Entity security class change

Similar Messages

• How to build secondary keys dynamicaly in a generic entity definition class

  Hi developers,
  try to rebuild a generic entity definition class, where every instanced entity typ can has its own set of secondary fields. On the first moment it seems to be no problem, but now my problem is how to bind the annontation @Secondarykey... to the particular fields during construction of the entity shell be used?
  Hope I counld make the problem visible?
  Thanks for any help!
  ApeVeloce

  Hi Joachim,
  After understanding more about your application (off forum) I think I can answer your question more clearly. The general problem is: How can a dynamic, user defined schema be represented in Berkeley DB for multiple entity types, each with any number of properties, and arbitrary secondary keys for selected properties?
  There are many ways to do this and I'll describe one approach. I do not recommend using DPL for this case. In our documentation,
  http://www.oracle.com/technology/documentation/berkeley-db/je/PersistenceAPI/introduction.html
  we say: "Note that we recommend you use the DPL if all you want to do is make classes with a relatively static schema to be persistent." For a dynamic schema that is not represented using Java classes, the base API provides more flexibility.
  The common requirements for a dynamic schema are:
  1) Each entity has a type, which is roughly equivalent to a Java class. But unlike classes, types may be added dynamically. Queries are normally limited to entities of a particular type; this is not true for all applications, but I will make this assumption here.
  2) Each entity contains, at least logically, a Map of key-value properties. The property name is equivalent to a Java field name and the property value is equivalent to the field value. Properties may be added dynamically.
  3) Any number of properties for a given type may be defined as secondary keys. Secondary keys may be added dynamically.
  One approach for implementing this is as follows.
  A) A Database per entity type is created. This allows queries against a given type to be performed withing a single database. For simplicity the database name can be set to the name of entity type.
  The alternative is to have a single Database for all entity types. This works well for applications that want to query against properties that are common to all entity types. While such a schema is not common, it does occur; for example, an LDAP schema has this characteristic. If you do store all types in a single Database, and you want to query against a single entity type, you'll need to make the entity type a secondary key and perform a BDB "join" (see Database.join) that includes the type key.
  When queries are performed against a single type it is more efficient to have a Database per type. This avoids the extra secondary key for entity type, and the overhead of using it in each query.
  Another advantage to using a Database per type is that you can remove the entire Database in one step if the type is deleted. Calling Environment.removeDatabase is more efficient than removing the individual records.
  B) The properties for each entity can be stored as serialized key-value pairs. There are several ways to do this, but they are all roughly equivalent:
  B-1) If you use a SerialBinding, Java serialization does the work for you, but Java serialization produce larger data and is slower than using a TupleBinding.
  B-2) A TupleBinding can be implemented to write the key-value pairs. Each key is the string name. The value can also be a String, if all your data values are already Strings or if you convert values to/from Strings when they are used.
  B-3) If you have typed values (the type of each property is known) and you don't want to store values as Strings, you can write each value as a particular type in your TupleBinding. See TupleInput and TupleOutput for details.
  If your property values are not simple types (String, Integer, etc) then this approach is more complex. When using a TupleBinding, you will need custom marshaling code for each complex type. If this is too complex, then consider using a SerialBinding. Java serialization will handle arbitrary complex types, as long as each type is serializable.
  Another approach is to store each property in record of its own in a Properties database. This is a natural idea to consider, because this is what you might do with a relational database. But I do not recommend this approach because it will be inefficient to reconstruct the entire entity record from the individual property records. With BDB, we are not limited to the relational model so we can store the entire key-value map easily in a single record.
  However, this is one advantage to using a Properties database: If you commonly add or remove a single property, and entities normally have a large number of properties, and you do not commonly reconstruct the entire entity (all properties), then the Properties database approach may be more efficient. I do not think this is common, so I won't describe this approach in detail.
  C) To support any number of secondary keys, you will need to know which properties are secondary keys and you will need to implement the SecondaryKeyCreator or SecondaryMultiKeyCreator interface.
  C-1) Assuming that you have a Database per entity type, the simplest approach is to create a single SecondaryDatabase for each entity type that is associated with the primary Database for that type. The name of the SecondaryDatabase could be the name of the primary Database with a special suffix added.
  In this case, you should implement SecondaryMultiKeyCreator that returns all secondary key properties for a given entity. A two-part key should be returned for each property that is a secondary key -- {name, value} -- where name is property name and value is the value (either as a String or as a binary type using TupleInput/TupleOutput). When you perform queries for a given property, you will need to construct the {name, value} key to do the query.
  The SecondaryDatabase will need to permit duplicates (see SecondaryConfig.setSortedDuplicates) to allow any of the secondary keys to have the same value for more than one entity. If you have secondary keys that are defined to be unique (only one value per entity) then you will need to enforce that restriction yourself by performing a lookup.
  C-2) The alternative is to create a SecondaryDatabase for every property that is a secondary key. The database name could be the primary database name with a suffix identifying the secondary key.
  In this case you can implement either SecondaryKeyCreator or SecondaryMultiKeyCreator, depending on whether multiple values for each secondary key are permitted. And you can configure duplicates for the secondary database only if more than one entity may have the same secondary key value.
  Each secondary key consists only of its value, the name is not included because it is implied by the SecondaryDatabase in which it is stored. This approach is therefore more efficient than C-1 where we have a single SecondaryDatabase for all properties, because the secondary keys are smaller. However, there is the added work of maintaining the SecondaryDatabases each time the schema is changed: You must create and remove the secondary databases as the schema changes.
  For best performance, I recommend C-2.
  D) If you have a dynamic schema, you must store your metadata: the information that describes the names of each entity type, the properties allowed for that type (if restricted), and the list of which properties are secondary keys.
  I recommend storing metadata in a Database rather than in a file. This database could have a special name that cannot be used for any entity type. When metadata changes, you will be adding and removing databases. To ensure consistency, you should change the metadata and change the databases in a single transaction. This is possible only if you store the metadata in a Database.
  The Berkeley DB base API provides the flexibility to implement a dynamic schema in a very efficient manner. But be warned that implementing a data store with a dynamic schema is a complex task. As requirements grow over time, the metadata becomes more complex. You may even have to support evolution of metadata. If possible, try to keeps things as simple as possible.
  If you want complete flexibility in your schema and/or you want to store complex data types, you may want to consider storing XML. This is possible with Berkeley DB Java Edition since you can store arbitrary data in a Database, but you must implement secondary indexes for the XML data yourself -- this could be a very complex task. If you don't require pure Java, you should consider the Berkeley DB XML product. BDB XML supports many kinds of indexes as well as large documents, XPath, XQuery, and other features.
  Mark

• Shared Services Security Classes

  Hello,
  I wanted to know what the real value of having Security classes set up? I understand that having Security Classes on Shared Services is not mandatory. Under which circumstances should you use Security Classes and as I am involved in setting up Shared Services, I was wondering if I should use this option or not. We are currently in the development phase of HFM and Planning.
  If anyone can shed light on this issue, it would be greatly appreciated. Thank you.
  -- A

  Hey guys,
  I really appreciate the response.
  The fact that Security Class may be assigned at the Entity level does ring bells. We do want to ensure that certain entities can only see their own data and not others.
  I believe I will use Security class at the entity level for our company.
  Can you give me some examples of assigning Security classes for HFM?
  Wintee's suggestion of assign - ready only and stuff like that is okay but seems a bit generic. Thank you very much for your suggestion though Wintee.
  I also wanted to know the exact difference between an administrator, delegated administrator, application administrator. Who assigns who?
  If you had to make a hierarchy of users for Shared Services, what would it be: Admin, Delegated Admin, App. Admin, Provisioning Mgr, Directory Mgr? Who comes at the top? Thanks so much for your help so far guys...much appreciated.
  -- A

• Provisioning, security classes etc.

  Hi there,
  I have several questions about setting up security in HFM application.
  1. Provisioning
  We have sevaral users that can be divided into two general groups - end users and consolidation users.
  General users should use only project view with task lists. They shouldn't create any new grids or forms, only existing. And they should use export/import feature from forms.
  Consolidation users should have access to almost all features.
  What privileges should be each group provisioned in HSS?
  2. Security classes
  We have prepared entity dimension splitted into several hierarchies. Basic one is geographical, another are functional and entities are shared in these hierarchies. Let's say that we have SK region with SK entities (SK01, SK02...). I know that we should create security class for each entity to grant users access only to their own entity. But I'm not sure how to do that...
  I have created two security classes - SK01 and SK02 - and associated them to appropriate entities. Then I have selected security for entities in app settings and selected "Entity" option in security node.
  In shared services I have selected "All" for security class SK01 and "metadata" for security class SK02 (for my account for testing purposes only). But nothing happened - I'm still able to write to both entities.
  The question is if there is any connection between security class settings and provisioned roles. I mean if this is because I'm provisioned with all rights in application (meaning "Application Administrator" in HSS).
  Can anydoby help me with this please?
  Thanks,
  Vlado

  In shared services, go to help and search for Financial Management Roles. This will bring you to a nice table of all available roles for HFM. Use this to determine who gets what. To limit users to Tasklists, be sure to not provision them to Advanced User.
  Make sure you are very specific with those consolidation users. Many roles should be Admin only. The way I figured them out was to create fake users in Native Directory (one for each type of user) and provision a role at a time and test the functionality.
  The above test will help with Security Classes as well. Your guess was correct, Administrator role overrides all security classes. You may not need a class per entity, just a class per group of entities that distinct set of people will need. You will also need classes applied to Parent entities that may or not be shared among your hierarchies. In your example this could be SK or it could be SK01 if that works. Try to keep the total number of classes down. You might end up assigning a unique combination of classes to each person in the system and that would be very difficult to maintain. Remember to assign the same access to the Default class as the highest access the user has. If in doubt, just grant All for the Default class. Default is assigned to all items in metadata unless you specify otherwise. For example, all accounts will have Default security and if a user only has Read, they will not be able to create a journal entry.
  Here is how the class access works:
  None - user cannot view or edit data
  Read - user can view data
  All - user can view and edit data
  Metadata - I have not used this one.

• Security Classes in HSV_SECACCESS table showing wrong OU

  We moved some users from one OU to another in Active Directory. I then ran the updatenativedir utility.
  However, when I provision the user with security classes for HFM in shared services, the records in the hsv_appname_secaccess table are still showing under the old OU. This will cause problems when the user tries to login and work.
  Do I have to restart openLDAP and Shared Services to make these changes effective?
  Thanks
  Wags
  version 9.2.1

  long term you should speak to Oracle Consulting about migrating your Identity Attribute in your External Authentication provider from whatever it is currently to one that is location agnostic such as ObjectGUID. It is quite trivial to migrate from DN to ObjectGUID for the HFM product, but it may more complex for other products in the System 9 suite. From 9.2.0.3, 9.2.1, or all 9.3.1 versions Shared Services was enhanced to allow the use of ObjectGUID and then it does not matter when user or groups are moved around in the external provider (no more need for the UpdateNativeDir utility!)... this is the better solution.
  having said that, you should check in Shared Services if this user who is getting assigned the security class access doesn't exist more than once in the Security Class matrix... probably you are still assigning security to his "old" ID, and need to be applying the security onto his new ID. If he really does only exist once, still with the wrong OU, after you have run the UpdateNativeDir utility, I would recommend a Support request.

• Security class cross validation

  Hello
  One of the dimensions of the application is Country (customer location).
  User A - works with legal entity A, needs to see managarial data for region North America
  User B - works with legal entity B, needs to see managarial data for region Brazil
  I need to set security class as follows:
  User A to see its legal entity A with all members of Country dimension (so the user would see all the data of its entity)
  AND
  User A to see the consolidated data (i.e. all legal entities) for region North America
  If I grant user A with TopCountry, he would be able to see all the data in the consolidation, which is not what I want.
  Does anyone know how to do it, if it's possible at all?
  Thanks
  Lilach

  why would user A see all the data in the consolidation if you grant him with TopCountry security class? If every entity below TopCountry is assigned a different security class then he would only see the consolidated data for TopCountry

• IllegalArgumentException: Unknown entity bean class

  Hi. I try to make a connection with mysql database by using entity classes which i create via Netbeans' tools. But when i try to use the create method for entity persist, in the entity controller class, i get an error message like that;
  (The User class is marked with the @Entity annonation)
  java.lang.IllegalArgumentException: Unknown entity bean class: class entity.User, please verify that this class has been marked with the @Entity annotation.
  at org.eclipse.persistence.internal.jpa.EntityManagerImpl.find(EntityManagerImpl.java:576)
  at org.eclipse.persistence.internal.jpa.EntityManagerImpl.find(EntityManagerImpl.java:460)
  at controller.UserJpaController.findUser(UserJpaController.java:125)
  at controller.UserJpaController.create(UserJpaController.java:43)
  at bean.UserBean.save(UserBean.java:115)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.sun.el.parser.AstValue.invoke(AstValue.java:234)
  at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297)
  at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:98)
  at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
  at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
  at javax.faces.component.UICommand.broadcast(UICommand.java:315)
  at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:775)
  at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1267)
  at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
  at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
  at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312)
  at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
  at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
  at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
  at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:325)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:226)
  at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
  at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
  at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
  at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
  at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
  at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
  at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
  at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
  at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
  at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
  at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
  at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
  at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
  at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
  at java.lang.Thread.run(Thread.java:619)
  i use glass fish v3
  persistence.xml is automaticaly created by netbeans.
  Please help.
  Edited by: MOD on Aug 5, 2010 9:41 AM

  And this is the JPAController class which i created automaticly using Netbeans IDE tools.
  * To change this template, choose Tools | Templates
  * and open the template in the editor.
  package controller;
  import controller.exceptions.NonexistentEntityException;
  import controller.exceptions.PreexistingEntityException;
  import entity.User;
  import java.util.List;
  import javax.persistence.EntityManager;
  import javax.persistence.EntityManagerFactory;
  import javax.persistence.Persistence;
  import javax.persistence.Query;
  import javax.persistence.EntityNotFoundException;
  import javax.persistence.criteria.CriteriaQuery;
  import javax.persistence.criteria.Root;
  * @author PC
  public class UserJpaController {
      public UserJpaController() {
          emf = Persistence.createEntityManagerFactory("MyPersonelWebBlogPU");
      private EntityManagerFactory emf = null;
      public EntityManager getEntityManager() {
          return emf.createEntityManager();
      public void create(User user) throws PreexistingEntityException, Exception {
          EntityManager em = null;
          try {
              em = getEntityManager();
              em.getTransaction().begin();
              em.persist(user);
              em.getTransaction().commit();
          } catch (Exception ex) {
              if (findUser(user.getUsername()) != null) {
                  throw new PreexistingEntityException("User " + user + " already exists.", ex);
              throw ex;
          } finally {
              if (em != null) {
                  em.close();
      public void edit(User user) throws NonexistentEntityException, Exception {
          EntityManager em = null;
          try {
              em = getEntityManager();
              em.getTransaction().begin();
              user = em.merge(user);
              em.getTransaction().commit();
          } catch (Exception ex) {
              String msg = ex.getLocalizedMessage();
              if (msg == null || msg.length() == 0) {
                  String id = user.getUsername();
                  if (findUser(id) == null) {
                      throw new NonexistentEntityException("The user with id " + id + " no longer exists.");
              throw ex;
          } finally {
              if (em != null) {
                  em.close();
      public void destroy(String id) throws NonexistentEntityException {
          EntityManager em = null;
          try {
              em = getEntityManager();
              em.getTransaction().begin();
              User user;
              try {
                  user = em.getReference(User.class, id);
                  user.getUsername();
              } catch (EntityNotFoundException enfe) {
                  throw new NonexistentEntityException("The user with id " + id + " no longer exists.", enfe);
              em.remove(user);
              em.getTransaction().commit();
          } finally {
              if (em != null) {
                  em.close();
      public List<User> findUserEntities() {
          return findUserEntities(true, -1, -1);
      public List<User> findUserEntities(int maxResults, int firstResult) {
          return findUserEntities(false, maxResults, firstResult);
      private List<User> findUserEntities(boolean all, int maxResults, int firstResult) {
          EntityManager em = getEntityManager();
          try {
              CriteriaQuery cq = em.getCriteriaBuilder().createQuery();
              cq.select(cq.from(User.class));
              Query q = em.createQuery(cq);
              if (!all) {
                  q.setMaxResults(maxResults);
                  q.setFirstResult(firstResult);
              return q.getResultList();
          } finally {
              em.close();
      public User findUser(String id) {
          EntityManager em = getEntityManager();
          try {
              return em.find(User.class, id);
          } finally {
              em.close();
      public int getUserCount() {
          EntityManager em = getEntityManager();
          try {
              CriteriaQuery cq = em.getCriteriaBuilder().createQuery();
              Root<User> rt = cq.from(User.class);
              cq.select(em.getCriteriaBuilder().count(rt));
              Query q = em.createQuery(cq);
              return ((Long) q.getSingleResult()).intValue();
          } finally {
              em.close();
  }When i instantiate this JPAController class and use its create method to persist a User it gives me the error which i posted in my first message.

• HFM Security Class and Security

  Hi All my Peers,
  Can any one explain me What is the difference between Security Class and Security

  No offense, but if you don't understand these concepts well enough, your CV should probably be sent a far distance if you are trying to get an experienced consulting position. Understanding security is an important piece to the puzzle, especially when dealing with large amounts of financial data.
  With that said.......
  Security - Generally speaking, the goal of security is to control access to data, objects, programs, etc. In the Hyperion sense, security is managed in multiple different ways :
  - Program Access : Only users who are linked to Hyperion's Shared Services AND have the proper provisioned rights can open a program. (i.e. HFM, Reports, Workspace, FDM, etc, etc, etc.)
  - Provisioning : There are different types of rights per program that a user can have. Provisioning is the act of assigning these rights. (i.e. HFM has multiple rights such as Appliation Administrator, Default, Provisioning Manager, etc.)
  - Data / Object Access : Even if you have the right to enter the program, there is generally another layer of security which controls what you can do. For instance, inside of HFM, you can configure security for objects such as Data Forms and Data Grids. Furthermore, you can limit the user's ability to change or view data for specific entities, accounts, as well as other dimensions.
  - Security Classes : The security classes that you assign in the metadata are used during the act of assigning the Data / Object access controls. Users (and Groups) and assigned View Only, All (Read/Write), or None access to HFM Security Classes.
  This is a ridiculously high level overview. To get a much better understanding, I strongly recommend that you read the product documentation for the specific products you are using. If you are using 11.1.2.1 / HFM, here are a couple of documents that are of value :
  http://docs.oracle.com/cd/E17236_01/epm.1112/hfm_admin.pdf - Administrators guide which has a section on security.
  http://docs.oracle.com/cd/E17236_01/epm.1112/hfm_user.pdf - Users' guide which talked to security in terms of forms/ grids
  General System 11 doc : http://docs.oracle.com/cd/E17236_01/nav/portal_5.htm
  Hope that helps

• Security settings change when rendered from third party Windows 2008 R2 server

  We created a fillable PDF form in Adobe Acrobat and made it Reader extended. Opening the form on a local hard drive the security settings show that Signing: is Allowed. We can sign documents in the form with a signature pad.
  After we upload it to a third party Windows server 2008 R2, and we later go to access the form, the server renders it back to us in Adobe Reader. We are unable to digitally sign documents in the form with a Topaz signature pad. We notice that although the form was originally created with the form being Reader extended the security settings change to Signing: Not Allowed.
  How can we get the server to render the document back to us where we can digitally sign documents in the form?

  The second file still shows the extended rights header is present (it's warning you about restrictions at the top of the dialog while also reporting the method is "no security") but the digital signature which grants those extended rights will be invalidated if *anything* in the file structure is changed. I suspect in this case that the server software is doing something to your file; it may be trivial such as adding an XMP tag, but it's enough to break the hash check.

• Accessing Managed Bean Variables in Entity Impl Class

  How can I access managed bean variables in the entity Impl class .
  While inserting a new record in DB , i want to set few entity properties values . The values of those properties are available in the managed bean .
  How can i access those values from Managed Bean and set them the entity Impl class to override the create method.
  Or is there any better recommended approaches ?
  Jdev - 11.1.1.5

  >
  While inserting a new record in DB , i want to set few entity properties values .
  >
  you can user CreateWithparams
  http://www.oracle.com/technetwork/developer-tools/adf/learnmore/13-create-with-params-169140.pdf
  http://andrejusb.blogspot.com/2011/02/createwithparams-operation-for-oracle.html

• Missing security classes

  Hi all,
  I have updated Security Class dimension via EPMA (added but also removed some classes). Deploy was successful and the application is in sync with EPMA.
  When I wanted to update security class access via HSS, I couldn't find new classes and old ones (which I removed via EPMA) were still there.
  How is that possible? I don't see any problem in interconnection between HFM and HSS but this seems that security classes haven't been refreshed in HSS.
  Could anyone help me with this please?
  BR
  Vladino
  EDIT
  I can see newly added classes but I can see also old ones. This is really weird... I have duplicated the application, cleared all data and metadata but old classes are still there. :-/
  Edited by: Vladino on Jul 11, 2011 1:49 PM

  Solved.
  The issue was because of migrating the old application into new one with different security classes. After clean deploy everything was fine but the migration (using command-line utility) replaced security settings with that coming from the old application.
  Vladino

• Material Valuation Class Changes

  Hi All
  For the Material Valuation class changes it is showing one open IMPORT PO.
  For the Import PO the GRN & INVOICES are completed for the total qty. During the deletion of this PO it is giving error message Invoices pending for delivery costs (function not possible)
  Because there is difference of Rs 1800 through IR.
  how it will not show as open po ? How to proceed? how to delete the po
  Thanks in advance
  Rajesh

  Hi
  Delivery for the all qty is completed & delivery indicator is also set but still for changing the Valuation class for the material this PO is coming as open PO. How to close the same.
  As there is difference of exchange rate betn GRN & INVOICES ( -1800 RS) PO & invoices are in  EURO
  Please help
  Regards
  Rajesh

• Advice needed: what does your company log for SAP security role changes?

  My client has a situation where for many years, they never logged changes to SAP security roles.  By that I mean, they never logged even basic details, like who requested a change, tested it, approved it, and what changed!!  Sadly their ticketing system is terrible, completely free-form text and not even searchable. 
  Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details?   What details do you capture?  What about Projects, that involve dozens of changes and testing over several months?
  I plan to recommend, at least, they need to use a unique# (a ticket#, or whatever) for every change and update the same in PFCG role desc tab, plus in CTS description of transports... but what about other details, since they have a bad ticketing system?  I spoke with internal audit and change Mgmnt "manager" about it, and they are clueless and will not make recommendations.  It's really weird but they will get into big trouble eventually without any logs for security changes!

  Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details? What details do you capture? What about Projects, that involve dozens of changes and testing over several months?
  I have questions:
  a) Do you want to make things straight
  b) Do you want to implement a versioning mechanism
  c) You cannot implement anything technical, but you`re asking about best "paper" practise?
  The mentioned scenarios can be well maintained if you use SAP GRC Solutions 10 (Business Role Management)
  Task Based, Approvals, Risk Analysis, SOD and role generation and maintenance in a structured way (Business Role Management). Workflow based, staged process with approvals.
  PFCG transaction usage will be curtailed to minimum if implemented fully.
  Do we really want to do things "outside" PFCG?
  @all:
  a) do you guys use custom approval workflows for roles?
  b) how tight your processes are? how much paperwork, workflow, tickets, requests and incidents you have to go through to change a role?
  c) who is a friend of GRC here, raise your hand
  Cheers Otto
  p.s.: very interesting discussion, I would like to learn something here about how it works out there in the wild

• Security settings change from Acrobat Pro to Reader

  I have set the Security Method in Acrobat Pro to allow "commenting, filling in form fields, and signing existing signature fields."  But when I send the PDF file my customer who opens the document using Adobe Reader, commenting is not allowed.  Why is the security setting changing?  What can be done to correct this problem?

  Are you sure this is not a limitation of the product?
  "Reader" describes a product that reads a file and nothing more.
  Have you looked at the Acrobat Professional's "Help" for information about enabling 'commenting'?

• Kernel security level changes on its OWN?

  Hi...
  using OS 10.3.9 on a G4 dual 533mhz with a gig of ram. It is wired into an Airport Extreme that firewalls for a wireless laptop as well, yes it is set encrypted and unauthorized NIC card addresses are excluded in the Airport Administration software...
  I dont have Little Snitch set to run automatically, but it appears as having launched before the last kernel panic. (so says Crashreporter_
  The kernel panic happened between the time this computer was put in user log in window Sleep Mode yesterday and when I woke it up today to log into one of the user accounts (I am the only one to have maintenance/Full Admin. access)
  The typical user log in screen with the names was up, but a kernel panic had overlaid the visual... parts that made me perk up was the last line said it was waiting for debugging to occur... the NIC address of the network card was shown, and the IP number that is set in the Network panel...
  I checked through Onyx into the System log Crashreporter and found the stream of log info during the 'wake up' mode:
  Jan 22 22:28:16 localhost init: kernel security level changed from 0 to 1
  Jan 22 22:28:16 localhost loginwindow[205]: Sent launch request message to DirectoryService mach_init port
  I have never seen a kernel security change in any of the logs in the past... No new user accounts were made, and no new levels of access have been assigned to existing users...
  What does this mean, a level 1 setting of a kernel? Should I Admin Panic along with the kernel?

  Basically, the change means that the kernel is going from insecure to secure mode, which prevents the sappnd and schg flags from being turned off. More information is available on this page.
  (19398)