Finding users based on "sharedId"

Similar Messages

• Query to find users based on Resource Status

  Hi All,
  I'm working on OIM 9x version.I need to find out set of users for a resource which is in "Ready" status under their resource profile
  let say Resource A is there and for some users the staus of this Resource under their resource profile is in "Ready".I would like to fetch those users.
  Kinly help me by providing SQL query for this.
  Thanks
  Madhu

  Try this query:
  select usr.usr_login, obj.obj_name, ost.ost_status from usr, obj, obi, oiu, ost where usr.usr_key = oiu.usr_key and obi.obi_key = oiu.obi_key and obi.obj_key = obj.obj_key and ost.ost_key = oiu.ost_key and obj.obj_name='<resource object name>'
  you can add : and ost.ost_status = <status value > to search status as well.
  regards,
  GP

• How to find user ids based on authori object & values.

  Hi all,
    I am trying to find User master records based on
  Authorization object - M_EINK_FRG ( realease strategy for tocde ME28 - MM)
  values -
  code --VP
  GRP - 01
  I found some time before with Tcode SUIM using trail and error method.
  I am trying it again but not possible. is there any easy method or report to pull out this info.
  Thanks
  Satheesh

  Hi Satheesh,
  SUIM gets the data from many tables and is the best solution for searching an user based on the authorization object.
  You will find the auth object in SUIM.
  SUIM->User->Users by complex selection criteria>by authorizations>Auth Object->execute->select a user>click on selectively expand the tree--->execute based on auth obj.
  Rakesh

• HI,how to find roles for user based on userid?

  hi,
  i need to find roles for each user based on user id.
  can i know any one knows this how to get roles for user?
  thanks,
  jpullareddy

  hi,
  i solve my self.
  i am getting values
  jpullareddy

• OIM - Email notification to a specific user based on a dynamic rule

  Hello, After creation of account in a particular target resource I need to send an email to a specific user based on the location of the user (e.g area admin).
  In the notification tab of process tasks, I see only "Assignee", "Requestor", "User", "User Manager"? How can I achive the above specified requirement?
  Before posting this question, I tried to search the forum for any previous posts related to this. But I couldn't find any. May be I was not searching with right key words.
  Any help is appreciated. Thanks in advance.

  You'll need to custom code an adapter to send the email, then you can send to any user you want. Create a new task and trigger it off the completion response code. You can use the following apis:
  tcEmailNotificationUtil sendMail = new tcEmailNotificationUtil(ioDatabase);
  sendMail.setBody("Type your body here or use a string variable");
  sendMail.setSubject("Type your subject here or use a string variable");
  sendMail.setFromAddress("[email protected]");
  sendMail.sendEmail("[email protected]");
  Just populate the above pieces with the information needed.
  -Kevin

• Can't find user exit or enhancement at RGJVBR15

  Hi everyone,
  I need your help guys. Right now,i'm developed sapscript for billing statement (cash call and expenditure). I have finished the form but i have problem at print program RGJVBR15. This print program is called by RGJVBR10 (Tcode : GJ14 --> Hard Copy Billing).GJ 12 and GJ 13 is used to extract data that will be used by forms.
  There is statement like this in RGJVBR15 at subroutine CREATE_EXPENDITURE (Line 1421 in include file RGJBF_I1) :
  AT NEW C5_CURR. --> Group by funding currency
     PERFORM POPULATE_SPOOL_ID
  ENDAT.
    PERFORM F6100_PROC_...  -> This will be used to open form,write form (sapscript)
  AT END OF C5_CURR.
  ENDAT.
  The problem is that i want to change this logic. I want to change the standard logic (display report group by funding currency), i want to ignore this and instead using group currency. So there only one report produced with one currency only (if using standard logic there is more than 1 report based on funding currency). But i can't find user exit or enhancement in this SAP Standard Program. Is anyone know if there is user exit or enhancement in this program? I don't want to use implicit enhancement because it's will produce problem when client want to upgrade their system. Thank you.
  Best Regards,
  Satria

  hi,
  for tcode GJ14 user exits avaliables are
  Exit Name           Description
  JVA-IM-1             Joint Venture: Integration Manager Set Intercompany Lines
  JVA_IM_2            User Exit Splitting
  JVA_IM_3            User Exit Check Document
  regards,
  paras

• How to find user who loaded the procs in DB

  Hi guys how to find user who loaded procs in database ..and the date...
  is there anyway..
  i tried to look at all_objects..but it didnot workout..
  thanks

  That is correct. You will only have audit rows for item that you are auditing. I am suggesting you audit all DDL in a production database since production jobs should not perform DDL with the probable exception of truncate. This will provide this type of information going forward. It will not help you answer the question of who created the procedure last week?
  Auditing is explained in the Security manual and the full comand syntax is available in the SQL manual.
  You can easily write a purge the audit data to remove data once it is no longer of interest based on the date the audit row was created.
  HTH -- Mark D Powell --

• User based uninstall collections - Dynamic

  Hi Guys,
  I have been looking for sometime at how User based uninstalls are done and I see that mostly people do an Exclude on the collection and deploy an uninstall to basically everyone who DOESNT have the application deployed to them. The issue with this is
  if you have a high number of apps (500 lets say) you deploy 400 either uninstall or install deployments to everyone which dramatically slows down deployment of apps on new machines etc.
  With APP-V the queries are fairly straight forward and we have dynamically changing uninstall collections that only show users that have the app for them in a compliant state on a workstation in the estate, when they are fully unpublished they drop
  out of the collection based on compliance state.
  I am trying to achieve the same method for uninstall collections where physical installs are used. Unfortunately there isn't a class like the APP-V AppClientState for Physical apps, or from what I can see at least and just wanted to see if anyone had
  achieved uninstall collection for physical apps in a more dynamic way than doing Include/Exclude on the collections which I see as very static and uneconomical.
  Many thanks,
  Adam

  Hi Hican, Torsten,
  Thanks both for your replies. below is the query i have used. I'll just be clear that this may not suit a lot of environments because of users moving around etc.
  select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_R_User where uniqueusername in (select distinct SMS_G_System_SYSTEM_CONSOLE_USAGE.TopConsoleUser from SMS_G_System_ADD_REMOVE_PROGRAMS INNER JOIN SMS_G_System_SYSTEM_CONSOLE_USAGE ON SMS_G_System_SYSTEM_CONSOLE_USAGE.ResourceID=SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID WHERE SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = '<ARP DISPLAYNAME>' and TopConsoleUser not in (Select SMSID From SMS_CM_RES_COLL_XXXXXXX))
  This query basically finds all workstations with a specific Display name in ARP, it then looks at the topconsoleuser in the SystemConsoleUsage class for that workstation. The User resource is then pulled back based on that username and the uninstall is deployed
  to the user alongside the install.
  When the machine tied to that user no longer has that software installed the user drops out of the collection. I have these collections scheduled to do an update overnight at random intervals.
  You will note at the end i use a "NOT IN" clause so i can exlude specific accounts from being included in the uninstall collections. The reason for this is we have a couple of service accounts that gets used heavily in various places
  and end up getting registered as the top consoleuser in some instances. This is put in as a safeguard.
  the only bits in the query that change is the <DisplayName> section which is what gets added in ARP.
  SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = '<ARP DISPLAYNAME>'
  Again you need to be careful here as a program may have the same displayname as another if it hasnt been versioned correctly. in this case it may be better to use another attribute such and Product GUID.
  Lastly if you choose to have an exclude collection like myself the collection Class will also need amending:
  and TopConsoleUser not in (Select SMSID From SMS_CM_RES_COLL_XXXXXXX)
  Somone may say there is an issue with doing it this way. obviously if users roam a lot you could end up stripping software off peoples machines which is why i say it may not suit some environments but this goes quite well where we are.
  Some users may also not show if they are not yet registered as the TopConsoleUser of their workstation yet as this is a 3 month calculation (if i remember rightly). If this is being put in with a new not yet deployed app it looks clean from a returned list
  of users standpoint, if however you have an estate where applications have never been unstalled and workstations have changed hands, initially you will see a lot of users in the uninstall collections which werent in the install. These applications will uninstall
  for them and they will drop out of the collections.
  Hican, like i said adding the software metering part in to the above query could prove even more economical as the uninstall deployment wouldn't actually be deployed if the software was active. If i get a chance i will look at this.
  Hopefully the above makes sense, obviously this is just my take on how to do some uninstall collections and if somone decides to try it they are doing so at their own risk. retrofitting uninstalls is painful and risky.
  Thanks,
  Adam

• In search of end user based forums

  in search of end user based forums
  Any one know of SAP website for (expert) end user Q/A   ?
  Development is fun and all, but when I need A break from the 011001101000100110100 where do I go?

  Interesting question.
  You could try the forum or even [Scripting Languages|/community [original link is broken]; here on SDN to get closer to the front end, but I guess the "expert level" would need to be quite advanced before an end user spends more than just a careless mouse-click there.
  Otherwise there is the [SAP Design Guild|http://www.sapdesignguild.org] which has a lot of interesting things about the UI. However they closed their forums because of spam, and now point to . Downside: Not much action going on. Upside: You could become top contributor and will a free entry to SDN Community Day with just one post.
  Another option worth taking a look through is the [BPX category|/community [original link is broken]; where you might find some .ppt programmers hanging out.
  Cheers,
  Julius

• Database design for Role/User based access to the application..

  We want to implement Role/User based access to the application.
  Can anyone tell me whats the optimized way of storing the data {User, Role, Access_Type etc} in the database.. The Roles might get added in the future so i dont want to maintain a single table to map User-Access_Type..
  Access_Type -->
  AT_1 | AT_2 |AT_N |
  ------- |------- |------- -|------|
  User_1 | | | |
  ------- |------- |--------|------ |
  User_2 | | | |
  ------- |------ -|--------|------ |
  I want to maintain a table which will map user with the Access_Type, which should be mainatained in a different table..
  Any help would be highly appreciated..
  Thanks in Advacnce,
  Shridhar..

  You find your answer here:
  http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html

• Finding user-exits

  Hi Experts,
  1.How to find the screen Exits and Menu Exits for any Transaction code?
  I know how to find thru SMOD by giving package name and thru MODSAP table.I also know a Z-program is there to find.But i want to find thru SAP program.Like Call Customer function is there any way for finding menu Exits and Screen Exits?
  2. Is access key required to implement Menu and Screen exits in ECC6.0 version?
  3. I will be great full if any body let me know the step by step procedure for implementing screen exit and Menu Exit with an Example in ECC 6.0 version.
  Regards
  Ravi.
  Regards

  1. Finding user exit/BADI
  SMOD, is where you can find the system modifications provided by SAP. CMOD is where you will implement them. If you are looking for all the enhancements provided, then go to CMOD, follow the menu, 'Utilities-->SAP Enhancements'. This will take you to a screen where if you just execute it, you will get all the enhancements provided by SAP.
  It is always difficult to find a user exit if all you have is a program name or a transaction code, unless you do a program like Rich suggested. But even there, you will not be able to find user exits that are implemented as sub-routines(also called forms not sapscript forms). Most of the user exits are documented under the corresponding task under IMG structure. So use transaction code SPRO, go to the IMG structure, choose the application area that your program or transaction might be and then you should find a task that talks about enhancements. If you execute that task most often it will take you to CMOD and sometimes to SE38. But all you want to know is there in the documentation attached to the task. Then you can go to CMOD and see which components are there.
  Finding BADIs
  Business add-ins are enhancements to the standard version of the system.
  Business Add-In is a new SAP enhancement technique based on ABAP Objects.
  They can be inserted into the SAP system based on specific user requirements.
  Each Business Add-In has:
  • at least one Business Add-In definition
  • a Business Add-In interface
  • a Business Add-In class that implements the interface
  In order to enhance a program, a Business Add-In must first be defined
  Subsequently two classes are automatically generated:
  • An interface with ‘IF_EX_’ inserted between the first and second characters of the BADI name.
  • An adapter class with ‘CL_EX_’ inserted between the first and second characters of the BADI name.
  The Application developer creates an interface for this Add-In.
  There are multiple ways of searching for BADI.
  • Finding BADI Using CL_EXITHANDLER=>GET_INSTANCE
  • Finding BADI Using SQL Trace (TCODE-ST05).
  • Finding BADI Using Repository Information System (TCODE- SE84).
  1. Go to the Transaction, for which we want to find the BADI, take the example of Transaction VD02. Click on System->Status. Double click on the program name. Once inside the program search for ‘CL_EXITHANDLER=>GET_INSTANCE’.
  Make sure the radio button “In main program” is checked. A list of all the programs with call to the BADI’s will be listed.
  The export parameter ‘EXIT_NAME’ for the method GET_INSTANCE of class CL_EXITHANDLER will have the user exit assigned to it. The changing parameter ‘INSTANCE’ will have the interface assigned to it. Double click on the method to enter the source code.Definition of Instance would give you the Interface name.
  2. Start transaction ST05 (Performance Analysis).
  Set flag field "Buffer trace"
  Remark: We need to trace also the buffer calls, because BADI database tables are buffered. (Especially view V_EXT_IMP and V_EXT_ACT)
  Push the button "Activate Trace". Start transaction VA02 in a new GUI session. Go back to the Performance trace session.
  Push the button "Deactivate Trace".
  Push the button "Display Trace".
  The popup screen "Set Restrictions for Displaying Trace" appears.
  Now, filter the trace on Objects:
  • V_EXT_IMP
  • V_EXT_ACT
  Push button "Multiple selections" button behind field Objects
  Fill: V_EXT_IMP and V_EXT_ACT
  All the interface class names of view V_EXT_IMP start with IF_EX_. This is the standard SAP prefix for BADI class interfaces. The BADI name is after the IF_EX_.
  So the BADI name of IF_EX_CUSTOMER_ADD_DATA is CUSTOMER_ADD_DATA
  3. Go to “Maintain Transaction” (TCODE- SE93).
  Enter the Transaction VD02 for which you want to find BADI.
  Click on the Display push buttons.
  Get the Package Name. (Package VS in this case)
  Go to TCode: SE84->Enhancements->Business Add-inns->Definition
  Enter the Package Name and Execute.
  Here you get a list of all the Enhancement BADI’s for the given package MB.
  2. No access key will be asked
  3. Step by step procedure
  http://sap.ittoolbox.com/groups/technical-functional/sap-r3-dev/menu-exits-72696#
  http://wiki.ittoolbox.com/index.php/HOWTO:Implement_a_screen_exit_to_a_standard_SAP_transaction
  a®

• Aurgent: Can any body help of User-based sizing

  Hi Experts.
               iam new to the implementation .can anybody help on Inital user based sizing.Do n't send the links of service market place.I want know abt wat type of  user has to consider for the A/s Ecc6.0 and how to consider their roles in the appli.server. And also give me the information of users Like low,medium,high in the Quizertool.
                Replied  answer could be rewarded.
  Thanx.....

  Hi,
  Sizeing basically doesn't depends on users. It is based on active users only.
  Sit with y'r functional leads , and discuss roles and authorizations also.
  Roles will be parent and child etc.
  In the initial project blue print, we can find or estimation of no. of users and active users.
  Initially go with normal settings according to Installation guide.
  Read the Sizer well.
  Note: Points always encourage me to reply !!

• UME + AD --- User Based Partitioning

  Hello
  We have our SAP Nw Portal 7.01 connected to an AD and we are following the user-based partitioning principle described in this site:
  [http://help.sap.com/saphelp_nw70/helpdata/en/cd/eafc3f8fc2c542e10000000a1550b0/content.htm]
  However, we want to split users based on a different attribute of the user being a service user or not. Indeed, we want to split dialogue users between the UME local database and the AD.
  Help to find documentation about the user-based partitioning options and available attribute namespaces would be appreciated.
  Thanks,
  Jon

  James,
  yes. We want to setup external users in a seperate datastore. From the EP documentation I know it is possible but I do not seem to find any docs on how to set it up.
  Thank You, Madhavi

• User-based partitioning

  Hi everybody,
  I'm trying to implement user-based data partitioning. I want to store users with the department "IT" in the Database and others in the second Data Store an SAP System.
  With the following config.xml I achieved this, but the users that were stored in the sap system became no sap account and could not login to the sap system. This is becaue I've set the <homeFor> <principal name="account"> .. on the database side.
  <?xml version="1.0" encoding="UTF-8"?>
  <!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_r3.xml#6 $ from $DateTime: 2004/07/01 09:31:21 $ ($Change: 16627 $) -->
  <!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
  <dataSources>
    <dataSource id="PRIVATE_DATASOURCE" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true">
      <homeFor>
        <principals>
          <principal type="user">
            <nameSpace name="com.sap.security.core.usermanagement">
              <attribute name="department">
                <values>
                  <value>IT</value>
                </values>
              </attribute>
            </nameSpace>
          </principal>
          <principal type="account"/>
          <principal type="group"/>
          <principal type="team"/>
          <principal type="ROOT"/>
          <principal type="OOOO"/>
        </principals>
      </homeFor>
      <notHomeFor/>
      <responsibleFor>
        <principals>
          <principal type="group"/>
          <principal type="user"/>
          <principal type="account"/>
          <principal type="team"/>
          <principal type="ROOT"/>
          <principal type="OOOO"/>
        </principals>
      </responsibleFor>
      <privateSection/>
    </dataSource>
    <dataSource id="R3_DATASOURCE" className="com.sap.security.core.persistence.datasource.imp.R3Persistence" isReadonly="false" isPrimary="true">
      <homeFor>
       <principal type="user"/>
      </homeFor>
      <notHomeFor>
       <principals>
          <principal type="user">
            <nameSpace name="com.sap.security.core.usermanagement">
              <attribute name="department">
                <values>
                  <value>IT</value>
                </values>
              </attribute>
            </nameSpace>
          </principal>
          </principals>
      </notHomeFor>
      <responsibleFor>
        <principals>
          <principal type="user">
            <nameSpaces>
              <nameSpace name="com.sap.security.core.usermanagement">
                <attributes>
                  <attribute name="uniquename"/>
                  <attribute name="firstname"/>
                  <attribute name="lastname"/>
                  <attribute name="salutation"/>
                  <attribute name="title"/>
                  <attribute name="jobtitle"/>
                  <attribute name="department"/>
                  <attribute name="email"/>
                  <attribute name="telephone"/>
                  <attribute name="mobile"/>
                  <attribute name="fax"/>
                  <attribute name="locale"/>
                  <attribute name="timezone"/>
                  <attribute name="referenceuser"/>
                </attributes>
              </nameSpace>
            </nameSpaces>
          </principal>
          <principal type="account">
            <nameSpaces>
              <nameSpace name="com.sap.security.core.usermanagement">
                <attributes>
                  <attribute name="j_user"/>
                  <attribute name="j_password"/>
                  <attribute name="validfrom" />
                  <attribute name="validto"/>
                  <attribute name="islocked"/>
                  <attribute name="lockreason"/>
                  <attribute name="passwordchangerequired"/>
                  <attribute name="userid"/>
                  <attribute name="ispassworddisabled"/>
                  <attribute name="logonalias"/>
                </attributes>
              </nameSpace>
            </nameSpaces>
          </principal>
        </principals>
      </responsibleFor>
      <attributeMapping/>
      <privateSection/>
    </dataSource>
  </dataSources>
  What I tried than is adding
  </principal>
           <principal type="account">
            <nameSpace name="com.sap.security.core.usermanagement">
              <attribute name="department">
                <values>
                  <value>IT</value>
                </values>
              </attribute>
            </nameSpace>
      </principal>
  to the <homeFor> section of the database
  and <notHomeFor> section of the sap system
  and of course adding: <principal type="account"> to <homeFor> of SAP System.
  It didn't worked.
  So my question is how can I specify that an account for the user with department "IT" should also be created in the database and all other accounts in the SAP system?
  Regards

  James,
  yes. We want to setup external users in a seperate datastore. From the EP documentation I know it is possible but I do not seem to find any docs on how to set it up.
  Thank You, Madhavi

• FM to assign role to the user based on HRPOSITION

  Hi All,
  I have a query. I am working on security based product where in our current functionality role is assigned to user based on position.
  EX:
  Current Scenario:
  role1, role2, role3, role4 are assign to position P1.
  and that position P1 is assign to USER so USER is able to have those roles.
  Now, Required functionality is:
  Every position has one HRPOSITION maintained in our product. so now all roles should assign to user based on HRPOSITION.
  My colleague is saying, To achieve this, we have a BAPI. I got some word as hint for that BAPI which is : HR*INITIAL*DATA*. It can be in any combination.
  I tried to find in se37, even did goggling but couldn't succeed.
  This is what I got as requirement. May be, I am not understanding the requirement or understanding but not able to get the desire output.
  Please help. Thanks in advance

  Hi Somu,
  Have a look at the below FM which is  used to submit position based request.
  GRAC_IDM_ORG_ASSG_REQ_SERVICES (Organisation assignment request service)
  Thanks
  KH