Duplicate Roles in USMR (provisioning via CUP)
Hello everyone,
We are using GRC CUP 5.3 SP8
How can we avoid or prevent CUP from assigning Roles which already exist for the User master record ?
we have some default Role mappings ( some basic role being tagged to main role)
if the user already has this basic role assigned , by requesting the main role he is getting the basic role again and again
and I see duplicate entries of the same role in USMR I want to prevent this happen.
Any ideas ?
Thanking in advance
Olivier
I agree with Olivier but this is not only the problem with CUP. It is a problem with SU01. Try to add an existing role to an user account and SAP will add a duplicated entry if the role validity dates are different.
When the request is created, CUP just takes the valid from date as current date and no-one is going to check that this role is already assigned to user and someone needs to match the valid from date.
I don't see any resolution to this issue. Can you check with SAP?
Alpesh
Similar Messages
-
Portal role/ group provisioning via CUP
HI Gurus,
We are planing to perform portal role (EP 7 )provisioning via CUP. Is there any config guide available for this which we can follow.
Thanks
AniThis guide might be of help:
http://www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/502a14db-6261-2c10-22b5-95117ab0e5ed
Regards,
Luis -
Error while trying to assign a role via CUP in Portal
Hello Experts,
I am trying to create a request to assign a role in EP via CUP ( 5.3)
EP Connector is working fine as I have imported Portal roles etc
SPML service is working fine
I have done the mapping in the Provisioning tab for Portal system
logonname in portal is email address of an employee
So the I have done the following mapping
AC Field Application field
email addres-Stndard logonname
And I have the following error while trying to create a request which I grabbed form the log
ERROR Exception during EJB call, Ignoring and trying Webservice Call
LinkageError: loader constraints violated when linking com/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO class
ERROR com.virsa.ae.core.BOException: Exception from the service : Invalid System
com.virsa.ae.core.BOException: Exception from the service : Invalid System
ERROR : BO Exception in Save request
Any suggestions would be really appreciated
Regards
KevKevin,
I was able to replicate your issue and there is a setting in the CUP that you have to disable, Goto the config tab in the CUP and select NO for the "Risk Analysis On Request Submission " under risk analysis.
Issue here is you did not create a connector for your EP in the RAR, I believe you have the above mentioned parameter to yes and so when you are submitting a request CUP is trying to do the risk analysis but RAR was not able to find any System, so it is thowing an error.
You can resolve this issue in two ways, one is to create a connector in RAR or the other is to disable the setting in the CUP.
Hope this helps.
Naveen -
Provisioning EP roles and user groups through CUP
Hello experts,
I am configuring EP provisioning through CUP.
I created the EP connector as per the instructions in the config guide. But I have not added any parameter values or did any field mapping. I have imported necessary Portal roles.
My EP connector is tested successful. But when I try to provision a role through CUP, I get this error:
Error processing your request, Request no: 4 in stage : NEW_AS11.
In the log it shows, Field Mapping is not set for Application (EP)
But when I go to field mapping, I get this error for EP.
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
I could not find much documentation on fieldmapping.
Are there any steps that I am missing for EP provisioning?
Thanks in advance..
KeeThanks for your response.
I have set up the parameters while setting up the EP connector in CUP.
My role search URI is correct but I am not sure about the last three parameters...
ASSIGN_GROUPS:OC sapgroup
ASSIGN_ROLES:OC saprole
CHANGE_USER:OC sapuser
CREATE_USER:OC sapuser
CREATE_USER:password password
DELETE_USER:OC sapuser
LOCK_USER:OC sapuser
LOCK_USER:islocked true
RESET_PASSWORD:OC sapuser
RESET_PASSWORD:password password
ROLESEARCH_URI - http://portalserver name:port number/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
ROLESEARCH_URI_USERNAME - same user Id I provided for the connector
ROLESEARCH_URI_PASSWORD See your system administrator for the value.
UNLOCK_USER:OC Sapuser
UNLOCK_USER:islocked false
ROLE_DATA_SOURCE -- ROLE.UME_ROLE_PERSISTENCE.un: ??? What is the role data source?? Is the value that is provided is correct for the UME roles
SCHEMA_ID SAPprincipals ?? What does this Schema Id mean???
USER_DATA_SOURCE ???? Should we mention the user data source on the Portal system. In our case, it is the LDAP. But what would be the corresponding parameter value for LDAP.
So when I go to field mapping to create one for EP, I get the following error:
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
Log Details:
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR Error in gettting Field Def
com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.XMLParser.scanAttValue(XMLParser.java:1403)
at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1577)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1712)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2845)
at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:231)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:160)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:261)
at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
... 31 more
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
com.virsa.ae.core.BOException: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:134)
at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
... 22 more
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
Appreciate your response.
Thanks
Kee -
Request submitted for provisioning through CUP
HI All
I am using SAP GRC 5.3
i am using Compliant User Provisioning for creating requests.
After submitting the requests does CUP directly talk to target System or does it talk to any provisioning engine
In short I want to know what actually happens( internally) when a request is submitted for provisioning through CUP
Thanks
JaganMph,
Once you complete the request in CUP and when it passes through all the approval stages, CUP will directly connect to target SAP system to provision users and roles. CUP has the java front-end which initiates the request and then it connects to the ABAP programs which are installed target SAP system for provisioning.
Hope this helps.
Regards,
Alpesh -
[solved] Printing via Cups fails
Hello Community,
software:
extra/poppler 0.20.0-1 [installed]
extra/cups 1.5.3-4 [installed]
extra/cups-filters 1.0.18-2 [installed]
aur/cups-xerox 2008.01.21-1 [installed]
for some days I have some bad problems with my two printers (a dell and a xerox workcentre)
If I try to print a testpage via cups it ends with:
"/usr/lib/cups/filter/pdftops failed" on both printers.
Same with printing via libre office, but the dell gives me a: "/usr/lib/cups/filter/foomatic-rip failed"
I already tried downgrading cups, cups-filters and poppler, no soloution, so any suggestions for me?
Regards
t4c
Last edited by t4c (2012-06-15 08:15:17)My hp p1005 just stopped working.I tried everything and got nothing.I was blacklisting hplip,as once hplip-plugin was missing from aur,and had small problems.
Now it looks like brick.
Could hplip-plugin be included in repos instead aur?
Edit : works again with new packages.
Last edited by dare023 (2012-06-14 19:56:34) -
Users are created but Roles are not Provisioned in the Target System
Hi,
It would be great if somebody would provided solution to my problem. The problem is when I try to create the Users in Identity Managment UI then the Users are created in the Target systems but the Roles are not provisioned to the Users.
In the provisioning job SetABAPRole&ProfileForUser,
It is says In the Error putNextEntry failed storing
Exception from Modify operation:com.sap.idm.ic.ToPassException: User does not exist
MSKEY 58437
Please note the When we create the User, the user is created however the Roles is not provisioned to the user.
Regards,
HakimHello Nits,
since this thread is from 2010 and the OP was logged on last in 2012 (as you can see in the profile), I don't think you'll get an answer here.
Please create a new thread to explain your problem (with version and SP numbers, logs etc). You can add a link to this thread to show, that the problem is similar.
Regards,
Steffi. -
No device
My printer (an HP ;-)) is not wireless. It is cabled to my Linux desktop, which serves it on the network for clients via CUPS (port 631). Can you give us a way to connect to it from the TP?exactly! It should be no problem to access a printer via ipp or lp in addition to the probably used socket connection. I have two HP printers connected to a NAS device to be able to print on both printers over the network. I would love to do so with my new touchpad. Besides with ipp the touchpad would be able to print on a wide variety of printers at once. Most printers, even from other vendors, unterstand PCL anway (ok, forget the really cheap ones with no own brain). Regards
-
Stopping of assignment of duplicate role in SU01 and same user in PFCG.
Hello Experts,
I have a requirement, wherein I have to restrict assignment of duplicate roles in the user master (SU01) also I should not be able to assign same users twice in the user tab in PFCG.
Please advise...Thanks in advance.
Best Regds,
Suyog Chakot...Hi Suyog,
There are two ways to do it:
1 - PRGN_COMPRESS_TIMES
2 - SSM_CUST .
PRGN_COMPRESS_TIMES has its own limitation, it works perfect in Non-CUA landscape while have lot of issues in R/3 CUA landscape.
SSM_CUST is universal and I guess it can be used in al landscape. CUA as well as NON CUA. Let us know if you need any more information on this.
Just search with these two key words and I am sure you will get your reply.
Edited by: sap.sec.akshay on Dec 30, 2009 6:55 PM -
Pages 2.0 is exporting Word files in name.docx format causing duplicates files on my PC via iTunes. Anyway to have it export name.doc files as Pages did earler?
What I read in the PDF version of the manual (while I was waiting for my plane this afternoon), it seems pretty comprehensive. I was particularly interested in what it had to say about creating your own templates.
Supposedly, it will remember if I left invisibles showing in templates (one of my big complaints with Pages 1). I'll find out soon enough. I must say that opening my two documents I use for answering posts here in discussions sure did open faster & navigating an 11-page table was much faster.
Another good thing I noticed, the font used for the serial number is much clearer & there were no confusing characters - O/0, S/5, etc.
Peggy -
Deletion of Invalid and duplicate roles
Hi,
This is regarding some function modules which are used for deleting invalid roles.These function modules are available only in CUA environment that is in Solution Manager environment only, not in ECC or other systems.Can anybody confiem which one of these function modules would be the best to delete roles of one's choice.The idea is we have identified the invalid and duplicate roles , but we need the function modules only to delete them , ie remove them from user's role profile..
The function modules are: 1) BBPU_WAP_USER_ROLE_REMOVE_LIST
2) BBPU_WAP_USER_ROLE_REMOVE
3) BBPU_WAP_USER_ROLE_CHANGE
Thanks & Regards,
Savitha.I don't know what you're doing.
Try my working SSCCE example.
Just press the Reset Table button and see what happens.
import java.awt.BorderLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import javax.swing.JButton;
import javax.swing.JDialog;
import javax.swing.JFrame;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
import javax.swing.JTable;
import javax.swing.UIManager;
import javax.swing.table.DefaultTableModel;
public class ResetTableTest {
public static void main(String[] args) {
try {
UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
JFrame frame = new JFrame();
frame.setDefaultCloseOperation(JDialog.EXIT_ON_CLOSE);
DefaultTableModel model = new DefaultTableModel(new String[][]{{"1", "2"}, {"3", "4"}}, new String[]{"col1", "col2"});
model.addRow(new String[] {"5", "6"});
JPanel panel = new JPanel(new BorderLayout());
final JTable table = new JTable(model);
panel.add(new JScrollPane(table), BorderLayout.CENTER);
JButton button = new JButton("Reset Table");
button.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
table.setModel(new DefaultTableModel(new String[][]{{"1", "2"}, {"3", "4"}}, new String[]{"col1", "col2"}));
panel.add(button, BorderLayout.SOUTH);
frame.getContentPane().add(panel);
frame.pack();
frame.setVisible(true);
} catch (Exception e) {e.printStackTrace();}
} -
Identifying Duplicate Roles and Traching Composite Role Assigned to the Use
Dear Friends,
I am novice to this website even after browsing for past 3 months. This website is so useful and huge with so many forums. I am lost many times where to post this questions. there is not a single SAP Security Forum or Basis/Security related forum. Can anyone direct me to the right forum or if there is no Security Forums, can anyone direct me how to start new Forum so that all security related discussions and knowledge sharing takes place. I am requesting the Moderators of this website to direct me to the right forums.
we have around 2000 users in Production. We assign Composite roles and single roles to all users. Sometime we use SECATT or LSMW to update User Master Data to Assign some Roles that are ALREADY assigned to the users. I have 2 questions. If there any way to clean up this mess. I mean Identifying all users who have these Duplicate Roles with Different Validity Dates. I am sure SUIM can not help me as I research a lot on this. I appreciate if anyone can direct me with some solution in this cleanup process. I mean some SQL or SAP Query will help me i guess. Any suggestions are greatly appreciated.
My Second Question is Tracking Composite Role/User Assignment Changes. We had assigned some Composite roles to the user 3 months ago and deleted last week. when i check SUIM change documents, It does not show Composite Role history. It is Displaying all single roles that are assigned and deleted later. BUT It never showed any information on Composite Role Additions or Deletions in User Change Documents. I hope SUIM is not going to help. I still need to go to many places or write any Good SQL and execute them.
Is anyone had written this Utility SQL programs for cleanup of roles/users in the SAP. Is there any way to check or debug this issue, going to see any tables that monitor these changes. I appreciate if can one can share this knowledge to resolving this issues.
any ideas and suggestions are welcome.
Thanks
KumarSatish,
Please post this in the SAP NetWeaver Administrator Forum and close this thread here.
SAP NetWeaver Administrator
Regards,
Ravi -
User disabled until start date not getting ROs provisioned via AP
Here's the situation: I have a user in OIM that is disabled until start date. When the start date rolls around, and the job "Enable User After Start Date" runs followed by "Evaulate User Policies," the user is correctly enabled and the correct role gets assigned but the access policy associated with that role does not appear to get triggered so the APs resources are not assigned. However, if a user is entered the same way (via HR recon) but is on or after its start date, then the role gets assigned, the access policy fires, and the ROs are provisioned just fine.
I have noticed that if a user is moved from disabled to enabled, then the membership rules fire and any roles associated with the rules get assigned but in the DB the field USR_POLICY_UPDATE remains null. If I update that field with a '1' and re-run "Evaluate User Policies," the resources are provisioned correctly.
I am wondering if anyone has seen this before or has a suggestion as to how to resolve this.
Thanks,
StephenThanks for the suggestion. As it turned out, I did not have Retrofit checked but unfortunately that did not resolve the issue. The behavior remained the same after checking and re-running 'Evaluate User Policies'.
I may have a workaround for this issue that I am in the process of implementing. I'm creating a job that will run right before 'Enable User After Start Date' that will update the USR_POLICY_UPDATE field to'1' if the status of a user is 'Disabled Until Start Date.' Then the user will get enabled, assigned the appropriate roles via rules, and 'Evaluate User Policies' should run and now find this user and apply the access policies.
Anyway, seems like there should be a simpler answer so I'll keep checking here if anyone has one. I'll also update if the above workaround works.
Thanks,
Stephen -
Can't print pdf via CUPS / Samba
I have a printer set up on a Linux server, which is shared in an office of Windows machines. It works flawlessly, I can print anything except for pdf files. On the client side there are no visible error messages or anything, but nothing happens, and no trace of the printing command in CUPS logs.
Locally, from the Linux machine pdf's can be printed without any problem, but I can't do that via network from Windows machines.Operating system? Reader version? Can you post a screenshot of that unavailable option?
-
Role Access : SS Provision Report vs Workspace Security Extract
Is this normal, we are using EPM 11.1.2 Classic Metadata.
I Setup a user 123049, provisioned him HFM access to "Reserved" only.
I also add the same user to a native group called FM_Loc_Reviewer which has provision access to 7 Roles: Approve JE ,Consolidate,Create JE, Load Excel Data, Post JE, Reviewer 1 and Save System Report on Server.
When i extract security from workspace it has user, 123049 showing up with the combined provision of his id and the group he belongs to. Is this a te way it is suppose to be? In HFM 4.02 it would only show his access
Thanks
From Shared Services:
User@Directory Role Inheritance Information
123049@CompanyA Approve Journals FM_Loc_Reviewer
123049@CompanyA Consolidate FM_Loc_Reviewer
123049@CompanyA Create Journals FM_Loc_Reviewer
123049@CompanyA Load Excel Data FM_Loc_Reviewer
123049@CompanyA Post Journals FM_Loc_Reviewer
123049@CompanyA Reserved -
123049@CompanyA Reviewer 1 FM_Loc_Reviewer
123049@CompanyA Save System Report On Server FM_Loc_Reviewer
From Security Extract:
!ROLE_ACCESS
Reviewer 1 123049@CompanyA
Reserved 123049@CompanyA
Save System Report On Server 123049@CompanyA
Create Journals 123049@CompanyA
Approve Journals 123049@CompanyA
Load Excel Data 123049@CompanyA
Consolidate 123049@CompanyA
Post Journals 123049@CompanyA
Edited by: user13116744 on Nov 17, 2010 9:58 AMThis is a sample on the way it looks in mine.... we are using EPM 11.1.3 Classic Metadata
!ROLE_ACCESS
Provisioning Manager;admin@mycompany
Application Administrator;admin@mycompany
Reviewer 1;myuser@Native Directory
Reviewer 2;myuser@Native Directory
Reviewer 1;myuser2@Native Directory
Reviewer 3;myuser2@Native Directory
Read Journals;myuser3@Native Directory
Maybe you are looking for
-
Hi, I have a following scenario: " Employee had taken a loan amounting 10lacs from Company code 1000 and now gets transferred to company code 2000. Employee wants that my existing loan of Rs. 8Lacs, should gets transferred to another company code 200
-
On Win 7 Firefox 5 ran fine but when I "upgraded" to 6.0 now the Firefox will not run. Each time I attempt to run FF I am told that the file sqlite3.dll is missing and I am told to reinstall 6.0. I have reinstalled a dozen times with the same result.
-
Error message when trying to run
Error message Hi, I just downloaded and installed Java 2 SDK 1.3.1 a few days ago. From the online tutorial>Your First Cup of Java, I read and did the first application HelloWorldApp create, compile and run, it worked. Then I did the applet HelloWorl
-
Can anyone here at the forum please explain what is"maintenance sripts".
What is the difference between -daily, weekly, monthly, maintenance scripts and should this procedure be done on Macbook Pro's?
-
GPO Item-level targeting for IE11
Hi, hoping someone can help guide me with setting up item-level targeting on a group policy. I have created a set of IE11 group policy settings, and only want to apply to machines with IE11. When creating the WMI query what and how do you enter the