Delete Role Assignments directly from an ABAP System

Similar Messages

• Provisioning of roles to ABAP system deletes role assignments in backend

  Hi all,
  following scenario:
  user has role A in an ABAP system which is connected to IDM. Assignment of role A to the user is not in the identity store.
  Now you assign role B via workflow to the user and IDM provisions this new assignment to the ABAP system.
  What will happen is that the user will get role B but assignment of role A will be deleted.
  This happens because in the job "SetABAPRole&ProfileForUser" the connector attribute "roles" will only consist the role assignments which are in the identity store. All assignments in the ABAP system which are not yet in the IDS will be overwritten.
  This behaviour can be very critical. If you still allow role assignments directly in the backend system and you read these assignments e.g. once a day to the IDS - but in the meantime assignments have been done via workflow - you will lose data.
  My customer wants to assign roles both directly in the system and also by workflow. Every night an ABAP update job runs which writes new assignments to the IDS.
  Do you have any idea how I could solve this? Is there a way NOT to overwrite assignments with the ABAP connector field "roles"? I tried to use multivalue operator but this didn't do the trick.
  I hope I was able to describe my problem properly and you have answers...
  Best regards
  Jörn Kaplan

  No, there is not a way to avoid that IdM replaces the role assignment in ABAP with the current assignments as know by IdM. IdM is the master!
  This is not directly an issue of IdM: The standard BAPIs in ABAP (up to release 7.0) offer "replace all role assignments" but not "add role assignment" or "remove role role assignment".
  However, there exist an exception: Role assignments in ABAP which are created indirectly by an HR-ORG assignment are not touched by IdM. (There role assignment are viewed in blue in transaction SU01.)
  See  http://help.sap.com/saphelp_nw70/helpdata/EN/50/e9683c5de8676fe10000000a114084/frameset.htm for details.
  Kind regards
  Frank Buchholz

• Role assignments not set in ABAP but IdM indicates OK status

  Hi,
  We went live with IDM 7.2 SP8 last month. We have started to see issues with Business Role assignments in target systems. Generally, BR assignments are parsed to respective privileges and assigned correctly. Sometimes privileges in one target will get assigned but not in another target. Occassionally assigning privileges to one target does not get through either. In all cases the IdM assignment is marked as 'OK', but when we check the backend the assignment is not there. Log entries don't show any jobs triggered for the target that failed to update (and consequently there is no log entries in that target either). But why would IdM mark the specific privilege as 'OK' status -- it should either remain 'Pending' or 'Failed' but certainly not 'OK'.
  This effect is inconsistent -- it works correctly at times and fails at others -- increasingly more failures. There is nothing different about the users or environment. We see this in ECC, BW, GTS, etc. We have 36 prd and non-prd systems linked systems. Initially we thought this only affected prd systems as BR's only have prd privileges and the PRD targets are load-balanced. For non-prd systems the assignments are direct privileges, not BRs, and they are not load-balaced. We are now seeing this in behavior in all environments for BR's or direct privilege assignments, in prd and non-prd targets.
  Since BR's have appovers we cannot remove BR's and re-assign in production. So for non-prd targets we have removed the privileges, those that indicated 'OK' but did not get set in the target, and reapplied -- the privileges get deleted successfully without any corresponding job being triggered and then when we re-add it the assignment goes into 'OK' status without any job being triggered.
  When we tried assigning another user the same privileges it went through fine to the target and IDM marked 'OK' -- exactly as it is supposed to work (non-prod privileges have no approvals).
  We are not able to re-produce this in our DEV environment -- the targets are non-load balanced. The assignments work consistently, both BR's and privileges.
  Has anyone seen such behavior by IdM?
  Thanks for your thoughts.
  Ashok

  Hi,
  Thanks for the suggestion. But ours was a different problem.
  The issue was with a faulty reconciliation job that had been fixed. But it had done its damage before the fix and this caused the inconsistent behavior.
  During the reconciliation job (to update changed and add new backend roles in IDM) various task trigger attributes get disabled and then re-enabled after the import. These disabled triggers did not get re-enabled for the privileges on some systems. And the reconciliation job was also delta enabled, so only new privileges, after the initial load, should have been impacted. But impact to many privileges -- all privileges of some target systems -- misled our investigation. The timing of the reconciliation job executions kind of added to the confusion and inconsistencies during the initial setup. But we finally tracked this down and wrote a custom job to fix the triggers for only the affected privileges. Assignments to all systems started to function successfully as expected.
  Best regards,
  Ashok

• Can I delete an icloud account from apple's system with out password

  My mom is 88..  Apple help desk got her set up for an icould account she did not need becuse they misunderstood the nature of help she needed. It is a second uncessary account and is wreaking havoc with her iPad.  My mom can not remember her password.  How can I permanantely remove the account from Apple's system. 

  Apple IDs (which are used to establish various types of accounts like icloud and itunes store) cannot be permanently deleted, nor can the accounts.  Just don't use the account in question if you don't want it.
  If this is about icloud, then on her ipad, Go to Settings>icloud, scroll to bottom of screen and tap Delete Account.  In the future she can always log back in.  If she needs to do this, then to deal with a forgotten password...
  Try the following link to reset your password.
  https://iforgot.apple.com

• Navigating directly from ECC(ABAP) to CRM UI Work Center/Link

  Hi gurus,
  I tried searching and couldn't find a relevant answer so I hope someone can help. We'd like to go directly from an ECC custom transaction we use to view our inventory and navigate directly to a specific work center/logical link within the WebUI that will display some custom development we've done to streamline the quote entry process. Parameters are passed from the inventory transaction and then pre-populated into a custom screen we developed.
  I've seen tons of documentation on launching R/3 transactions from within WebUI and I know how to go directly to a specific object using a formatted URL but I can't find any info on going directly to a specific work center menu entry and/or a direct logical link from within ABAP.
  Can anyone shed some light on this? Thanks in advance.

  Hi James,
  I am working on some navigation issue myself and posted [this|Direct URL access to a component usage; in the forums today. It might just help you:
  SAP has at least some documentation on this one. It is freely available form the [Service Market Place|https://websmp203.sap-ag.de/crm-inst]. [DirectLink|https://websmp203.sap-ag.de/~sapdownload/011000358700001715762008E/Cookbook_Ex_Comp_CRM2007.pdf]
  In the document mentioned above is a way to create a URL to the WebClient directly opening a specifc UI Component in the UI Frame.
  You could even open this one in an HTML control inside your transaction.
  cheers Carsten

• Can I delete song file directly from iTunes?

  Currently if I want to delete any songs from my HDD I have to:
  ○ Right click th song in iTunes .
  ○ Click "Show in Windows Eplorer".
  ○ Delete the file.
  ○ Delete song in iTunes library.
  ◙ And repeat it all if there are more than one song I need to delete.
  Is there any way to delete files from iTunes directly?

  Stuwawah wrote:
  You can but in order to be able to do it directly from iTunes, the song/songs need to be store in the "iTunes folder" in your media directory or the Default folder to chose Under:
  ** Preferences -> Advanced -> Itunes Media folder location
  That is not accurate.
  I do not keep my media in the iTunes folder because I personally cannot stand the way iTunes manages the folders.
  I am able to delete media from my computer via iTunes by simply selecting delete and then selecting the option to let iTunes remove it from the drive.

• Password Replication to LDAP from SUS (ABAP system)

  Hi,
  We have integrated ABAP(SUS) system with LDAP. We want to replicate all the user accounts created in SUS to LDAP ( both user id and password). We need this password in LDAP because LDAP is used for authentication when the user is logging from out side the company by ISA server ( reverse proxy server ) and when the users are logging in internally from the network they will be authenticated against SUS system directly. So we need the user account created at both places with password.
  Any help around this topic is much appreciated.
  Thanks & Regards,
  Seshu

  Hi Yaramala Reddy,
  I have done Synchronization of users created on ABAP with LDAP directory.
  You can use LDAP tcode or LDAPMAP tcode to do the required settings for mapping the SAP User Data fields to the LDAP directory attributes.
  Once the mapping is defined, then run the report RSLDAPSYNC_USER which will replicate all the users created on the ABAP side or viceversa.
  You can also schedule the report dialy as a backgroundjob for delta synchronization.
  Hope this helps.
  Regards,
  Kiran Kandepalli.

• Upgrade direct from 9i File System DB to 10g ASM instance

  Can I upgrade from a 9i file system based instance directly to a 10g ASM based instance? without the middle step of a 10g file system instance.
  Thanks
  MN

  The minimum compatibility for ASM storage system is 10.1.0, it is not possible to manage 9i instances in ASM, and there is no way to waive the 10g migration requirement.
  If you are planning to use 10g ASM storage then you will have to migrate or upgrade your database to 10g first. Next you will have to move your datafiles, control and log files into the ASM storage.
  0. Configure your +ASM instance
  1. Upgrade to 10g (Upgrade procedure) or Migrate (exp from 9i/imp to 10g)
  2. In case you upgraded then use RMAN as stated in the below given reference to move your datafiles to the ASM instance, or if you created the database in 10g make sure you defined +ASM as the default storage mechanism
  Ref. Oracle® Database Backup and Recovery Advanced User's Guide
  10g Release 2 (10.2)
  Part Number B14191-03
  Chapter 16.
  http://download.oracle.com/docs/cd/B19306_01/backup.102/b14191/rcmasm.htm#i1016581
  ~ Madrid
  http://hrivera99.blogspot.com

• Importing Data from an ABAP system - JOB Initial Load - IDM 8.0

  Hello all,
  I got the error during the execution  initial load job:
  Value not legal for this attribute:Attribute: MX_USERTYPE" when storing attribute 'MX_USERTYPE=A'
  Value not legal for this attribute:Attribute: MX_DATEFORMAT" when storing attribute 'MX_DATEFORMAT=1'
  I have executed the job read value help content before start initial load job.
  Could anyone explain if this attribute should be created manually in mxi_AttrValueHelp table before run the initial job?
  Thanks

  Hello Rafael,
  There is a possibility that you have encountered a problem that we had with the language translations for the attribute values.
  I would like to ask you to check one file content:  could you try to open the language translations file: this should be located under ICCORE -> Database Schema -> SQL-Server -> 9-language-data.sql
  There is a chance that this file is "broken".  If so - we have fixed this specific problem in the Designtime Component patch 2 (now 3 is also available) - so you would need to update to this one.
  You could also take a look at the table for the attribute values help - via executing "select * from mxi_attrvaluehelp".
  Kind Regards,
  Rali
  SAP Identity Management Development

• How do I delete songs directly from my iPhone 5s?

  How can I delete specific songs directly from my iPhone 5s? I do not have a personal computer to download the iTunes app. I need to make room for the new iOS 8.0 update.

  You can delete individual tracks by swiping/dragging across them from right-to-left on the song selection screen in the Music app. But check that the single/album is still available in your country's store, if the rights-holder has removed it then you won't be able to redownload it (and similarly if you delete any apps, films etc, they could also have been removed from the store)

• Delete a .csv file from desktop system

  Hi All,
  My requirement is to read the .csv file from the desktop system having the shared folder and delete the file after read successfully.
  Here I can read the .csv file from the location using the function RFC_REMOTE_FILE and updated the content into internal table.
  But I cant delete the file from the presentation server ( Desktop system).
  Can anyone tell me how to delete the .csv file from the desktop system on different location.
  Note:
  I followed this link to read file:
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/9831750a-0801-0010-1d9e-f8c64efb2bd2&overridelayout=true

  Hi Rob,
  Thanks. I solved this problem myself.
  The solution to delete the file from remote system is
  concatenate 'DEL' i_filename i_dirname into v_bkfile separated by space .
  call function 'RFC_REMOTE_EXEC'
    destination  c_dest
    exporting
      command               = v_bkfile
    exceptions
      system_failure        = 1  MESSAGE v_ermsg
      communication_failure = 2  MESSAGE v_ermsg.

• Pushing data from abap system to SLD

  Hello,
  I am pushing data from my abap system to SLD.
  Job SAP_SLD_DATA_COLLECT is successfully finished but the job SAP_LMDB_LDB_0000000001. is not visible in sm37 in solman.
  Hence technical system is not visible in LMDB.
  Please guide me
  Thanks and Regards,
  Akshay

  HI Akshay
  I hope you had make sure that in SM61 you have assigned batch servers for the jobs.
  Can you try to sync your LMDB with SLD once. There is option in LMDB to sync the data, Just see if you are getting the technical system details.
  Also, please check the rfc destinatoin with ICM port if it is stable.
  RFC LMDB_SyncDest<X> is using ICM Port 80<NR>
  You can proceed as below
  Please De-Activate the Sync Job in Solman_Setup -> System Preparation -> Prepare Landscape -> Set Up LMDB.
  Execute transaction 'SM59'.
  Locate the HTTP Destination -> 'LMDB_SyncDest<X>'.
  Switch to Edit mode.
  Change the Service No to 5<XX>00 where XX is the instance number.
  Then makesure the Authorization and Connection test are working.
  Then Re-Activate the synch job, via Solman_Setup -> System Preparation -> Prepare Landscape -> Set Up LMDB
  Apart from that, can you check below note if it is applicable for you
  1615263 - LMDB: Incremental Content Sync Job remains "Scheduled"
  Regards
  Rishav

• Exposing WebService directly from ABAP Class not from BAPI

  Hi guys,
  is it possible ti expose a Webservice direct from an ABAP OO-Class.
  I know the possebility to do it for RFC enabled Funktionmodules but I think it is no good coding style to call ABAP-OO-Methods using RFC-Module only for providing them as methods of an WebService...
  Is there anyone who has exerience on that area ?
  Thanks in advance.
  Bast regards
  André

  Hi Micky,
  thanks for your answer. But the WS-Call are OO codings and the class is OO coding. From my point of view it is not a good style using an RFC Functionmodule as "middleware" between OO-Classes.
  However, if it is not possible I have to live with the possabilities SAP provides.
  regards
  André

• Deleting invalid role assignments

  Hello,
  is there a way to delete role assignments automatically if the validity period is out of date? I know that you can do it manually via transaction SU01/SU10 but maybe there is a report that recognizes if there are invalid assignments.
  Kind regards

  Hell Dennis,
  As pointed out by Juan standard SAP doesnot provide that functionality. However I guess you can do that by writing a simple update report.
  Look out for AGR_USERS table as data source.
  Regards
  Ruchit.

• How to delete the structure created from Tx: EEWB ?

  Hi SAP Guru’s
  I have an issue at hand. I have added three components in the structure <b>BUS000___I</b> and the components are <b>ZZ1, ZZ2, ZZ3</b>, I was following the <b>EEWB</b> wizard and from there these three components were made, now I cannot delete these components directly from <b>SE11</b>. Because after adding these components the system is not allowing me to do so and is asking for the access code.
  I am getting a syntax error in all the tx where <b>Business Partner</b> is used. No old versions for this structure was found in the system. The only structure that has come into this BP structure is <b>ZBSTC0000000000</b> followed by three data elements of this structure.
  I know the <b>Project and the enhancement</b> that was created and I have tried deleting the enhancement from EEWB but when i try deleting it, it always fall into an intermediate stage where it leaves some entries and due to these left over entries these errors are coming.
  Another imp thing is that the structure that i have reported is a newly created one I cannot find this anywhere else. looks like this structure was created after executing the EEWB transaction only.
  Now when I try activating the enhancement again the <b>magic wand button</b> used to activate an enhancement and the <b>generate button</b> is also inactive in EEWB and now it is not getting activated, even after rt click enhancement then clicking change or by clicking on the edit-change button on the top tool bar. Do you think if I create another enhancement this button might get activated?
  Please let me know how do I delete these components.
  Kindly reply at the earliest.
  Regards,
  Amit

  Hi, I had the similar problem (and here the solution):
  Spezifikation: Deletion of EEWB fields manually, error in middleware bdoc,  
  Kurztext 
  Deletion of EEWB fields manually, error in middleware bdoc, 
  Langtext 
  BDOC-Error from function module BAPI_CRM_SAVE. no further using of the
  middleware for sales activities (sales order) possible.
  see steps for reconstruction
  Schritte zur Rekonstruktion 
  what done before:
  - added one field via transaction code EEWB to business object
  SALES_TRANSACTION (Verkaufsvorgang), "Erweiterungstyp CUSTOMER_I
  (Positions-Zusatzextension erweitern) with one existing data element
  type Z_, Geschäftsvorgangstypen = Verkauf
  no selection of "Datenaustausch mit den Mobile Clients",
  "Datenaustausch mit R/3 Supply Chain Execution" or
  "Business Information Warehouse".
  - deleted the extension manually, deleted the eewb project manually
  (successful)
  - got an short dump on saving a sales order via transaction code
  CRMD_ORDER:
  dump type: LOAD_TYPE_VERSION_MISMATCH
  Der Abbruch trat im ABAP-Programm "SAPLCRM_UPLOAD" auf, und zwar in
  "CRM_UPLOAD_BUS_TRANS_MSG". Das Hauptprogramm war "CRM_1O_FRAME ".
  Im Quelltext befindet sich die Abbruchstelle in Zeile 5
  des (Include-)Programms "LCRM_UPLOAD$18".
  (bei Anwahl des Editors: 50) der ABAP-Source "LCRM_UPLOAD$18".
  000040 *********************************************************
  FUNCTION $$UNIT$$ CRM_UPLOAD_BUS_TRANS_MSG
  000060
  000070 IMPORTING
  000080 REFERENCE(IV_GUID) TYPE !CRMT_OBJECT_GUID
  000090 EXPORTING
  000100 REFERENCE(ES_BDOC_HEADER) TYPE !SMW3_FHD
  000110 REFERENCE(ES_BDOC_MESSAGE) TYPE !/1CRMG0/BUS_TRANS_MSG
  000120 REFERENCE(ES_BUS_TRANS_MSG) TYPE !BAD_BUS_TRANSN_MESSAGE
  000130 EXCEPTIONS
  000140 !ERROR_OCCURED .
  - re-generation of a lot of of function modules
  (e.g. CRM_UPLOAD_BUS_TRANS_MSG)
  and some corresponding structures (e.g. CRMT_CUSTOMER_I_COM)
  - fixed the short dumps with this gereration
  Current Errors:
  - the crm middleware (mBdoc) cannot copy sales orders from crm to r/3
  - via transaction code CRMD_ORDER i copy an existing sales order and
  save or try to change just one field and save.
  - saving is succesfull (message type s), but on changing again, the
  order is locked by middleware
  - bdoc in transaction SMW02 is on state yellow "An Empfänger gesendet
  (nicht alle haben bestätigt) BUS_TRANS_MSG"
  - in transaction code SMW02 occurs:
  Mdt Benutzer Funktionsbaustein Queue-Name
  100 CPIC_FILO BAPI_CRM_SAVE R3AD_SAL_ERR
  Datum Zeit
  12.04.2007 17:52:10
  Statustext
  Inkonsistenz zwischen den DDIC-Typen CRMT_CUSTOMER_I_COMT und ABAP-
  genera
  SOLUTION:
  re-generation of *ALL* code which using structure CRMT_CUSTOMER_I_COMT had solved it.