DFD diagram and ER crossmatrix for role definitions and role's privileges on objects

Similar Messages

• RFC- Bapi - For Role Maintenance (Single and  Composite)

  We are in the process of developing an ASP.NET web application which will be used to raise requests for user and role creations in SAP.
  We will be making use of Sonic ESB to update SAP through IWAY SAP adapter.
  IWAY SAP adapter supports RFC’s, Bapi’s & IDocs.
  We are aware of RFC’s that could be used for user creation, updating and deletion.
  We have NOT come across any RFC’s or Bapi’s for role maintenance
  1) We would need RFC’s for the following requirements:
  1) To create a new role (single or composite role ).Creating a new role would include adding transactions to a role, deriving from an existing role or assigning more than one role to another role.
  2) To update a role
  3) To delete a role.
  4) To get the details of an existing role
  If there are no RFC’s for the above requirement, will we need to create a custom RFC?
  If we need to create a custom RFC, are there any transactions already available for the above requirements so that we could write a RFC wrapper?
  2) Are there any RFC’s that would give us the complete list of roles (single or composite) in an SAP system?
  3) Are there any RFC’s that would give us the complete list of transactions in an SAP system?
  Presently for 2) & 3) , we are making use of RFC_READ_TABLE to read SAP tables to get the list of roles and transactions.
  Thanks for your answers

  Hi,
  check these FM , i dont know it will work for u or not.
  BAPI_USER_ACTGROUPS_ASSIGN     User: Change entire activity group assignment
  BAPI_USER_ACTGROUPS_DELETE     User: Delete entire activity group assignment
  BAPI_USER_CHANGE               Change User
  BAPI_USER_CLONE                Create User with Template in Another System
  BAPI_USER_CREATE
  BAPI_USER_CREATE1              Create a User
  BAPI_USER_DELETE               BAPI to Delete a User
  BAPI_USER_DISPLAY              Display Users
  BAPI_USER_EXISTENCE_CHECK      Check a user exists
  BAPI_USER_GETLIST              Search for Users
  BAPI_USER_GET_DETAIL           Read User Details
  BAPI_USER_INTERNET_CREATE      Create a user in the Internet
  BAPI_USER_LOCACTGROUPS_ASSIGN  Change Activity Group Assignment for Dependent Systems from Central Sy
  BAPI_USER_LOCACTGROUPS_DELETE  Delete Activity Group Assignments in the Dependent Systems
  BAPI_USER_LOCACTGROUPS_READ    Change Activity Group Assignment for Dependent Systems from Central Sy
  BAPI_USER_LOCK                 Lock User
  BAPI_USER_LOCPROFILES_ASSIGN   Change Profile Assignment for Dependent Systems from Central System
  BAPI_USER_LOCPROFILES_DELETE   Delete Profile Assignments for Dependent Systems
  BAPI_USER_LOCPROFILES_READ     Change Activity Group Assignment for Dependent Systems from Central Sy
  BAPI_USER_PROFILES_ASSIGN      User: Assign profiles
  BAPI_USER_PROFILES_DELETE      User: Delete All Profile Assignments
  BAPI_USER_UNLOCK               Unlock user
  Reward points if useful..
  Regards
  Nilesh

• Query: Setting ACL for Roles and Programmatic Approach

  Hi All
  I'm trying to setup ACL for Roles on WCC(11.1.1.8) server by following the blog https://blogs.oracle.com/kyle/entry/access_control_lists_for_roles using Framework folder and have few queries
  Query 1:
  Created new folder and associate enterprise roles under Role access list
  1. Created a new folder 'MyFolder' with Security group 'Secure', owner 'weblogic'.
  2. Assigned Role 'Deployers' under Role Access List with RW permissions.
  3. In Admin console, associated user 'jcooper' with 'Deployers' group and 'jausten' with no group.
  4. Logged in using 'jcooper' and able to assess 'Myfolder'.
  5. Logged in using 'jausten' and also able to assess 'MyFolder'
  Observation
  Since user 'jausten' is not associated with 'Deployers' group, how can 'jausten' assess the folder? Am I missing some configurations here. Please let me know setup steps to achieve this functionality in desired manner.
  Query 2:
  Created a prototype using RIDC to create a folder programmatically and assigning RAL to the created folder
          DataBinder requestData = client.createBinder();
          requestData.putLocal("IdcService", "FLD_CREATE_FOLDER");
         requestData.putLocal("fParentGUID", getFolderGUID("/"));
          requestData.putLocal("fFolderName", "TestFolder");
          requestData.putLocal("xClbraRoleList", ":Deployers(RW)");
          ServiceResponse  updateResponse = client.sendRequest(connectionContext, requestData);
  Observation
  Folder got created successfully, but 'Deployers' Role not assigned under Role access list.
  Query 3:
  Created a prototype using RIDC to assign enterprise roles to the existing folder
          DataBinder requestData = client.createBinder();
          requestData.putLocal("IdcService", "FLD_EDIT_FOLDER");
          requestData.putLocal("fFolderGUID", getFolderGUID("/TestFolder"));
          requestData.putLocal("path", "/TestFolder");
          requestData.putLocal("xClbraRoleList", ":Deployers(RW)");
          ServiceResponse  updateResponse = client.sendRequest(connectionContext, requestData);
  Observation
  Role got associated with folder under Metadata section, whereas folder information section does not contain the reference of updated role e.g. Edit Folder Information section on WCC UI not showing the added role, whereas Edit Metadata values section of UI showing this role.
  Please suggest what I'm missing in configuration/code and appropriate way to achieve the functionality.
  Thanks.

  Thanks Jonathan!!
  Query 2 and 3 answered by this setting and it worked fine.
  Could you please also assist on Q.1
  Query 1:
  Created new folder and associate enterprise roles under Role access list
  1. Created a new folder 'MyFolder' with Security group 'Secure', owner 'weblogic'.
  2. Assigned Role 'Deployers' under Role Access List with RW permissions.
  3. In Admin console, associated user 'jcooper' with 'Deployers' group and 'jausten' with no group.
  4. Logged in using 'jcooper' and able to assess 'Myfolder'.
  5. Logged in using 'jausten' and also able to assess 'MyFolder'
  Observation
  Since user 'jausten' is not associated with 'Deployers' group, how can 'jausten' access the folder?
  Am I missing some config?

• Where do i get ISA and ICSS information for sytem definition (:

  Where do i get ISA and ICSS information for sytem definition inside portal? I will really appreciate if somebody could post a sample definition for ISA and ICSS.
  Message was edited by: Prakash  Singh
  Message was edited by: Prakash  Singh

  Hi,
  I'm currently working as a developer on an ISA and Portal implementation.  We too are using the CRM ISA BP too integrate into the portal.  I've not been too close to this aspect of the project but we have been having lots of problems...
  Couple of important things I am aware of:-
  Make sure your SAP J2EE is at the latest version/patch - we were having issues with logon and session time outs (there is an OSS note relating to this issue)
  Make sure you user creation methods are set up correctly - we had automatic creation of user IDs on the CRM system which caused a nightmare getting single sign on working between the Portal, CRM and ISA.
  Hope this is of some help.

• Approval work flow for Role based and Resource based

  Hi All,
  We have to implement approval work flow for the following things in OIM 9.1.0.1
  Approval work flow for Functional Roles (Groups in OIM) (Approvalsrequired for users to get these roles)
  IT Roles (Resources in OIM) (Approvalsrequired for users to get these resource)
  Functional Role (Group) contains policy1,polici2. Polciy1 contains res1,res2 and Policy2 contain res3,res4.I want to create approval work flow for this Functional Role to achieve the following
  User raise a request for the functional role, then it should wait to get manager approval. then once its gets approval, that user account should create on all resources which are involved in that group.
  And, I have to define approoval work flow for all individual resources to get users account creation on target with approvals. These resources may include in the groups as well.
  After getting approval for functional role (Group), then Will OIM starts the approval flow for all resources involved in the group? becase, all resources have approval workflow at resource level also.
  My Goal: Approval work flow for Group, should not process the approval work flow for resource. can we do it in OIM 9.1.0.1?
  And can we do the same in OIM 11g also?
  Please help me and do let me know, if you need any information from my end.
  Thanks.

  Thats configurable buddy ! ! And possible in 10G and 11G both versions.
  Functional Roles : These are the groups/roles in OIM 10g/11g with access policies attached at the backend.
  - Create a dummy resource and name it Request Role or anything as you like. Attach an Object Form to it and have form field for Role Name, this would be a lookup type field linked to all OIM groups (leave system values using lookup query). So a user can select any OIM Group in this request as per configuration. Have approval workflows defined on this dummy resource Request Role and in its Provisioning Process make user/s a part of the requested group.
  - Now once the user is made a part of the group, the associated access policy would be invoked automatically and thereby provisioning. The only thing you need to keep in mind is that create the access policy without approval (there is a check box). If you do this the approvals would never be invoked even if you assign a group manually to the user coz it suppresses all the approvals in this access policy.
  IT Roles : These would be linked to the resource and you can define individual approvals on the resources as required.These approvals would be required if someone raises a request for these resources individually.
  Thanks
  Sunny

• Delayed response of when moving objects in diagram and panel, happend in LV 6, only for vi's compiled from previous versions. any suggestions?

  When I using the mouse to select portion of the diagram or the panel, or when I moving objects- I found that in all the vi's that I compiled from former versions of labview- there is a delay of close to a second to the actual selection or movement of the item. This happens in 2 machines out of 5 that I tested it, and it happened both in windows 2000 and in windows 98. any suggestions?

  Sometimes a video driver issue. Update your video driver.
  Or turn down the video driver hardware acceleration. Right-click an
  empty area of the desktop, choose the Settings tab, choose the Advanced
  button.
  The location of this differs in different versions of Windows.
  Win2000: go to Troubleshooting, and turn down the slider for hardware
  acceleration.
  Win98: I think it's on another tab.
  Mark
  ilan wrote:
  >
  > Delayed response of when moving objects in diagram and panel, happend
  > in LV 6, only for vi's compiled from previous versions. any
  > suggestions?
  >
  > When I using the mouse to select portion of the diagram or the panel,
  > or when I moving objects- I found that in all the vi's that I compiled
  > from former versions of labview- there is a delay
  of close to a second
  > to the actual selection or movement of the item. This happens in 2
  > machines out of 5 that I tested it, and it happened both in windows
  > 2000 and in windows 98. any suggestions?

• ....OIM and SOA tables for new Request for Roles

  Hello OIM experts, please help me. I need the list of database tables that get updated when we submit new request for Roles. I need the tables that get updated by both SOA and OIM during request submission and approval.
  Appreciate your great help.
  thanks
  Edited by: Jyothi on Oct 23, 2012 3:52 AM

  REQUEST table stored request template related information. IN OIM 11G, you can see three level of approval, template level, request level and operation level. OIM has certain pre-defined template, that information is stored in Request table. To get information on any table:Execute below query
  select COMMENTS FROM USER_TAB_COMMENTS WHERE TABLE_NAME=<Tabel name for e.g.'REQUEST'>;
  It'll give info on all tables.
  To know more about request in 11g:
  http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/request.htm
  regards,
  GP

• IDOC for roles and profiles

  Hi Guru.
  I need this: I wish to export the new and the modified roles and profiles to an external non-SAP system. This non-SAP system is able to receive iDoc message.
  Is it possible? Can I find n the SAP system the change point and the iDoc to do this?
  Regards
  Manuel Chiarelli

  not for roles. no. you can:
  transport them
  up-/download them
  RFC-copy them
  but not idoc them.

• OIM 11gR1 : Parallel approval for role assignment.

  Hi,
  I'd like to add custom attributes to a role : "District security officer" and "Department security officer" (Can those be used for searching users? -- i.e. users lookup)
  When the role is to be assigned to a user, I'd like the workflow engine to open tasks for the members entered on those custom attributes.
  Also, Is it possible to assign a Role instead of the users in the custom attributes ?
  Meaning, Approving user assignment of a role named "Role A" will be done by users that belong to "Role_A_Approvers".
  Will appreciate pointers to the online docs, I've search and didn't find information related to the usecase I've described.
  Thanks,
  Meni,

  Bikash Bagaria wrote:
  Meni wrote:
  Hi,
  I'd like to add custom attributes to a role : "District security officer" and "Department security officer" (Can those be used for searching users? -- i.e. users lookup)
  When the role is to be assigned to a user, I'd like the workflow engine to open tasks for the members entered on those custom attributes.Try modifying the dataset. But I think there was an issue which someone reported here which said that you cannot add additional attributes to the role dataset. Logically it makes sense because there is no custom attribute for role in OIM so dataset should not allow it either.
  I've noticed that the design console allows adding custom attributes to roles.
  This can be done via Administration --> User Defined Field Definitions --> UGP (Table name).
  Once a field is added, you'll need to choose "Properties" and add a "Visible Field = true" prop to the attribute chosen.
  This will add a custom attributes section where your attributes will be shown.
  Question is how you can add a "search users" lookup instead of plain string for this custom attribute,
  and how those attributes will find their ways into the BPEL composite where business decisions based on those attributes may be taken (assign task per this attribute for an example).
  Also, Is it possible to assign a Role instead of the users in the custom attributes ?
  Meaning, Approving user assignment of a role named "Role A" will be done by users that belong to "Role_A_Approvers".You can create request for multiple roles in a single request and in your approval process you need to dynamically set the human task assignee based on the role selected. You also need to attach the approval process to orchestration level so that it generates a separate child request for each role selected.
  I'm not sure I understand how the proposed approach helps avoid the decoupling of users to role admins attribute.
  The intention was to have two roles, "Role_A" and "Role_A_Approver" where people that belong to "Role_A_Approver" will be assigned workflow tasks whenever Role_A is to be granted to end-users.
  Currently, each role has a "Role Admin" attribute, this attribute however holds a user and not a container of users (role)..
  Will appreciate pointers to the online docs, I've search and didn't find information related to the usecase I've described.
  All about requests
  Thanks,
  Meni,-Bikash

• CUP - Initiator for roles not requiring approval (i.e. auto provisioned)

  We recently upgraded to GRC 5.3, SP10 and started noticing that using CUP, for roles that should be automatically provisioned (i.e. no approval required), it is taking between 3 minutes 45 seconds to 5 minutes for the request to be successfully submitted and automatically approved with provisioning.   I was wondering if anyone is experiencing simlar system performance
  Our set-up for auto provisioned role requests is as follows:
  1.  Created initiator INI_NO_APPROVE using role for attribute
  2.  Created stage STG_NO_STAGE  with Approver Determinator = No Stage
  3.  Created path definition PATH_NO_APPROVE with number of stages =2 and initiator = INI_NO_APPROVE
  Thanks!

  F.Y.I.
  As per SAP's recommendation - we applied note:1423983 in all target provisioningn systems and this resolved the issue.

• 401 Unauthorized Error when accessing a task from REST API which contains Role or Privilege in Access Control definition

  Hi Team,
  As of IDM 7.2 SP8 patch2, when we use Enterprise role or Privilege in the access control definition of a task, accessing this task from UI5 i.e REST API is giving unauthorized error even though user is already having the required role or privilege.
  But the task is working fine if we use fixed user ID or keeping blank value in allowed users field.
  Attached the current access control definition of the task we configured & the error message info for reference
  Regards,
  Venkata Bavirisetty

  Hi Ralitsa,
  Thanks for your response and sorry for late reply.
  The XXXX in role is not used as a wild card. the name itself is in that format. I have searched the role and then selected from search list.
  Let me know if you need any clarifications?
  Refards,
  Venkata Bavirisetty

• Error while updating a custom Windows Azure Diagnostics configuration xml from powershell. "Invalid update to extension reference for role"

  I am attempting to upload a manually edited WADConfig xml to my VM. The WAD service is functioning correctly, I needed to add some custom WinEventLogs. The prescribed steps result in an error.
  What am I overlooking?
  I am following these instructions:
  Step 5: Remotely install Diagnostics on your Azure Virtual Machine
  azure.microsoft.com/en-in/documentation/articles/cloud-services-dotnet-diagnostics/#virtual-machine
  $storage_name = "wadexamplevm"
  $key = "<StorageAccountKey>"
  $config_path="c:\users\<user>\documents\visual studio 2013\Projects\WadExampleVM\WadExampleVM\WadExample.xml"
  $service_name="wadexamplevm"
  $vm_name="WadExample"
  $storageContext = New-AzureStorageContext
  -StorageAccountName $storage_name -StorageAccountKey $key
  $VM1 = Get-AzureVM
  -ServiceName $service_name -Name $vm_name
  $VM2 = Set-AzureVMDiagnosticsExtension
  -DiagnosticsConfigurationPath $config_path
  -Version "1.*"
  -VM $VM1 -StorageContext $storageContext
  $VM3 = Update-AzureVM
  -ServiceName $service_name -Name $vm_name
  -VM $VM2.VM
  Unfortunately, I am receiving this error:
  Update-AzureVM : BadRequest: Invalid update to extension reference for role: XXXXXX and reference: IaaSDiagnostics.
  What's missing from the above script?

  Hi,
  Since Azure SDK 2.5 uses the extension model the diagnostics extension, the configuration and the connection string to the diagnostic storage are no longer part of the deployment package and cscfg. All the diagnostics configuration is contained within the
  wadcfgx. The advantage with this approach is that diagnostics agent and settings are decoupled from the project and can be dynamically enabled and updated even after your application is deployed. 
  Due to this change some existing workflows need to be rethought – instead of configuring the diagnostics as part of the application that gets deployed to each environment you can first deploy the application to the environment and then apply the diagnostics
  configuration for it.  When you publish the application from Visual Studio this process is done automatically for you. However if you were deploying your application outside of VS using PowerShell then you have to install the extension separately through
  PowerShell.
  There PowerShell cmdlets for managing the diagnostics extensions on a Cloud Service are -
  Set-AzureServiceDiagnosticsExtension
  Get-AzureServiceDiagnosticsExtension
  Remove-AzureServiceDiagnosticsExtension
  You can use the Set-AzureServiceDiagnosticsExtension method to enable diagnostics extension on a cloud service. One of the parameters on this cmdlet is the XML configuration file. This file is slightly different from the diagnostics.wadcfgx file. You can
  create this file from scratch by either following the article that you are referring to or  you can modify the wadcfgx file and pass in the modified file as a parameter to the powershell cmdlet.
  To modify the wadcfgx file –
  Make a copy the .wadcfgx.
  Remove the following elements from the Copy:
  <DiagnosticsConfiguration xmlns="http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration">
     <PrivateConfig xmlns="http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration">
       <StorageAccount name=" " endpoint="https://core.windows.net/" />
     </PrivateConfig>
     <IsEnabled>false</IsEnabled>
  </DiagnosticsConfiguration>
  Make sure the top of the file still has xml version and encoding –
     <?xml version="1.0" encoding="utf-8"?>
  Effectively you are stripping down the Wadcfgx to only contain the <PublicConfig> section and the <?xml> header. You can then call the PowerShell cmdlet along with the appropriate parameters for the staging slots and roles:
  $storage_name = ‘
  <storagename>’
  $key= ‘<key>’
  $service_name = '<servicename>'
  $public_config = '<thepublicconfigfrom_diagnostics.wadcfgx>'
  $storageContext = New-AzureStorageContext –StorageAccountName $storage_name –StorageAccountKey $key
  Set-AzureServiceDiagnosticsExtension -StorageContext $storageContext -DiagnosticsConfigurationPath $public_config –ServiceName $service_name -Slot ‘Staging’ -Role ‘WebRole1’
  Hope this helps !
  Regards,
  Sowmya

• How to find next number range for project definition in tcode CJ20N

  Hai Experts,
        Please help me 'How to find next number range for project definition in tcode "CJ20N". I was trying in function module NUMBER_GET_NEXT. Is it right function module? If its right what input i need to give for this tcode and for the field project definition?
  Note: I searched in forum before posting, but couldn't find the solution.
  Thanks
  Regards,
  Prabu S.

  Hi,
  For project defination internal number is assigned by system.
  When you saves's project then system allocate one number to project defination, you can view it,
  SE11 >>> table  PROJ >> Click on contents >>> execute,
  here you will get your project defination & number is assigned to project defination.
  kapil

• I created boolean references in my main vi block diagram and copied them to my sub vi front panel. when wire my reference in my main vi to one the input node of the sub vi the wire is broken. the error says its a class conflict why?

  i created boolean references in my main vi block diagram and copied them to my sub vi front panel. when wire my reference in my main vi to one the input node of the sub vi the wire is broken. the error says its a class conflict why?

  Expanding and clarifying what BJD said;
  After you create the temporary sub-VI that BJD mentioned, open its front panel and copy the reference control that LV created when it created the sub-VI.
  This reference control will be correct class etc that you need. Use the control to replace the original control that you were attempting to wire up.
  The technique of "create sub-VI...copy" always works for me.
  There is one more thing that you should watch out for.
  The mechanical action of the boolean can not be set for latch action when attempting to read the value using a value property node.
  Trying to help,
  Ben
  Ben Rayner
  I am currently active on.. MainStream Preppers
  Rayner's Ridge is under construction

• TF215097: An error occurred while initializing a build for build definition : Could not establish trust relationship for the SSL/TLS secure channel

  Hello,
  We are facing an issue when triggering a new build using TFS 2013 Update 4, VS2013 Update 4 using TFVCTemplate.12.XAML template. All our other older build definitions just work fine but not the TFVCTemplate.12.XAML.  It seems to me that some certificate
  might be invalidated. Can anyone please point me in the right direction? 
  Thanks, 
  Mitul
  TF215097: An error occurred while initializing a build for build definition :
  Exception Message: One or more errors occurred. (type AggregateException)
  Exception Stack Trace: at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
  at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFile(TfsTeamProjectCollection projectCollection, String itemPath, Stream outputStream)
  at Microsoft.TeamFoundation.Build.Client.FileContainerHelper.GetFileAsString(TfsTeamProjectCollection projectCollection, String itemPath)
  at Microsoft.TeamFoundation.Build.Client.ProcessTemplate.Download(String sourceGetVersion)
  at Microsoft.TeamFoundation.Build.Hosting.BuildControllerWorkflowManager.PrepareRequestForBuild(WorkflowManagerActivity activity, IBuildDetail build, WorkflowRequest request, IDictionary`2 dataContext)
  at Microsoft.TeamFoundation.Build.Hosting.BuildWorkflowManager.TryStartWorkflow(WorkflowRequest request, WorkflowManagerActivity activity, BuildWorkflowInstance& workflowInstance, Exception& error, Boolean& syncLockTaken)
  Inner Exception Details:
  Exception Message: An error occurred while sending the request. (type HttpRequestException)
  Exception Stack Trace: at Microsoft.VisualStudio.Services.WebApi.VssHttpRetryMessageHandler.<SendAsync>d__1.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
  at Microsoft.VisualStudio.Services.WebApi.HttpClientExtensions.<DownloadFileFromTfsAsync>d__2.MoveNext()
  Inner Exception Details:
  Exception Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. (type WebException)Exception Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
  at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
  Inner Exception Details:
  Exception Message: The remote certificate is invalid according to the validation procedure. (type AuthenticationException)
  Exception Stack Trace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
  at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

  Hi Mitul,
  Thanks for your reply.
  It’s strange, if your old build definitions can work using the same TFS Build Server, that indicate your TFS Server configuration is correct and can works. But only new build definition with default TfvcTemplate.12.xaml template cannot build successful.
  Please share your TFS Server detailed environment information here. And share your
  Build Service Properties dialog screenshot here.
  Try to clean the Cache for TFS 2013 manually(delete the content of the folder only, not the cache folder itself):
  Clean the Cache folder on Server machine. The folder path is:
  C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\Web Services\_tfs_data.  
  After cleaned, on Server machine, click Start and select
  Run… to open the dialog box, then input iisreset.exe and click OK, wait it run completely.
  Additionally, you can run the TFS 2013 Power Tools BPA to scan the installation of your TFS Server.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.