GRC AC User Provisioning

Hello all,
I know we can create users for ECC, CRM, PI, Portal and others bases on NetWeaver through GRC AC standar solutions. But what about BO BI, DS, BPC? I read some posts about the subject but they were not clear as I need.
Can I create users in BO BPC using GRC AC? How? Using standard solutions?
I could not find any official document talking about this. If someone could share this document I would really appreciate.
Thanks in advance,
SAP Legend

I believe you are looking for this guide
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/80dd93d8-939a-2f10-f08a-d51d43b2abd1?overridelayout=t…
This details the BPC integration with GRC AC.
Regards,
Vivek

Similar Messages

  • GRC AE User provisioning for Portal giving error

    Hi,
    We are having GRC AC 5.3- SP9.
    While doing user provisioning for Portal, we are getting the following error:  DBCacheVerifier.java@58:isExpired(). Detailed error log is attached herewith. The back end system (EP Dev) is installed with GRC RTA. Connectors are testing OK. The CPIC user id in backend system EPDev is ED1GRC and has SUPER ADMIN Authorizations, with SPML read/write actions attached to the Role. EP Dev system is having UME as data source, not LDAP. The issue was existing even before the SP9 upgrade. We have restarted the Server several times lately. Pls help me in this.
    Thanks & Regards,
    Jagadish H S
    BASIS Team, BPCL, Mumbai.

    Jagadish,
    This type of error would normally be a data setup issue. Have you imported all of the initial data files (XML ones)?
    Otherwise, if it is just a cache issue, then restarting the server would normally solve the proplem. I would also check the Java Netweaver Admin console to ensure that the memory settings are sufficiently configured to match the hardware that is deployed.
    Simon

  • SAP GRC Compliant User Provisioning (CUP) Password Self Service

    Hello everyone,
    I am setting up Password Self Service within CUP.  For those users that do not already have access to the UME frontend, I know that I need to create a user ID in the UME frontend for each user so that they can access the Password Self Service option.  Since I only want the user to access the Password Self Service option, what UME role do I assign to them to ensure that they cannot access anything else within CUP?
    Thank you!
    Johonna

    Johonna,
    The 3 defined roles are only those suggested by SAP.
    You can create your own roles by assigning the various actions as needed to provide access or restrict as your organisation requires.
    However, depending on your patch level, you may find that certain actions are dependant on others to work properly.
    Also, you either grant access to the functionality or not. There is no partial or display only setting in the java stack.
    Enjoy!
    Simon

  • Future direction of User Provisioning Tools ( GRC CUP or IDM)

    Hi Security Colleagues,
    We all know that SAP has GRC CUP(Access Enforcer) and NW IDM for provisioing.
    We can use either of toll for user provisioning.
    Based on your experience , what is the best tool ? ofcourse ,It changes from one company to other depends on requirements.
    I am noticed that  lot of SAP devlopment activity going on around IDM.
    Based on SAP's future direction, what is the best tool ?
    Its a common problem for most of SAP customers as SAP is giving IDM freely as part of NW license.
    please share your thoughts..
    Thank You.

    For Futuristic product availabliliy, I always prefer the following two places to check. Can you please also check their?
    http://service.sap.com/pam
    http://service.sap.com/scl
    Check the following Two points under the 2nd Link:
    Scenario & Process Component
    SAP's Release Strategy
    Now based on your query I will also stick to the suggestions given in the Other two posts. To add few more points which you may get helpful I would like to emphasize on the below discussion:
    u2022 SAP NetWeaver Identity Management helps companies to centrally manage their user accounts (identities) in a complex system landscape. This includes both SAP and non-SAP systems.
    u2022 The solution provides an authoritative, single source of user information and enables self-service management of user information and authorizations using workflow technology.
    u2022 In many cases resources such as meeting rooms, PCs and mobile devices, which all may have their own identity in some context, can be included in an identity management solution.
    Out of all other points, lets discuss about Provisioning:
    u2022 The term provisioning is often used to denote user provisioning or account provisioning.
    u2022 The functionality includes:
    o creation of accounts
    o setting initial passwords
    o setting and modifying access rights
    o disabling (revoking) an account
    o deleting an account
    u2022 The overall purpose is to make sure an identity (for example a user) has the correct access to the applications.
    u2022 User provisioning products also include workflow capabilities to apply business rules to the account provisioning process and typically provide user self-service capabilities (e.g., password reset)
    (All these details I picked up and pasted here from different section of a Solutioning Material I prepared for my company to introduce IDM solutions to my customer... couldn't give here properly due to space constraints). You can understand the Importance SAP is imposing on this product for All aspects of Automating Security and Identity of Living and Non-Living staffs as well. By using this you can get more benefits besides of Provisioning which is available in separate Solutions under other products like Virsa etc. Please go through the relevant materials available in the IDM Forum (Bernhard provided u the link) to understand go for an realization assessment.
    regards,
    Dipanjan
    Edited by: Dipanjan Sanpui on Oct 5, 2009 11:42 AM

  • Compliant user provisioning configuration done but can't create new request

    Hi All,
    We have upgraded our system from GRC 5.2 to GRC 5.3.
    Then we have done all the configuration for Risk analysis (CC) and then we have completed the configuration for Compliant user provisioning(Access enforcer) but now when we are going to create the request it is saying the request canniot be created.
    THe request passes through all the steps it is successful at Risk anlysis step also.
    But at the last step when we go to submit the Request this error comes.
    I have looked at the logs present in : Monitoring :--> System log.    I could not find anything.
    Am i looking at wrong place for logs. ?
    Is there any issue with the configuration.. Because the requests was successfully created when in GRC 5.2.
    Can anybody help me. ?

    Rajesh-
    Since 5.3 is in the ramp-up phase, you can contact SAP directly and they will resolve your problem very quickly, since they will be releasing it to all clients in October.
    And I am assuming you are working with SAP directly right now, since you have upgraded to 5.3, right?...
    Ankur
    GRC Consultant

  • SAP User Provisioning

    Hi Guys,
    What are the different options available for SAP User provisioning?
    Thanks
    Harry

    Hi Harry,
    In SAP GRC Access Enforcer5.2 two type of provisioning is available Direct and Indirect.
    1-You should only select InDirect if your SAP environment includes the SAP HR module, and you want to use SAP HR to perform provisioning. Otherwise, you should select Direct.
    If you select InDirect, you must then select the type of HR object Virsa Access Enforcer needs to transmit to the HR module. There are three possible object types: Position, Orgtype, and Job.
    2-You can perform Provisioning in two ways:-
       i)Automatically :- for this way you can set provisioning  type to Auto provision at the end of request or Auto provision at the end of each path 
       ii)Manually :- for this way you can set  provisioning  type to No autoprovision .
    For the provisioning configuration settings Go to Configuration tab>Workflow>Auto provisioning.
    3-You can also configure your user provisioning BY SYSTEM as well.
    For reference you can download configuration guide of Access enforcer 5.2 from SAP Market place
    https://websmp101.sap-ag.de/~form/sapnet?SHORTKEY=01100035870000691285_
    Regards,
    Jagat

  • User provisioning problem from OIM 10g to Siebel CRM

    Hi Team,
    I am facing User provisioning problem from OIM 10g to Siebel CRM.Please find the log details.
    Running Get Attribute Mapping
    Running Siebel Create User
    <com.siebel.common.common.CSSException>
    <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
    </com.siebel.common.common.CSSException>
            at com.siebel.om.conmgr.Connection.readPacket(Connection.java:550)
            at com.siebel.om.conmgr.Connection.run(Connection.java:286)
            at java.lang.Thread.run(Thread.java:619)
    [CMGR FATAL] Error: <com.siebel.common.common.CSSException>
    <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
    </com.siebel.common.common.CSSException> connection:1
    <com.siebel.common.common.CSSException>
    <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
    </com.siebel.common.common.CSSException>
            at com.siebel.om.conmgr.Connection.readPacket(Connection.java:550)
            at com.siebel.om.conmgr.Connection.run(Connection.java:286)
            at java.lang.Thread.run(Thread.java:619)
    [CMGR FATAL] Error: <com.siebel.common.common.CSSException>
    <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
    </com.siebel.common.common.CSSException> connection:1ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
    ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],com.thortech.xl.integration.siebel.utils.SiebelConnection : createSiebelConnection() :  Siebel Connection Exception:Could not open a session in 4 attempts. {1}(SBL-JCA-00200)
    ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
    ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
    ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],com.thortech.xl.integration.siebel.proxy.SiebelProxyEmployeeProvisionManager : createSiebelConnection() : BaseException: Siebel Connection JDB Exception: Could not open a session in 4 attempts. {1}(SBL-JCA-00200)
    ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
    ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
    ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],com.thortech.xl.integration.siebel.provision.SiebelUtilEmployeeProvisionManager : createEmployee() : BaseException: Siebel Connection JDB Exception: Could not open a session in 4 attempts. {1}(SBL-JCA-00200)
    ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
    Regards,
    Ravi.

    Hi
    I facing the same error message as yours, using OIM 11g R2
    Are you able solve it ?
    Please share
    Many Thanks !!!

  • User Provisioning in OIM 11g to Oracle DB 11g R2

    Hi All,
    We have installed OIM 11.1.1.5. We have created User in OIM and wanted to provision it to database 11g R2. For this we have created a table in DB.
    We are not sure about the next steps or which connectors to use....
    Experts can u please guide me through steps or link or snapshots to achieve the above scenario?
    Regards,
    Newbie

    Hi Kevin,
    Thanks , that was a complete document.
    However I achieved User Provisioning by creating GTC. This i found in below document-
    http://tooweaktogivein.com/2010/02/16/oim-provisioning-db/
    Now my query is how do i fetch the values entered in UDF by admin (User Form) to the Form which comes when we select Resource Object (probably process form as i don't see any option as Object form in 11.1.1.5).
    Currently- 1. Admin creates user
    2. Admin selects Resource Object (Created via GTC)
    3. Admin has to re-enter the values which we created in our table (To be stored in DB).
    Summary- how to populate the values entered in step 1 to step 3
    Thanks & Regards,
    Newbie

  • IOP 11.1.2.0 integration with Shared Services (User Provisioning)

    In the IOP 11.1.2.0 install guide, the Admin and Admin provisioning roles are provisioned through Shared Services.
    "Provision Integrated Operational Planning Administrator and Integrated Operational Planning
    Provisioning Manager roles for the Integrated Operational Planning instance to the Admin user through
    Oracle's Hyperion® Shared Services Console
    a. Connect to the Oracle's Hyperion® Shared Services Console; for example, http://
    hss_server:hssserver_port/interop.
    b. Log in as the administrator.
    c. Expand User Directories and Native Directory.
    d. Select Users and click Search.
    e. Right-click the Admin user and select Provision.
    f. Expand Default Application Group.
    g. Expand the Integrated Operational Planning instance created.
    h. Highlight IOP Administrator and Provisioning Manager.
    i. Click the right arrow in the middle of the two windows to select the roles.
    j. Click Save, and then click OK."
    The users and groups are defined in Shared Services, per the IOP 11.1.2.0 admin guide (p. 144).
    Is there an IOP user provisioning example in the shared services user's guide, and which version of the guide would I find that in?
    Access priveledges are controlled from the Admin workbench for IOP users, per p.145 of the IOP 11.1.2.00 user's guide.
    Thank you.

    IOP Roles are listed in the 11.1.2 Shared Services User and Role Security Guide, on page 158:
    Integrated Operational Planning Roles
    Table 39 Integrated Operational Planning Roles
    Roles Tasks per Role
    Provisioning Manager Provisions users and groups with Disclosure Management roles
    IOP Administrator Administers Oracle Integrated Operational Planning, Fusion Edition. IOP Administrators can modify models, access
    ACL pages, and perform all Integrated Operational Planning tasks
    IOP User P erforms Oracle Integrated Operational Planning, Fusion Edition actions as a normal user

  • User Provisioning Issue in Essbase 11.1.2.2

    Hi Experts,
    We have done migration from 11.1.1 to 11.1.2.2 version.Everything went fine but got problem with User provisioning.
    All our users provisioning are managed via Native Groups
    Eg: FIJI_READ,FIJI_WRITE are the Native Groups.
    What we have done is created the Native group provisioned the group with the roles and added the user to the group.
    The problem is the users assigned to these groups “lose” their permissions after sometime. They do still appear to be part of the group when we check in Shared Services, but when we run a MAXL command for a user, say VIBIN:
    DISPLAY USER PRIVILEGE VIBIN;
    It shows the user has having none. The user doesn’t see any cubes on logging in too. From what we’ve seen so far, we can trust the MAXL command output, but not what we see in Shared Services. The user VIBIN still shows as being part of the group FIJI_READ which is provisioned with READ role for the FIJI database. This is very inconsistent behavior.
    The only workaround so far is to directly provision users (i.e.  bypass provisioning via Groups):
    GRANT READ ON DATABASE FIJI.CONSOL TO VIBIN;
    This isn’t very manageable but the ONLY option that seems to be “sticky”. Have anyone gone through this issue  before? Any idea/advice?
    Regards,
    Naveen

    I  exported the Sec file from Security and when i see the content i cant see any groups which are created in Shared Services but only all the applications,databases  and some of the Administrators of the applications only i can see. But normal users who are added in Shared Services to the group i cant able to see.Is there any thing wrong in it.
    Regards,
    Naveen

  • While serching user provisioning in Shared Services it says................

    While serching users provisioning in Shared Services it says...............
    Operation cannot be completed.
    We are able to search users in the directories but ...not able to see their provisions!

    Are you trying to look at user provisioning Reports ?
    Please elaborate

  • Migrating EPMA Planning application: Failed to sync with user provisioning

    Hi All,
    We are migrating applications from Production to Dev. We have one EPMA Planning and one Essbase application in both environments.
    We have migrated artifacts into File system in PROD(Shared services, EPMA, Planning, Essbase and Reporting). We have copied and pasted in import_export folder in DEV.
    Then we are trying to migrate artifacts into applications from File system in DEV. First we did EPMA artifacts successfully in migration status report then we have deployed application into planning without any errors.(msg showing as in sync deployment). After that we did shared services, it is failed
    migration status report error msg:
    +28:6571:Application <xxxxx> does not exist in target. 28:6571:Application <xxxx> does not exist in target. 28:6571:Application <xxxx> does not exist in target. 28:6571:Application <xxxxx> does not exist in target. 28:6571:Application <xxxx> does not exist in target. ...+
    When i am trying to open the planning application, i am getting error: Failed to sync with user provisioning, check planning log for details
    HyS9planningsyserr.log details:
    [INFO] RegistryLogger - REGISTRY LOG INITIALIZED
    [INFO] RegistryLogger - REGISTRY LOG INITIALIZED
    Creating rebind thread to RMI
    com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.
    com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.
    com.hyperion.planning.HspRuntimeException: Failed to sync with user provisioning. Check Planning log for details
         at com.hyperion.planning.HspJSImpl.synchronizeUserWithProvisioning(Unknown Source)
         at com.hyperion.planning.HspJSImpl.login(Unknown Source)
         at com.hyperion.planning.HspJSImpl.login(Unknown Source)
         at com.hyperion.planning.HyperionPlanningBean.Login(Unknown Source)
         at HspLogOn.Handle(Unknown Source)
         at HspLogOn.doGet(Unknown Source)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3241)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
    java.lang.RuntimeException: Errors occured during syncrhonization: [com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.]
         at com.hyperion.planning.HspJSImpl.synchronizeUserWithProvisioning(Unknown Source)
         at com.hyperion.planning.HspJSImpl.login(Unknown Source)
         at com.hyperion.planning.HspJSImpl.login(Unknown Source)
         at com.hyperion.planning.HyperionPlanningBean.Login(Unknown Source)
         at HspLogOn.Handle(Unknown Source)
         at HspLogOn.doGet(Unknown Source)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3241)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
    java.lang.RuntimeException: Errors occured during syncrhonization: [com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.]
         at com.hyperion.planning.HspJSImpl.synchronizeUserWithProvisioning(Unknown Source)
         at com.hyperion.planning.HspJSImpl.login(Unknown Source)
         at com.hyperion.planning.HspJSImpl.login(Unknown Source)
         at com.hyperion.planning.HyperionPlanningBean.Login(Unknown Source)
         at HspLogOn.Handle(Unknown Source)
         at HspLogOn.doGet(Unknown Source)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3241)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
    com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.
    com.hyperion.planning.HspRuntimeException: Failed to sync with user provisioning. Check Planning log for details
         at com.hyperion.planning.HspJSImpl.synchronizeUserWithProvisioning(Unknown Source)
         at com.hyperion.planning.HspJSImpl.login(Unknown Source)
         at com.hyperion.planning.HspJSImpl.login(Unknown Source)
         at com.hyperion.planning.HyperionPlanningBean.Login(Unknown Source)
         at HspLogOn.Handle(Unknown Source)
         at HspLogOn.doGet(Unknown Source)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3241)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
    java.lang.RuntimeException: Errors occured during syncrhonization: [com.hyperion.planning.DuplicateUserException: Another user with the name hypadmin already exists.]
    Thanks,
    mady

    Hi,
    I got solution for this issue through Oracle Support.
    I have restored database and migrated artifacts using LCM. any one method is enough to do Planning application migration (from Oracle Support)
    Thanks,
    mady

  • Posixaccount and posixgroup user provisioning in sun LDAP through sunIDM 7

    Hi folk
    I am trying to do userprovisioning in LDAP for posixaccount and posixgroup.
    From authorative datasource I am getting role,rolestatus,uidNumber,cn etc.
    Based on role user will be placed in posixgoup.
    Role to group mapping is
    one-to-many
    Anybady can tell me how can i do it.
    User provisioning is automatically so i have make some changes in workflow and writea rule for role to group mapping and i need to call that rule in workflow.
    But how i will make changes in workflow and what chnages are required for posixaccount and posixgroup prov.
    please help if anybody has done or give me some idea how can i do it.
    Thanks

    Hello All,
    Thank you for your time and valuable replies.
    I got rid of the "Missing" error and now I am one step away from the solution.
    Now I am at a stage where: (for a user with initial password on LDAP)
    1. In AD if "User needs to change password on next logon" flag is NOT set - user can successfully logon to portal. (without being prompted for password change)
    2. In AD if "User needs to change password on next logon" flag is set - then user cannot logon to portal - I get User authentication failed error.
    I have went through a lot of discussions around this topic on SDN and different SAP Notes. I have tried to maintain UME Security policy as close as possible to LDAP (I cannot make it exactly same due to some differences in LDAP and UME).
    However, when and administrator can change passwords from UME successfully without any problem - it means that:
    - Security policy is being met
    - Service user used to communicate to LDAP has all the required access
    The only missing piece of the puzzle is how to enable the users to be able to change their passwords (with initial or expired passwords).
    According to Note 865399 - the default value for The property ume.ldap.access.set_pwd is TRUE.
    Also the property ume.ldap.access.pwd.via.usercontext can only be TRUE when ume.ldap.access.set_pwd is set to FALSE.
    So, I have tried setting the following without any success:
    <ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
    <ume.ldap.access.set_pwd>false</ume.ldap.access.set_pwd>
    Thanks,
    Shanti

  • AE 5.1 - User provisioning issue - new user provisioned at end of request

    Hi All,
    re: AE 5.1 - User provisioning issue - new user provisioned at end of request when AE Config is set to NO
    We have an interesting issue. An Access Enforcer Change Request was initiated with the incorrect userID (the userID did not yet exist in the system) and that Change Request flowed through and made it to the end of the path. At the end of the path, it created a new userID (since the incorrect one was entered). However, we have the following AE Config:
    Auto Provisioning - Status: Auto Provsioning Type: "Auto Provision At End of Each Path"
    Auto Provisioning - Change Request: Create if user does not exist: "NO"
    Any ideas as to why the new userID was provisioned even though we have it set to "NO"?
    We are on AE v5.1, SP4.
    Thanks in advance!

    Gary,
    Similar kind of issue.,
    The Change User BAPI works differently than we normally think.
    It wipes off everything and reassign the modification.
    This I figured it in one of my implementation. You try add some roles to the user it wipes off all the roles and reassign the roles along with the new requested one's.
    The client is also in SP4 still they have issue.
    Will that not be good, AE checks for the ID before it actually submits the request.
    Thanks.
    Note : The issue mentioned by you doesnt exist in AE5.2
    Regards,
    Muthu Kumaran KG
    Edited by: Muthukumaran Krishnan Govindan on Mar 13, 2008 2:38 PM

  • Hyperion Planning - Failed to sync with user provisioning. Check planning

    Hi All,
    I'm trying to configure Hyperion Planning to user an external user repository (OID) but when i try to login with an OID user i get the following error :
    "Failed to sync with user provisioning. Check planning log for details"
    I'm not hyperion expert so please excuse any school boy mistakes.
    Use Case : login to Hyperion Planning using an OID user
    Setup:
    1)     User created in OID
    2)     Use Provisioned in HSS with planning roles
    3)     User can login to HSS
    4)     Able to login with Native user with the exact same roles
    5)     Version 11.1.2
    6) Can only see native user in EAS..
    I've googled away and tried various things:
    1) Run provisionUsers script :
    Loaded Version of Essbase RTC: 0xb1200
    [Wed Jan 25 09:39:04 GMT-06:00 2012] Planning successfully notified HBR repository.
    Wed Jan 25 09:39:41 GMT-06:00 2012 :: [Wed Jan 25 09:39:41 GMT-06:00 2012] Plann
    ing: Synchronizing the following users with user provisioning: [XXX]
    Wed Jan 25 09:39:41 GMT-06:00 2012 :: Planning: Error occurred while synchronizing: Errors occured during syncrhonization: [com.hyperion.css.CSSIllegalArgumentE
    xception: EPMCSS-251046: Invalid principal.]
    2) Bouncing servers
    Any help would be great.
    Thanks,
    Oz

    Hi,
    Have you updated the datasources for each of the planning applications, you will need to update the password and probably recycle planning app server.
    Cheers
    John
    http://john-goodwin.blogspot.com/

Maybe you are looking for

  • After effects CS5 error when trying to import : could not convert unicode caracters (23 :: 46)

    i get this message when im trying to impor psd. file or ai. file with no text in them. actually any file i try to import! i tried to do what is written on the adobe web.. but nothing seems to be working. can you help me please?

  • Increase help window text size

    Hi all, i have a situation here ,the text font size of my flex help window is coming say of 4  is there a way via which i can increase it..it is very less compared to the other windows text

  • Not happy with Mac book pro retina because of black screen problem.

    I am not happy with Mac book pro retina because of black screen problem. This screen failure appears after one year. I was fan of APPLE now I do no support any apple products. When they expires I will renew them with the other products belong to the

  • Camera raw 8.3, Elements 11 and Nikon D5300

    I have a new Nikon D5300.  Elements 11 won't recognize the raw (NEF) files if I try to download them.  The help section says I need camera raw 8.3, but I can't find that nor can I find a link to Elements, rather that Photoshop.  Can someone help?

  • ASA /Router -SNMP Trap when IP SLA monitored (ICMP timeout)

    Hi, I am looking for some solution for my below requirment Requirment is : How do I configure ASA or Router to send SNMP Trap when IP SLA monitored  features enabled (ICMP request or 900 millisecond delay from destination IP) Thanks in advance..