Filter on SAP ABAP Initial Loads
Hi all,
I'm trying to put a filter on the pass "ReadABAPuser" of an ABAP Initial Load. My SAP ABAP System has over 10000 users and I need only part of them.
I tried so to add "FILTER" entry (as on ReadABAProle for example) on Source tab of the pass "ReadABAPuser" with value "A*".
But seems the pass does not make attention of this FILTER and still request the full user list.
Do you have met this issue ?
Thanks for your help,
Benjamin
Hi Benjamin,
well, I've never worked with the pass attribute FILTER for the pass type "FromSAP". Therefore, I'm not sure about the following - but maybe it's a starting point for further investigation...
I believe that it works differently for different data types:
Roles: simple filter value which filters for the role name (you can use *)
Roles, if you connect to a CUA central system: not supported
Users: it seems to work with a multivalue name=value syntax.
Conclusion: I guess it is easier to filter users in the source tab of the ToPass "WriteABAPUsers".
Kind regards
Frank Buchholz
Similar Messages
-
Filter condition in ABAP Initial Load Job
Hi,
The ECC Initial Load JOb for IDM has been failing continuously because of 'Out of Memory' Exception
Error Description - Unhandled Error in DSERuntime - Exception:java.lang.OutOfMemoryError
All the FROM PASSES except the "ReadAbapUsers" pass has been running successfully. We believe this could be because of the huge number of Users and User-Role Assignments(2,61,000) present in ECC System.
Hence we thought of breaking down this process(ReadAbapUsers) into smaller chunks.i.e., fetch all the users with loginuid starting with 1; then 2; then 3 and so on... But we are not sure of the way to implement this. Please suggest an alternative.
Regrads,
JoelHi, I dont know if you have resolved this already or not.. but have you considered increasing the heap size ?
-->
Reading stuff from an ABAP system can return a lot entries. The
roles/entries are returned in one big lump of data, and the runtime needs to
have enough space on the heap for this.
Solution
The maximum heap size can be set in the dispatcher prop file.
Locate the the correct dispatcher prop file.
This file is a java properties file. It will be called
"Dispatcher_Service_<dispatchername>.prop" i.e. if the dispatcher name
is "test", the file name will be "Dispatcher_Service_test.prop"
Locate the section
additional Java options
Set the maximum heap size to the desired size.
i.e To increase the maximum heap size to 512 Mb, set
JAVAOPTIONS=-Xmx512M
You can set more than one java option here, but if you do so, you also
have to set
MXDISPATCHER_EXECSTRING=1
Also note that increasing the heap size has a performance impact. We
therefore do not recommend doing this for the main dispatchers. Instead,
create a separate dispatcher for running large jobs, and do this change
only for this dispatcher.
See SAP Note 1347301 -
Connection Refused Error while running AS ABAP Initial Load
All,
I've never connected SAP NW IdM to an actual SAP system before, and I feel like I'm missing some obvious step of configuration, but I can't figure out what.
We are in the process of trying provision user accounts to our SAP ABAP systems. My first step was to try to read all of the existing accounts from the ABAP system:
Our Basis team created me a Communication user with the proper authorizations (I ensured that the authorizations included in SAP_BC_SEC_IDM_COMMUNICATION)
I created a repository using the SAP NewWeaver AS ABAP (Specific Application Server) Repository Template (No CUA, No SNC) using that user's credentials
I then used the Job Wizard and used the job template AS ABAP - Initial Load, specifying my repository above.
When I run the job I get the following:
Initializing SAP connection with parameters:
com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server failed Connect_PM MSHOST=<IPADDRESS>, R3NAME=<SID>, GROUP=PUBLIC LOCATION CPIC (TCP/IP) on local host ERROR partner not reached (host <IPADDRESS>, service sapms<SID>) TIME Wed Jun 01 13:54:36 201 RELEASE 640 COMPONENT NI (network interface) VERSION 37 RC -10 MODULE nixxi_r.cpp LINE 8840 DETAIL NiPConnect2 SYSTEM CALL SiPeekPendConn ERRNO 10061 ERRNO TEXT WSAECONNREFUSED: Connection refused COUNTER 1
Error Init failed
I'm running SAP NW IdM 7.1 SP5 on Windows Server 2003 with MSSQL 2005. The ABAP server is on a UNIX box with an Oracle 10.2 dB.
Is there additional configuration that needs to take place on the ABAP side to accept the connection?
I've tried to find documentation on this, but have been unsuccessful. If someone could point me to the correct documents, or at least point me in the right direction for troubleshooting, it would be greatly appreciated.Ankur,
Looks like the endpoint URL of the webservice is not updated and still pointing to the localhost. Try changing it to http://<ip_addres_of_your_server>:7101..... and see if it works fine then.
-Arun -
Error when we are running the job "AS ABAP - Initial Load" for a ABAP Syste
Hi,
We are getting the below error when we are running the job "AS ABAP - Initial Load" for a ABAP System.
Pls note that we have maintained the below entry types to the Identieny Store & we are still getting the error.
Request you to help me
MX_TITLE_SUPPLEMENT
MX_SALUTATION
MX_NAME_PREFIX
MX_ACADEMIC_TITLE
Error----
runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_ACADEMIC_TITLE!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_ACADEMIC_TITLE' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_ACADEMIC_TITLE!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_ACADEMIC_TITLE' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_NAME_PREFIX!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_NAME_PREFIX' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_NAME_PREFIX!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_NAME_PREFIX' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_SALUTATION!!Mr.!!EN)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_SALUTATION' AND ValText = 'Mr.' AND ValLocale = 'EN') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_TITLE_SUPPLEMENT!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_TITLE_SUPPLEMENT' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_ACADEMIC_TITLE!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_ACADEMIC_TITLE' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_ACADEMIC_TITLE!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_ACADEMIC_TITLE' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_NAME_PREFIX!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_NAME_PREFIX' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_NAME_PREFIX!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_NAME_PREFIX' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_SALUTATION!!Mr.!!EN)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_SALUTATION' AND ValText = 'Mr.' AND ValLocale = 'EN') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error runFunctionsInString($FUNCTION.sap_getHelpValKey(MX_TITLE_SUPPLEMENT!!)$$) got exception
org.mozilla.javascript.EvaluatorException: uSelect(select ValKey from dbo.mxi_attrvaluehelp where ValId = 'MX_TITLE_SUPPLEMENT' AND ValText = '') got exception java.sql.SQLException: ORA-00942: table or view does not exist
Error putNextEntry failed storingMANJUHB
Exception from Add operation:com.sap.idm.ic.ToPassException: ToIDStore.addEntry failed storing entry 'MANJUHB'. IDStore returned error message: " Value not legal for this attribute:Attribute: MX_ACADEMIC_TITLE_2" when storing attribute 'MX_ACADEMIC_TITLE_2=$FUNCTION.sap_getHelpValKey(MX_ACADEMIC_TITLE!!)$$'
Exception from Modify operation:com.sap.idm.ic.ToPassException: ToIDStore.modEntry failed updating entry 'MANJUHB'. IDStore returned error message: "Entry does not exist" when fetching entryThe Probelm was resolved after editing the Script..... "sap_getHelpValKey.js"
-
At my initial load AS ABAP, the following error showed up:
putNextEntry failed storingS_A.SHOW
Exception from Add operation:com.sap.idm.ic.ToPassException: ToIDStore.addEntry failed storing entry 'S_A.SHOW'. IDStore returned error message: " No such attribute:Attribute: ACCOUNTM23_ME5" when storing attribute 'ACCOUNTM23_ME5=S_A.SHOW'
Exception from Modify operation:com.sap.idm.ic.ToPassException: ToIDStore.modEntry failed updating entry 'S_A.SHOW'. IDStore returned error message: "Entry does not exist" when fetching entry
This error message affects all users. Where can I add the missing attributes?
Thanks for your help!!!Gerhard,
Could you please share the solution?
Thanks. -
Hi,
I have installed IDM server and completed all the initial configuration steps.
I have created repository which connects to the IDES server using the template SAP Netweaver AS ABAP (specific application server).
Now i am running initial load for that repository but nothing is happening. I cant see any job log,system log for that initial load.
I have created another blank test job , which i execute and running fine.I can see the log of that blank job.But nothing is there for the job Initial Load.
schedule rule : on demand and i am executing it by clicking on RUN NOW. If i see the status of the job it shows idle.
Can you please help me in this?
Edited by: Abhilashak on May 5, 2011 9:13 AMFirst, make sure it is set to use the correct dispatcher.
Second, go to the Status area for whatever folder that job is in. It should list all jobs for that folder, and any jobs that are "queued" will be bolded.
If it is bolded (it probably will be), it means that the job is queued to run but the dispatcher isn't running it for some reason. In that case, it could be the dispatcher it is set to run on isn't configured properly... Not sure what else would cause that.
I'm talking about this status area:
http://min.us/mvjy3gm -
Regarding ABAP initial load errors
hi experts
I have below errors left while doing Initial load for AS ABAP as follows
Error type 1:
Error :runFunctionsInString($FUNCTION.sap_encryptPassword()$$) got exception - Exception:org.mozilla.javascript.JavaScriptException: java.lang.UnsupportedOperationException: java.lang.ExceptionInInitializerError
I referred page 37 in System landscape configuration guide. but could not understand what and where password has to be set.
Could you please suggest me how to solve this two problem.
Also i would like to know where the Users, roles,profiles will be written in Identity store.
regardshi guys
Regardless of this error, i got the users/profiles/roles written in Identity center, i am able to see in monitoring webpage.
But how to solve this error is my concern...appreciate if you can give me some ideas
regards -
ABAP - CUA : Initial load : too many records in the CUA?
We are running :
SP03 for IDENT. CENTER DESIGNTIME 7.1 Patch 0
SP03 for IDENTITY CENTER RUNTIME 7.1 Patch 1
SP03 for NW IDM IC UIS 7.00 Patch 1
We have connected our customer's CUA system to IdM : we created an Identity Store called 'SAP_Master', created the CUA repository, defined the required attributes as defined in the guide 'IDM 7.1 - IdM For SAP Systems - Configuration 7-3.pdf', created the jobs based upon the templates etc. The dispatcher used has 'run provisioning jobs' disabled.
On our sandbox server, when we connect to our sandbox CUA system (CUA_YS5_200), everything is ok, the 'AS ABAP - Initial load' job with only 'ReadABAPRoles' enabled, runs fine.
On our QA system, when we connect to our 'production' CUA system (CUA_YP0_400), the 'AS ABAP - Initial load' job with
only 'ReadABAPRoles' enabled, finished with message 'could not start job, rescheduling'. Since there is a huge number of records (we looked it up in the system : 311.679 records), we decided to switch on parameter 'bootstrap job'. Now the result is that it takes forever, after half a day the job is still running. In the database, table 'sapCUA_YP0_400role' is still completely empty (no records). Therefore, it seemed interesting to connect our QA IdM system to our development CUA system (CUA_YS5_200). After a while, the exact same job has finished and table 'sapCUA_YS5_200role' contains 18.580 records.
After some additional testing, we might have discoved the cause of the issue could be that the number of records in our CUA is too big.
In the java code of the fromSAP pass there are 2 calls to the SAP system for reading the roles into Idm. The first one reads table USRSYSACT (311.000 records), the second one reads table USRSYSACTT (1.000.000 records). All these records are stored into a java hashmap - we think that 1 million records exceeds the hashmaps capability, although no java error is thrown.
When we debug the functionmodule RFC_READ_TABLE and change the rowcount to 100.000 then everything works fine. When we set the rowcount to 200.000 the java-code does not generate an error but the job in idm never
ends...
When running functionmodule RFC_READ_TABLE in the backend system the 1.000.000 records are processed in less than one minute. So apparently, the issue is related to the processing in the Java code.
Java Dispatcher heap size is set to 1024.
Anybody already came accros this issue?
Thanks & best regards,
KevinInstalling the patch, re- importing the SAP Provisioning framework (I selected 'update') and recreating the jobs didn't yield any result.
When examining pass 'ReadABAPRoles' of Job 'AS ABAP - Initial Load' -> tab 'source', there are no scripts used .
After applying the patch we decided anyway to verify the scripts (sap_getRoles, sap_getUserRepositories) in our Identity Center after those of 'Note 1398312 - SAP NW IdM Provisioning Framework for SAP Systems' , and they are different
File size of SAP Provisioning Framework_Folder.mcc of SP3 Patch 0 and Patch 1 are also exactly the same.
Opening file SAP Provisioning Framework_Folder.mcc with Wordpad : searched for 'sap_getRoles' :
<GLOBALSCRIPT>
<SCRIPTREVISIONNUMBER/>
<SCRIPTLASTCHANGE>2009-05-07 08:00:23.54</SCRIPTLASTCHANGE>
<SCRIPTLANGUAGE>JScript</SCRIPTLANGUAGE>
<SCRIPTID>30</SCRIPTID>
<SCRIPTDEFINITION> ... string was too long to copy
paste ... </SCRIPTDEFINITION>
<SCRIPTLOCKDATE/>
<SCRIPTHASH>0940f540423630687449f52159cdb5d9</SCRIPTHASH>
<SCRIPTDESCRIPTION/>
<SCRIPTNAME>sap_getRoles</SCRIPTNAME>
<SCRIPTLOCKSTATE>0</SCRIPTLOCKSTATE>
-> Script last change 2009-05-07 08:00:23.54 -> that's no update !
So I assume the updates mentioned in Note 1398312 aren't included in SP3 Patch 1. Manually replaced the current scripts with those of the note and re- tested : no luck. Same issue.
Thanks again for the help,
Kevin -
Hi.
Initial load from ABAP described in following PDF document failed.
Identity Management for SAP System Landscapes: Configuration Guide
http://service.sap.com/~sapidb/011000358700001449662008E
System log Error
lang.ExceptionInInitializerError: JCO.classInitialize(): Could not load middleware layer 'com.sap.mw.jco.rfc.MiddlewareRFC'
JCO.nativeInit(): Could not initialize dynamic link library sapjcorfc [C:\WINDOWS\system32\sapjcorfc.dll: Can't find dependent libraries]. java.library.path [C:\Program Files (x86)\Java\j2re1.4.2_16\bin;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS;......
Environment is
IdM 7.1
NW AS JAVA 7.0 SP 17
Windows 2003 Server 64bit
SQL Server
Any help will be most appreciated !Hi You Nakamura,
We are facing the same problem during AS ABAP - initial load with the same error message.
I downloaded the msvcp71.dll file and placed it in System32 folder. But the problem remains the same (even after server restart).
The system log shows the same error message and no entries in job log.
Please let me know if you had followed any different way to install the dll file.
Regards,
Vijay.K -
Dear Expert,
Find the below error while executing the job from identity center "ABAP INITIAL LOAD",
lang.ExceptionInInitializerError: JCO.classInitialize(): Could not load middleware layer 'com.sap.mw.jco.rfc.MiddlewareRFC'
JCO.nativeInit(): Could not initialize dynamic link library sapjcorfc. Found version "2.1.9 (2010-01-28)" but required version "2.1.8 (2006-12-11)".
JCO 2.1.8 is no longer supported and it is not available for download from SMP.
The second problem, I face is "Workflow" tab in the identity center, after applying SP4 also could not see the tab.
Any lead on this highly appreciated.
Thanks
AhamedHi,
Sorry for hacking the thread .. Actually we are also on same boat, We are implementing SAP Netweaver IDM 7.1 SP5 and facing similar issue with ABAP Initial load .
I had given a broad search in Google and even in SMP but not able to get the correct version(2.1.8).
May be you can help .
Regards, -
CRM business role - user mapping initial load
Hi,
I'm tyring to initial load the data from the CRM systems into IDM. I'm able to get all data of the users expect their business role mapping(parameter in CRM).
in the read pass of the user from the abap initial load , the attribute for the parameter is as follows,
Target Source
sap%$rep.$NAME%Parameter1:Info:VARCHAR:255| parameter1
but no data is stored in the parameter1 table though the user has some parameter mapped in the CRM system
Can anyone plz help to load this user-business role mapping details.
Thanks in Advance.
Regards,
PricyHello Pricy,
can you just give me some hints on what you are trying to do exactly?
My assumptions:
- CRM business role is stored as user parameter in ABAP SU01 user data, right?
- you want to read all the ABAP user data from your CRM system INCLUDING the user parameter data from ABAP SU01 user data, right?
If that is the case at least the loading part should work pretty fine. I just tried this on my local system and had no issues, all user parameters of my existing ABAP users where loaded into one temporary table.
-> Pass: ReadABAPUsers -> table "sap%$rep.$NAME%Parameter1:Info:VARCHAR:255|"
Did you find this temp table created on your database correctly? My table is there and is called "sapT01_001Parameter1" (where my repository is named T01_001) and it contains all the existing user parameters.
What exactly is your issue?
Regards,
René -
Privileges getting removed during initial load
Hi All,
I was performing initial load,There is no error as such in initial load however privileges are removed from backend but available on IDM , any changes perform to identity all roles are provisioning to back end system.
When i have googled it , I have found few good links(http://scn.sap.com/thread/3400455) which says issue is fixed in IDM 7.2 SP8 ,however i am using SP8 but still facing same issue.
I have attached current version of Provisioning framework which is been used .... Please let me know it is right version.
Secondly, I have also attached script & version of IDM , Please advice on it.
Regards,
AliHi Ali,
I have seen and experienced this before. If you are doing an initial load when the users are already in the system, you may well experience this since the load job is overwriting what your users have.
Take a look at this blog post I wrote: Setting Write Permissions on ABAP Initial Loads.
I think it might help point you in the right direction.
Thanks,
Matt -
Handling password while initial load process
Dear Experts,
This is about password handling in IDM. While doing initial load, I do not want to bring passwords from my target systems (AD/SAP) into IDM.
So which password(s) the users will use to login into target systems (AD/SAP) after initial load ? What can be achieved with pass "update system privilege trigger attribute" which is available in initial load job ?
Is it something like, IDM creates a default password on initial load which is sent back to target systems(from which initial load was done) which changes the password for the target systems to this new default password ?
Can we handle this default password being sent to target systems with the help of this pass "update system privilege trigger attribute" in initial load? so that this default password is not sent to target systems ??
So if the default password is not sent back to target systems after initial load, then users will keep using their existing passwords for their login in the target systems. After that, If I need to assign UMEJAVA only privilege to the users, the password for the target systems will be changed with the default password being sent on email to the users. Since the password on AD is now changed, how the users gonna login into AD to check their emails for the
new password ?
It seems I have written a BIG query here .... sorry for that. But please let me know if any thing above does not make any sense.
Also please share your views/expertise/best practice on the same.
Many thanks in advance!
Naveen
Version: IDM 7.2Hi Naveen,
Firstly to answer your query on what basis we decide he backend type for your UMEJAVA repository, its the business. If you want users to authenticate against AD, when they try to login to IDM UI, you have to configure the LDAP as backend and you have to choose datasource as Microsoft ADS (Deep Hierarchy) + Database (ume database).
If you want the Users to authenticate against UME database, by default ume points to UME database and you need to create the users in the UME database.
So, if you have configured AS JAVA with ADS+Database, in IDM you have to select the repository as SAP netweaver as Java (ldap backend)
In the repository constants, there is an attribute called BACKED_REPOSITORY which should be your AD repository name that is configured.
If you have a look at the AS JAVA connectors in the provisionign framework, in the create user plugin, IDM first checks for backend type. If it is LDAP backend, it just sets the JAVA account attibute, If the backend type is DB, IDM will create the user in the UME database.
Considering your system details, i would suggest you the below approach.
1. Configure your UMEJAVA with Microsoft ADS (Deep Hierarchy) + Database (ume database). For more information on how to configure your
UMEJAVA with LDAP backend refer to this link
2. So, now the users who try to login to IDM UI or any app on AS Java, will be authenticated against your active directory.
3. Perform the initial load from HR.
4. Perform the initial load from AD.
5. Perform the initial load from you AS UMEJAVA.
6. Now, all the user information/role assignment information is loaded to IDM.
7. Now lets discuss about password management. There are two things here
a. Change password (by user) - User changes password in IDM --> password changes are provisioned to AD and user can login with new password.
b .Password reset self service. - User resets password in IDM --> password changes in AD (as UME is configured to use AD)
Change password (by user)
By default the users who are successfully authenticated when they try to login to IDM UI, will get access to self-services tab. To allow users to change the password on their own, you create the corresponding ordered tasks and maintain the access control tab for selfservice.
So that when users wants to change their passwords, they can change on their own.
How IDM will provision the new password to target system is something you have to configure the logic. For example, my sandbox looks like this.
Password reset self-service.
The user can reset their password on their own if they cannot remember their password. To implement this, look at this document. http://scn.sap.com/docs/DOC-17111
Hope this helps. please let me know for any further queries.
~ Krishna. -
Initial Load - AS ABAP - getting only user with a group
Hi,
when i start initial load, i just get users with groups. Is that standard?
Br,
PhilipFirst of all - you'll need to familiarize yourself with the database for effective learning and debugging. I'm talking about the MS-SQL or Oracle-DB where you installed the IC-schema. It often helps me to understand whats going on behind the scenes.
Secondly - I read some of your posts - I would advise you to install the dispatcher and everything on the server where the DB is hosted - at least as long as you're in development. The MMC can still be on your local pc/laptop, although some things won't work well there (Import, Dispatcher-Status, ...). This'll ease things a lot I suppose.
About the service-user... SAP delivers a role you can import into PFCG (SAP_BC_SEC_IDM_.SAP-File in misc-folder of installation media). This role should be sufficient for your communication user, is updated every now and then and contains only the necessary permissions. Maybe you'll have to extend it (Z_SAP_) in case you want to read special tables not supported by the SAP framework (e.g. license data).
I can hardly believe that the current role assigned to your user only has permissions to users with groups != empty
By now I have no clue why you only see users in IdM with groups assigned in SU01... look up the SQL-table I mentioned if there are more users.
BR
Michael -
Importing Data from an ABAP system - JOB Initial Load - IDM 8.0
Hello all,
I got the error during the execution initial load job:
Value not legal for this attribute:Attribute: MX_USERTYPE" when storing attribute 'MX_USERTYPE=A'
Value not legal for this attribute:Attribute: MX_DATEFORMAT" when storing attribute 'MX_DATEFORMAT=1'
I have executed the job read value help content before start initial load job.
Could anyone explain if this attribute should be created manually in mxi_AttrValueHelp table before run the initial job?
ThanksHello Rafael,
There is a possibility that you have encountered a problem that we had with the language translations for the attribute values.
I would like to ask you to check one file content: could you try to open the language translations file: this should be located under ICCORE -> Database Schema -> SQL-Server -> 9-language-data.sql
There is a chance that this file is "broken". If so - we have fixed this specific problem in the Designtime Component patch 2 (now 3 is also available) - so you would need to update to this one.
You could also take a look at the table for the attribute values help - via executing "select * from mxi_attrvaluehelp".
Kind Regards,
Rali
SAP Identity Management Development
Maybe you are looking for
-
How can I delete the extension .html in the web browser if I do not have Business Catalyst?
I have been working on my site for quite some time but just realized that if I type in www.website.com/page it will not work unless I type in www.website.com/page.html. This will be really detrimental for my client. Is there a way to allow customer
-
MAC; OS X Yosemite 10.10.3. All my photos on the MAC were in events named by me. Now, with this upgrade, all my photos are without my event names and named by iphoto by date and location (sometimes incorrect). I do not like this at all. I want to ret
-
10.6.2 httpd respawning endlessly.
My server's log is full of this: Feb 28 00:40:31 atlas com.apple.launchd[1] (org.apache.httpd): Throttling respawn: Will start in 10 seconds Feb 28 00:40:41 atlas org.apache.httpd[2466]: (48)Address already in use: make_sock: could not bind to addres
-
Setting up a home office network
I'm looking for some simple, straight forward instruction as to how I can use my Airport Extreme base station to network together my MacBook Pro, a G4 tower (connected to Airport Extreme via the Ethernet LAN port) and a PC laptop. I want to be able t
-
Upload of Expenses and Revenues in Trail Balance
Hi, We are in the cutover phase now and how we ulpoad the expense sand revenues in trail balance becz my client is insisting on this and while I doing the same the system is asking the cost object for the same how we will give this which does not exi