For Migration: Staffing of existing Roles with Distribution

Similar Messages

• Staffing of Project Roles with Resources

  Hi PPM Gurus,
  We have some gaps when designing workflow email to Resource Line manager in cProject (Project Management) in PPM. We working on scenario where,-
  1.       1. Project Manager (PM) knows only roles required for project, but not resources
  2.       2. Important Question: How PM will inform by SAP workflow to Resource Manager (RM) or Line Manager (LM) to update resource in cProject.
  3.       3. Then we can use standard SAP workflow process as mentioned in 1013736 – cProject soft booking and hard booking approval workflow which is,
  1) The process of approval of a Soft Booking of a Resource to a Project Role and the subsequent conversion of the booking from 'Soft Booked' to 'Hard Booked' is controlled by means of a workflow.
  2) This workflow will be triggered when a Resource is assigned to a Project Role or an old booking is changed and the booking type of a resource is marked as 'Soft Booked' by a Resource Manager. A Resource can be soft booked by checking the 'Res.' checkbox within the staffing table against the resource which is being booked to a role.
  3) The Line Manager of the resource which was soft booked will receive a mail containing a link to his SAP Business Workplace from where he/she can approve/reject the booking.
  4) In the SAP Business Workplace of the Line Manager a work item would be present which will have the booking details, 'Approve Booking' and 'Reject Booking' buttons which shall be used to make the respective decisions.
  5) If the booking is approved then the workflow will try to automatically convert this booking from 'Soft Booked' to 'Hard Booked' in the background. If it succeeds then the process will move forward; if not (say, because of reasons like Project/role being locked) then the Line Manager will get another mail informing him/her about the failure and would have to re-execute the booking through a new work item. Once the booking type is successfully converted from 'Soft Booked' to 'Hard Booked' then the Resource Manager(s), Project Manager(s) and the Resource himself/herself will receive a mail notifying the confirmation of the booking.
  6) If the booking is rejected then the booking type will remain unchanged ('Soft Booked') and the Resource Manager(s), Project Manager(s) will receive a mail notifying the rejection of the booking.
  Bottom of Form
  Regards, Diana

  Hi Diana,
  Your questions can be answered through staffing type 'Resource manager via responsible organisation' known as extended staffing process in PPM-Project management.
  There are many staffing types
  1) Project lead
  2) Resource manager via authorisation
  3) Resource manager via responsible organisation (Extended staffing process)
  4) Multi-Resource Scheduling (MRS) (If MRS is integrated).
  Except the first one, all other staffing type involves resource managers to staff the project roles and these staffing types are cross-project view for resource managers. The first one is project-centric and it is always staffed by the project lead/Project manager.
  Resource manager via authorisation: Here the staffing is carried out based on the authorisation the resource manager has for specific resource pools with staffing/candidate manager authorisation to a single/multiple projects.
  Resource manager via responsible organisation: In this process, the responsible staffing/candidate manager is identified through the HR organisation unit assigned by the project manager to a project role. This extended staffing process has 3 steps–
  1)     Staffing in preparation (Where the project manager select the suitable department/functions(org. unit) for staffing the resource manager)
  2)     Staffing in process ( The responsible staffing manager of the org. unit staff resources from his org. unit)
  3)     Staffing closed (The project manager closes the staffing process).
  MRS staffing is also similar to the above with its own extra features.
  Considering this, I feel that ‘Extended staffing process’ is more suitable for your scenario.
  Regards,
  Ravi

• Help for migrating DB2 to Oracle11 g, with Sql Developer

  Hello, Good Afternoon,
  Today I started a series of exercises to migrate DB2 9 to Oracle 11 g, with SQL Developer in order to evaluate this tool for a project we have in door.
  But it is setting a number of issues, because the DB2 tables that we are trying to migrate do not have primary key and load the data sets the error ORA-02270.
  It is generating an error when trying to convert the following triggers.
  CREATE TRIGGER min_salary NO CASCADE
  BEFORE INSERT ON staff REFERENCING NEW AS newstaff
  FOR EACH ROW MODE DB2SQL BEGIN ATOMIC
  SET newstaff.salary =
  CASE
  WHEN newstaff.job = 'Mgr' AND newstaff.salary < 17000.00 THEN 17000.00
  WHEN newstaff.job = 'Sales' AND newstaff.salary < 14000.00 THEN 14000.00
  WHEN newstaff.job = 'Clerk' AND newstaff.salary < 10000.00 THEN 10000.00
  ELSE newstaff.salary END;
  END
  CREATE TRIGGER do_not_del_sales NO CASCADE
  BEFORE DELETE ON staff REFERENCING OLD AS oldstaff
  FOR EACH ROW MODE DB2SQL
  WHEN(oldstaff.job = 'Sales') BEGIN ATOMIC SIGNAL SQLSTATE '75000'
  ('Sales staff cannot be deleted... see the DO_NOT_DEL_SALES trigger.'); END
  SEVERE 197 625 oracle.dbtools.migration.workbench.core.MigrationLogResourceBundle Failed to Convert Trigger MIN_SALARY>: class org.antlr.runtime.NoViableAltException -> null: Line 1 Column 0
  SEVERE 196 1328 oracle.dbtools.migration.workbench.core.MigrationLogResourceBundle Failed to Convert Trigger DO_NOT_DEL_SALES>: class org.antlr.runtime.NoViableAltException -> null: Line 1 Column 0
  I can do for Work Bench (SQL Developer) not validate that DB2 must carry primary keys?
  I can do for Work Bench (SQL Developer), I can turn triggers the 2 above?
  Greetings

  to follow up the root cause of ORA-02270 it would be good to get the DB2 table definition as the table is defined in the Oracle database.
  For the other issue with the trigger, please have a look at:
  http://www.oracle.com/technetwork/database/migration/db2-084087.html
  => it lists which objects the migration supports as:
  Supported Migration Objects
       Tables      
       Views
       Indexes
       Users
       Constraints
  => so no triggers.

• BP search for General and Company Code roles

  Hi
  On the modify Money Market Transactions (TM_52) (and some similar to it for other products TS02, TM32, TO02), if i go to the Partner Assignment Tab and I try to assign a bp for the General or the Company Code roles, the bp search program give me no results.
  If i try to do the search for the Counterparty role it gives me the results I expect.
  Is there any reason for do not give any result when these roles are the primary roles that, of course, the bp I choose has? Is it a program problem (this program has returned me some dumps and I implemented some Notes on it before)? If so, is there any solution?
  I want to assign these roles because I hope that these assignments with these roles modify the payment data or the master data of the transaction.
  Thanks

  Hi
  This is a very common topic.
  look at this thread:
  Authorization in reports
  Here's a starting point ...
  http://help.sap.com/saphelp_bw33/helpdata/en/72/eeb23b94c6e54be10000000a11402f/frameset.htm
  Outline steps...
  In RSSM:
  Create authorization object
  Make authorization object applicable to relevant InfoProviders
  In PFCG:
  Add authorization object to new or existing Roles with appropriate field assignments
  Make User/Role assignments
  Reg's
  Edan

• When we have LSMW for migrating data then why we will go for Session/Call ?

  Hi Guru's,
  Could you please tell me ...
  When we have LSMW for migrating data , why will go for Sessions/call Transaction for migrating? when we do with LSMW we can complete the object with less time then why we have will do with session/call transaction?
  when we have to use LSMW ? and when we have to use SESSION/ CALL TRANSACTION ..
  thanks in advance..
  vardhan

  LSMW can't upload large amount of data into the database.
  Whereas BDC SESSION CALL /TRANSACTION method can upload large amount of data into the database.
  The error capture method is superior in BDC.
  BDC programs can be scheduled to run on periodic basis as per the customer requirements.

• CUP v5.3 SP11.1 - CUP Request button "Existing Roles/Groups"

  Hi!
  Re: CUP v5.3 SP11.1 - CUP Request button "Existing Roles/Groups"
  Can anyone explain why some of our CUP users will see this CUP button in the CUP Request and others will not? Are they missing a UME "ACTION"?
  The button works fine, but it only shows up for some users and not others.
  Thanks for your help!
  -john

  Hello ,
  For Approvers , the button "Existing Roles /Groups" will be visible only when the following "stage" level setting is set
  Change Request Content = Yes
  Add Role =Yes .
  Regards
  -Ranjiv

• Making existing roles watertight for HR data

  Hello,
  I hope to get nudged in the right direction in here. I already descended pretty much to the end of my rope and ... well ... I need some more rope
  The situation is like this - I inherited everything that has to do with maintenance of authorizations on our system half a year ago, the guy that did that before me is no longer in the company (so there's no use in asking what he was thinking (if anything) when he was putting the roles together). Documentation is scarce/non-existing. When it exists it's usually not up to date. I'm not exactly a newbie in authorizations field, but at the same time I'm not really that far away from being a newbie yet, so I'm not beyond listening to basics being pointed out to me.
  <u>The Utopia</u>:
  There are five single roles built for all users of our system (say R1, R2, ... , R5). They're supposed to build on one another, R1 being the basic role, R2 having a couple more authorizations than R1, and so on until R5 which is the role that also has all HR authorizations.
  <u>The Reality</u>:
  The roles have been designed in a hurry and from the top down starting with the sap_all profile and removing some (or most of the) CA, BC and HR authorizations. They were not properly tested. They do not derive from one another in any way ... R2 for example is a complete copy of R1 with some additional objects and values, same for all the others. Every problem needed to be fixed five times, once for every role. That of course resulted in chaos, things got changed just in one place and the basic role suddenly got more powerful than all the rest. These roles are in use in the production system and there are no plans to substitute them with something better in the very near future.
  <u>The Problem</u>:
  Suddenly (yeah, right ) the need arose to have these roles watertight with regard to HR data. I did some rudimentary testing and sure enough they're nowhere near watertight even for the most common HR transactions. There are ranges defined in S_TCODE for which I have no idea why they are as they are, there was access to SA38 given where SAP HR programs with no authorization group (and no transaction code) assigned could be run by everyone ... there's god knows how many other security holes. The only help I got from the HR consultants was the list of all 2000 or so HR transactions (taken from the SAP menu tree) which shouldn't be accessible to a normal user. I suspect I might be in need of a typing monkey to check them all five times
  <u>Question</u>:
  How do I close as many security holes in these roles as possible? What's the strategy when dealing with such tasks? I've made it clear to the management that we probably won't have watertight roles if we don't create new ones, but making a set of new roles created properly from the bottom up is out of the question at this moment.
  I'd be extremely grateful for any advice or if anyone could point me to any kind of documentation about making roles like ours more secure for protecting HR data (and also keeping the users away from any BC stuff).
  In the meantime, I'm off to searching through the archives of the forum.
  ursa

  Mopping the floor with the water running is a spot on description
  Actually we're in the process of setting up new and improved authorizations but (of course!) the testing phase turned out to be much more time consuming than anticipated. No surprise to me, however someone obviously thought authorizations are a matter of defining roles and their menus and the system does everything else by itself. Riiight.
  What I did so far - first I educated myself on the specifics of HR authorizations. I never had to deal with those before, so (for example) it was a surprise to me that there's actually a separate SAP course dealing with HR authorizations Then I compared the existing roles to each other like you suggested and figured out a way that allowed me to do all the modifications with least amount of work. I cleaned most of the infotypes out of P_ORGIN and (to cover my behind), adjusted the ranges in S_TCODE to exclude the 2000 HR transactions our HR consultant listed for me.
  Most importantly - I made it clear to the guys above me, that with the roles we use I can't guarantee HR data to be inaccessible for people who should stay away from it. So ... back to the testing of the new authorizations
  Thanks for your help! It always makes a huge difference to get something like a second opinion when one can't decide if left is better than right or if it's the other way around.
  ursa

• Security role with alias KeystoreAdministrator does not exist.

  i have a error trying to start  the java engine of a Solution Manager 4.0 SR2 on AIX with ibm jdk SR9
  the next log is about the std_server0.out
  i do not how to create the alias because i can not connect using Visual Administrator because the server not start
  stdout/stderr redirect
  node name   : server0
  pid         : 995354
  system name : SMS
  system nr.  : 00
  started at  : Wed Aug 13 18:26:36 2008
  [Thr  1] Wed Aug 13 18:26:37 2008
  [Thr  1] MtxInit: -2 0 0
  <?xml version="1.0" ?>
  <verbosegc version="200708_30">
  SAP J2EE Engine Version 7.00   PatchLevel 108458.44 is starting...
  Loading: LogManager ... 2643 ms.
  Loading: PoolManager ... 2 ms.
  Loading: ApplicationThreadManager ... 837 ms.
  Loading: ThreadManager ... 54 ms.
  Loading: IpVerificationManager ... 12 ms.
  Loading: ClassLoaderManager ... 14 ms.
  Loading: ClusterManager ... 226 ms.
  Loading: LockingManager ... 68 ms.
  Loading: ConfigurationManager ... 86617 ms.
  Loading: LicensingManager ... 28 ms.
  Loading: CacheManager ... 159 ms.
  Loading: ServiceManager ...
  Loading services.:
    Service cross started. (75 ms).
    Service memory started. (98 ms).
    Service runtimeinfo started. (115 ms).
    Service trex.service started. (87 ms).
    Service file started. (156 ms).
    Service timeout started. (159 ms).
    Service userstore started. (19 ms).
    Service jmx_notification started. (78431 ms).
    Service p4 started. (188119 ms).
    Service classpath_resolver started. (63 ms).
  <af type="nursery" id="1" timestamp="Wed Aug 13 18:32:05 2008" intervalms="0.000">
    <minimum requested_bytes="48" />
    <time exclusiveaccessms="1.635" />
    <nursery freebytes="0" totalbytes="209715200" percent="0" />
    <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
      <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
      <loa freebytes="86402048" totalbytes="86402048" percent="100" />
    </tenured>
    <gc type="scavenger" id="1" totalid="1" intervalms="0.000">
      <flipped objectcount="253990" bytes="19242624" />
      <tenured objectcount="0" bytes="0" />
      <refs_cleared soft="644" weak="1" phantom="0" />
      <finalization objectsqueued="1363" />
      <scavenger tiltratio="50" />
      <nursery freebytes="190330424" totalbytes="209715200" percent="90" tenureage="10" />
      <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
        <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
        <loa freebytes="86402048" totalbytes="86402048" percent="100" />
      </tenured>
      <time totalms="107.395" />
    </gc>
    <nursery freebytes="190328376" totalbytes="209715200" percent="90" />
    <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
      <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
      <loa freebytes="86402048" totalbytes="86402048" percent="100" />
    </tenured>
    <time totalms="110.754" />
  </af>
    Service deploy started. (4055 ms).
    Service bimmrdeployer started. (7 ms).
    Service MigrationService started. (70 ms).
    Service log_configurator started. (194277 ms).
    Service locking started. (8 ms).
    Service http started. (295 ms).
    Service naming started. (626 ms).
    Service failover started. (112 ms).
    Service appclient started. (140 ms).
    Service javamail started. (218 ms).
    Service ts started. (220 ms).
    Service jmsconnector started. (207 ms).
    Service licensing started. (22 ms).
    Service connector started. (212 ms).
    Service configuration started. (32 ms).
    Service iiop started. (316 ms).
    Service webservices started. (706 ms).
    Service dbpool started. (25283 ms).
  <af type="nursery" id="2" timestamp="Wed Aug 13 18:33:36 2008" intervalms="91291.585">
    <minimum requested_bytes="768" />
    <time exclusiveaccessms="0.302" />
    <nursery freebytes="0" totalbytes="209715200" percent="0" />
    <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
      <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
      <loa freebytes="86402048" totalbytes="86402048" percent="100" />
    </tenured>
    <gc type="scavenger" id="2" totalid="2" intervalms="91293.279">
      <flipped objectcount="353647" bytes="28752016" />
      <tenured objectcount="0" bytes="0" />
      <refs_cleared soft="1056" weak="0" phantom="0" />
      <finalization objectsqueued="2858" />
      <scavenger tiltratio="50" />
      <nursery freebytes="180516672" totalbytes="209715200" percent="86" tenureage="11" />
      <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
        <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
        <loa freebytes="86402048" totalbytes="86402048" percent="100" />
      </tenured>
      <time totalms="90.892" />
    </gc>
    <nursery freebytes="180514624" totalbytes="209715200" percent="86" />
    <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
      <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
      <loa freebytes="86402048" totalbytes="86402048" percent="100" />
    </tenured>
    <time totalms="92.831" />
  </af>
    Service com.sap.security.core.ume.service started. (64165 ms).
    Service tcdisdic~srv started. (815 ms).
    Service security started. (911 ms).
    Service classload started. (43 ms).
    Service applocking started. (132 ms).
    Service shell started. (216 ms).
    Service tceCATTPingservice started. (21 ms).
    Service telnet started. (60 ms).
  Aug 13, 2008 6:33:40 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [service_ssl] and user [null] not generated; Consequences: keystore view [service_ssl] is not created for user [null]; Countermeasures:see log for details
  Aug 13, 2008 6:33:40 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TrustedCAs] and user [null] not generated; Consequences: keystore view [TrustedCAs] is not created for user [null]; Countermeasures:see log for details
    Service webdynpro started. (699 ms).
    Service keystore started. (952 ms).
    Service ssl started. (56 ms).
  Aug 13, 2008 6:33:40 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TicketKeystore] and user [null] not generated; Consequences: keystore view [TicketKeystore] is not created for user [null]; Countermeasures:see log for details
    Service ejb started. (1367 ms).
  Aug 13, 2008 6:33:40 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
    Service tcseccertrevoc~service started. (286 ms).
    Service tcsecsecurestorage~service started. (379 ms).
  Aug 13, 2008 6:33:41 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
    Service servlet_jsp started. (1783 ms).
  Aug 13, 2008 6:33:41 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
    Timed out services:
    Service com.adobe~DataManagerService > hard reference to service jmx.
    Service com.adobe~TrustManagerService > hard reference to service jmx.
    Service cafumrelgroupsimp > hard reference to service cafummetadataimp.
    Service com.adobe~PDFManipulation > hard reference to service jmx.
    Service adminadapter > hard reference to service jmx.
    Service pmi > hard reference to service tcsecdestinations~service.
    Service jms_provider > hard reference to service jmx.
    Service sld > service sld start method invoked.
    Service jmx > service jmx start method invoked.
    Service rfcengine > hard reference to service jmx.
    Service tcsecsaml~service > hard reference to service adminadapter.
    Service com.adobe~LicenseService > hard reference to service basicadmin.
    Service com.adobe~DocumentServicesConfiguration > hard reference to service basicadmin.
    Service tcsmdserver~service > hard reference to service jmx.
    Service com.adobe~DocumentServicesDestProtoService > hard reference to service jmx.
    Service cafummetadataimp > service cafummetadataimp start method invoked.
    Service tcsecvsiservice > hard reference to service tcsecdestinationsservice.
    Service tcsecdestinationsservice > service tcsecdestinationsservice start method invoked.
    Service dsr > hard reference to service security.
    Service monitor > hard reference to service jmx.
    Service cafruntimeconnectivityimpl > service cafruntimeconnectivityimpl start method invoked.
    Service tclmctcconfsservice_sda > hard reference to service jmx.
    Service CUL > hard reference to service jmx.
    Service tc.monitoring.logviewer > hard reference to service jmx.
    Service apptracing > hard reference to service jmx.
    Service com.adobe~XMLFormService > hard reference to service jmx.
    Service tcsecwssecservice > service tcsecwssecservice start method invoked.
    Service com.adobe~FontManagerService > hard reference to service jmx.
    Service com.adobe~DocumentServicesLicenseSupportService > hard reference to service jmx.
    Service com.adobe~DocumentServicesBinaries2 > hard reference to service jmx.
    Service basicadmin > hard reference to service jmx.
  [Framework -> criticalShutdown] 3 core services have timed out [adminadapter; jmx; basicadmin].
  Aug 13, 2008 6:33:53 PM             com.sap.engine.core.Framework [Thread[Thread-1,5,main]] Fatal: Critical shutdown was invoked. Reason is: 3 core services have timed out [adminadapter; jmx; basicadmin].
  </verbosegc>

  i have a error trying to start  the java engine of a Solution Manager 4.0 SR2 on AIX with ibm jdk SR9
  the next log is about the std_server0.out
  i do not how to create the alias because i can not connect using Visual Administrator because the server not start
  stdout/stderr redirect
  node name   : server0
  pid         : 995354
  system name : SMS
  system nr.  : 00
  started at  : Wed Aug 13 18:26:36 2008
  [Thr  1] Wed Aug 13 18:26:37 2008
  [Thr  1] MtxInit: -2 0 0
  <?xml version="1.0" ?>
  <verbosegc version="200708_30">
  SAP J2EE Engine Version 7.00   PatchLevel 108458.44 is starting...
  Loading: LogManager ... 2643 ms.
  Loading: PoolManager ... 2 ms.
  Loading: ApplicationThreadManager ... 837 ms.
  Loading: ThreadManager ... 54 ms.
  Loading: IpVerificationManager ... 12 ms.
  Loading: ClassLoaderManager ... 14 ms.
  Loading: ClusterManager ... 226 ms.
  Loading: LockingManager ... 68 ms.
  Loading: ConfigurationManager ... 86617 ms.
  Loading: LicensingManager ... 28 ms.
  Loading: CacheManager ... 159 ms.
  Loading: ServiceManager ...
  Loading services.:
    Service cross started. (75 ms).
    Service memory started. (98 ms).
    Service runtimeinfo started. (115 ms).
    Service trex.service started. (87 ms).
    Service file started. (156 ms).
    Service timeout started. (159 ms).
    Service userstore started. (19 ms).
    Service jmx_notification started. (78431 ms).
    Service p4 started. (188119 ms).
    Service classpath_resolver started. (63 ms).
  <af type="nursery" id="1" timestamp="Wed Aug 13 18:32:05 2008" intervalms="0.000">
    <minimum requested_bytes="48" />
    <time exclusiveaccessms="1.635" />
    <nursery freebytes="0" totalbytes="209715200" percent="0" />
    <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
      <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
      <loa freebytes="86402048" totalbytes="86402048" percent="100" />
    </tenured>
    <gc type="scavenger" id="1" totalid="1" intervalms="0.000">
      <flipped objectcount="253990" bytes="19242624" />
      <tenured objectcount="0" bytes="0" />
      <refs_cleared soft="644" weak="1" phantom="0" />
      <finalization objectsqueued="1363" />
      <scavenger tiltratio="50" />
      <nursery freebytes="190330424" totalbytes="209715200" percent="90" tenureage="10" />
      <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
        <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
        <loa freebytes="86402048" totalbytes="86402048" percent="100" />
      </tenured>
      <time totalms="107.395" />
    </gc>
    <nursery freebytes="190328376" totalbytes="209715200" percent="90" />
    <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
      <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
      <loa freebytes="86402048" totalbytes="86402048" percent="100" />
    </tenured>
    <time totalms="110.754" />
  </af>
    Service deploy started. (4055 ms).
    Service bimmrdeployer started. (7 ms).
    Service MigrationService started. (70 ms).
    Service log_configurator started. (194277 ms).
    Service locking started. (8 ms).
    Service http started. (295 ms).
    Service naming started. (626 ms).
    Service failover started. (112 ms).
    Service appclient started. (140 ms).
    Service javamail started. (218 ms).
    Service ts started. (220 ms).
    Service jmsconnector started. (207 ms).
    Service licensing started. (22 ms).
    Service connector started. (212 ms).
    Service configuration started. (32 ms).
    Service iiop started. (316 ms).
    Service webservices started. (706 ms).
    Service dbpool started. (25283 ms).
  <af type="nursery" id="2" timestamp="Wed Aug 13 18:33:36 2008" intervalms="91291.585">
    <minimum requested_bytes="768" />
    <time exclusiveaccessms="0.302" />
    <nursery freebytes="0" totalbytes="209715200" percent="0" />
    <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
      <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
      <loa freebytes="86402048" totalbytes="86402048" percent="100" />
    </tenured>
    <gc type="scavenger" id="2" totalid="2" intervalms="91293.279">
      <flipped objectcount="353647" bytes="28752016" />
      <tenured objectcount="0" bytes="0" />
      <refs_cleared soft="1056" weak="0" phantom="0" />
      <finalization objectsqueued="2858" />
      <scavenger tiltratio="50" />
      <nursery freebytes="180516672" totalbytes="209715200" percent="86" tenureage="11" />
      <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
        <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
        <loa freebytes="86402048" totalbytes="86402048" percent="100" />
      </tenured>
      <time totalms="90.892" />
    </gc>
    <nursery freebytes="180514624" totalbytes="209715200" percent="86" />
    <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
      <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
      <loa freebytes="86402048" totalbytes="86402048" percent="100" />
    </tenured>
    <time totalms="92.831" />
  </af>
    Service com.sap.security.core.ume.service started. (64165 ms).
    Service tcdisdic~srv started. (815 ms).
    Service security started. (911 ms).
    Service classload started. (43 ms).
    Service applocking started. (132 ms).
    Service shell started. (216 ms).
    Service tceCATTPingservice started. (21 ms).
    Service telnet started. (60 ms).
  Aug 13, 2008 6:33:40 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [service_ssl] and user [null] not generated; Consequences: keystore view [service_ssl] is not created for user [null]; Countermeasures:see log for details
  Aug 13, 2008 6:33:40 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TrustedCAs] and user [null] not generated; Consequences: keystore view [TrustedCAs] is not created for user [null]; Countermeasures:see log for details
    Service webdynpro started. (699 ms).
    Service keystore started. (952 ms).
    Service ssl started. (56 ms).
  Aug 13, 2008 6:33:40 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TicketKeystore] and user [null] not generated; Consequences: keystore view [TicketKeystore] is not created for user [null]; Countermeasures:see log for details
    Service ejb started. (1367 ms).
  Aug 13, 2008 6:33:40 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
    Service tcseccertrevoc~service started. (286 ms).
    Service tcsecsecurestorage~service started. (379 ms).
  Aug 13, 2008 6:33:41 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
    Service servlet_jsp started. (1783 ms).
  Aug 13, 2008 6:33:41 PM          com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
    Timed out services:
    Service com.adobe~DataManagerService > hard reference to service jmx.
    Service com.adobe~TrustManagerService > hard reference to service jmx.
    Service cafumrelgroupsimp > hard reference to service cafummetadataimp.
    Service com.adobe~PDFManipulation > hard reference to service jmx.
    Service adminadapter > hard reference to service jmx.
    Service pmi > hard reference to service tcsecdestinations~service.
    Service jms_provider > hard reference to service jmx.
    Service sld > service sld start method invoked.
    Service jmx > service jmx start method invoked.
    Service rfcengine > hard reference to service jmx.
    Service tcsecsaml~service > hard reference to service adminadapter.
    Service com.adobe~LicenseService > hard reference to service basicadmin.
    Service com.adobe~DocumentServicesConfiguration > hard reference to service basicadmin.
    Service tcsmdserver~service > hard reference to service jmx.
    Service com.adobe~DocumentServicesDestProtoService > hard reference to service jmx.
    Service cafummetadataimp > service cafummetadataimp start method invoked.
    Service tcsecvsiservice > hard reference to service tcsecdestinationsservice.
    Service tcsecdestinationsservice > service tcsecdestinationsservice start method invoked.
    Service dsr > hard reference to service security.
    Service monitor > hard reference to service jmx.
    Service cafruntimeconnectivityimpl > service cafruntimeconnectivityimpl start method invoked.
    Service tclmctcconfsservice_sda > hard reference to service jmx.
    Service CUL > hard reference to service jmx.
    Service tc.monitoring.logviewer > hard reference to service jmx.
    Service apptracing > hard reference to service jmx.
    Service com.adobe~XMLFormService > hard reference to service jmx.
    Service tcsecwssecservice > service tcsecwssecservice start method invoked.
    Service com.adobe~FontManagerService > hard reference to service jmx.
    Service com.adobe~DocumentServicesLicenseSupportService > hard reference to service jmx.
    Service com.adobe~DocumentServicesBinaries2 > hard reference to service jmx.
    Service basicadmin > hard reference to service jmx.
  [Framework -> criticalShutdown] 3 core services have timed out [adminadapter; jmx; basicadmin].
  Aug 13, 2008 6:33:53 PM             com.sap.engine.core.Framework [Thread[Thread-1,5,main]] Fatal: Critical shutdown was invoked. Reason is: 3 core services have timed out [adminadapter; jmx; basicadmin].
  </verbosegc>

• Health Report for existing role in support and upgrade documentation

  Hi Experts,
  I am looking for create a report or using existing report/FM (if any) which will show new objects been thrown for a role with there SAP suggested values when we use PFCG expert mode merge option. I think this will be very helpful for support person to health check for roles and during upgrade in step 2C documentation people can save a hell lot of time. I do not have ABAP knowledge. Can anyone help me on this?
  Regards,
  Arpan Paik

  Hi Julius,
  I have been to that wiki before and one by you as well (regarding upgrade steps). For current upgrade I have also noticed that SU25 step2B is not only left with customer related changes only. Where USOBT_C/USOBX_C has same values as of USOBT/USOBX there update to customer table automatically happened in step2A. So 2B left with very less changes where customer prefer the standard way!!!
  What I am looking for is actual authorization change delta. Step2C gives us only list of roles get affected. I am lookimg for what change actually can happen to a single piece of role due to upgrade.
  I have followed below method.
  1. Join table USOBT_CD and USOBT_C to see actual proposal for changed transaction and corresponding auth object. Here I had to perform few excel work to remove data repetation
  2. Then take old data for roles from AGR_1251
  3. Put together above 2 data and after proper sorting by object manually remove the data which SAP does by expert mode merge function.
  Can this step be automated by some ABAP code? or function module?
  Otto wrote :
  If I start/ when I start and still remember this thread, I will update it
  Please do so and thanks for sharing thoughts.
  Regards,
  Arpan Paik

• Failed to get the Availability State on server Distriubtionpoint1 for role SMS Distribution Point

  Distriubtionpoint1-- Server share distribution point
  Distriubtionpoint1-- Acting as site system role (DP)
  Distriubtionpoint1--attached under the primary PR0 (Primary server0)
  Primary server0-- reporting to CS0 (central site 0)
  Distriubtionpoint1-- Windows 2008 sp1 r2 standard
  Infrastructure details:-
  =============
  Distriubtionpoint1 located in different domain with one way trust.
  1) Check ping status with FQDN from both domain and it is success.
  2) Check port 135, 445, 80,443 through telnet from both domain and success.
  3) Primary Server0 account is member of the local admin group on Distriubtionpoint1.
  4) Check the PR0-SCCM-DP$ folder NTFS & Share permission
  Share permission
  a) everyone & local admin group has full control
  Security permission
  a) System has full permission
  b) user has read & exec
  4) Local admin full
  Sitestat.log error message:
  ---->: Failed to get the Availability State on server
  Distriubtionpoint1 for role SMS Distribution Point. SMS_SITE_SYSTEM_STATUS_SUMMARIZER 4/22/2014 9:00:15 PM 952 (0x03B8)
  ---->: Now polling via NAL for SiteObject "["Display=\\Distriubtionpoint1\PR0-SCCM-DP$\"]MSWNET:["SMS_SITE=PR0"]\\Distriubtionpoint1\PR0-SCCM-DP$\" SMS_SITE_SYSTEM_STATUS_SUMMARIZER
  4/22/2014 9:00:15 PM 952 (0x03B8)
  for ["Display=\\Distriubtionpoint1\PR0-SCCM-DP$\"]MSWNET:["SMS_SITE=PR0"]\\Distriubtionpoint1\PR0-SCCM-DP$\, no connection account is available SMS_SITE_SYSTEM_STATUS_SUMMARIZER
  4/22/2014 9:00:15 PM 952 (0x03B8)
  ---->: The NAL path ["Display=\\Distriubtionpoint1\PR0-SCCM-DP$\"]MSWNET:["SMS_SITE=PR0"]\\Distriubtionpoint1\PR0-SCCM-DP$\ is currently not accessible. SMS_SITE_SYSTEM_STATUS_SUMMARIZER
  4/22/2014 9:00:18 PM 952 (0x03B8)
  Info>: Unable to get available space for the Site Object ["Display=\\Distriubtionpoint1\PR0-SCCM-DP$\"]MSWNET:["SMS_SITE=PR0"]\\Distriubtionpoint1\PR0-SCCM-DP$\ SMS_SITE_SYSTEM_STATUS_SUMMARIZER
  4/22/2014 9:00:18 PM 952 (0x03B8)
  STATMSG: ID=4701 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_SITE_SYSTEM_STATUS_SUMMARIZER" SYS=Distriubtionpoint1 SITE=PR0 PID=4112 TID=952 GMTDATE=Wed Apr 23 01:00:18.002
  2014 ISTR0="\\Distriubtionpoint1\PR0-SCCM-DP$" ISTR1="\\Distriubtionpoint1\PR0-SCCM-DP$" ISTR2="2014 04 4 17 04 31 31 000" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8=""
  ISTR9="" NUMATTRS=0 SMS_SITE_SYSTEM_STATUS_SUMMARIZER 4/22/2014 9:00:18 PM 952 (0x03B8)
  for ["Display=\\Distriubtionpoint1\PR0-SCCM-DP$\"]MSWNET:["SMS_SITE=PR0"]\\Distriubtionpoint1\PR0-SCCM-DP$\, no connection account is available SMS_SITE_SYSTEM_STATUS_SUMMARIZER
  4/22/2014 9:00:18 PM 952 (0x03B8)
  ---->: GetOperationsManagementData failed to connect to ["Display=\\Distriubtionpoint1\PR0-SCCM-DP$\"]MSWNET:["SMS_SITE=PR0"]\\Distriubtionpoint1\PR0-SCCM-DP$\; error
  = 5. SMS_SITE_SYSTEM_STATUS_SUMMARIZER 4/22/2014 9:00:20 PM 952 (0x03B8)

  I have tried to access the server share DP from the primary server by using my user
  credential. Yes I can able to access the share.
  But when I use the system credential to access the share received an error message as shown in below screenshot
  Hence i have provided the share and ntfs permission administrators, system, everyone,
  primary server account with full control on both tab. but still i am receiving error message.
  :\temp>whoami
  US\prasath
  c:\temp>dir \\PrimaryServer1\SCCM-DP$
  Volume in drive \\PrimaryServer1\SCCM-DP$ is Data
  Volume Serial Number is 22F0-661B
  Directory of \\PrimaryServer1\SCCM-DP$03/17/2014
  03:33 PM <DIR> .03/17/2014 03:33 PM <DIR> .
  04/01/2014 08:04 AM <DIR> SMSPKG
  0 File(s) 0 bytes
  3 Dir(s) 514,625,064,960 bytes free
  ===========================================
  C:\Windows\system32>whoami
  nt authority\system
  C:\Windows\system32>dir
  \\PrimaryServer1\SCCM-DP$
  Access is denied.

• CProjects - Resources Staffing Mass update with distribution

  We are doing staffing for resources with distribution in cprojects
  There are certain support projects where the Manager has to
  - extend the End dates of resources
  - Add distribution hours for the extended period (8 hours each day)
  One of these projects has 150 resources allocated
  So, it is a huge task to update each resource and the distribution hours manually.
  Is there any easier way to do this mass update
  Any standard routine or an FM available to do these steps, or can we write a custom routine to do this
  Any help, document is welcome
  rohit

  Dear Rohit,
  What exactly is 'Distribution Hours'? If it is the 'Required Capacity' field then you can change it through the FM. The required field for it is in the structure IS_STAFFINGLINK in the FM.
  Please check and confirm.
  Regards,
  Debaranjan Hazarika.

• SP12: Auto-provisioning failed for role with action "keep"

  Hi,
  If you want to keep an exisiting role for a user in CUP. It wasn't possible to change the validity of the role. Therefor you have to set parameter 145 value to 1 in database table VIRSA_AE_ERMCONFIG and refresh cache in CUP(solution with SP11).
  But know we have problemes with the auto-provisioning.
  We can enter the other validity of the role and after that the request provisioning failed. In our workflow the request rerouted to the admin because of escape-route settings. All other new roles in the request are assigned well to the user in the backend system.
  Any ideas?
  Many thanks,
  Alexa

  Hi,
  we actually have the same Problem, that changes to the role validity with action "keep" are not provisioned to the SAP system.
  If it is only possible to change the validity with the action "add" it is not possible to limit the validity of a previously unlimited role. Because as you said another role with the new validity dates is simply added to the existing roles.
  The only workaround would be to delete the old role and add a new one with new validity dates. But in my opinion this workaround is not acceptable for the users.
  Best Regards
  Jonas

• WLPI: integrating organizations and roles with existing application

  Hi,
  how do I integrate WLPI's organizations and roles with an existing application's
  data structure? It looks like WLPI expects organizations and roles to be groups
  with a particular naming convention (i.e. an org is defined by a group 'WLPIOrg@MyOrg'
  and a null member). If I am integrating with an application that stores organizations
  and roles in (for example) separate database tables, how do I get WLPI to recognize
  these? Or do I have to maintain the organizations and roles in 2 places, one for
  the application and one for WLPI in the format described above?
  THanks,
  Martin

  Hi Martin,
  We're in the middle of a prototyping exercise of getting WLS, JMS,
  WLP, WLPI integrated accross one security realm. What its looking like
  is this (bear in mind I think this hasn't been tried before judging by
  newsgroups + BEA Docs)
  1)WLP has a bug that you cannot get user details from LDAP(exception
  is thrown)
  2)WLPI does need a certain structure -
  http://e-docs.bea.com/wlpi/wlpi121/install/cfigrun.htm#1246656
  and
  http://developer.bea.com/ftp_bin/Using_LDAP_with_WLPI.zip
  A) To solve your problem maybe you could write a custom realm to
  translate the roles + orgs back (no writing from WLPI ie read only )
  to WLPI.
  B) Maybe you caould have a META-DIRECTORY set up that synchronises the
  RDBMSRealm with something else maybe LDAP or another RDBMSRealm
  We are also looking into a unified security solution by Netegrity
  called siteminder. They are about to release a version for WLS 6 but
  they seem to be laggin behind. This provides a single signon over and
  enterprise system.
  This is a bit vague Martin, I will hopefully have more concrete info
  in a week or 2. If you have any other info you can mail me on -
  [email protected]
  BTW this wouldn't be Martin Van Vilet from the Netherlands that worked
  on the Intelligent Finance Product?
  "Martin van Vliet" <[email protected]> wrote in message news:<3b17ece8$[email protected]>...
  Hi,
  how do I integrate WLPI's organizations and roles with an existing application's
  data structure? It looks like WLPI expects organizations and roles to be groups
  with a particular naming convention (i.e. an org is defined by a group 'WLPIOrg@MyOrg'
  and a null member). If I am integrating with an application that stores organizations
  and roles in (for example) separate database tables, how do I get WLPI to recognize
  these? Or do I have to maintain the organizations and roles in 2 places, one for
  the application and one for WLPI in the format described above?
  THanks,
  Martin

• My question is in regard to pc to mac migration. How do I migrate information from my pc with specific user account to an existing user account on my mac? I do not want to use multiple mac user accounts.

  My question is in regard to pc to mac migration. How do I migrate information from my pc with specific user account to an existing user account on my mac? I do not want to use multiple mac user accounts.

  https://discussions.apple.com/message/16371308#16371308

• I have bought a new airport express and using it with my macbook (iTunes 10.2.2). I have joined an existing network for internet in my home and with that i am trying to play the music via itunes but there is audio dropouts every 60 secs or so. any soln ?

  I have bought a new airport express and using it with my macbook (iTunes 10.2.2). I have joined an existing wireless network for internet in my home and with that i am trying to play the music via itunes but there is audio dropouts every 60 secs or so. I am using a set of speakers from kenwood connected to the airport express. The operating system on my macbook is mac os X 10.5.8. i am sure it is not a problem of streaming music online because i have even tried playing music which are stored in my macbook.
  Is there any problem with the setting in itunes or quicktime ? Kindly reply...... I am waiting for your valuable suggestion.
  Thank you a lot in advance.

  I am shocked to have found this same AX audio dropout problem starting TODAY, every few seconds the audio just drops for a couple seconds and then resumes:  Latest software versions of everything.  No iPad, iPhone or Touch.  Internet hardwired to D-Link DES1105 (1000baseT Switch) hardwired to new 80211N AX, AX optical to stereo, AX Wi-Fi internet to basic 1st-gen MacBook operating at 80211G, and an older 'G' AX extender at the far end of the house, away from all this.  The MacBook streaming iTunes is usually 12 feet from AX.  I've used this setup for years of trouble-free AirTunes / Airplay until today.  Today I also found 2 very reliable fixes and 1 way to force a dropout, but first, I read some posts and tried ALL following settings one-at-a-time and restored them ALL because NONE of them helped:  Turned off IPV6.  Streamed to multiple speakers 'Computer' and 'AX' (restored to just AX).  Turned off 'Ask to Join new (WiFi) Networks'.  Turned off Bluetooth (can't live without Magic Trackpad, so glad that wasn't it).  Here's my discoveries:  Lo and behold, each time I click the Airport icon in the Menu (you know it shows you've got 4 bars from AX) when the status switches to 'Looking for Networks' for a second it CAUSES the AX audio to drop out for a couple seconds (it never did that before today.)  iTunes still playing, streaming, AX laser still lit, but the 'PCM' light on stereo and the sound GOES OUT EVERY time I click the Airport icon in the menubar, just like the regular, annoying dropouts.  So, to reduce traffic I quit Safari (3 tabs, no streaming, just Gmail, Google, and Netflix browsing).  Lo and behold, the dropouts stopped altogether.  No other Web apps going (not iTunes Store, Genius, Ping, nothing), so I launched Chrome to the same 3 tabs and the dropouts HAVE NOT RETURNED.  That's right, not only did simply QUITTING SAFARI cure it, and Chrome doesn't contribute to it, but I can demonstrate it just by forcing my Airport to re-scan.  Works for me, written using Chrome.  The other reliable fix is to hardwire MacBook to the Switch.  This is obviously not ideal, but Airplay audio doesn't drop out over Ethernet.  Also, in all my tests, it made no difference whether iTunes did the streaming, or Airfoil did.