Duplicate Roles in USMR (provisioning via CUP)

Hello everyone,
We are using GRC CUP 5.3 SP8
How can we avoid or prevent CUP from assigning Roles which already exist for the User master record ?
we have some default Role  mappings ( some basic role being tagged to main role)
if the user already has this basic role assigned , by requesting the main role he is getting the basic role again  and again
and I see duplicate entries of the same role in USMR I want to prevent this happen.
Any ideas ?
Thanking in advance
Olivier

I agree with Olivier but this is not only the problem with CUP. It is a problem with SU01. Try to add an existing role to an user account and SAP will add a duplicated entry if the role validity dates are different.
When the request is created, CUP just takes the valid from date as current date and no-one is going to check that this role is already assigned to user and someone needs to match the valid from date.
I don't see any resolution to this issue. Can you check with SAP?
Alpesh

Similar Messages

  • Portal role/ group provisioning via CUP

    HI Gurus,
    We are planing to perform portal role (EP 7 )provisioning via CUP. Is there any config guide available for this which we can follow.
    Thanks
    Ani

    This guide might be of help:
    http://www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/502a14db-6261-2c10-22b5-95117ab0e5ed
    Regards,
    Luis

  • Error while trying to assign a role via CUP in Portal

    Hello Experts,
    I am trying to  create a request to assign a role in EP via CUP ( 5.3)
    EP Connector is working fine as I have imported Portal roles etc
    SPML service is working fine
    I have done the  mapping in the Provisioning tab for Portal system
    logonname in portal is email address of an employee
    So the I have done the following mapping
    AC Field                             Application field
    email addres-Stndard       logonname
    And I have the following error while trying to create a request which I grabbed form the log
    ERROR Exception during EJB call, Ignoring and trying Webservice Call
    LinkageError: loader constraints violated when linking com/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO class
    ERROR com.virsa.ae.core.BOException: Exception from the service : Invalid System
    com.virsa.ae.core.BOException: Exception from the service : Invalid System
    ERROR : BO Exception in Save request
    Any suggestions would be really appreciated
    Regards
    Kev

    Kevin,
    I was able to replicate your issue and there is a setting in the CUP that you have to disable, Goto the config tab in the CUP and select NO for the "Risk Analysis On Request Submission " under risk analysis.
    Issue here is you did not create a connector for your EP in the RAR, I believe you have the above mentioned parameter to yes and so when you are submitting a request CUP is trying to do the risk analysis but RAR was not able to find any System, so it is thowing an error.
    You can resolve this issue in two ways, one is to create a connector in RAR or the other is to disable the setting in the CUP.
    Hope this helps.
    Naveen

  • Provisioning EP roles and user groups through CUP

    Hello experts,
    I am configuring EP provisioning through CUP.
    I created the EP connector as per the instructions in the config guide. But I have not added any parameter values or did any field mapping. I have imported necessary Portal roles.
    My EP connector is tested successful. But when I try to provision a role through CUP, I get this error:
    Error processing your request, Request no: 4 in stage : NEW_AS11.
    In the log it shows,  Field Mapping is not set for Application  (EP)
    But when I go to field mapping, I get this error for EP.
    Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
    I could not find much documentation on fieldmapping.
    Are there any steps that I am missing for EP provisioning?
    Thanks in advance..
    Kee

    Thanks for your response.
    I have set up the parameters while setting up the EP connector in CUP.
    My role search URI is correct  but I am not sure about the last three parameters...
    ASSIGN_GROUPS:OC sapgroup
    ASSIGN_ROLES:OC saprole
    CHANGE_USER:OC sapuser
    CREATE_USER:OC sapuser
    CREATE_USER:password password
    DELETE_USER:OC sapuser
    LOCK_USER:OC sapuser
    LOCK_USER:islocked true
    RESET_PASSWORD:OC sapuser
    RESET_PASSWORD:password password
    ROLESEARCH_URI -  http://portalserver name:port number/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
    ROLESEARCH_URI_USERNAME -  same user Id I provided for the connector
    ROLESEARCH_URI_PASSWORD See your system administrator for the value.
    UNLOCK_USER:OC Sapuser
    UNLOCK_USER:islocked false
    ROLE_DATA_SOURCE -- ROLE.UME_ROLE_PERSISTENCE.un:   ??? What  is the role data source?? Is the value that is  provided is correct for the UME roles
    SCHEMA_ID SAPprincipals   ?? What does this Schema Id mean???
    USER_DATA_SOURCE  ????  Should we mention the user data source on the Portal system. In our case, it is the LDAP. But what would be the corresponding parameter value for LDAP.
    So when I go to field mapping to create one for EP, I get the following error:
    Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
    Log Details:
    2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR Error in gettting Field Def
    com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
         at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
         at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
         at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
         ... 25 more
    Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
         ... 28 more
    Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
         at com.sap.engine.lib.xml.parser.XMLParser.scanAttValue(XMLParser.java:1403)
         at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1577)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1712)
         at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
         at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
         at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
         at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2845)
         at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:231)
         at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
         at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:160)
         at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:261)
         at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
         at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
         ... 31 more
    2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
    com.virsa.ae.core.BOException: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:134)
         at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
         at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
         ... 22 more
    Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
         at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
         ... 25 more
    Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
         ... 28 more
    Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
    Appreciate your response.
    Thanks
    Kee

  • Request  submitted for provisioning through CUP

    HI All
    I am using SAP GRC 5.3
    i am using Compliant User Provisioning for creating requests.
    After submitting the requests  does CUP directly talk to target System or does it talk to any provisioning engine
    In short I want to know what actually happens( internally)  when a request is submitted for provisioning through CUP
    Thanks
    Jagan

    Mph,
      Once you complete the request in CUP and when it passes through all the approval stages, CUP will directly connect to target SAP system to provision users and roles. CUP has the java front-end which initiates the request and then it connects to the ABAP programs which are installed target SAP system for provisioning.
    Hope this helps.
    Regards,
    Alpesh

  • [solved] Printing via Cups fails

    Hello Community,
    software:
    extra/poppler 0.20.0-1 [installed]
    extra/cups 1.5.3-4 [installed]
    extra/cups-filters 1.0.18-2 [installed]
    aur/cups-xerox 2008.01.21-1 [installed]
    for some days I have some bad problems with my two printers (a dell and a xerox workcentre)
    If I try to print a testpage via cups it ends with:
    "/usr/lib/cups/filter/pdftops failed" on both printers.
    Same with printing via libre office, but the dell gives me a: "/usr/lib/cups/filter/foomatic-rip failed"
    I already tried downgrading cups, cups-filters and poppler, no soloution, so any suggestions for me?
    Regards
    t4c
    Last edited by t4c (2012-06-15 08:15:17)

    My hp p1005 just stopped working.I tried everything and got nothing.I was blacklisting hplip,as once hplip-plugin was missing from aur,and had small problems.
    Now it looks like brick.
    Could hplip-plugin be included in repos instead aur?
    Edit : works again with new packages.
    Last edited by dare023 (2012-06-14 19:56:34)

  • Users are created but Roles are not Provisioned in the Target System

    Hi,
    It would be great if somebody would provided solution to my problem. The problem is when I try to create the Users in Identity Managment UI then the Users are created in the Target systems but the Roles are not provisioned to the Users.
    In the provisioning job SetABAPRole&ProfileForUser,
    It is says In the Error putNextEntry failed storing
    Exception from Modify operation:com.sap.idm.ic.ToPassException: User does not exist
    MSKEY 58437
    Please note the When we create the User, the user is created however the Roles is not provisioned to the user.
    Regards,
    Hakim

    Hello Nits,
    since this thread is from 2010 and the OP was logged on last in 2012 (as you can see in the profile), I don't think you'll get an answer here.
    Please create a new thread to explain your problem (with version and SP numbers, logs etc). You can add a link to this thread to show, that the problem is similar.
    Regards,
    Steffi.

  • Printing via CUPS

    No device
    My printer (an HP ;-)) is not wireless. It is cabled to my Linux desktop, which serves it on the network for clients via CUPS (port 631). Can you give us a way to connect to it from the TP?

    exactly! It should be no problem to access a printer via ipp or lp in addition to the probably used socket connection. I have two HP printers connected to a NAS device to be able to print on both printers over the network. I would love to do so with my new touchpad. Besides with ipp the touchpad would be able to print on a wide variety of printers at once. Most printers, even from other vendors, unterstand PCL anway (ok, forget the really cheap ones with no own brain). Regards

  • Stopping of assignment of duplicate role in SU01 and same user in PFCG.

    Hello Experts,
    I have a requirement, wherein I have to restrict assignment of duplicate roles in the user master (SU01) also I should not be able to assign same users twice in the user tab in PFCG.
    Please advise...Thanks in advance.
    Best Regds,
    Suyog Chakot...

    Hi Suyog,
    There are two ways to do it:
    1 - PRGN_COMPRESS_TIMES
    2 - SSM_CUST .
    PRGN_COMPRESS_TIMES has its own limitation, it works perfect in Non-CUA landscape while have lot of issues in R/3 CUA landscape.
    SSM_CUST is universal and I guess it can be used in al landscape. CUA as well as NON CUA. Let us know if you need any more information on this.
    Just search with these two key words and I am sure you will get your reply.
    Edited by: sap.sec.akshay on Dec 30, 2009 6:55 PM

  • Pages 2.0 is exporting Word files in name.docx format causing duplicates files on my PC via iTunes.  Anyway to have it export name.doc files as Pages did earler?

    Pages 2.0 is exporting Word files in name.docx format causing duplicates files on my PC via iTunes.  Anyway to have it export name.doc files as Pages did earler?

    What I read in the PDF version of the manual (while I was waiting for my plane this afternoon), it seems pretty comprehensive. I was particularly interested in what it had to say about creating your own templates.
    Supposedly, it will remember if I left invisibles showing in templates (one of my big complaints with Pages 1). I'll find out soon enough. I must say that opening my two documents I use for answering posts here in discussions sure did open faster & navigating an 11-page table was much faster.
    Another good thing I noticed, the font used for the serial number is much clearer & there were no confusing characters - O/0, S/5, etc.
    Peggy

  • Deletion of Invalid and duplicate roles

    Hi,
    This is regarding some function modules which are used for deleting invalid roles.These function modules are available only in CUA environment that is in Solution Manager environment only, not in ECC or other systems.Can anybody confiem which one of these function modules would be the best to delete roles of one's choice.The idea is we have identified the invalid and duplicate roles , but we need the function modules only to delete them , ie remove them from user's role profile..
    The function modules are: 1) BBPU_WAP_USER_ROLE_REMOVE_LIST
                                           2) BBPU_WAP_USER_ROLE_REMOVE
                                           3) BBPU_WAP_USER_ROLE_CHANGE
    Thanks & Regards,
    Savitha.

    I don't know what you're doing.
    Try my working SSCCE example.
    Just press the Reset Table button and see what happens.
    import java.awt.BorderLayout;
    import java.awt.event.ActionEvent;
    import java.awt.event.ActionListener;
    import javax.swing.JButton;
    import javax.swing.JDialog;
    import javax.swing.JFrame;
    import javax.swing.JPanel;
    import javax.swing.JScrollPane;
    import javax.swing.JTable;
    import javax.swing.UIManager;
    import javax.swing.table.DefaultTableModel;
    public class ResetTableTest {
        public static void main(String[] args) {
            try {
                UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
                JFrame frame = new JFrame();
                frame.setDefaultCloseOperation(JDialog.EXIT_ON_CLOSE);
                DefaultTableModel model = new DefaultTableModel(new String[][]{{"1", "2"}, {"3", "4"}}, new String[]{"col1", "col2"});
                model.addRow(new String[] {"5", "6"});
                JPanel panel = new JPanel(new BorderLayout());
                final JTable table = new JTable(model);
                panel.add(new JScrollPane(table), BorderLayout.CENTER);
                JButton button = new JButton("Reset Table");
                button.addActionListener(new ActionListener() {
                    public void actionPerformed(ActionEvent e) {
                        table.setModel(new DefaultTableModel(new String[][]{{"1", "2"}, {"3", "4"}}, new String[]{"col1", "col2"}));
                panel.add(button, BorderLayout.SOUTH);
                frame.getContentPane().add(panel);
                frame.pack();
                frame.setVisible(true);
            } catch (Exception e) {e.printStackTrace();}
    }

  • Identifying Duplicate Roles and Traching Composite Role Assigned to the Use

    Dear Friends,
    I am novice to this website even after browsing for past 3 months. This website is so useful and huge with so many forums. I am lost many times where to post this questions. there is not a single SAP Security Forum or Basis/Security related forum. Can anyone direct me to the right forum or if there is no Security Forums, can anyone  direct me how to start new Forum so that all security related discussions and knowledge sharing takes place. I am requesting the Moderators of this website to direct me to the right forums.
    we have around 2000 users in Production. We assign Composite roles and single roles to all users. Sometime we use SECATT or LSMW to update User Master Data to Assign some Roles that are ALREADY assigned to the users. I have 2 questions. If there any way to clean up this mess. I mean Identifying all users who have these Duplicate Roles with Different Validity Dates. I am sure SUIM can not help me as I research a lot on this. I appreciate if anyone can direct me with some solution in this cleanup process. I mean some SQL or SAP Query will help me i guess. Any suggestions are greatly appreciated.
    My Second Question is Tracking Composite Role/User Assignment Changes. We had assigned some Composite roles to the user 3 months ago and deleted last week. when i check SUIM change documents, It does not show Composite Role history. It is Displaying all single roles that are assigned and deleted later. BUT It never showed any information on Composite Role Additions or Deletions in User Change Documents. I hope SUIM is not going to help. I still need to go to many places or write any Good SQL and execute them.
    Is anyone had written this Utility SQL programs for cleanup of roles/users in the SAP. Is there any way to check or debug this issue, going to see any tables that monitor these changes. I appreciate if can one can share this knowledge to resolving this issues.
    any ideas and suggestions are welcome.
    Thanks
    Kumar

    Satish,
    Please post this in the SAP NetWeaver Administrator Forum and close this thread here.
    SAP NetWeaver Administrator
    Regards,
    Ravi

  • User disabled until start date not getting ROs provisioned via AP

    Here's the situation: I have a user in OIM that is disabled until start date. When the start date rolls around, and the job "Enable User After Start Date" runs followed by "Evaulate User Policies," the user is correctly enabled and the correct role gets assigned but the access policy associated with that role does not appear to get triggered so the APs resources are not assigned. However, if a user is entered the same way (via HR recon) but is on or after its start date, then the role gets assigned, the access policy fires, and the ROs are provisioned just fine.
    I have noticed that if a user is moved from disabled to enabled, then the membership rules fire and any roles associated with the rules get assigned but in the DB the field USR_POLICY_UPDATE remains null. If I update that field with a '1' and re-run "Evaluate User Policies," the resources are provisioned correctly.
    I am wondering if anyone has seen this before or has a suggestion as to how to resolve this.
    Thanks,
    Stephen

    Thanks for the suggestion. As it turned out, I did not have Retrofit checked but unfortunately that did not resolve the issue. The behavior remained the same after checking and re-running 'Evaluate User Policies'.
    I may have a workaround for this issue that I am in the process of implementing. I'm creating a job that will run right before 'Enable User After Start Date' that will update the USR_POLICY_UPDATE field to'1' if the status of a user is 'Disabled Until Start Date.' Then the user will get enabled, assigned the appropriate roles via rules, and 'Evaluate User Policies' should run and now find this user and apply the access policies.
    Anyway, seems like there should be a simpler answer so I'll keep checking here if anyone has one. I'll also update if the above workaround works.
    Thanks,
    Stephen

  • Can't print pdf via CUPS / Samba

    I have a printer set up on a Linux server, which is shared in an office of Windows machines. It works flawlessly, I can print anything except for pdf files. On the client side there are no visible error messages or anything, but nothing happens, and no trace of the printing command in CUPS logs.
    Locally, from the Linux machine pdf's can be printed without any problem, but I can't do that via network from Windows machines.

    Operating system?  Reader version?  Can you post a screenshot of that unavailable option?

  • Role Access : SS Provision Report vs Workspace Security Extract

    Is this normal, we are using EPM 11.1.2 Classic Metadata.
    I Setup a user 123049, provisioned him HFM access to "Reserved" only.
    I also add the same user to a native group called FM_Loc_Reviewer which has provision access to 7 Roles: Approve JE ,Consolidate,Create JE, Load Excel Data, Post JE, Reviewer 1 and Save System Report on Server.
    When i extract security from workspace it has user, 123049 showing up with the combined provision of his id and the group he belongs to. Is this a te way it is suppose to be? In HFM 4.02 it would only show his access
    Thanks
    From Shared Services:
    User@Directory     Role     Inheritance Information
    123049@CompanyA     Approve Journals     FM_Loc_Reviewer
    123049@CompanyA     Consolidate     FM_Loc_Reviewer
    123049@CompanyA     Create Journals     FM_Loc_Reviewer
    123049@CompanyA     Load Excel Data     FM_Loc_Reviewer
    123049@CompanyA     Post Journals     FM_Loc_Reviewer
    123049@CompanyA     Reserved     -
    123049@CompanyA     Reviewer 1     FM_Loc_Reviewer
    123049@CompanyA     Save System Report On Server     FM_Loc_Reviewer
    From Security Extract:
    !ROLE_ACCESS     
    Reviewer 1     123049@CompanyA
    Reserved     123049@CompanyA
    Save System Report On Server 123049@CompanyA
    Create Journals     123049@CompanyA
    Approve Journals     123049@CompanyA
    Load Excel Data     123049@CompanyA
    Consolidate     123049@CompanyA
    Post Journals     123049@CompanyA
    Edited by: user13116744 on Nov 17, 2010 9:58 AM

    This is a sample on the way it looks in mine.... we are using EPM 11.1.3 Classic Metadata
    !ROLE_ACCESS
    Provisioning Manager;admin@mycompany
    Application Administrator;admin@mycompany
    Reviewer 1;myuser@Native Directory
    Reviewer 2;myuser@Native Directory
    Reviewer 1;myuser2@Native Directory
    Reviewer 3;myuser2@Native Directory
    Read Journals;myuser3@Native Directory

Maybe you are looking for

  • Transfer of employee loan

    Hi, I have a following scenario: " Employee had taken a loan amounting 10lacs from Company code 1000 and now gets transferred to company code 2000. Employee wants that my existing loan of Rs. 8Lacs, should gets transferred to another company code 200

  • Upgraded Firefox 6.0 won't run it reports sq3lite.dll is missing how can I fix it?

    On Win 7 Firefox 5 ran fine but when I "upgraded" to 6.0 now the Firefox will not run. Each time I attempt to run FF I am told that the file sqlite3.dll is missing and I am told to reinstall 6.0. I have reinstalled a dozen times with the same result.

  • Error message when trying to run

    Error message Hi, I just downloaded and installed Java 2 SDK 1.3.1 a few days ago. From the online tutorial>Your First Cup of Java, I read and did the first application HelloWorldApp create, compile and run, it worked. Then I did the applet HelloWorl

  • Can anyone here at the forum please explain what is"maintenance sripts".

    What is the difference between -daily, weekly, monthly, maintenance scripts and should this procedure be done on Macbook Pro's?

  • GPO Item-level targeting for IE11

    Hi, hoping someone can help guide me with setting up item-level targeting on a group policy.  I have created a set of IE11 group policy settings, and only want to apply to machines with IE11.  When creating the WMI query what and how do you enter the