Enterprise Role Concept in ERM

Hello,
We want to implement Enterprise Role(Not Portal) concept in ERM. Anybody has implemented this concept of composite roles from different single roles belonging to different SAP components.
Ex : Marketing Management Enterprise Role is a collection of single roles from ECC and SCM. We want to have cross system risk analysis performed on the same.
Thanks in advance,
Ashutosh

Hi Sri,
Is the role status set to "production" ??
Cheers,
Diego.

Similar Messages

  • 500   Internal Server Error in GRC 5.3 Enterprise Role Management

    Hi All;
    We've installed Sap GRC Access Control 5.2 on Sap Netweaver 7.0.
    We installed SAP NetWeaver 7.0 (2004s)
    SAP Internet Graphics Service (SAP IGS)
    VIRCC00_0.SCA -SP15
    VIRAE00_0.SCA -SP15
    VIRRE00_0.SCA -SP15
    VIRFF00_0.SCA -SP15
    VIRSANH  -SP15
    VIRACCNTNT.SAR-SP15
    Our sp levels are for abap side;
    SAP_ABA     700     0014
    SAP_BASIS     700     0014
    PI_BASIS     2005_1_700     0014
    SAP_BW     700     0016
    VIRSANH     530_700     0015
    When we started to configure the components according to the Configuration Guide,In Enterprise Role Management part,i want to do the Configuring Risk Analysis Integration with RAR but on the CONFIGURATION tab when i navigate to the Miscellaneous,the page gives me the error message :
    "500   Internal Server Error
      SAP J2EE Engine/7.00 
      Application error occurred during request processing.
      Details:   java.lang.NullPointerException: null
    The logs are;
    #1.5 #0050568C003D006800000011000026540004A12E73AF8A7C#1303120788268#com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager#sap.com/irj#com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.addDefaultAlias#J2EE_GUEST#0##n/a##98478fc069a211e0cef50050568c003d#Thread[ConfigurationEventDispatcher,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error##Plain###
    [BEGIN] Exception -
    javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content [Root exception is javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content]
         at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:407)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookupLink(PcdProxyContext.java:1353)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookup(PcdProxyContext.java:1300)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.lookup(PcdProxyContext.java:1067)
         at com.sapportals.portal.pcd.gl.PcdGlContext.lookup(PcdGlContext.java:68)
         at com.sapportals.portal.pcd.gl.PcdURLContext.lookup(PcdURLContext.java:238)
         at javax.naming.InitialContext.lookup(InitialContext.java:347)
         at com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.addDefaultAlias(SCFSystemManager.java:239)
         at com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.doAliasOperations(SCFSystemManager.java:111)
         at com.sap.ip.collaboration.sync.impl.scf.config.ServiceRegistryConfiguration.refreshCache(ServiceRegistryConfiguration.java:203)
         at com.sap.ip.collaboration.sync.impl.scf.config.ServiceRegistryConfigEventListener.refreshConfigCache(ServiceRegistryConfigEventListener.java:13)
         at com.sap.ip.collaboration.sync.impl.scf.config.AbstractConfigEventListener.configEvent(AbstractConfigEventListener.java:28)
         at com.sapportals.config.event.ConfigEventService.dispatchEvent(ConfigEventService.java:227)
         at com.sapportals.config.event.ConfigEventService.configEvent(ConfigEventService.java:112)
         at com.sapportals.config.event.ConfigEventDispatcher.callConfigListeners(ConfigEventDispatcher.java:308)
         at com.sapportals.config.event.ConfigEventDispatcher.flushEvents(ConfigEventDispatcher.java:251)
         at com.sapportals.config.event.ConfigEventDispatcher.run(ConfigEventDispatcher.java:110)
    Caused by: javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content
         at com.sapportals.portal.pcd.gl.xfs.XfsContext.getChildAtomicName(XfsContext.java:431)
         at com.sapportals.portal.pcd.gl.xfs.XfsContext.lookupAtomicName(XfsContext.java:235)
         at com.sapportals.portal.pcd.gl.xfs.BasicContext.lookup(BasicContext.java:919)
         at com.sapportals.portal.pcd.gl.PcdPersContext.lookup(PcdPersContext.java:387)
         at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:403)
         ... 18 more
    [END] Exception -
    Exception id: [0050568C003D007500000039000026540004A12E88C68DAE]"
    #1.5 #0050568C003D006D000000A7000026540004A12E79B6901C#1303120889408#System.err#sap.com/tc~kw_tc#System.err#J2EE_GUEST#0##n/a##9ea951f069a211e0c6f00050568c003d#SAPEngine_Application_Thread[impl:3]_39##0#0#Error##Plain###Apr 18, 2011 1:01:29 PM      com.sap.kw.framework.FrontController [SAPEngine_Application_Thread[impl:3]_39] Info: FrontController: app init failed ...
    #1.5 #0050568C003D006D000000A8000026540004A12E79B6925E#1303120889408#System.err#sap.com/tckw_tc#System.err#J2EE_GUEST#0##n/a##9ea951f069a211e0c6f00050568c003d#SAPEngine_Application_Thread[impl:3]_39##0#0#Error##Plain###Apr 18, 2011 1:01:29 PM      com.sap.kw.framework.FrontController [SAPEngine_Application_Thread[impl:3]_39] Path: Caught java.lang.NullPointerException: FATAL ERROR: Could not load E:
    usr
    sap
    MGD
    DVEBMGS00
    j2ee
    cluster
    server0
    apps
    sap.com
    tckw_tc
    servlet_jsp
    SAPIKS2
    root
    WEB-INF
    ApplConfig.xml
         at com.sap.kw.framework.XMLConfiguration.<init>(XMLConfiguration.java:53)
         at com.sap.kw.actions.ApplConfig.init(ApplConfig.java:83)
         at com.sap.kw.framework.FrontController.init(FrontController.java:222)
         at com.sap.engine.services.servlets_jsp.server.runtime.context.WebComponents.addServlet(WebComponents.java:139)
         at com.sap.engine.services.servlets_jsp.server.container.ApplicationThreadInitializer.loadServlets(ApplicationThreadInitializer.java:386)
         at com.sap.engine.services.servlets_jsp.server.container.ApplicationThreadInitializer.run(ApplicationThreadInitializer.java:110)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    #1.5 #0050568C003D007200000021000026540004A12E7AD53183#1303120908190#com.sap.slm.exec.message.SLMApplication#sap.com/tcslmslmapp#com.sap.slm.exec.message.SLMApplication#J2EE_GUEST#0##n/a##a061141069a211e0890c0050568c003d#SAPEngine_Application_Thread[impl:3]_32##0#0#Error##Java###"CfgObjectLoadVisitor" cannot load com.sap.slm.util.config.objects.CfgSDTServer from SLM configuration. Cannot read configuration in path ''SLM''##
    #1.5 #0050568C003D001B00000002000026540004A12E7B3058F9#1303120914164#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain### Location :<com.sap.sl.ut> is initialized!#
    #1.5 #0050568C003D001B00000004000026540004A12E7B3059B1#1303120914164#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain### Cotegory :</System/Server> is initialized and bound to Location: <com.sap.sl.ut>#
    #1.5 #0050568C003D001B00000006000026540004A12E7B3076F4#1303120914172#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain###Establishing db connection...#
    #1.5 #0050568C003D002400000297000026540004A12E7CC1E87F#1303120940477#com.sap.portal.prt.sapj2ee.error##com.sap.portal.prt.sapj2ee.error####n/a##39c1422069a211e08b030050568c003d#SAPEngine_System_Thread[impl:5]_86##0#0#Error#1#/System/Server#Java###Exception while starting: sap.com/ccxsysbgear
    [EXCEPTION]
    #1#com.sap.engine.services.deploy.container.DeploymentException: <Localization failed: ResourceBundle='com.sap.engine.services.deploy.DeployResourceBundle', ID='Exception while starting: SAPJ2EE::sap.com/grc~ccxsysejbear', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key Exception while starting: SAPJ2EE::sap.com/grc~ccxsysejbear
         at com.sap.portal.prt.sapj2ee.SAPJ2EEPortalRuntime.getAndStartSAPJ2EEApplicationItem(SAPJ2EEPortalRuntime.java:876)
         at com.sap.portal.prt.sapj2ee.PortalRuntimeContainer.prepareStart(PortalRuntimeContainer.java:511)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationLocalAndWait(DeployServiceImpl.java:4361)
         at com.sap.engine.services.deploy.server.ReferenceResolver.processReferenceToApplication(ReferenceResolver.java:589)
         at com.sap.engine.services.deploy.server.ReferenceResolver.processMakeReference(ReferenceResolver.java:399)
         at com.sap.engine.services.deploy.server.ReferenceResolver.beforeStartingApplication(ReferenceResolver.java:328)
         at com.sap.engine.services.deploy.server.application.StartTransaction.beginCommon(StartTransaction.java:162)
         at com.sap.engine.services.deploy.server.application.StartTransaction.beginLocal(StartTransaction.java:141)
         at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesLocal(ApplicationTransaction.java:356)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:132)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.makeAllPhasesLocalAndWait(ParallelAdapter.java:250)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationLocalAndWait(DeployServiceImpl.java:4450)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationsInitially(DeployServiceImpl.java:2610)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.clusterElementReady(DeployServiceImpl.java:2464)
         at com.sap.engine.services.deploy.server.ClusterServicesAdapter.containerStarted(ClusterServicesAdapter.java:42)
         at com.sap.engine.core.service630.container.ContainerEventListenerWrapper.processEvent(ContainerEventListenerWrapper.java:144)
         at com.sap.engine.core.service630.container.AdminContainerEventListenerWrapper.processEvent(AdminContainerEventListenerWrapper.java:19)
         at com.sap.engine.core.service630.container.ContainerEventListenerWrapper.run(ContainerEventListenerWrapper.java:102)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:81)
         at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:152)
    Caused by: com.sapportals.portal.prt.runtime.PortalRuntimeException: [ExternalApplicationItem.prepare]: SAPJ2EE::sap.com/grc~ccxsysejbear
         at com.sapportals.portal.prt.core.broker.ExternalApplicationItem.prepare(ExternalApplicationItem.java:188)
         at com.sapportals.portal.prt.core.broker.SAPJ2EEApplicationItem.prepare(SAPJ2EEApplicationItem.java:232)
         at com.sapportals.portal.prt.core.broker.SAPJ2EEApplicationItem.start(SAPJ2EEApplicationItem.java:192)
         at com.sapportals.portal.prt.service.sapj2ee.Mediator.getAndStartExternalApplication(Mediator.java:132)
         at com.sap.portal.prt.sapj2ee.StartPortalApplication.coreRun(StartPortalApplication.java:59)
         at com.sap.portal.prt.sapj2ee.StartPortalApplication.run(StartPortalApplication.java:36)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by: com.sapportals.portal.prt.core.broker.PortalApplicationNotFoundException: Could not find portal application ccxsysbgear
         at com.sapportals.portal.prt.core.broker.PortalApplicationItem.prepare(PortalApplicationItem.java:415)
         at com.sapportals.portal.prt.core.broker.ExternalApplicationItem.prepare(ExternalApplicationItem.java:180)
         ... 9 more
    #1.5 #0050568C003D00750000003B000026540004A12E88C693CF#1303121142088#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/grc~reear#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#J2EE_ADMIN#117##YDSAPGRC_MGD_2172750#J2EE_ADMIN#4bfa377069a311e0b9230050568c003d#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/System/Server/WebRequests#Plain###application [RE] Processing HTTP request to servlet [REController] finished with error.
    The error is: java.lang.NullPointerException: null
    Exception id: [0050568C003D007500000039000026540004A12E88C68DAE]#
    waiting for your responses as soon as possible because the system has to be up and running till wednesday.
    Tahnx in advance

    Hi Bilge,
    did you put your text in a blender before sending it?
    I understood everything works fine except the miscellaneous menu item in the configuration tab of ERM?
    Have you already tried to clear all browser cache, close all browsers and try it again?
    Best,
    Frank

  • Role concept - CRM - EP

    Hi All,
       I imported the business package for CRM in enterprise portal.rightnow i am dealing with security aspects. I have some conceptual doubts related to role concepts with this Business package.
    I have a role for sales manager in business package, com.sap.pct.crm.SalesManager,which have some iviews and external services. from the documentation, i came to know that this role corresponds to "SAP_PCC_SALES_MANAGER" in BW system and  "SAP_PCC_SALES_MANAGER" in CRM system.
    I just want to know, which strategy, I should use for Role, user to role assignments in my scenario i.e.  either "EP as leading system" or "ABAP system as leading system"
      I was thinking of having ABAP system as lead. i.e. getting the role menu and user to role assignments from CRM system and BW system and adding this to the delta link of portal role that came with business package, so that i could get the user assignements from both the CRM and BW systems. but later i came to know that this role, SAP_PCC_SALES_MANAGER is portal specific role in BW and CRM, so i was worried of how to get the user assignments of the original sales manager role in crm system and  bw system to the portal.
    right now, i am totally confused and have no ideas. I thought that some one could help me in this regard with thier experience.
    Thank you

    HI
    please ensure that user is present with same userid as that in portal with both BW and CRM system and then use com.sap.appintegrator.portal component  for creating transactions of any type ussing template iview as well get user autorization for user for both the roles in BW.
    hope this helps
    With Regards
    Subrato kundu

  • GRC AC 5.3 - Role Expert / Enterprise Role Management Dev Environ Connect

    We are looking to start using Role Expert/Enterprise Role Management.  As I am working through the planning process, I am looking at where to connect our ERM DEV/QA/PROD environments.  We want the ERM Production environment to our R/3 Development environment, so we can transport the roles from R/3 DEV to Q/A to PROD.  So, if our production ERM system is connected to the R/3 DEV, where do I connect the ERM DEV and QA environments?  I still think it's important to have those environments, so we can test support pack upgrades as well as use for the initial deployment/connections.  Any suggestions?  How have others done this?

    Found Answer - SAP provided Access Control Landscape Diagram on SAP.com.

  • Import roles to the ERM without using the "Mass Role Import

    Hello,
    I want to know if there is another way to import roles to the ERM without using the "Mass Role Import.
    Im'm using SAP GRC AC 5.3
    Best Regards.
    Pablo Mortera.

    Hi.
    There is NO other way to import roles..
    We need to use only ERM for "Mass Role Import.
    Regards
    Gangadhar

  • Enterprise Role grants in jazn-data fail for AD Provider User Accounts?

    Hello All,
    I have enterprise roles defined within my jazn-data.xml for my 11.1.1.4 web application. We just recently switched user accounts over to an active directory provider for authentication. So, I have user accounts associated with the active directory provider that are assigned to my enterprise roles. This is working fine because all of my EL expressions of the form #{securityContext.userInRole['EnterpriseRoleName']} are working great.
    However, all of the grants in jazn-data.xml for pages that should only be viewable by users with this role are now not working. Users with this role see a "Internal Server 500" error with the message "oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed", rather than the related pages. This all used to work when the user accounts were not coming from the active directory provider.
    As a work around, I've had to grant test-all view access to all pages, but hide controls and portions of pages that non-authorized users should see using EL like what I printed above.
    This can't be right. Why are AD user accounts treated differently by WebLogic Server, when the security context indicates that the user has the proper role?
    Thanks

    Haha... nice one. This is a low-key production app that is internal to this company. I can't have users with AD accounts, who used to have WLS internal accounts when the jazn grants worked, just stop using the application until some solution comes about. It may take days. I don't understand why you would leave such an unhelpful comment and then leave the discussion. Is this a precedence that you want set within your forum? Please help me to understand why this is a bad workaround. I'm just at the beginning of trying to figure out the root cause of this issue. A search didn't reveal any obvious answers, so I thought I'd reach out to my knowledgeable ADF friends on the forum to see if this was something that could easily be fixed.
    Back to your comment -- why is this a mistake? I have always used the rendered attribute value to hide navigation points to pages that are supposed to be accessible to users with the enterprise role (e.g. rendered="#{securityContext.userInRole['EnterpriseRoleName']}"). This still works fine in the context of this problem, because the security context is working properly -- it's picking up user membership to enterprise roles. It's the jazn grants that are not working for the AD provider related users.
    In this context, if some really smart user guesses the URL of a page I don't want them on because they don't have the role, then why can't I simply set rendered="#{securityContext.userInRole['EnterpriseRoleName']}" on the PGL that presents the body of the page? The content of the page isn't rendered. That's the point of the "rendered" attribute, right? Better yet, I could have a nice message that says that aren't authorized to view the page, rather than put a Java stack trace in their face. Why, then, as a temporary workaround, is this such a bad idea?
    Thank you "sameera.sac" for the links. I'd seen the first one before posting and it wasn't pertinent. But I'll certainly research the others you provided.
    Thanks

  • Mass role Import in ERM "unable to determine matching org. level" Error

    I am trying to upload the Derived Roles into the ERM. I have already uploaded all the Parents Roles. The volumes of the Derived Roles is huge in my SAP Backend system.
    I am not able to understand what should be the content of Org File which we upload. Please correct if I am wrong
    1>Example a role Z_TEST_D is derived from Z_TEST on the org levels EKGRP,KOART,GSBER,WERKS.
    2>I have run Org Synchronization Job in the ERM
    3>Downloaded Z_TEST (Parent Role) and uploaded it into ERM(It was easy because there was no org file)
    4> Downloaded Z_TEST_D(Derived Role) through /VIRSA/RE_DNLDROLES Tcode in backend.
    5>Downloaded the AGR_1252 information for this role which contained the Org levels and values
    6>I put all those information into the Org File and then tried to upload it throws me the error Role Z_TEST_D : not imported; unable to determine matching org. level for WERKSin the system
    So I again tried with the another method by changing the input sheet for the Org File
    Z_TEST_D BUKRS 0* 9*
    Z_TEST_D EKGRP *
    Z_TEST_D KOART *
    Z_TEST_D GSBER *
    Z_TEST_D WERKS *
    and tried to upload it again gave me the same error. I have checked the ERM all these Org Levels are fetched into the ERM. I am not sure if I am missing any basic things.
    Current Support pack: SP10 Hot Fix 2.
    Please share your experience and best practice to upload the roles,

    Hello Rahul,
    I had that same problem with SP10 also. The way I resolved itand this sounds crazywas to move that WERKS line up one or two rows.
    The problem I noticed was not with all derived roles, but when there was a problem, it was always the last line of the Org file for the role that was causing the problem. And the problem was not always WERKS either.
    If the next time you run it, the error occurs on the "new" last line (e.g. GSBER), move that line up also. Eventually they all make it in. I have not seen this problem repeated in SP12. Don't delete the line, just shift the order within the number of rows the role has.
    P.S. I have several hundred derived roles, about 10 - 15% had this import problem.
    -Dylan

  • How to create an enterprise role in WLS admin console ?

    HI All,
    we have an ADF application developed using jdev 11.1.2.1.
    we have some web pages that are assigned to the application
    role: users.
    the app role is mapped to the enterprise role: agt_users.
    after deploying to a WLS standalone server, we were able to
    login, but a http 403 error was returned.
    i have tried creating a role in myrealm->global_roles->agt_users,
    and have added the group/user to role.
    we're still getting 403 errors.
    how can we create an enterprise role, so that the pages can
    be returned ?
    thanks very much in advance ...
    sam

    Hi
    I believe that you should look at the Forms functionality for UCM . Under Content Management - Web Form Editor will show up the editor where in you can add buttons and attach functionalities to it . With UCM 11g this is not available thus you might need to use AJAX to build the requirement .
    Thanks
    Srinath

  • How to map Application Roles to Enterprise Roles

    Hello,
    i am having a problem with mapping Application Roles (from ADF Security) to the corresponding Enterprise Roles. I have already seen that it is possible with a tool called Enterprise Manager, but what if i do not have it??
    Can i map the roles in WebLogic Server itself? I have searched for such ability and did not found it. Also have not seen any tutorial on the internet. Someone help me pls.
    The version i am using is 12.1.2.0.0.

    Application roles and permissions defined within WebCenter Portal are stored in its policy store and, consequently, apply to the WebCenter Portal application only.
    Application Roles : Application roles control the level of access a user has to information and services in WebCenter Spaces. Specifically, application roles determine what a user can see and do in their personal space.
    Application Permissions : Again every application role has specific, defined capabilities known as permissions. These permissions allow individuals to perform specific actions in their personal Portal.
    Enterprise roles are different. Enterprise roles are stored within the application's identity store and do not imply any permissions within WebCenter Portal.
    2. How and where do we create these 5 Application Roles in WC 11.1.1.8 version ?
    You can create an application role from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> Roles -> Create Role
    See : Managing Security Across Portals for more info :
    http://docs.oracle.com/cd/E29542_01/webcenter.1111/e27738/wcadm_ps_security.htm#WCADM398
    3. Last, where and how do we MAP these Application Roles TO Enterprise Roles in 11.1.1.8 version ?
    First, You can grant privileges to a specified group (say sales group) of users by granting Enterprise Roles in Enterprise LDAP.
    Next, Create custom application roles (say Contributor, Moderator, UIDesigner, Application Specialist, etc) and assign the appropriate permissions as explained above.
    Then, You can assign one or more Application Roles to a specified group (say sales group) from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> users & Groups
    I hope it helps.

  • Role Import to ERM

    Hellow Eperts,
    I imported roles to the ERM from SAP ECC, SRM, CRM, BW systems.
    When I searched for the roles in the ERM system, all the roles where at the "Derive roles" level instead of "approval" level (or being comleted).
    Do you know why did it happen?
    Thank you,
    Shira Tzur

    Hello Rahul,
    I had that same problem with SP10 also. The way I resolved itand this sounds crazywas to move that WERKS line up one or two rows.
    The problem I noticed was not with all derived roles, but when there was a problem, it was always the last line of the Org file for the role that was causing the problem. And the problem was not always WERKS either.
    If the next time you run it, the error occurs on the "new" last line (e.g. GSBER), move that line up also. Eventually they all make it in. I have not seen this problem repeated in SP12. Don't delete the line, just shift the order within the number of rows the role has.
    P.S. I have several hundred derived roles, about 10 - 15% had this import problem.
    -Dylan

  • WLS Groups and JDeveloper Enterprise Roles

    When there are roles (global, domain, etc.) in the WLS Console, they seem to not have any representation in JDeveloper. It seems that JDeveloper Enterprise Roles correspond to WLS Groups. When I add permissions in the jazn-data.xml, it is Groups that I have to grant to users in the WLS Console, not roles.
    SecurityContext.getUserRoles() also returns a list of WLS Groups assigned to given user.
    Is it some disarray in the terminology, or am I doing something wrong?

    Hi,
    The term "Enterprise Roles" match to WLS groups. Enterprise is a more genric synonym for user groups as on different servers these may have different names otherwise. Note that getUserRoles() shows the enterprise roles and the application roles a user is member of
    Frank

  • Master role & Derived role concept

    Hi Friends ,
    We have master and drive role concept in our project . ABC_XXXX (Master role )  ABC_1000(Derived role) (1000= company code)
    Now we need to maintain some values in master roles lets say display :03 .  Should we regenrate deived role  as well ?
    If we regenrate derived role  , Do inhertiance relatioship breaks? and we need to maintain company code =1000 value again ?
    Please suggest.
    regards

    Forgot to answer some more questions you had asked. Adding them here:
    Now we need to maintain some values in master roles lets say display :03 . Should we regenrate deived role as well ?
         - use the steps I mentioned in my earlier reply to re-generate derived roles from the Master role.
    If we regenrate derived role , Do inhertiance relatioship breaks?
             - please use the steps I suggested, the inheritance will not break. And this is an advantage of Master-->derived role.thats the meaning of having this concept in SAP.
    and we need to maintain company code =1000 value again ?
    --- No you dont need to. (you can check and see this manually).
    Hope it helps...
    Soumya
    Edited by: Soumya Thomas on May 20, 2010 12:34 PM
    Edited by: Soumya Thomas on May 20, 2010 12:35 PM

  • Shell Role Concept

    Hello All,
    Any one can explain me concept of shell role, what is use, advantages, disadvantages how to maintain shell roles.
    thanks
    Sushant

    Hi Sushant,
    It sounds like you are talking about cross-system composite roles.
    What is use
    If you are using CUA you can define roles in your CUA master that contain roles for the target systems too.  That way if you have HR as your CUA master (possibly using org assignments too?), you can provision for all relevant systems based on the role definition.
    Advantages
    Can speed up provisioning into multiple system
    Helps support accurate job definitions for all system access
    Disadvantages
    CUA needs to be setup and maintained properly (not sure if that is a disadvantage but is a factor for consideration)
    If enough thought does not go into design then you end up with composites/shells that cover lots of eventualities
    If you have a granular single-role concept then your shell role could get very cluttered by the number of assignments required.
    Maintain
    Use PFCG in the CUA master
    Like any other composite role - use text comparisons etc to pull in the roles from the target systems

  • Value Role Concept

    I tried searching for documents on Value Role concept. Please reply if anybody has any documents or links about this.
    Thanks.

    There is not a lot of info in the public domain on the value role concepts.  I know it has been covered on a couple of the other security forums.
    Subbiah - generally the value role concept is where you split the functional and the data access.  This is also referred to as the enabler concept.
    You create 1 role with your transactions but don't populate org data for example
    You then create another role with the auth objects that contain the org data
    When you combine the two you get the access that is required.  If you require lots of org data variants,  you can have lots of org data value roles and assign as required.
    There is no need to restrict it to org data either.  Anything that needs differentiation can be catered for using the value concept.  A example that is quite common is where a separate role is created for object F_BKPF_BUP which is then assigned as an extra value or enabler
    Like any approach there are pro's and con's.  Value roles take a while to set up.  You need to manually import the relevant objects into the value role, and make sure the corresponding objects in the master role are deactivated or not populated etc.
    It isn't a common approach so you need to ensure that your documentation is up to standard.

  • Role created in ERM is not appearing in CUP request for assignment-GRC 10.0

    Hi,
    We are on GRC 10.0 - SP5
    We have created a role in ERM and it was succesfully created in backend system. However when we tried to assign the same role using CUP request - the role is not appearing.
    1) Do we need to upload roles for CUP  in GRC 10.0 (similar to 5.3) to populate. Will the role doesnot automatically appears in GRC database for CUP as it is created through ERM?
    2) If the roles are imported in ERM with role owner information, does the same reflects for CUP also for role owner approver assignments?
    Thanks and Best Regards,
    Srihari.K

    Hi Sri,
    Is the role status set to "production" ??
    Cheers,
    Diego.

Maybe you are looking for

  • Sending IDoc Batches to SAP: Issue with Header Mapping for SNDPRN

    We are sending batched IDocs from XI to SAP. We need the individual IDocs to reflect different SNDPRN values. Our mapping creates the different IDoc EDI_DC40 record correctly with different SNDPRN values. However, XI wipes out the SNDPRN values in th

  • No volume only when logged in in lion

    I am having trouble with my volume. The speakers are not the problem because when i boot it up, i get the Mac's startup sound loud and clear. After i log in to any of my accounts the volume gone. It is not on mute. I am running Mac OS X Lion. Please

  • Code coloring gone

    The code coloring is suddenly gone in the code view. I haven't changed anything in the preferences, and when I check it everything is set up as it always has been. Not really that big of a deal, but after years of seeing it in different colors it's s

  • How to reduce scale at installation of wall-paper by iPad?

    How to reduce scale at installation of wall-paper by iPad?

  • To print goods receipt note

    Hi friends, I have a SAPScript YPCC_GOODRV2 this is for Goods Receipt Note, The print program attached to this SAPScript is SAPM07DR. Output type is WE02. Can any one tell me the traction code to run the above mentioned print program. Thanks in advan