignment" or "remove role role assignment".
However, there exist an exception: Role assignments in ABAP which are created indirectly by an HR-ORG assignment are not touched by IdM. (There role assignment are viewed in blue in transaction SU01.)
See http://help.sap.com/saphelp_nw70/helpdata/EN/50/e9683c5de8676fe10000000a114084/frameset.htm for details.
Kind regards
Frank Buchholz

System exception while deleting the file from app server in background job

Hi All,
I have a issue while the deleting the file from application server.
I am using the statement DELETE DATASET in my program to delete the file from app server.
I am able to delete the file from the app server when i run the program from app server.
When i run the same report from background job i am getting the message called System exception.
Is there any secuirity which i need to get the issue.
Thank You,
Taragini

Hi All,
I get all the authorization sto delete the file from application serever.
Thing is i am able to run the program sucessfully in foreground but not in the background .
It i snot giving any short dump also just JOB is cancelled with the exception 'Job cancelled after system exception ERROR_MESSAGE'.
Can anybody please give me suggestion
Thanks,
Taragini

System log - how to find out who has deleted the req from cube.

^hello friends
how can i find out who has deleted the request from cube ?
i wanted to check the system log , that who has deleted the request from cube .
could you please let me know how to check the same ?
regards
manoj

Hi,
Did you try the method I had suggested. It will work.
Also its better to try the path I had suggested as it will display the logs for that particular Cube only.
But if go through SM37 > B_DEL* it will display all the logs for all the deletion jobs not just this cube and it will be difficult to find out.
Try that and you should get the log.
Thanks,
JituK

How to call a RFC of a remote system from an ABAP webdynpro component

Dear Experts,
I am a newbie in ABAP Webdynpro.
I am working on a requirement where I have a webdynpro component on ECC system.I need to call a RFC located on CRM system from my webdynpro component on the ECC system.
How do I do that ?? Please help.
Regards,
Mamai.

Calling RFC from some other system is same as local except the difference is that you have to give destination name while calling.
And the regarding the method of calling it depends on your FM.
if it is big RFC with complex structure, you can create the service call for it with destination given as RFC desitination.
if it is simple straight forward RFC you can directly call it.
for creating RFC service call call use this method
1. Starting the Wizard
To start the wizard, position the cursor on the Web Dynpro component to be edited in the object list at the left margin of the
workbench window. Open its context menu and choose the entry Create->Service Call. The wizard is started and leads you
through the creation process.
Press Continue.
2. Choice of Controller
On the second dialog window of the wizard, you can choose whether the service call is to be embedded in an existing
controller or whether a new controller is to be created for this purpose. Service calls can only always be embedded in
global controllers u2013 that is, in the component controller or in additionally created custom controllers. It is not possible, to
embed service calls in view controllers.
a. Select radio button Use Existent Controller
b. Do not change the default entry for component: <CC name>
c. Enter for controller COMPONENTCONTROLLER
d. Press Continue.
3. Service Type and Service Selection
a. You now select, which service type should be used for this service call. Select radio button Function Module. Fill the
destination here. Press Continue.
b. Select the service: for Function Module enter <RFC name>. Press Continue.
4. The Required Methods and Context Elements
On the two subsequent dialog windows, default values are listed for giving names to the context nodes and attributes
required by the service call as well as to the required methods. The proposed names are based on the names of the
embedded service, but you can change them as required. However, heed the respective notes in the corresponding dialog
box.
a. Adapt Context: Select from Nodes/Attributes . Press Continue.
b. Specify Method Name: leave all entries as provided: Component: Controller: COMPONENTCONTROLLER Method: EXCUTE_ Press Continue.
5. Completing the Choice
When you have confirmed the last dialog box, the generation is triggered. Afterwards you now have the required methods
and contexts at your disposal for using them within your Web Dynpro component.
or if you want to call directly the use the call statement with destination

System Error While Deleting Software Component from Repository

Hi,
I have deleted datatypes,Interface types,Message types,Interface Mapping & Message Mapping also.
When im deleting Software Component from Repository,
I m getting the following System Error.
[-9402]:System Error:AK Unexpected Strategy information.
and im not able to delete.
Plz Suggest me.
Sree Ram.

hi stree ram...
u can get tth note directly form SAP service or go to transaction 'snote'....
and ther u can import it from the menu bar thers a option of download/upload....just put in the note no.
regards...
vishal
P.S : assign pts if answer found helpful

After upgrading the new operating system, it seems some useful features no longer work such as when typing a message the text anticipates the next word and when trying to delete individual messages from a contact, you can no longer tap and hold to select

After upgrading the new operating system on my Droid Razr M it seems some useful features no longer work such as when typing a message the text anticipates the next word and when trying to delete individual messages from a contact, you can no longer tap and hold to select multiple message you have to delete them individually or the entire thread. Is there a way to get these back?

Well, that's kind of embarrassing. And I honestly thought I paid attention to that... It works perfectly now, thank you so much!
As expected, cdm-git also works fine since DMs only work in the root mode as of now.
Just for the record, both type commands output "/usr/bin/startx" and pacman -Q gives "systemd 215-4".
Last edited by looki (2014-08-23 13:04:49)

How do I reorganize my photos on iPad 2? I need to move (not copy) photos from one album to another. When I use the copy function to another album, and then try to delete an image from the original album, the system wants to delete the photos from all a

How do I reorganize my photos on iPad 2? I need to move (not copy) photos from one album to another. When I use the copy function to another album, and then try to delete an image from the original album, the system wants to delete the photos from all albums. Please help.

You can't do it directly on the iPad - the new album functionality basically only allows you to copy photos into those new albums, you can't move them. The way that I think of it as working is that you are just creating pointers to the photos in those new albums, so if you then delete the original photo on the iPad you therefore automatically delete all the pointers to it.
If you want to re-organise your albums then you will need to do it on your computer and then sync those albums over to the iPad

Delete ABAP system from IdM

Similar Messages

Maybe you are looking for