Error: Creation new role in ERM
Dear all,
When I create a role in ERM, specifically when I try to add Object, is generated the following error message:
Unhandled error; Message Code is 077 Message Details You are not authorized to use transaction PFCG Message Type is E.
My version is SAP GRC AC 5.3 and Support Package: 16.
Thanks all for any suggestions!
Liliana!
Hi ,
User id which is used for connector doesnu2019t have sufficient privileges .
Kindly ask your admin to assign sufficient access to connector user and then try .
Thanks & Regards
Asheesh
Similar Messages
-
Hi,
I need to know how to create roles in/using ERM GRC.
Can anyone provide information/documentation on the same?
Thanks,
ArjunHi Arjun,
You need to configure the workflow, connectors in ERM so that you can create a role from ERM.
Please check the section "Enterprise Role Management" in configuration guide.
You can get the configuration guide from service market place.
Logon to service.sap.com -> Software Download -> Release & Upgrade info
-> Installation & Upgrade Guides -> SAP BusinessObjects ->SAP BusinessObjects Governance, Risk, Compliance (GRC) -> Access Control -> SAP GRC Access Control 5.3
"AC53_ConfigGuide.pdf"
Regards,
Shweta -
SAP AC 10 : ERM working fails (Unable to add Actions,permission)to new role
Hello Gurus,
We have done configuration for Role creation via ERM in SAP GRC AC 10.
The configuration is done via BRF+ and MSMP ,when we try to create a new role via
NWBC > ACCESS MANAGEMENT>Role Management -->Role Maintenance.
We see that the correct "methodology" is selected which contains following steps
Define Role --> Maintain Authorization -->Risk Analysis -->Request Approval -->generation.
We go past 1st stage and when we are at Maintaining authorizations , the "edit" option is disabled
It is not possible to add any Action (Tx), Permission(Objects) to the role.
Is there something else that we need to configure or something that is missing ??
Please suggest.
Regards,
VictorHello All,
This issue was resolved , after i maintained a User as "Role content approver" and "Assignment Approver" Under "Owners/Approver" Of define role Tab.
Whole cycle ran w/o any problem.
Regards,
Victor -
Creation of a new Role in Content 10.0.1
Hi everyone,
I would like to create a new standard role in my domain.
To do this I noticed the SecurityManager and its method createRole. I tried to create a new role with it using the default domain as target. I always get the error ORACLE.FDK.AccessDenied even if I use user orcladmin.
If I use a library as target I get error ORACLE.FDK.UnexpectedError:ORACLE.FDK.ServerError
Moreover in the javadoc I did not notice any attribute that associate permissions to a newly create role.
Could anyone have an idea on these points?
Thanks for any help.
EmmanuelHi,
1) Is the CUST_BI database user in the right place ?Yes, though you should add the language code to the user name, e.g. CUST_BI_US. This will be the EUL owner, the schema that holds all the EUL tables. The temporary tablespace you specify in the create_eul command is only used when you connect as the EUL owner, so is not important.
When you connect as an apps user the connection will be made using the APPS database user, and therefore the temporary tablespace used (and location of MVs) will be the temporary and default tablespaces associated with the APPS user. You can change the temporary tablespace just for the Discoverer users by issuing a ALTER SESSION SET CURRENT_SCHEMA command in a PL/SQL procedure called during the initialisation of the Discoverer sessions.
2) As you can see, I need to separate the BI administration from EBS administration... and DISCOADMIN is a new Apps user... any checklist/recommendation for this new Apps. user? The disco administration user can be any apps user who has EUL administration privileges in the EUL. This user should then be used to create all business areas, etc.
Rod West -
Error in oim Role creation using Role Manager Service API from Standalone Java client
Hi,
Facing the following error when trying to create Role using Role Manager Service API from a standalone java client .
Tried with the solution of changing ,
Login into the Web Logic Admin Console --> Servers --> OIM Server --> Protocols --> Modify the Maximum Message from 100000000 to 1000000000, but still the problem persists.
Exception in thread "main" org.omg.CORBA.BAD_PARAM: vmcid: 0x0 minor code: 0 completed: No
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
at com.sun.org.omg.SendingContext._CodeBaseStub.meta(Unknown Source)
at com.sun.corba.se.impl.encoding.CachedCodeBase.meta(Unknown Source)
at com.sun.corba.se.impl.io.IIOPInputStream.getOrderedDescriptions(Unknown Source)
at com.sun.corba.se.impl.io.IIOPInputStream.inputObjectUsingFVD(Unknown Source)
at com.sun.corba.se.impl.io.IIOPInputStream.simpleReadObject(Unknown Source)
at com.sun.corba.se.impl.io.ValueHandlerImpl.readValueInternal(Unknown Source)
at com.sun.corba.se.impl.io.ValueHandlerImpl.readValue(Unknown Source)
at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_value(Unknown Source)
at com.sun.corba.se.impl.encoding.CDRInputStream.read_value(Unknown Source)
at oracle.iam.identity.rolemgmt.api._RoleManager_ogut7n_RoleManagerRemoteRIntf_Stub.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy2.createx(Unknown Source)
at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.subject.SubjectProxy.doAs(SubjectProxy.java:64)
at weblogic.security.subject.SubjectManager.runAs(SubjectManager.java:262)
at weblogic.security.Security.runAs(Security.java:48)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
at $Proxy3.create(Unknown Source)
at com.idm.role.CreateRole.createRole(CreateRole.java:113)
at com.idm.role.CreateRole.main(CreateRole.java:167)
Thanks In AdvanceHi , I have used OIM 11g R2.
Please find below the code we have used,
package com.idm.role;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.login.LoginException;
import oracle.iam.identity.exception.NoSuchRoleException;
import oracle.iam.identity.exception.RoleAlreadyExistsException;
import oracle.iam.identity.exception.RoleCreateException;
import oracle.iam.identity.exception.RoleLookupException;
import oracle.iam.identity.exception.RoleModifyException;
import oracle.iam.identity.exception.SearchKeyNotUniqueException;
import oracle.iam.identity.exception.ValidationFailedException;
import oracle.iam.identity.rolemgmt.api.RoleManager;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
import oracle.iam.identity.rolemgmt.vo.Role;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.authz.exception.AccessDeniedException;
public class CreateRole {
private final static Logger LOGGER = Logger.getLogger(CreateRole.class .getName());
OIMClient oimClient = null;
public OIMClient connectToOIM() {
LOGGER.info("In connectToOIM ");
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
"weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
"t3://V-hydidm1.itig.co.in:14000");
System.setProperty("java.security.auth.login.config",
"F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\authwl.conf");
System.setProperty("java.security.policy",
"F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\xl.policy");
System.setProperty("OIM.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
System.setProperty("weblogic.Name", "oim_server1");
oimClient = new OIMClient(env);
try {
oimClient.login("xelsysadm", "Passw0rd".toCharArray());
} catch (LoginException e) {
e.printStackTrace();
System.out.println("Connected");
return oimClient;
public void readRoleMetadata() {
LOGGER.info("in readRoleMetadata ");
RoleManager roleManagerService = oimClient
.getService(RoleManager.class);
try {
Role roleVo = roleManagerService.getDetails(
RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
Set attributeNameSet = roleVo.getAttributeNames();
Iterator it = attributeNameSet.iterator();
while (it.hasNext()) {
System.out.println("Attribute Name :: " + it.next());
// roleVo.setAttribute("ADentitlements", "Security Admin access");
String adEntitlements = "" + roleVo.getAttribute("ADentitlements");
System.out.println("AD Entitlements :: " + adEntitlements);
System.out.println("DB Entitlements :: " + ""
+ roleVo.getAttribute("DBEntitlements"));
System.out.println("Unix Entitlements :: " + ""
+ roleVo.getAttribute("UnixWindows"));
System.out.println("VPN :: " + "" + roleVo.getAttribute("VPN"));
} catch (SearchKeyNotUniqueException e) {
e.printStackTrace();
} catch (NoSuchRoleException e) {
e.printStackTrace();
} catch (RoleLookupException e) {
e.printStackTrace();
} catch (AccessDeniedException e) {
e.printStackTrace();
public void createRole() {
LOGGER.info(" in Create role ");
RoleManager roleManagerService = oimClient
.getService(RoleManager.class);
HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
roleCreationAttrMap.put(RoleManagerConstants.ROLE_NAME, "API Role1");
roleCreationAttrMap.put(RoleManagerConstants.ROLE_DESCRIPTION,
"This Role is created using API Role1");
roleCreationAttrMap.put(RoleManagerConstants.ROLE_DISPLAY_NAME,
"API Role1");
roleCreationAttrMap.put("ADentitlements", "API Role1 AD Entitlements");
roleCreationAttrMap.put("DBEntitlements", "API Role1 DB Entitlements");
roleCreationAttrMap.put("VPN", "No");
roleCreationAttrMap.put("UnixWindows", "API Role1 Unix Entitlements");
Role roleVo = new Role(roleCreationAttrMap);
try {
System.out.println(" Before Create role *********************************************");
roleManagerService.create(roleVo);
System.out.println("Role Created .. ");
} catch (ValidationFailedException e) {
e.printStackTrace();
} catch (RoleAlreadyExistsException e) {
e.printStackTrace();
} catch (RoleCreateException e) {
e.printStackTrace();
} catch (AccessDeniedException e) {
e.printStackTrace();
public void modifyRole() {
LOGGER.info(" in modifyRole ");
RoleManager roleManagerService = oimClient
.getService(RoleManager.class);
Role roleVo;
try {
roleVo = roleManagerService.getDetails(
RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
String roleKey = roleVo.getEntityId();
HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
roleCreationAttrMap.put("ADentitlements",
"Updated API Role1 AD Entitlements");
Set roleKeySet = new HashSet<String>();
roleKeySet.add(roleKey);
Role roleVoNew = new Role(roleCreationAttrMap);
roleManagerService.modify(roleKeySet, roleVoNew);
System.out.println("Role Modified ..");
} catch (SearchKeyNotUniqueException e) {
e.printStackTrace();
} catch (NoSuchRoleException e) {
e.printStackTrace();
} catch (RoleLookupException e) {
e.printStackTrace();
} catch (AccessDeniedException e) {
e.printStackTrace();
} catch (ValidationFailedException e) {
e.printStackTrace();
} catch (RoleModifyException e) {
e.printStackTrace();
public static void main(String args[]) {
CreateRole miscObj = new CreateRole();
miscObj.connectToOIM();
miscObj.createRole();
//miscObj.readRoleMetadata();
Thanks In Advance . -
Error program web dypro when assign to new role
Hai Expert SAP
i get the problem , when my program assign to new role ( a single role on portal SAP) error message :
Portal Runtime Error
An exception occurred while processing your request
Exception id: 04:44_21/09/10_0009_1775250
See the details for the exception ID in the log file.
but if i am assign role ess or admin, my new role not error...
i has assign on security zone (permission) but still errro...
can help me....no problem... and you must not have noticed, but that was me asking the original question too...
lol... the mathechew solution... it sounds like some kind miracle pill or book or diet...
Are you tired of being obese? Try the mathechew solution. It worked for me, so it can work for you too.
The mathechew solution is not for women who are pregnant, or those with heart problems. Consult your doctor before trying the mathechew solution.
The mathechew solution. Face your fears, and lose weight. -
Need Documents on New Role Creation in SAP
Hi All,
i am new to SAP Security and i would like to grow in this field,
Can any one send me the links for the documents on creation of new roles, objects, Authorizations, transactions etc.
Thanking you in Advance,
Savitha.Hi,
I guess you should look on Google for ADM940 and ADM950,
Its a very detailed book for what ou want.
Indeed to help you out, Its a very very simple task. But when you read this book keep in mind that there are 3 kinds of roles, Single roles, Derived roles and composite roles.
Just to give you a heads up :
Single role : Role which has Authorization and data is restricted via company code and filed level values
Derived role : these are derived from Single roles or you can say master role. Difference between single role and derived role is that you can derive say 10 roles from single role however company code can be manage in derived roles.
So generally how it works is one create a master role which has all the required authorization. Now you don't want people in australia sould approve orders for Texas, US.
Now there are hundred of companies department accross the glob. you don't want to end up creating hundreds of roles. so you create one master role and then you create derive role from that master role which is most of the time master role replica (keep in mind most of the time but not always so you have to be very carefull) now in derived role all you have to maintain is company codes.
all the authorizations for all the objects and fields come from master role.
I hope i am making sense.
Composite role : its a collection of single and derived roles. Keep in mind you can not put composite role into composite role.
That was just a heads up you need to read ADM940 and ADM950. -
Creation of new roles in OES using BLM API
I'm currently using policymgtapi examples for creating new roles. Its gets created but doesn't visible in OES Entitlement application console even though the entry is present in OES DB. But if you create a new User, its available immediately in OES Entitlement application. Pls let me know why Role is not available in Entitlement application after creating using policymgtapi. Thanks
Is there any org scope to the role?
There's some conversion process that happens when you load roles via policyloader, I suspect you would need to do the same with Policy Mgt API. There are some groups you need to add to have it show up in the EUI. -
Sending an email after creation of new role
Whenever new role is created in Transaction PFCG I need to email to all the users.
There is no User-Exit in PFCG and we can't create any new Program for this.
So how it will be done?
If anyone worked on it please reply to this as soon as possible.hi Zahid Khan,
as said i tried the same.
i have created a button "send" action :submit.
and also have created a process"send mail" with the folloing code
DECLARE
l_body CLOB;
BEGIN
l_body := 'Thank you for your interest in the APEX_MAIL package.'||utl_tcp.crlf||utl_tcp.crlf;
l_body := l_body ||' Sincerely,'||utl_tcp.crlf;
l_body := l_body ||' The APEX Dev Team'||utl_tcp.crlf;
apex_mail.send(
p_to => '[email protected]',
p_from => '[email protected]',
p_body => l_body,
p_subj => 'APEX_MAIL Package - Plain Text message');
APEX_MAIL.push_queue;
END;
and , Process Success Message as "done" and When Button Pressed (Process After Submit When this Button is Pressed): "SEND" WITH Process Point : "ON SUBMIT AFTER COMPUTATIONS AND VALIDATION"
The process is running.., getting the """success message""" but unable to""" get the mail""".(tried different combinations of mail ids)
any help !!! -
Error in New Models Creation - Loadbalancing /Single Server locally
Is there any possibility of below error when Creating New Models with Single Server and but NOT Working with Load balancing Option.
The same code worked when connecting to Single Server locally but doesn't work when New models were created by selection of loadbalancing Option on Remote Server..during development on source from DTR Server(SLD)..
I get below error when New Model created with loadbalancing option
Error - com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Error connecting using JCO.Client: null
Edited by: Raghu v on Jan 26, 2008 1:27 PMHi,
In EAS, I am getting some for Planning Outline(Essbase outline is working fine), While starting the Planning service through start menu, it throwing error as
Query Failed: SQL_SYSDB_DELETE_EXPIRED_EXTERNAL_ACTIONS:[100]
java.sql.SQLException: [Hyperion][Oracle JDBC Driver][Oracle]ORA-00932: inconsistent datatypes: expected INTERVAL DAY TO SECOND got NUMBER
at hyperion.jdbc.base.BaseExceptions.createException(Unknown Source)
at hyperion.jdbc.base.BaseExceptions.getException(Unknown Source)
at hyperion.jdbc.oracle.OracleImplStatement.execute(Unknown Source)
at hyperion.jdbc.base.BaseStatement.commonExecute(Unknown Source)
at hyperion.jdbc.base.BaseStatement.executeUpdateInternal(Unknown Source)
at hyperion.jdbc.base.BasePreparedStatement.executeUpdate(Unknown Source)
at com.hyperion.planning.sql.HspSQLImpl.executeUpdate(Unknown Source)
at com.hyperion.planning.sql.HspSQLImpl.executeUpdate(Unknown Source)
at com.hyperion.planning.event.HspSysExtChangeHandler.actionPoller(Unknown Source)
at com.hyperion.planning.event.HspSysExtChangeHandler.run(Unknown Source)
Error encountered with Database connection, recreating connections.
Nested Exception: java.sql.SQLException: [Hyperion][Oracle JDBC Driver][Oracle]ORA-00932: inconsistent datatypes: expected INTERVAL DAY TO SECOND got NUMBER
Thanks,
CP -
Hi,
We want to create a role such that the users can see only the pricing but not the costing, for sales quotations and orders, for a particular distribution channel?
Regards,
AjitHi Ajit,
If you wish to create a new Role, Use T. Code: PFCG.
Once created assign the same role in to User's Profile Via T. Code: SU01.
Here itself, in Authorization you may add T. Codes (for Display) and also define/ restrict User's view/ access to Sales Area data (i.e. Distribution Channel).
Better to take help from Basis-Administrator as its purely Basis-job.
Best Regards,
Amit. -
Hi All,
I created new Role and assigned users to that role . I added HTML page to the particular role and when I go click that link it is saying that java authentication problem. I am unable to see the applets what ever I created for the web page. Is there any thing to add in xMII for the particular role and if add the same HTML page to the Everyone role its working fine.
Thanks
MuvvaHi Muvva ..
May be you can try the following ...
instead of providing the direct html, you can provide the user with the logon credentials which redirect the page to the desired html page, as follows...
http://Server:50000/logon/logonServlet?redirectURL=XMII/....../YourPage.html
Regards,
Ajay. -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
How Can I Create a new Role in an PCD address?
Hello EveryBody,
I need to develop a new class that it can manage SAP Portal roles. I got how to recover all the roles of a user or how to recover all the roles in a PCD path. Now I have the problem when I try to create a new role in a PCD path.
The code that I have to do that it is this:
try {
* IRoleFactory iRoleF = UMFactory.getRoleFactory();*
* IRole nuevorol=iRoleF.newRole(pcdPath+nameRol);*
* nuevorol.setDisplayName(nameRol);*
* nuevorol.setDescription(descripcionRol);*
* nuevorol.commit();*
* return true;*
catch (Exception e)
* return false;*
This code it works and it makes a new Role but I donu2019t know how to create this role in a PCD path. Could you help me with this?
This it is a urgent task that I have to develop, please I need help. Thanks in advance.Hi,
Now I understood your question. As of now, I think there is no api which creates workset and roles in pcd. API are available for iView, page, system and layout only.
For creation of iView, page etc, check this blog.
PCD II: Creating Portal Objects
For role and workset creation, there is another tool used. Check these blogs.
SP15: XML Content and Actions
Mass Creation of Portal Content - Generic Creator
If you want to use this tool functionality in code, then check this blog.
Using the XML upload content and actions dynamically
If you are on NW7.1, then check this article.
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/40c72897-c7e6-2a10-e98a-af81b89084f4
Hope these will help. Good luck.
Regards,
Harini S -
BI authorization objects not appearing in RAR, error while generating role
Hi
I am facing certain problems relating to integration of BI module version 7 with GRC Access Controls version 5.3 and support package 06. I am describing the problems in details below:
(a) In Risk Analysis and Remediation (RAR) component, I am creating Functions and
Risks for Business Intelligence (BI) module. For that I have downloaded the
descriptive text and authorization object data from BI development system and
uploaded the same in RAR. Then I have created 2 Function Ids DBI1 (having action
RSA1) and DBI2 (having actions RSA11, RSA12, RSA13, RSA14, RSA15) and 1
Risk Id for BI (having Function Ids DBI1 and DBI2) in RAR. But when I checked
the permission tabs of the Function Ids DBI1 and DBI2, I could not find any
authorization objects for the actions in them.
(b) In Enterprise Role Management (ERM), when I am trying to create a Role TEST-BI
in DBI 100 and I put the BI transaction codes in authorization data , I get the
authorization objects . Risk analysis is also being done successfully. But at the time
of Role generation in background mode , it is giving an error message :
Error generating role TEST-BI for system DBI 100: Unable to interpret * as a number.
I am thus unable to generate any role in DBI 100.
(c) In Compliance User Provisioning (CUP), I have imported a standard role from DBI
100. Then I have added Functional Area, Business Process, Subprocess and
Criticality Level to this role in CUP. But when I try to assign this Role to an user, it
gives an error Error creating request. But requests are getting created and roles are
being assigned to users in ECC development systems using the same Initiator, CAD, stage
and path.
Can anyone please help me ?-
Maybe you are looking for
-
can't start up my ipod 5thG and stay remining the logo of apple for too long don't know how to do????
-
Cannot start managed via NodeManager in vanilla BEA 9.2 MP3 install
We've installed BEA WebLogic 9.2 MP3, created a single domain with a AdminServer and a Single Managed Server that runs on a Machine. We also installed the NodeManager as a Windows Service (windows 2000 server). The AdminServer runs without issue and
-
Hi, This is an 'interesting' bug: create table mytable ( id number, status number, constraint mytable_pk primary key (id) insert into mytable (id, status) values (1, 0); insert into mytable (id, status) values (2, -1); On XE (10.2.0.1) and 10.2.0.4:
-
Error Code - 43 - won't let me delete files
Anyone any ideas on how to get Leopard to let me delete some trash files please? I have copied the contents of a graphics CD to a folder on my desktop. Each subdirectory contains the PDF files I want and five autorun.* files for PCs. I don't want to
-
Read QR Code not found ISO/IEC 15415
Please can anyone advise me, how setting IMAQ Read QR code, so that I read QR code ISO/IEC 15415??? Android phone read QR code not problem, but I need learn read this code with help IMAQ Read QR code or other tool in labview, but I don't know what to