"Emergency role" for system administrators

Similar Messages

• Is Sun Ray a suitable solution for system administrators?

  My company is deciding if Sun Ray can be a viable solution for system administrators for additional level of security since Sun Ray clients are diskless...less worries about malware or virus...etc.
  However, looking through Sun's available thin client machines, there is no selection of laptop form. As you can guess, sysadmins are mostly remote and on the go...it cannot be expected that they are always at their desks or homes to access the thin client machines. I understand the availability of the web client solution...however, have my doubts about that and how much would sysadmins actually embrace it.
  On the other hand, the inability of copy & paste as they are currently doing with traditional thick clients can be problematic too. One use case is when they test and build config on their desktops (say notepad), then upload to server hosts...or opposite, when they need to download logs to their machines and investigate...
  I am not going into questions about support of OS X and other tools sysadmins usually use...since the support of true remote access will be the biggest hurdle up front.
  Any comments?

  Hmmm. Very late to this conversation, but couldn't help to throw some change into the hat.
  For casual use of light-weight, non-power hungry applications, running apps via SGD over a Sun Ray (soft client or not) is probably ok. But if you were to try to do this for normal users who need PC-like performance, you'd be delusional. Display information will travel over the network 3 times and you can't take advantage of any of the new, faster graphics capabilities of the newer Sun Ray's when you introduce SGD as the means to access Windows desktop applications.
  To be explicit:
  Sun-Ray -> Sun Ray Server uses ALP.
  Sun Ray Server -> SGD uses AIP.
  SGD Server -> Windows Server uses RDP.
  If you deploy this widely, better go buy some stock in Cisco.
  I'd use SGD only for remote PC/Mac/Unix users who need to bounce in from the wild west.
  I'd use Sun Ray -> Sun Ray Servers + Windows connector (uttsc) for thin client access.

• Role for system data dictionary read-only access

  [NOTE: this is for 9i]
  What grants must a role have to have read-only access to
  the system data dictionary tables (e.g.: ALL_SOURCE,
  ALL_OBJECTS, ...)?
  Or, is there somewhere in the docs that talks about this
  kind of role?
  Thanks in advance,
  Robert

  Well, the answer to your explicit question would be that it would need SELECT on each of the data dictionary views that do not have SELECT granted to PUBLIC. To find out what those are, you could do:
  SELECT table_name, privilege
  FROM dba_tab_privs
  WHERE grantee = 'SELECT_CATALOG_ROLE'however, it would probably be easier just to grant it SELECT_CATALOG_ROLE :-)
  John

• Java Role for system info

  Is there a role that would give a user access to system info only ?
  http://svrname:5XX00/monitoring/SystemInfo

  You should be able to display that info using J2EE_ADMIN user... in any case,
  Check this,
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/407d9359-cb8f-2c10-6c8e-ecc541dcd7a4&overridelayout=true
  Regards
  Juan

• Role for business system defined in SXMS_CONF_ITEMS'

  hi
  in RWB integration engine status is red in detail it is showing.
  'No role for business system defined in SXMS_CONF_ITEMS'.
  how can i fix this.
  regards,
  krushi

  HI
  Runtime Workbench - Integration Engine
  Are the Roles in SXMS_CONF_ITEMS and the SLD Consistent?
  //***The role of a business system is defined centrally in the SLD. However, you can overwrite this setting locally in the table SXMS_CONF_ITEMS.
  This test checks whether the role descriptions are consistent. If not, the locally defined role is used at runtime.
  extract taken from this thread
  http://help.sap.com/saphelp_nw04s/helpdata/en/a5/1b5342d8a7be30e10000000a155106/frameset.htm
  Message was edited by:
          Anusha  Ramsiva

• No role for business system defined in SXMS_CONF_ITEMS

  Hi Experts.
  I have the following problem. We were set up the XI in our company and now we are trying to configure and run it propertly. We had some problems so far and now there is the next one: I configured the simple scenario FILE-XI-FILE but it doesn't work <b>:(</b>. Every step from the scenario was completed successfully (after some problems) but when I have started runtime Workbench (RWB) in order to monitor the functionality of XI and I choosed <b>Component Monitoring | Components | Integration Server | Integration Engine GPI</b> I see that I have an error in Self-Test Status | <b>Are roles in SXML_CONF_ITEMS and SLD consistent</b>? In detail it's <b>No role for business system defined in SXMS_CONF_ITEMS</b>. My business and technical systems look to be well configured but now I'm hopeless because I can't find nothing more specific about <b>SXMS_CONF_ITEMS</b> table. I tried some notes and threads from the forum but nothing helped me after all. So please help if someone has an experience with something similar. Any help will be appreciated. Thanks
  Ondrej

  Hi,
  The role of a business system is defined centrally in the SLD. However, you can overwrite this setting locally in the table SXMS_CONF_ITEMS.
  This test checks whether the role descriptions are consistent. If not, the locally defined role is used at runtime.
  Check in transaction SXMB_ADM -> integration engine configuration a parameter (Corresponding Integ. Server) if all parameters are correct n not lost.
  refer : http://help.sap.com/saphelp_nw04/helpdata/en/a5/1b5342d8a7be30e10000000a155106/content.htm
  Runtime Workbench - Integration Engine
  http://help.sap.com/saphelp_nw04s/helpdata/en/70/58b43be7492354e10000000a114084/frameset.htm
  Regards
  Aashish Sinha
  PS : reward points if helpful

• Standard roles for entering master data in SAP system

  Hi Experts!
  We are deploying an SAP solution based on PS module, but supported by other modules like FI-CO-MM. We need some help on finding which standard SAP roles/profiles will allow us to create the following entities in the system:
  - Controlling Area
  - Company Code
  - Business Area
  - Plant
  - Location
  - Profit Center
  - Controlling order
  - Cost Element
  - G/L Account
  - Currency
  - Materials
  - Purchasing Organization
  - Material Group
  - Vendor
  - Purchasing Group
  - Outline agreement / position
  - Storage Location
  - Creating new characteristics in the clasification system (Tx CT04)
  - Work Center
  - Responsible names (for PS responsibles)
  Thank you in advance.
  Best regards,
  Neil

  Please go though this link. Which provides role for all PS txn . click on left side and choose roles based on your requirement.
  http://help.sap.com/erp2005_ehp_04/helpdata/EN/90/7c8838ba4bed0fe10000009b38f8cf/frameset.htm
  Regards
  Nitin

• Role Provisioning failed for System(s) : Connector Name . Error Message : malformedRequest

  Hi Everyone we are facing following issue in GRC-SAC-SAE 5.3_16.3. So far our CUP was connected to Enterprize portal (7.01) and auto provisioning for group to users worked. However now it is not working with below error.
  Role Provisioning failed for System(s) : <Connector Name>. Error Message :
  malformedRequest
  Failed request now
  Successful request used to provision
  Regards,
  Arpan Paik

  Arpan,
  We used to get those "malformed request" errors. We dealt with them by requesting the portal to be re-booted during the weekend maintenance window, making the portal security changes manually, cancelling the CUP request and notifying the requester. It's not a great solution, I know, but it was all we could come up with at the time. Then they upgraded the portal to NW 7.31, which is incompatible with GRC 5.3, and we have to do everything manually, so our situation went from bad to worse. Good luck!
  Cheers,
  Gretchen

• Do we have to have system admin role for pdk???!!!

  Hi ,
  Pdk Is meant for Java developers.and we have a requirement where developers will not be given system admin role, but just java developer role, that comes with PDK(to deploy, download, par applications)
  i was going through the weblog
  and in that it is mentioned ·
  "To ensure that you have the correct permissions to run all the applications in the business package, you must be assigned to the following portal roles:
  Role ID     Description
  pcd:portal_content/administrator/super_admin/super_admin_role     Super Administration
  pcd:portal_content/com.sap.pct/administrator/super_admin/com.sap.portal.super_admin_role     Super Administration "
  if the pdk has to have system admin role, then there is no meaning that it comes with java developer role .
  can anyone tell me if i understood it a wrong way .
  please help
  Thanks,
  Lakshmi.

  Hi Lakshmi,
  The Java developer role only comes with Component manager and Component Inspector and some plugins for IDE.
  To work just with PDK a Java Developer role is fine, but once the PAR is deployed, a developer has to login and create the iview from that par.For this he needs a Content Admin Role.
  I have gone through the link mentioned by you and it says u need to have superadmin role,every user,conent admin role for all the iviews to work correctly which is true this way.
  If your iview is talking to the backend system u need access to the backend and to create a System object u need a System Admin role.
  So, along with the Java developer role, a developer has to have ContentAdmin and SystemAdmin roles.
  Hope this helps.

• Initial roles for sap consultants in Development system .

  HI all,
  I am new in security, now I have to create one fi ,sd, mm,pp, abap users in my development server (ecc 6.0 in sql server). I need standard roles for there users.
  Please give me security matrix.
  Regards,
  swathi-k

  in tcode PFCG you can drop down the list of available roles as per your requirement and assign them to the users. you have to give the appropriate authorizations. In case you can find the role as per your requirement, then you have to create your own roles and assign them to the users.
  follow for more details : http://help.sap.com/saphelp_nw2004s/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm
  Cheers,
  -Sunil

• Lock Role for Changes till the transport is released

  Issue : since roles are managed by multiple security administrators, changes are moving against the sequence.
  We have multiple security administrators, is there a way to lock a role for changes until the task/ req is released.
  Example Scenario :
  Security admin 1 : if there is a change request to add SU01 to the role: Z_TESTROLE, Security admin adds it and creates a Change request but does not release it.
  Security Admin 2 : the security admin 2 will get a Change req for the same role Z_TESTROLE to add a tcode PFCG to it. Security admin 2 does his job and moves his transport now even though the first transport does not move the change made by the first security admin moves with the transport for the second admin.
  We have multiple security administrators, is there a way to lock a role for changes until the task/ req is released.

  Hi all,
  Thanks for your responses.we follow a change procedure but I guess its just needs to be refined. Everybody figured out that this is a coordination issue but I was asked to research on any technical ability to handle this.
  Here is a brief overview of our process :
  1) BPO approves the change
  2) Role owner support manager approves the change
  then the Change request comes to 3)Security Manager for her approval.
  I feel from Sox prespective the 3rd approval in not manadatory.
  I'm I correct ??? where can I find Sox guide for SAP ?
  Recap of the incident:
  1)A change ticket is created for the t-code creation and a task is created for the role in which this report is to be added.
  State I role Z_TESTROLE  is with ZMMR0025
  After adding the new report ZMMR0055 the old report ZMMR0025 is removed.
  State II
  The role Z_TESTROLE has tcode ZMMR0055
  now this is tested in development system by the requestor.
  Before this goes into PRD via QA a newsflash is sent to all the endusers (so that they know which t-code to use)
  Meanwhile if another security administrator works (suppose adds a new tcode or changes an authorization)  on this while the role is in state II changes made by Admin 1 are transported along with the second change.
  State II + new changes = State III
  When the role reaches PRD in state III result is the end user losses access to the required functionality ZMMR0025 before ZMMR0055 is made available.
  I hope I’m clear , please let me know if I need to be more specific on any part.
  I appreciate your help.
  regards,
  Salman.

• E-Recruiting 6.0: Business Partner Role For Branches

  Hi Experts,
  In the IMG, SAP E-Recruiting > Basic Settings > Enterprise Structure > Define Business Partner Role for Branches
  Can anyone help in the following:
  1) What is the purpose of Business Partner Role and how does it relate the Branches? Or how can i make use of it?
  2) If i am going to maintain the Company & Branches via the Administrator function instead of IMG, do I still need to configure this step: Define Business Partner Role for Branches
  Thanks.  Will reward points for any helpful tips.
  William

  Hello William,
  the Business Partner is an application / module which belongs to the base components of the SAP. It is used and partly extended by various other applications / modules. Next to E-Recruiting it is used for example by CRM and the financial service solution (FS-CS, FS-PM, FS-RI). All of these modules can put their data for a person or an organization into the same tables. Depending on the installation / system environment or even within one single module the requirements for available fields and business checks as on authorization differ between kinds of business partners (e.g. in FS-CS the commission solution for the financial service sector knows external agents and internal employees which have to be treated differently). The business partner is the element to assign the logical / business role in which a person is handled by the system.
  For E-Recruiting you have 2 kinds of business partners, too. On the one and there are people being candidates and on the other hand there are branches of your company which hire people. The configuration allows you to seperate them if you need to identify anywhen which business partner is a branch and which is a candidate. So far I never tried if this is really working as there is no real use for this I never set it up. The attributes and the business checks are the same anyways.
  Hope that helps a bit to understand the context
  Best Regards
  Roman Weise
  PS: please remember that you have to maintain the branches via administrator bsp application. Using the IMG entry won't work.

• There is no iView available for system "SAP_ERP_Manufacturing"...

  Hi out there,
  I have imported the business packages Common Parts 1.2 and Maintenance Technician 1.2 in our portal testsystem (nw7, sps18). after setting up a system with alias SAP_ECC_MANUFACTURING and asigning the role com.sap.pct.erp.maintech.maintenance_technician to my super admin user I can browse through the navigation of this role and all the iviews do what they are supposed to to (e.g. I can call the "Technical Structure View" and create a notification for an object out of the list)...
  When assigning the role com.sap.pct.erp.maintech.maintenance_technician to a test user (with the roles and groups from a simple enduser), I get the following error when trying to create anotification (or doing anything else in the technical structure view): There is no iView available for system "SAP_ERP_Manufacturing": object "notification".
  I have checked the permissions in all relevant areas of the PCD. Everywhere there are at least read permissions for everyone. Also I have copied the iView com.sap.pct.erp.common.notification_create to another place in the PCD and added it to the operation "create" of the Business Object "SAP_ERP_Manufacturing.notification" (with the highest priority). But that didn't change anything...
  Well, I don't know what else I could do to find out what's wrong. I just hope anyone out there can help me out... )
  Best Regards
  Juergen Kuechle.

  Hi Thulasi,
  sorry, but that's not the point. The system with alias "SAP_ECC_MANUFACTURING" is used to call the WD application in the R/3 backend system (which works out pretty fine). The WD application then calls back the portal using the object based navigation technology (OBN). In this case it calls the object SAP_ERP_Manufacturing.notification and tries to execute the iview linked to the action "create" of the object.
  And here exactly is the problem that I'm facing. With the super admin user OBN works fine, with an enduser the OBN fails...
  Regards, Juergen.

• Getting an error while configuring VMM for System Center 2012. error - An internal error has occurred trying to contact an agent on the WIN-NTJU8CNU server: : . Ensure the agent is installed and running.

  Hi,
  I am trying to install "System Center 2012 - Virtual Machine Manager by Using a Pre-Configured VHD".
  I downloaded install guide & the binaries from http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=10712
  I have followed the installation document & getting an error while configuring VMM for System Center 2012.
  error details from log file given below:
  01:12:24:VMMPostinstallProcessor threw an exception: Threw Exception.Type: Microsoft.Carmine.WSManWrappers.WSManProviderException, Exception.Message: An internal error has occurred trying to contact an agent on the WIN-NTJTNEJ1UCN.mydomain.com server: : .
  Ensure the agent is installed and running. Ensure the WS-Management service is installed and running, then restart the agent.
  01:12:24:StackTrace:   at Microsoft.Carmine.WSManWrappers.ErrorContextParameterHelper.ThrowTranslatedCarmineException(WsmanSoapFault fault, COMException ce)
     at Microsoft.Carmine.WSManWrappers.WsmanAPIWrapper.RetrieveUnderlyingWMIErrorAndThrow(SessionCacheElement sessionElement, COMException ce)
     at Microsoft.Carmine.WSManWrappers.WsmanAPIWrapper.Invoke(String actionUri, WSManUri targetUri, Hashtable parameters, Type returnType, Boolean isCarmineMethod, Boolean forceResponseCast)
     at Microsoft.Carmine.WSManWrappers.AgentManagement.AssociateLibrary(WsmanAPIWrapper wsmanObject, String CertificateSubjectName, String& ExportedCertificate, ErrorInfo& ErrorInfo)
     at Microsoft.VirtualManager.Setup.VirtualMachineManagerHelpers.AssociateAgentServer(String fullyQualifiedServerName)
     at Microsoft.VirtualManager.Setup.VirtualMachineManagerHelpers.AssociateDefaultLibraryServer()
     at Microsoft.VirtualManager.Setup.VirtualMachineManagerHelpers.SetupLibraryShare()
     at Microsoft.VirtualManager.Setup.InstallItemCustomDelegates.PangaeaServerPostinstallProcessor()
  01:12:24:InnerException.Type: System.Runtime.InteropServices.COMException, InnerException.Message: There is a time and/or date difference between the client and server.
  01:12:24:InnerException.StackTrace:   at WSManAutomation.IWSManSession.Invoke(String actionUri, Object resourceUri, String parameters, Int32 flags)
     at Microsoft.Carmine.WSManWrappers.MyIWSManSession.Invoke(String actionUri, Object resourceUri, String parameters, Int32 flags)
     at Microsoft.Carmine.WSManWrappers.WsmanAPIWrapper.Invoke(String actionUri, WSManUri targetUri, Hashtable parameters, Type returnType, Boolean isCarmineMethod, Boolean forceResponseCast)
  01:12:24:ProcessInstalls: Running the PostProcessDelegate returned false.
  01:12:24:ProcessInstalls: Running the PostProcessDelegate for PangaeaServer failed.... This is a fatal item.  Setting rollback.
  01:12:24:SetProgressScreen: FinishMinorStep.
  01:12:24:ProcessInstalls: Rollback is set and we are not doing an uninstall so we will stop processing installs
  I have completed MSSQL server configuration and while configuring VMM the below error displayed in the wizard:
  An internal error has occurred trying to contact an agent on the WIN-NTJTNEJ1UCN.mydomain.com server: : .
  Ensure the agent is installed and running. Ensure the WS-Management service is installed and running, then restart the agent.
  I have checked that the following services are running:
  1) Verified WS-Management srvice 2) MSSQL server + MSSQL (agent)  3)SC VM Manager Agent  4)  Windows management instrumentation .
  I have joined the VM (on which installing SC VMM) in a domain(as per install guide) and installing VMM using domain account & it is in local Administrators group.
  Also I would like know if there is any stand alone SC VMM installer. If yes then please let me know the installer location & install guide.
  thanks.
  ====

  Have you installed AppController on the same machine with VMM?

• Portal error in SRM 7.0 -"There is no iView available for  system "SAP_SRM"

  Hi All,
  We have portal ( SAP EP 7.0) as the front end for SRM 7.0 ,We have integrated SRM with portal through the system alias SAP_SRM.
  With the PDP scenario the users are facing the below issue while they try to open any documents ( let it be RFx/contract).
  "There is no iView available for  system "SAP_SRM": object "cont". For more information, contact your administrator."
  We installed the latest JRE (1.6.0.17) in the machine , but it didn't fix the problem. It appears to be a a lorcal issue with the settings in browser as some people ( very few) are able to open the documents.
  Any pointers?
  Thanks
  Arun

  Hi Arun,
  Pls check the portal content and portal roles with iviews maintained properly or not.
  Pls chek this page for ivew and portal role matrix. and cross check with your portal roles.
  This might help you.
  http://help.sap.com/saphelp_srm70/helpdata/en/27/d1185fd9764001953386c6e10058ab/frameset.htm
  Regards
  Kiran