E-Recruiting and ECC Integration Password and Authorization.
Hello,
We are running a stand alone E-Recruiting 3.0 with bringing data from our SAP HR system using distribution model. Everything is working correctly, but the client does not want to have SSO, so internal users are brought in to E-Rec, but their passwords are not, and they have them due to ESS. Also when they are brought in, for some reason with Authorization as a reference user of External Candidate. Any help?
Thanks,
Alex
Yes we need password for them, because we are not using SSO or the portal they manually have to login to e-Recruiting. We have ess, so they all have ID's and passwords on the SAP HR system. I thought maybe we can bring in their passwords from there, because they are syncronized to their network id's.
Thanks,
Alex
Similar Messages
-
I have old email address's I used for iTune music purchases and cannot change password on several old accounts. Now some of the music I purchased I can not download and authorize it on my device. What can I do password security does not match my birthdate on two of the accounts. Apple can not send me email with a password authorization on several current accounts that I have with them. How can I contact Apple with this annoying problem I can not fix.
settings - app/iTunes store - sign out and sign back in with your new id.
Note - if your older apps needs an update it will use your old apple id and password, as Apps are tied to the apple id that was used to purchase it.
You can't merge apple id. -
E-Recruitment and EHS - tables are missing ECC 6.0
Hello All,
We have recently noticed that we have tables missing in our SAP HCM and our EHS(Employe Health and Safety) Development Box. I am attaching the list of tables for review by all. Can someone tell me, please, if they know what these tables are for and if they are part of a note or submodule running off main modules for E-Recruitment and EHS. I checked notes in OSS but cannot find the tables for the EHS or E-RC modules.
We cannot find these tables listed anywhere. We are using ECC 6.0 and the BB installlment was for N. America.
<b>EH&S Tables</b>
CCRCC_CHCK_ON - EHS: Online Checks for Regulation/Scenario/Scenario Category
CCRCC_DET - EHS: Data Determination Modules per Regulation/Scenario
CCRCC_DETDOCTYPE - EHS: Modules for Regulation/Scenario/Scenario Category
CCRCC_EXCHG - EHS: Data Transfer from and to EH&S
CCRCC_FILTER - EHS: Data Filtering
CCRCC_LIMITG - EHS: General Quantity Restriction
CCRCC_LIMITS - EHS: Relative Quantity Restriction
CCRCC_MON - EHS: Monitoring Settings
CCRCC_PERIOD - EHS: Period Definition
CCRCC_SCENTYPE - EHS: Scenario-to-Scenario-Category Assignment
<b>ERECRUIT - PA-ER - E-Recruiting</b>
T77RCF_INCL2FORM - Assignment of Text Element to Smart Form Template
T77RCF_WL - Worklist
T77RCF_WLA_IDXGR - Index Group for Worklists
T77RCF_WL_ACT_P - Action Profile of Worklists
T77RCF_WL_OUT_P - Output Profile
T77RCF_WL_SEL_P - Selection Profile for Worklists
T77RCF_WL_SEL_PV - Values for Selection Profiles in Worklists
Points awarded!!Hello Brenda,
I cannot speak for the EHS stuff but the tables you mentioned for E-Recruiting are part of the functional enhancements for e-recruiting 600 delivered with e-recruiting servie pack 7.
E-recruiting delivered 2 service packs which implmented new functioons. These were the e-recruiting packs 5 and 7. Futere enhancements will be delivered with the standard EhP (enhancement package) szenario - first of them is EhP3 for e-recruiting awaylable today if i remémber the schedules correctly..
You are probably missing these tables as you do not have installed the packages yet - so check your sp level. I strongly recommend you to upgrade to the newest service pack 11 for e-recruiting especially if you use / plan to use the webdynpro candidate frontend. But also for other implementation szenarios the sps are very urgent.
For the table in detail:
T77RCF_INCL2FORM - is a tablke for the new letter / correspondence change functionality using a dedicated changable text area in the smartform whixh has the advantage towards the old solution that changed correspondence can be printed propperly.
All other tables are part of the so called dashboard functionality.
You can find additional information on these functional enhancements in the software download centered of the sapnet under "Installations and Upgrades" -> "SAP Application Components" -> "SAP ERP" -> "SAP ERP 2005" -> "Documentation".
Best Regards
Roman Weise -
When i attempt to sync my iphone it continues to say this computer is no longer authorized for apps and they will be deleted?? I don't understand?? I put my password and authorize but same message comes up. What to do??
I found the solution in another post. By deleting all my apps, I was able to sync the phone. I hope I don't have to delete all my apps every time I want to sync my phone, but at least now I am able to sync my phone.
-
Recruitment and Succession Planning Infotype maintance maintenance in ECC
Is there a way or transaction in ECC(not using portal) to maintain following infotypes
Work Experience (Infotype 5103)
Education (Infotype 5104)
Qualifications (Infotype 5105)
Desired Employment (Infotype 5106)
Desired Location (Infotype 5107)
etc.
There infotypes are related to Recruitment and Succession Planning
and also same of for maintaning talent group (infotype 5115) maintenance
Thanks
YSSDear YSS,
Unfortunately there are no way to maintain these corresponding HRP51* tables in ECC according the documentation : Display/maintenance allowed to limited extent
Usage of standard table maintenance tools is allowed to a limited extent:
- Transaction SE16 allows the display function for this Dictionary object, but no maintenance.
- Generation of a maintenance dialog for this Dictionary object is possible using transaction SE54
- Transaction SM30 does not allow maintenance and display functions for this Dictionary object
Best Regards,
Christine -
OAM manage roles and Authorization in WebLogic integration
Hi
Had anyone done weblogic integration where OAM manages roles and Authorization?
I could read in Oracle WebLogic integration document that,
"The Security Provider only supports authentication for portals."
I wanted to figure out if anyone has done this before or Is it possible to delegate role management and Authorization responsibility to OAM?
Thanks
Kiran ThakkarThanks for the quick response.
Thanks
Kiran Thakkar -
User creations and authorizations in ECC 6
Hi,
how to create users and authorizations? is it necessary to give authorization of SAP_NEW to new users?
regards,
sureshSAP_NEW automatically assigns relevant authorizations to a user in cases where there have been changes to authorizations brought in by support packages or upgrades. This enables users to carry out their tasks as before even though there may be additional authorization checks required to perform the same task. SAP_NEW only allows users to execute functions which are permitted by their assigned roles and/or authorization profiles.
To create users and roles and assign roles to users (or users to roles) you can use transaction codes:
SU01 - Create / Maintain users
SU10 - Mass user maintenance
PFCG - Create roles (which themselves can consist of other roles or authorization profiles)
Keep in mind that SAP systems are based on a "Positive Authorization Principle" meaning that a user can only perform a certain task if he is specifically assigned that authorization.
Edited by: Yiannis Petevis on Jan 27, 2009 11:24 PM -
RFC Sender - Logon User - What Roles and Authorizations?
Hi,
Scenario: RFC Sender --> XI --> JDBC
What necessary Roles and Authorizations has to be given for Logon User (in Sender RFC Communication Channel).
It has to be moved to production soon. My Client wants to give only Roles and Authorization that are necessary for the Logon User.
With Regards,
Manikandan RHi ,
U need to give ECC Authorisation
Application server : ECC Server
Sytsem no : ECC system number
Logoon User : ECC any username
password : password for above user
clientr : ECC client ( From which client u are sending to RFC adapter)
Regards,
Jayasimha jangam -
An issue with authentication and authorization on ISE 1.2
Hi, I'm new to ISE.
I have an issue with authentication and authorization.
I have ISE 1.2 plus patch 6 installed on VMware.
I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
I created authentication and authorization rules with Active Directory as External Identity Source. Also I applied authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
What should I do to resolve this issue?
Switch configuration:
testISE#sh runn
Building configuration...
Current configuration : 7103 bytes
! Last configuration change at 12:20:15Tue Apr 15 2014
! NVRAM config last updated at 10:35:02 Tue Apr 15 2014
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname testISE
boot-start-marker
boot-end-marker
no logging console
logging monitor informational
enable secret 5 ************
enable password ********
username radius-test password 0 ********
username admin privilege 15 secret 5 ******************
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
client 172.16.0.90 server-key ********
aaa session-id common
clock timezone 4 0
system mtu routing 1500
authentication mac-move permit
ip dhcp snooping vlan 1,22
ip dhcp snooping
ip domain-name elauloks
ip device tracking probe use-svi
ip device tracking
epm logging
crypto pki trustpoint TP-self-signed-1888913408
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1888913408
revocation-check none
rsakeypair TP-self-signed-1888913408
crypto pki certificate chain TP-self-signed-1888913408
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
ip ssh version 2
interface FastEthernet0/5
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/6
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/7
interface Vlan1
ip address 172.16.0.204 255.255.240.0
no ip route-cache
ip default-gateway 172.16.0.1
ip http server
ip http secure-server
ip access-list extended ACL-ALLOW
deny icmp any host 172.16.0.1
permit ip any any
ip radius source-interface Vlan1
logging origin-id ip
logging source-interface Vlan1
logging host 172.16.0.90 transport udp port 20514
snmp-server community public RO
snmp-server community ciscoro RO
snmp-server trap-source Vlan1
snmp-server source-interface informs Vlan1
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps mac-notification change move
snmp-server host 172.16.0.90 ciscoro
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
radius server ISE-Alex
address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
automate-tester username radius-test idle-time 15
key ******
ntp server 172.16.0.1
ntp server 172.16.0.5
endYes. Tried that (several times) didn't work. 5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts. Kept getting error message that username and password invalid. Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick. Think there is an issue with imap.gmail.com and IOS 6.0.1. I'm sure the 5 of us suddently experiencing this issue aren't the only ones. Apple will figure it out. Thanks.
-
Authentication and authorization for AD users in UCM11g
Hi all
we are using webcenter content server 11g. I read some where that for 11g users authentication is done in weblogic server environment, mean content server for 11g in now managed by weblogic server only, am i right?. we have successfully integrated Active Directory with weblogic sever and user of AD are able to log-in UCM but they don't have any role like contributor or Admin. How to do this role mapping for AD user in UCM i.e. authorization for these users. Please provide any guidence on this issue any doc or blog, we are new to webcenter suite.
Thanks
SomeshAs you already have weblogic integrated with AD, remains only role mapping and Single Sign-On integration. For authorization, AD must contain groups with exact names as roles in the Content Server. Those groups should be where Group Base parameter in the weblogic ActiveDirectoryAuthenticator point (like OU=Roles,OU=Oracle,DC=example,DC=com). Assigning AD user to the AD group named contributor, will add contributor role to logged Content Server user.
As for SSO, refer to the:
http://docs.oracle.com/cd/E23943_01/web.1111/e13707/sso.htm
and
http://docs.oracle.com/cd/E23943_01/doc.1111/e10792/c05_security.htm#autoId21
Procedure steps are:
Create a user account for the hostname of the web server machine in Active Directory
Create krb5.ini file, and locate it in the C:\Windows directory at both machines (Domain Controller and WLS host)
Generate the keytab file
Create a JAAS Login File named krb5Login.conf
Put both keytab and krb5Login.conf files to …/user_domains/domains/my_domain/
Configure the Identity Assertion Provider
Adjust Weblogic Server startup arguments for Kerberos authentication
Redeploy CS (and optionally other servers) server with the documentation given deployment plan
Check web browser configuration (IE and Firefox only)
Take a deep breath and test
If successful have a cake and cup of coffee else goto step one
Regards,
Boris -
How to implement Custom Authentication and Authorization in Oracle SOA 11g
Can anyone please tell me, how to implement Custom Authentication in Oracle SOA 11g ?
Because in Oracle SOA 10.1.3.4 , i have implemented this custom authentication and authorization by implementing BPMAuthenticationService, BPMAuthorizationService, BPMIdentityService to verify againt my database systems.
implementation classes like the mentioned below
1).
public class SampleAuthenticationService extends SampleServiceBase implements BPMAuthenticationService {
2).
public class SampleAuthorizationService extends SampleServiceBase implements BPMAuthorizationService {
3).
public class SampleIdentityService extends SampleServiceBase implements BPMIdentityService {
Please help me to implement the authentication and authorization in Oracle SOA 11g .
thanks in advanceTo start with please go through following document
http://docs.oracle.com/cd/E21764_01/integration.1111/e10231/adptr_jms.htm
http://docs.oracle.com/cd/E23943_01/integration.1111/e10231/adptr_file.htm
Regards
Arpit -
How can I authenticate and authorize with Web Service on ESB ?
Hello,
I want to authenticate and authorize client with Web Service published
by HTTP/SOAP BC.
Simply if it is an Web Service as J2EE application, I will use
Basic Authentication with JAX-RPC and Realm.
But I think that Web Service published by HTTP/SOAP BC is not belong
to J2EE Application. Threre is no place to describe security role mapping
(like web.xml).
JBI 1.0 the section "5.5.1.1.3 Normalized Message Properties" comments
JAAS Subject is given in the NM Properties. Really in this package
com.sun.jbi.internal.security.*
implements JAAS autentication and authorization (at JaasAuthenticator).
But I can't see how to configure my Service to use this.
How can I authenticate and authorize with Web Service on ESB ?
I referred to the resources.
Mutual Authentication for Web Services: A Live Example
http://developers.sun.com/prodtech/appserver/reference/techart/mutual_auth.html
XML and Web Services Security
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security7.html
JAAS Authentication Tutorial
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
Thanks,
Takurou
- environment ---------------------------------------------
OpenESB : Project Open ESB Starter Kit
AppServer : Sun Java Systems Application Server 9.0 PE
OS : Windows XP
I don't assume to use SSL (if It's necessary I will try).
User information is stored in a LDAP Server.
-----------------------------------------------------------Hello,
I read this resource.
SecurityDesign
http://www.glassfishwiki.org/jbiwiki/Wiki.jsp?page=SecurityDesign
Then I think [non-ssl and ssl/tls and so on] securing by basic authentication is ongoing feature at this time.
But I can't see well why this page comments 'HTTP over SSL, TLS'.
HTTP/SOAP Binding Component Overview
http://download.java.net/general/open-esb/docs/jbi-components/httpsoap-bc.html
Does BC support only "SSL server authentication" ?
Doesn't BC support "SSL client authentication" by username/password ?
Thanks,
Takurou -
At one point I posted a forum entry and posted a solution for my entry regarding keeping the app deployments around while recreating/overwriting the domain using WLST offline. Keep App Deployments while recreating the domain in WLST offline
Things seems to work, except that I noticed that the XACML Role Mapper and Authorizer that were created the first time around (when there is no domain folder) are getting replaced by default Role Mapper and Authorizer (on subsequent runs when the domain folder already exists and we overwrite the domain)
Basically the first readDomain is causing this. without reading the domain, I cannot get the app list.
System.setProperty("com.bea.cie.script.throwException","true")
appdeps={}
try:
readDomain('c:/temp/basicWLSDomain')
cd('/AppDeployments')
apps=ls(returnMap='true')
for app in apps:
appdeps[app]=ls(app,returnMap='true', returnType='a')
except:
pass
try:
closeDomain()
except:
pass
#=======================================================================================
# Open a domain template.
#=======================================================================================
readTemplate("c:/wls11/wlserver_10.3/common/templates/domains/wls.jar")
#=======================================================================================
# Configure the Administration Server and SSL port.
# To enable access by both local and remote processes, you should not set the
# listen address for the server instance (that is, it should be left blank or not set).
# In this case, the server instance will determine the address of the machine and
# listen on it.
#=======================================================================================
cd('Servers/AdminServer')
set('ListenAddress','')
set('ListenPort', 7001)
create('AdminServer','SSL')
cd('SSL/AdminServer')
set('Enabled', 'True')
set('ListenPort', 7002)
#=======================================================================================
# Define the user password for weblogic.
#=======================================================================================
cd('/')
cd('Security/base_domain/User/weblogic')
cmo.setPassword('weblogic11g')
#=======================================================================================
# Create a JMS Server.
#=======================================================================================
cd('/')
create('myJMSServer', 'JMSServer')
#=======================================================================================
# Create a JMS System resource.
#=======================================================================================
cd('/')
create('myJmsSystemResource', 'JMSSystemResource')
cd('JMSSystemResource/myJmsSystemResource/JmsResource/NO_NAME_0')
#=======================================================================================
# Create a JMS Queue and its subdeployment.
#=======================================================================================
myq=create('myQueue','Queue')
myq.setJNDIName('jms/myqueue')
myq.setSubDeploymentName('myQueueSubDeployment')
cd('/')
cd('JMSSystemResource/myJmsSystemResource')
create('myQueueSubDeployment', 'SubDeployment')
#=======================================================================================
# Create and configure a JDBC Data Source, and sets the JDBC user.
#=======================================================================================
cd('/')
create('myDataSource', 'JDBCSystemResource')
cd('JDBCSystemResource/myDataSource/JdbcResource/myDataSource')
create('myJdbcDriverParams','JDBCDriverParams')
cd('JDBCDriverParams/NO_NAME_0')
set('DriverName','com.pointbase.jdbc.jdbcUniversalDriver')
set('URL','jdbc:pointbase:server://localhost/demo')
set('PasswordEncrypted', 'PBPUBLIC')
set('UseXADataSourceInterface', 'false')
create('myProps','Properties')
cd('Properties/NO_NAME_0')
create('user', 'Property')
cd('Property/user')
cmo.setValue('PBPUBLIC')
cd('/JDBCSystemResource/myDataSource/JdbcResource/myDataSource')
create('myJdbcDataSourceParams','JDBCDataSourceParams')
cd('JDBCDataSourceParams/NO_NAME_0')
set('JNDIName', java.lang.String("myDataSource_jndi"))
cd('/JDBCSystemResource/myDataSource/JdbcResource/myDataSource')
create('myJdbcConnectionPoolParams','JDBCConnectionPoolParams')
cd('JDBCConnectionPoolParams/NO_NAME_0')
set('TestTableName','SYSTABLES')
#=======================================================================================
# Target resources to the servers.
#=======================================================================================
cd('/')
assign('JMSServer', 'myJMSServer', 'Target', 'AdminServer')
assign('JMSSystemResource.SubDeployment', 'myJmsSystemResource.myQueueSubDeployment', 'Target', 'myJMSServer')
assign('JDBCSystemResource', 'myDataSource', 'Target', 'AdminServer')
#=======================================================================================
# Write the domain and close the domain template.
#=======================================================================================
setOption('OverwriteDomain', 'true')
setOption('CreateStartMenu', 'false')
writeDomain('c:/temp/basicWLSDomain')
closeTemplate()
#=======================================================================================
# Exit WLST.
#=======================================================================================
exit()
So I thought I will create the XACML Authorizer and Role Mapper myself instead of letting the default domain creation process do it. but that is resulting in duplicates on the first run (when the domain folder does not exist) and in the subsequent runs (when the domain folder already exists), I see one XACML and one default.
cd('/')
create('base_domain', 'SecurityConfiguration')
cd('SecurityConfiguration/base_domain/Realm/myrealm')
ls('a')
create('XACMLAuthorizer', 'weblogic.security.providers.xacml.authorization.XACMLAuthorizer','Authorizer')
create('XACMLRoleMapper', 'weblogic.security.providers.xacml.authorization.XACMLRoleMapper','RoleMapper')
I am going no where with Oracle Support. I am wondering if anyone ran into this before.com.oracle.cie.config-wls-schema_10.3.6.0.jar has various SecurityConfiguration XML fragments and the wrong fragment is being used when the domain is recreated.
I am thinking it is a logic issue in domain creation. -
E-Recruitment and/or Recruitment ???
Hi all.
Could you please tell me the difference between E-Recruitment and Recruitment ??
Those are differents modules in HR that works in collaboration or just can be implemented and work one at the same time?
Thanks in advance.
EnriqueHi,
E-recruitment is a separate node. Recruitment and E-Recruitment are different. If you are implementing it for the first time you need a technical / basis person .
SAP E-recruitment follows normal Recruitment cycle i.e.
1. Creation of Requisition and then Approval.
2. Creation of Job Posting and their approval.
3. Applications from the Candidates ( Internal/External ) through different media
4. Applicant tracking from the Support Team.
5. At the time of Date of Joining , conversion of Applicant data to Master data. ( Through PA48 or XI )Interface
http://help.sap.com/saphelp_erp60_sp/helpdata/en/72/c9b54015c4752ae10000000a155106/frameset.htm
Also chk this link for differences;
http://solutionbrowser.erp.sap.fmpmedia.com/
If you give the source as 4.6 and target as ECC 6 enhancement package 3 ,choose HR & module as PA-ER,it displays a list of delta functionalities between the two systems.You can get a fair idea about the Recruitment functionality differences.
Regards
CSM Reddy -
What Roles and Authorization Req
Hi All,
I am getting the Error in SOAP to RFC Sync secnario.
User using one URL through that URL he is trying the send the data to before sending the req user have the USER ID and Password. what are the Roles and Authorization req for that user id and password. Are they service user id ?
RegardsThis user ID have roles similar to Service user PIAPPLUSER or XIAPPLUSER. However, it is recommended not to provide this user detail directly to sender system. Instead create a new user and provide that to your partner.
Regards,
Prateek
Maybe you are looking for
-
I have a form created in LiveCycle ES2. I have mapped some fields to a schema that causes LC to generate XML that adheres to the import format of one of my company's internal databases. There is one problem: the system's import function looks for a D
-
Does anybody know why my daily backup runs exactly one hour late? Almost always. About one time in 50 it will run on time. This has continued since I first wrote the User Agent about a year ago. It doesn't matter whether it is summer time or winter t
-
What happens to iPhoto and Aperture access if I do the latest update to iMovie which supports the upcoming Photos app?
-
Pixelated and barely readable pop-up menu.
I created a Blu-ray pop-up menu using Photoshop which looks like this: I burned the project on a 25GB Blu-ray disc and when I play it on my Playstation 3 it looks like this: As you can see, the buttons get really ugly, pixelated and barely readable,
-
Catalog will not load can't create a new one
I deleted cookies@yesterday and now my catalog will not load and nothing is working