Dynamiclly assign responsible agent based on SAP role

Similar Messages

• WF: determine appropriate agents based on sap org object

  HI All,
  how will i code this in my workflow:
  i have a BSP wherein i could enter data to some fields.
  these fields are the primary key(sap org object types in PO13) to my sap org struct.
  now i need to determine the appropriate agents from an organizational structure using the data i entered in the BSP as primary keys.
  how shall i do that?
  please notify me if my question is not clear.
  Your response is highly appreciated.

  solved by myself. use FM RH_SAP_ORG_OBJEC_ACTORS_LIST to get the agents.

• Work flow issue: Assign agent based on role

  Hi,
  We are facing an issue in SAP workflow.
  How to assign agent based on the role of an employee.
  Thanks for your input.
  Thanks
  Muthukumar

  Hi,
  Make sure that you have configured properly in transaction OMGS.
  If it is done, then we can not do much about it.
  I faced the similar issue and i had to convince the user that it is a porblem.
  PO release workflow has some problems.
  Hope it helps.
  Regards,
  Shashank

• Duet Enterprise 1.0 SP2 - SAP Role based authantication

  Hi All,
  We have implemented Duet Enterprise 1.0 SP2 in our landscape. Now we try to implement SAP Role based authantication.
  But don't know which role to assign for which authorisation. In my scenario i have created 2 users. For one user i want to have only read access to all lists (Contact, Employee, etc) and for another user i want to have all acess (read, write, modify, delete) on all lists available at sharepoint.
  Can someone help me to tell what roles (template) need to assign for what operation.
  Which roles i do assign to user in SAP that which ristrict users access at Sharepoint.
  Thanks & Regards
  Virender Solanki
  09818316550

  Hi Binson,
  I want to ristrict the crude operation (create, update etc) by giving roles in backend system. i am able to apply restriction at sharepoint end but i don't want that. i want SAP role based security.
  So i want, according to given roles in backend system user is able to do operations at sharepoint.
  Thanks & Regards
  Virender Solanki

• Federation, remote role assignment based on ABAP roles on producer

  Hi all,
  We have implemented the federated portal solution for our ESS users. We use the ABAP stack of the producer portal as user store for consumer and have no problems in assigning portal roles on our consumer based on ABAP roles in the backend (displayed as groups in the portal).
  Now we want to add some extra functionality (eg SRM and eRec) and we encounter some problems. These systems all have their own ABAP stack as user store. We have maintained the functional authorization model in the ABAP roles for instance in SRM. So an example:
  System I: ABAP + JAVA --> ECC 6.0
  Here we have the standard R/3 functionality and the producer portal (A) installed. Roles created on producer portal and assigned based on ABAP roles.
  System II: JAVA --> NW 7.0 Portal
  Our consumer portal (B) where we use roles created on the producer portal (A) on System I.
  System III: ABAP + JAVA --> SRM
  Our SRM system with SRM producer portal (C). In the ABAP stack of this sytem the functional SRM roles have been assigned to the users. We have created functional SRM Portal roles in order to use remote role assignment on consumer portal (B).
  +PROBLEM+
  We want to remotely assign portal roles created on the SRM Producer (C) to users on the consumer portal (B), based on the ABAP role assignment in the backend of system III. How can we achieve this in a fast and efficient way?
  Looking forward to your ideas. Anything helpfull will be gladly awarded with SDN points.
  Best regards,
  Jan Laros

  Jan,
  Interesting question. Let me share my experience and hope that's of some use to you.
  We started off federating corporate NetWeaver Portal (lets say B, parallel to your convention) as consumers to BI Portals (Lets say A).
  - B's UME points to Active Directory
  - A's UME points to BI ABAP user store
  - User ids are identical in both systems
  We ran into the problem of dual administration ((de)assigning portal role on both portals instead of just one) for a long time. The issue was because of different reasons at different times as we patched B's and A's. At one point we were on SP15 on both portals and we were told by SAP that RRA can be done on B for remote roles and the assignment propagates to A automatically if the following configuration is set up on both A and B.
  - A's permissions are relaxed allowing "Everyone" group checked for "End User" access as per ([http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/content.htm|http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/content.htm]
  However, we chose not to do the permission relaxation as enabling "Everyone" group with "End User" access can allow anyone to launch an iView (if the URL is known somehow) and the user would be able to see the layout of the iView, which can include text, etc. The user won't be able to access any data though, however, there is certain compromise on security which we decided that its not okay. So, we digressed in SAP's suggested practice because of security reasons.
  Today we, manage security on B using Active Directory groups and on A using Java groups (ABAP roles).
  In your case, I suggest investigating the option of relaxing the security on producer portal like in the above link. If you think its okay, all you have to do is, provision users on B by assigning remote roles from C and A.
  Either my story is applicable or I must have got you totally wrong,
  Kiran

• How to assign possible agents at security role / CAG level?

  Hi Experts, How to assign possible agents at security role / CAG level?

  Yes, that's exactly what I'm talking about. In your task maintenance, goto additional data -> agent assignment -> Maintain
  Click on th task, click on the assign button. Choose object type 'Role', enter role.
  Cheers,
  Mike

• Is it mandatory to assign a task to responsible agents?

  Hello Gurus,
  Iam new to workflow and i have few questions . Iam implementing CATS on ECC6.0 and in the data entry profile i have given the task ID  TS31000007,Now i want to assign this task to an agent,
  1. Is it sufficient to assign possible agents to the task through PFTC so that all possible agents can execute the workitem.
  2. Or is it mandatory to assign the task to responsible agents <b>also</b> through a rule.
  3. If i make the task as a general task can the perosn who entered working time can also approve it .
  Sriram

  Hello Raja
  My scenario is as follows
  In CATS data entry profile i made the following settings
  With approval procedure
  Using business workflow
  Auto determination of a recipient
  Task ID : TS31000007 - approval by a chief (supervisor)
  Now i make the task as  general task ( possible agents).
  I <b>dont</b> define a rule for the task in the defaults tab .
  Now does the workitem go to all users?
  and if i maintain agent assignment to a task through PFTC ( for example i assign the task to a user) and dont define the rule .
  Does the work item goto that particular user only?
  Sriram

• GRC AC10 Agent based upon Role Attributes

  Hi Experts,
  Need your help on the issue.
  We are trying to achieve below configuration-
  After the Access request is generated, at the first stage, the approver should be selected based upon the business process of the role. If there are multiple roles with different Business Processes and their approvers, all of them should approve the request and then request should go to the next stage.
  There is also a field Business Process in the Access Request Screen which denotes the User's association with Business Process and not of the role. We are able to trigger the approval based upon this field, but we can;t find any option of approver selection based upon the business process of the role.
  Can some one show a way to achieve that?
  We are facing another problem, when the request is approved based upon the field Business Process in the Access Request screen, we are not able to find the request in next stage, it is still showing in the same stage while the role attached is only one and no other approver defined.
  What could be the reason behind it? Any help is highly appreciated.
  Thanks in advance,
  Sabita

  Hello Sabita,
  You can use the transaction : GRFNMW_DBGMONITOR_WD to check the logs.
  What i understand from your requirement and what would be my approach.
  1) Approvers who will be ROLE OWNERS
  > In this case 1st thing is you should upload few ROLES( NWBC>Access Mgmt-->Role Import) with all the details i.e function area, company , role owner, alternate approver
  ---> Now create a "Custom Initiator from SPRO >GRC>AC>workflow for access control>Define  Worflow Related to MSMP rules for Process ID SAP_GRAC_ACCESS_REQUEST
  Run Tx: BRF+ , and you will see a rule created , drill down to "Expression-->Decision Tree"
  and use "Table settings" to select "Condition Column" & "Result Rule sets", where you can configure the Custom Initiator
  Now run Open MSMP workflow config window
  1) Process Global settings ( Notification details if necessary)
  2) Maintain Rules (add your custom initiator rule )
  3) Maintain agents ( check & if not present add Role owner agent)
    i.e. GRAC_AR_ROLE_OWNER  (This will satisfy 1 st requirement)
  Create a new agent as BSM and mapp them as "directly mapped user" , similarly for the 3rd stage you can use directly mapped user.
  4)Variables & Templates --> Skip
  5)Maintain Path ( add 3 stages as required i.e role owner, BSM & security officer)
  Now for each stage click on "modify Task Settings" & click on individual check boxes as relevant , you can select "All approvers" or "Any one approver", Approve Request based on System & Role , or Request .
  Same applies to all the other 2 stages.
  6) Maint Route Mapping  --> put the path ID created in previous stage and save and activate.
  I hope this should give you some fair idea.
  Thanks
  Victor

• No Responsible Agent filled? workflow goes to all

  Hi All,
  I am new to workflow. I am trying to fix a leave workflow issue. Issue is when ever the leave applied it goes to more then one manager. Even thou employee got manager in organisation. When I checked the workflow log, I found no “Responsible Agent” in list, only “Possible Agent” as list with more then one entry (all of them got this workflow). I am not sure what’s wrong, agent determination is done using “Rule resolution” I am unable to link workflow and rule used. Can anyone tell me what should be causing this problem or why responsible agent list empty.
  Thanks in advance.
  Regards,
  Trim

  HI Trim,
  Responsible Agents
             Who should do the work
  Responsible agents are the people who are supposed to execute a particular work item.   
  Responsible agents are assigned at the workflow step level or at the task level via default agent determination rule.
     Assignment of Responsible Agents
      Responsible agents can be assigned by using
  Expressions (Initiator of workflow)
  Organizational Structure (Organizational unit, job, position)
  Rules (Dynamically during Work Item creation)
     The recipient(s) of a work item are established from the  intersection of responsible and possible agents.
  <b>Responsibility Rules</b>
  When role resolution is performed, an assignment table is
  evaluated in which Organizational Management objects (jobs,
  positions, users, organizational units) are assigned to the
  various characteristics of the role parameters.
  <b>Procedure for defining roles using responsibilities</b>
  Creation of container element for each criterion that are selected for the evaluation at runtime.
  Creation of responsibility and definition of criteria (individual values or value ranges) in the responsibility editor for the container elements.
  Assigning users / organizational objects to the responsibility.
  If the values in the role container are compatible at runtime with
  the criteria defined for a responsibility, the organizational
  objects assigned to this responsibility are identified as
  responsible  agents for the work item.
  Thanks and Regards,
  Prabhakar Dharmala

• Workitem must be limited to go to responsible agent only.

  Hi,
  I have a couple of doubts.
  1) I do not need a workitem to be created for certain steps in the workflow.How can i avoid the creation of the workitem? If a workitem is not created, will the subsequent step execute?
  Also, is it a must to make these steps "Background" tasks to avoid the creation of the workitem?
  2) In the workflow, after a fork i send a workitem to several managers(retrieving them from an internal table).I need to send it to everybody irrespective of whether 1 manager approves or not.Right now, i get the workitem for the next manager only after the previous manager approves.How can i rectify this?
  3) The workitem must only go to the responsible agent's inbox(manager).But, right now the workitem is going to all the inboxes. I have therefore created a rule to determine the agent and added this as "Possible Agent" in the task.I have also added this rule as a default rule in the task.
  Also,when i generate the binding for this rule, no default bindings are being generated. What could the problem be?
  Your early help will be highly appreciated.
  Regards,
  Monica.

  Hi Monica,
  1. background step means - no dialog to the user - WF-BATCH runs it in a job (but even in this case a workitem is created but it is in nobady's inbox.
  2. in PFTC you set the possible agents in SWDD by assigning the agents/rule define the responsible agents.
  "The system resolves the rule for the recipient type agent at runtime, and determines the responsible agents of the task. All responsible agents who are also possible agents become recipients of the relevant work item."
  If it does not work, you have to check the note for authorisation and the rule (PFAC).
  If it still does not work, there is an issue in SAP.
  I hope it helps
  Regards
  Tibor

• Custom plugin based on user role membership

  Hi all,
  I would like to develope a custom plugin that generates account userid (on process form) with different syntax against role membership.
  With "syntax" I mean name.surname.random_number for employee users and surname.company.random_number for example.
  I'll try to explain the scenario more in details:
  1. I create a user identity through a request
  2. After user identity has created successfully, I assign a role to the user. Since roles are associated with access policies, role assignment triggers provisioning on target system.
  3. The custom plugin that I would like to develope shuold be able to generate proper userid against role membership. For example if I assigned the role "Project Manager" the custom plugin should generate the account userid with name.surname.random_number format; viceversa if I assigned the role "External Reseller" the custom plugin should generate the account userid with surname.company.random_number format.
  Looking for custom plugin based on role membership in forum, I found a couple of threads about this subject:
  - Email notifications after role grant
  - Re: OIM 11g Role Membership Event Handlers.
  I tried to implement what explained in the threads, but I would be sure about what I've done.
  Here what I've done:
  1. created plugin.xml file
  2. created EventHandler.xml metadata file
  3. developed a java calss for testing pourpose
  4. copied the custom plugin class to OIM server for example in $MIDDLEWARE_HOME/OIMPlugins/lib
  NOTE: during this operation I have exactly mantained the same directory structure of custom java package.
  For example custom plugin class is under my.custom.plugin java package and I have copied custom java class under $MIDDLEWARE_HOME/OIMPlugins/lib/my/custom/plugin folder
  5. created a zip file containing custom plugin class (always with its directory structure) and plugin.xml file
  6. copied the zip file to $OIM_HOME/server/plugins
  7. edited ant.properties file (under $OIM_HOME/server/plugin_utility) setting wls.home and oim.home variables
  8. built the wlfullclient.jar (only the first time)
  9. registered the custom plugin
  10. created the custom plugin dataset file
  11. imported it in OIM database using "weblogicImportMetadata" utility
  12. purged cache using "PurgeCache" utility
  NOTE: all the steps above was executed using the system user running OIM process
  test java class
  package com.zeropiu.sky.custom.eventhandlers;
  import java.io.Serializable;
  import java.util.HashMap;
  import com.thortech.util.logging.Logger;
  import oracle.iam.platform.kernel.spi.ConditionalEventHandler;
  import oracle.iam.platform.kernel.spi.PostProcessHandler;
  import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
  import oracle.iam.platform.kernel.vo.BulkEventResult;
  import oracle.iam.platform.kernel.vo.BulkOrchestration;
  import oracle.iam.platform.kernel.vo.EventResult;
  import oracle.iam.platform.kernel.vo.Orchestration;
  import oracle.iam.platform.context.ContextManager;
  import java.util.Set;
  public class TestUserAnonimi implements PostProcessHandler, ConditionalEventHandler {
       private static final Logger logger = Logger.getLogger("com.zeropiu.sky.custom.eventhandlers");
  private static final String className = "TestUserAnonimi";
       @Override
       public void initialize(HashMap<String, String> arg0) {
            // TODO Auto-generated method stub
            String methodName = "initialize";
            System.out.println("###### " + className + " - " + methodName);
       @Override
       public boolean isApplicable(AbstractGenericOrchestration abstractGenericOrchestration) {
            // TODO Auto-generated method stub
            String methodName = "isApplicable";
  System.out.println("###### " + className + " - " + methodName + " - STARTED");
  System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextType(): " + ContextManager.getContextType());
  System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextSubType(): " + ContextManager.getContextSubType());
  System.out.println("###### " + className + " - " + methodName + " - abstractGenericOrchestration.getOperation(): " + abstractGenericOrchestration.getOperation());
  System.out.println("###### " + className + " - " + methodName + " - Printing ContextManager parameters");
  HashMap allContextManagerPairs = ContextManager.getAllValuesFromCurrentContext();
  Set<String> allContextManagerParams = allContextManagerPairs.keySet();
  String[] parameters = allContextManagerParams.toArray(new String[allContextManagerParams.size()]);
  for (int i = 0; i < parameters.length; i++) {
            System.out.println("###### " + className + " - " + methodName + " - Context parameter " + i + ": " + parameters[i] + " - Object type is: " + Utils.getObjectType(ContextManager.getValue(parameters)));
  System.out.println("###### " + className + " - " + methodName + " - ENDED");
  return true;
       @Override
       public boolean cancel(long arg0, long arg1,     AbstractGenericOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "cancel";
            System.out.println("###### " + className + " - " + methodName);
            return false;
       @Override
       public void compensate(long arg0, long arg1, AbstractGenericOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "compensate";
            System.out.println("###### " + className + " - " + methodName);
       @Override
       public EventResult execute(long arg0, long arg1, Orchestration orchestration) {
            // TODO Auto-generated method stub
            String methodName = "Eventresult execute";
            System.out.println("###### " + className + " - " + methodName);
            return null;
       @Override
       public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "BulkEventResult execute";
            System.out.println("###### " + className + " - " + methodName);
            return null;
  plugin.xml file
  <?xml version="1.0" encoding="UTF-8"?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
  <plugin pluginclass="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" version="1.0" name="TestUserAnonimi">
  </plugin>
  </plugins>
  </oimplugins>
  EventHandler.xml metadata file
  <?xml version='1.0' encoding='UTF-8'?>
  <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
  <action-handler class="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" entity-type="RoleUser" operation="CREATE" name="TestUserAnonimi" stage="preprocess" order="1007" sync="FALSE" />
  </eventhandlers>When I assign a role to a user through OIM web interface, I can see in OIM log file all System.out.println contained in initialize(), isApplicable() and BulkEventResult execute() methods. Is it correct? Can I implement my custom plugin logic now, or my starting point is wrong?
  ###### TestUserAnonimi - initialize
  ###### TestUserAnonimi - isApplicable - STARTED
  ###### TestUserAnonimi - isApplicable - ContextManager.getContextType(): ADMIN
  ###### TestUserAnonimi - isApplicable - ContextManager.getContextSubType():
  ###### TestUserAnonimi - isApplicable - abstractGenericOrchestration.getOperation(): CREATE
  ###### TestUserAnonimi - isApplicable - Printing ContextManager parameters
  ###### TestUserAnonimi - isApplicable - Context parameter 0: origuser - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 1: oimuser - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 2: RESOLVED_LOCALE - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 3: counter - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 4: TIME_ZONE - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 5: ipaddress - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - ENDED
  ##### TestUserAnonimi - BulkEventResult execute
  Thanks,
  Daniele
  Edited by: 886636 on Jan 24, 2012 2:53 AM
  Edited by: 886636 on Jan 24, 2012 2:53 AM

  Probably I don't explain myself clearly....sorry for that!
  Anyway you are right, the role of the user can change after the user is initially provisioned.
  I'll try to summarize to be sure to have understood your answer and to explain my scenario more in details:
  1. After user identity creation, I'll assign the role "Project Manager". Before role assignment the user has not any role. So using a pre-populate adapter I can retrieve the assigned role and compose the right userid.
  2. After step 1, I need to assign another role to the user, the new role should be "External Reseller" for example. In this case the user has a role already. What I would is: basing on the role that I'm assigning (External Reseller), the pre-populate should compose the right userid. Obviously this second userid will be different from the first one and this means a new account will be created for the user. At the moment I don't care to deprovisioning the first userid.
  Is it possible with pre-populate adapter?
  Sorry again for my not very clear explanations.
  Daniele
  Edited by: 886636 on Jan 24, 2012 4:10 AM

• Restricting values of a dropdown based on user roles

  Hi,
  Is it possible to restrict the values of a custom metadata dropdown based on the user roles (assuming only 1 role is assigned to each user)? Say, based on the role assigned to a user, he/she should see only 3-4 values out of 10 values in a dropdown on the checkin page. Please suggest.
  Thanks.

  You can get pretty close out of the box using some configuration manager applet voodoo
  1)First off create a Table that will contain the options for your list. Create the columns e.g. label and id and then also create a column called dSecurityGroup
  2)Add a view based on the table you just created, choose the Security tab and select "Use standard document security"
  3)Add some values to your view - make sure that you populate the dSecurityGroup column with real values of security groups
  4)Once it is all published, have a look at the checkin and search screens. You should find that UCM will evaluate the options in the same way it would documents - based on the dSecurityGroup value you applied to the row - e.g. you will see an option on the search screen if you have at least R permissions, you will see an option on a checkin screen if you have at least RW permission
  Try it out :-)

• GRC - SOD Conflict Management (SAP Role Substitution)

  Hi,
  I am looking to see how others handle SAP Role Substitution and SOD conflicts.
  For example, a person is going to be out on vacation for a few day and assigns their roles to another employees to continue with daily tasks....SOD risks result because of the temporary assignment and role combinations....what are you guys doing to manage, and monitor this sort of activity?
  Your help and comments greatly appreciated!

  Hi
  As already stated by Martin, one of the option for handling adtional backup access to users could be through Superuser Privilage management(If GRC has been implemented with your client). This would allow detailed reporting at transaction level for audit purposes.
  If GRC is not implemented with your client then any additional access which is resulting in SoD, there has to a proper documentation of temporary access assignment to users(For Audit purpose). Mitigation control should be documented and submitted by the supervisor of the user to the SoD team to ensure proper compliance is in place for the additional access provided to the user.
  Thanks.
  Anjan

• Customize portal "Help" link based on user roles

  Is there a chance to customize the Help link URL in Masthead iView based on user roles? The use case we have is that the "Help" should be different for users of the purchasing company from those of the supplying company.
  Thanks.

  Hello Jay.
  This is a multi step process.
  Step 1 : Create 2 desktops with everything as same but different mastheads.
  - Copy your existing desktop and paste it in your working folder in PCD (Not select Delta link)
  - Now download masthead par file.
  - Modify your masthead par file where you will disable help link. Rename you masthead file (newMasthead.par) and export it from NWDS. Now import it in portal.
  - open your framework page in desktop2. Just add your new masthead in it. Enable the new one and disable the existing one.
  Step 2 : Create 2 groups of users. (First one belong to users who wish to see help link . i.e existing desktop) (Second of thoese users who do not have to see help link i.e. newDesktop)
  - Assign users to appropriate groups.
  - Assign same roles to both groups.
  Step 3 : Modify main rule section in PCD.
  - If group = HelpLinkUsers Then Desktop1
  If group = NoHelpLinkUsers Then Desktop2.
  You may find above process bit tedious and lengthy.
  But if you wish to further customize your portal then this will be needed one day.
  If you find problems in implementing any step then please search in google or SDN.
  Please revert back on any specific question on above approach you may face while implementing.
  Thanks

• Managed System Configuration step Assign Diagnostics Agent

  Dear Experts,
  We've newly instaled solution manager system 7.0 Ehp1 via latest sp stack 25 on aix 6.1, we've completed initial and basic configuraiton successfully via solman_setup, and instaled wily introscpe on same host with solution manager system,
  Now i am trying to managed system configuration for solution manager system via solman_setup step Assign Diagnostics Agent as demo link below
  https://service.sap.com/~sapidb/011000358700001735062008E
  I opend http://>SOLMANHOST>:<SOLMANPORT>/smd/go/ADMIN_AGENT
  >> Agent Candidates Management
  >>  Connection Parameters
  >> Custom SLD Parameters > Aply and the selected the SMD instance then trying to attached via password SMD_ADMIN
  But agent registration is waiting, SMD_ADMIN user is creating when i execute intial configuration, after i change the intial password, password is correct, so why the agent state is waitng status, i also push sld Setting for all from SMD view tab,
  I've also try to restart SMD agent, /usr/sap/SMD/J98/SMDAgent/log/SMDSystem.0.log file after restart
  Oct 28, 2010 11:07:25 AM [Thread[main,5,main]] Info       Starting SMDAgent ...
  Oct 28, 2010 11:07:25 AM [Thread[main,5,main]] Info       ===> Establishing connection to server 'ms://ccisolman:8101/P4
  Oct 28, 2010 11:07:28 AM [Thread[Connector,5,main]] Info       Smd connector is disabled because no SLD association and no credentials found.
  Oct 28, 2010 11:07:32 AM [Thread[SLD-Registration,1,main]] Info       [SLDReg] Next try to push instance data in SLD is  Thu Oct 28 23:07:32 EEST 2010     
  Best Regards

  hi
  pls chk again your sld parameters and check the correct user name, password entered in agent connection management under CUSTOM SLD(in agent candidates management)
  jansi