Double roles assignment and performance
Dear all
Will there be any performance issues if we assign excatly the same roles (HR role with strucutral profile e.g. P_ORGINCON) twice for user in SU01?
-BT
i know this is solved and i am too late but still i want to add to the performance-issue.
if you have menues assigned in your roles, a double-assignment of the roles will also double the nodes stored in the user environment. please read note [203617|https://websmp230.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=203617&nlang=EN&smpsrv=https%3a%2f%2fwebsmp205%2esap-ag%2ede], [203994|https://websmp230.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=203994&nlang=EN&smpsrv=https%3a%2f%2fwebsmp205%2esap-ag%2ede] on the topic.
additionally have a look at [357693|https://websmp230.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=357693&nlang=DE&smpsrv=https%3a%2f%2fwebsmp205%2esap-ag%2ede]
Similar Messages
-
Role assignment and FDI polling interval for participant info
Hi,
When a role is added to a participant in Portal Admin console how long it takes to take effect meaning how soon he can login and use the role. Inother words what is the FDI polling interval time to get participant info? I am getting "fuego.portal.exception.WapiOperationException: Participant 'XYZ' does not have execution permissions for role 'ABC' though the Execute permission was given to the user.
Will this role assignment applies for In Flight instances too?
Regards,
XavierAfter you have assigned a particpant to a role and if you are sure you have given execute permission to the partcipant and still if the change doesnt reflect in your application, just try restarting engine. Even if the problem persists then try restarting the weblogic server. The role assignment applies to inflight instances also. for eg : if there are two instances that belong to the role say'ABC' and you have mapped 'XYZ' for that role, then you can see the instances of that role in 'XYZ''s inbox.
Hope this helps.
Regards,
Charan -
Hi Bridge Geniuses!
I need your help. I am using Bridge to sort and keyword a pretty big photo archive. I have created a pretty long nested hierarchy (4 layers deep, max) and, for a few reasons, would like the parent tags to be automatically included when I indicate a sub-tag. The problem I have now is that the keyword list is distractingly long and organized alphabetically. My first question is this: is there a preference setting in Bridge that will ask the program to display the keywords in their hierarchy? That is, will Bridge present the list as, for example, cars à hybrids à Toyotas à Prius.
My second question is: if I have two or more names that represent the same keyword, is there an “aka” function in this program that will allow me to direct searches for two or more different words to the same keyword entry? (For example, if I want my searches for “Bruce Wayne” to also show entries marked as “Batman.”)
Finally, I would like to know if Bridge will perform keyword searches for more than one word at a time. So far, I have tried entering two keywords with overlap at a time, separated by a space or a comma or a semicolon, and the search comes up empty.
Thank you very much for your help!I reset my custom workspace and all seems to be well now. My keywords now show, the number of photos each applies to and I can again search.
Thank you. -
Role Mapping For Portal Role Assignment and ABAP Role Assignment
Summary:
- Under the GRC configuration of Roles> Role Mapping we are trying to utilize the role mapping feature in GRC for associating a dependent role to a main role.
- We want to use this role mapping feature for the purposes of adding an Enterprise Portal role for every ABAP role that gets approved for the user in an ABAP component system (i.e. ECC, BW, CRM etc). We will have a 1:1 mapping of Enterprise Portal role to ABAP role defined in the role mapping section in GRC.
- We want to set up the workflow in such a way that the main role (ABAP role) is the only role that needs to be approved. The dependent role (Enterprise Portal role) should be added or not added based on the approval or denial of the main role (ABAP role). In other words if the role owner for the abap role approves the abap role, then both the abap and EP role will be provisioned by GRC and if the role owner rejects/denies the role, then neither the abap or EP role will be provisioned by GRC.
Problem Description:
Our Scenarios we tested:
Scenario 1:
Main Role: Attached to Initiator A & workflow A (routes to single approver based on role)
Dependent Role: Attached to Initiator B & workflow B (routes to auto approval or no approval)
*Problem with the Scenario 1setup above, the dependent role will always get approved & provisioned regardless of the approval or denial of the main role.
Scenario 2:
Main Role: Attached to Initiator A & workflow A (routes to single approver based on role)
Dependent Role: Attached to Initiator A & workflow A(routes to single approver (same as main approver) based on role)
*Problem with the Scenario 2 setup above, the dependent role will always also need to get approved by the same approver as main role and it opens the possibility that the approver may accidently approve the main role and deny the dependent role, which is not the ideal setup as we inherit the risk of human error.
Questions:
1. Does the dependent role need to be defined in an initiator at all since it will never directly be requested directly?
2. If the dependent role does need to be in the initiator file, please describe how to properly setup the initiator and workflow stage & path so that we can maintain the desired relationship with the main role approval dependency? (if the role owner for the main role approves the main role, then both the main role and dependent role will be provisioned by GRC and if the role owner rejects/denies the main role, then neither the main role or depedent role will be provisioned by GRC
Edited by: Rene Griffith on Feb 26, 2010 10:22 PMI tested this set up.
1. Defined ABAP role as Manin role
2. Defined Non-ABAP role as dependednt role
3. ABAP role is set up in initiator requiring business approval.
4. Non-ABAP role is set up in initiator with no approval required.
Results Where Business Approver approves the ABAP Role
1. Only the ABAP role is displayed in approver view which is desirable.
2. ABAP role is approved and Non-ABAP role and ABAP role is provisioned.
Results Where Business Approver rejects the ABAP Role
1. Only the ABAP role is displayed in approver view which is desirable.
2. ABAP role is rejected but Non-ABAP role is provisioned which is not what we want. We want the Non-ABAP role not to provision if the ABAP role is rejected by the business approval.
Thanks again for your help. -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
Role info not appearing once role assignment request is submitted from UI
Hi Everyone,
We have a strange problem in our project in IDM 7.2 SP8 where IDM role concept is used which contains privileges (could be role/profile) of backend systems.
Usually when ever a role (i.e IDM role) assignment request is submitted from UI, the activity with the associated info (like user details, role details, audit ID) should be stored in MXI_LINK table from where the info will be fetched and used in next stages of the processing
Even though the information is getting available for most of the cases for all users but some times for few users once the role assignment request is initiated from UI there is no info is getting available in MXI_LINK table corresponding to this activity which is strange.
Because of this problem even though user submits role assignment request no role info getting passed to IDM, set to pending state for the user which is getting meaning of user not submitted any role assignment request at all.
Can any one suggest what are the things that gets involved between these two steps and any troubleshooting hints are highly appreciable.
Regards,
Venkata BavirisettyIs this a situation you recreate at will? In other words, is it always happening on the same users? If so, you could put a trace on that user's account then try to add the role and see what that trace log shows. Additionally, you could just follow the links in the chain of the various tasks that kick off when you do a role assignment and check each task / job's job log and see what that tells you. There's got to be an error somewhere along the way that's preventing this from executing properly.
-
HR-ORG - Indirect Role Assignment
Hello
We are designing the role & security strategy in a new implementation project. The best security strategy seems to be an indirect role assignment via SAP organizational structure. We've looked for some information about that, but we have some doubts about it (we have downloaded "HR-ORG - Indirect Role Assignment" and "User & Roles" files from SAPNet).
The organizational structure will have a lot of leaves named "explotacion". Every leaf will have a different company code, sales organization, sector and so on... On the other hand, it's a requirement that a user obtains automatically its roles when its moved through organizational structure.
Our plan consists in create several primary roles (for example, sales manager). Then we will create a lot of derivate roles which will inherit all authorizations from the parent role. However, it shouldn't inherit organization field values... Then, when this role is assigned to a position, this role should obtain all organizational field values (company code, sector, ...) from our organizational structure.
Is it possible? How can we do that?
Best regards,As mentioned previously, the indirect role assignment may work in this case since it assigns complete roles to positions rather than inheriting the properties of that position.
Structural authorisations however, do have specific authorisation values assigned directly to the organisational positions.
I have not had much experience in implementing these but that maybe worth a look.
Simon -
Federation: Remote role assignment vs Remote delta link
does anyone know whats the difference on what percentage of load falls on the Consumer portal and what percentage of load on producer between federation via remote role assignment and via remote delta link
which way is better?Hi,
Basically the load differences between RRA and RDL on the consumer and producer is not a good way to look at it. Technically all the load to run the content and render it is done on the producer portal and the producer portal just has to display the content in either case.
As to which one is better, it depends on what you want to do. RRA only works with roles. If you have roles already created on you producer portal and you just want to use them as is on the consumer portal then RRA is the way to go. But if you only want to use iViews or pages from the producer then you have use RDL. (or remote application integration)
You can of course use both if you want. You don't have to use only one so use the ne that meets you need the best.
Hope this helps,
John -
Limitation of role assignment by hour.
Hello everybody!
I would like to know is there any way to limit role assignment by hour?
We need this function to limit access for very sensitive actions, kind of u2013 emergency roles, that should be opened for very limited time.
Thank's,
Julia.Hi Julia
As there is no standard way of achieving your requirement; one approach that I can propose is this:
(a) Create a custom program which collects data from agr_users on critical roles assignment and the time of their assignment. So you get role, user id and time
(b) Create a batch job which gets the data from custom program and has the functionality of removing those roles from user in their next iteration. You need to run the batch job on hourly basis. Variation can be that the access is given for just 1 minute and maximum 1 hour 59 minutes.
Bit overloaded approach ..hope their are alternate simple solutions waiting in the queue
Best Regards
Prashant -
SPML: search the roles assigned to a user and add others to him
Hi,
as in the subject i'm trying to create a method in idmClient to search the roles assigned to a user and then add some other (one or more).
How can i implement the search/filter of the available roles assigned to a user?
Thanks in advance,
Gentjancoocooche wrote:
Hi,
as in the subject i'm trying to create a method in idmClient to search the roles assigned to a user and then add some other (one or more).
How can i implement the search/filter of the available roles assigned to a user?I already find how to do it. I have to asked another question about SPML: is there any way to add new roles without searching the old ones?
In other words i implemented a method that:
1) search the roles assigned to a user and copy it to a List
2) add to the List of the old roles, the new ones.
Is it possible just to add the new roles without doing a search of the old ones? In this way the performance is better.
Thanks in advance,
Gentjan -
Role Assignment Discovery Issue for Files and Folders through Sharepoint REST services
To preface, I am a decided Sharepoint newbie in every sense. I am trying to use the Sharepoint REST services (Sharepoint 2013) to walk the folder and file structure of my Sharepoint server and, determine as I go, the Role Assignments (and subsequently
Permissions) on those folders and files. I'm using an Administrator credentials and I'm actually able to successfully do it but I've run into some caveats. All the caveats begin with this; when I'm examining a folder, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/ListItemAllFields
I receive either an empty list or an error response doc when following the link supplied for ListItemAllFields. When following that kind of link for folders, I either get:
<d:ListItemAllFields
m:null="true"
/>
or an error response document that says "The object specified does not belong to a list." When I hit the /ListItemAllFields endpoint for files, I receive a response with a link for Role Assignments which subsequently also works and I get the
info I need. So, is this a bug? Why does the link returned from Sharepoint work for files and not folders? So, google, google, google, and I discover that there is another possible way to get at the Role Assignments (and that the object does, indeed, belong
to a list!).
If I know the Title (or the guid) of the folder in question, I can use the following endpoint:
/_api/Web/Lists/GetByTitle('Development')
If I use that endpoint, I get the information I would have expected to get from following /ListItemAllFields and the subsequent Role Assignments links all work and I get what I need. If there's a bug and this is how I have to work around it, that's fine
but I have yet to discover how to dynamically determine the Title of a given folder nor am I sure if all Titles are supposed to be unique within a given Sharepoint server. I'm assuming that the folder name as represented in the server relative URL and the
Title may be different and this is where my newbishness may start to shine if I'm misunderstanding what a "List" is supposed to be in Sharepoint. Anyway, I did find that I could use the Properties endpoint to perhaps get the Title, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/Properties
gives me:
<d:vti_x005f_listtitle>Development</d:vti_x005f_listtitle>
whose value I assume I could then supply to the /GetByTitle endpoint and be golden. However, "vti_x005f_listtitle" just sounds a little too deep to be something I should be relying on but maybe that's kosher. That's part of what I'm trying to
find out. Also, if there is a way to use the Sharepoint REST API to discover the guid of a given object, then I could look it up in that way.
So, in summary:
1. Am I going about getting folder Role Assignment information in the wrong way? Based on the CSOM examples I've seen, I believe I'm doing it correctly and that the answer to #2 below is a resounding "Yes!" :)
2. Is it a bug if I'm not able to use /ListItemAllFields on folders using the server relative url?
3. If I'm supposed to use GetByTitle as a workaround, am I discovering that Title correctly through /Properties? Seems quite circuitous and awkward. Are Titles required to be unique throughout a given Sharepoint server?
4. If I'm supposed to use the guid, how can I use the REST interface to discover an object's guid? Once we get down to the Role Assignments and other links, the guid appears in those links but I don't know how to discover it independently if that's the
path I should use to get the data I described above.Upon further research, I'll answer my own question for the benefit of some other potential future newbie. The answer to question number 1 above is "Not exactly.". The server relative URLs I was using corresponded to lists (which are
returned as a collection through /_api/web/lists). I was treating them mentally like regular folders. That, coupled with the fact that accessing their data as I showed above returns a ListItemAllFields link, made me think that was the way to get
the Role Assignments just as I would for files and, as it turns out, "real" folders and sub-folders created under these lists. That was the other problem with thinking of these lists as regular folders. So, ListItemAllFields works on
all files and folders in a list. However, if you want Role Assignments for the lists themselves, you can keep track of the Titles and\or Guids from the /_api/web/lists that you're interested in (in my case, all non-hidden "document library"
type lists) and then access those Role Assignments as I discussed in questions 3 and 4 above. For example, from the /_api/web/lists collection from my test server, the "Development" document library Role Assignments are accessable via /_api/Web/Lists(guid'cd242eeb-aafa-4efa-aecc-9bbdf8e3d459')/RoleAssignments
or /_api/Web/Lists/GetByTitle('Development')/RoleAssignments. -
Report to see user type and roles assigned to users in EP?
Hi,
a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
b) If the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.By default Portal UME comes along with the installation of portal.
Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories. But you can also create users in the portal UME. The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
You can check them in user administration->identity management and search for the users.
THere you can see some users will be from UME and some from LDAP.
User Admin tool is nothing but User Administration only.
Raghu -
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
Custom Auth. Object with Profile and role assignment not working
Hi,
I have created custom Authorization Object with field ACTVT with allowed values - 01,02, 03. Now test it with custom program using AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ' it is working fine and returning sy-subrc 12. At this point i have not created any role using this Auth Object.
Now I have created custom role ZPM_**** and assigned above Auth object to it with value ACTVT 03. Assigned this role to user.
When I try to test the above custom program with any ACTVT value it is giving sy-subrc as 0. Used below custom code in program.
AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ'
ID 'ACTVT' FIELD '01'.
Am I missing anything? The profiles are generated correctly.
Best Regards,
NileshBelow are the screen shots for PFCG:
-
Hi forum,
I have a CUA configured where I want the profile and the role assignment to be distributed global from the central system. I can create new roles with PFCG assign, users there, but I dont see these new roles in the user details in SU01.
What am I doing wrong?
Thank you!Hi Chris,
Seems pretty simple to me. Since it is a new role you need to do a text comparision.
In the central system of CUA execute the report SUSR_ZBV_GET_RECEIVER_PROFILES in SE38 transaction.
In receiving systems give all the systems that are part of CUA including the central system (in this particular case only central system can be input since the new role is present in central system) Now execute it and then do the role assignment wither through SU01 or PFCG once again. Check once more.
After every new role creation this report needs to be executed. This is what is known as Text comparison of roles which can also be done in SU01. Check for the pushbutton for text comparision under tabsrtip Roles within SU01.
Regards.
Ruchit.
Maybe you are looking for
-
TP CONFIGURATION PROBLEM ( While creating a View Controller in Component )
Hi All, I have a problem in TP Config while creating a View Controller in a component i am getting this Exception Parameter lsm(&1) not in version 0004(&2) of tp configuration . This Exception Raised from this Function Module : RS_ACCES
-
SchemaTool() throws ClassNotFoundException: oracle.jdbc.driver.OracleDriver
KODO 2.5.3 I am trying to use the SchemaTool java class for schema manipulations. When I try to construct a SchemaTool object I get the following exception: com.solarmetric.kodo.runtime.FatalUserException: java.lang.ClassNotFoundException: oracle.jdb
-
The Disk Utility could not repair the disk neither the repairing installation of the OS X allowed me to start the OS, the blue frozen scream was still appearing. The HD erasing with the Disk Utility was the only choice, than installing the 10.6.7 OS.
-
How do I traverse up a XML data set tree?
This seems like it would be really simple, but I'm not sure how to do it. Basically, given a dataset with a single element, how do I output all of its parents? I can't find anything in the API descriptions about how to traverse through the parents. A
-
New to dreamweaver and need desperate help!!
Just downloaded adobe dreamweaver cs5.5, I wanted to try it out because I hear some many decent things about the ease of using this app to design website....I can not for the life of me figure out how to import my existing website into dreamweaver!!!