GRC User ID's and SAP UME

Similar Messages

• Creating User in Portal and SAP Backend simultaneously?

  Is it possible when you create a new user for the portal (in my case, active Directory is used as central user storage) for SSO, that this user will also be created simultaneously in different SAP Backends without creating it manually everytime? Or is it perhaps possible to connect Active directory to these SAP backends as central user storage, too? My Problem is that everytime I must create manually the users in portal and all belonging SAP backends but I think it's not very comfortable.
  Regards,
  Frank

  Hi Frank,
  There are ways to integrate complete User Management where either SAP or the local LDAP (i.e. MS ADS) drive as the central store for users.  Ultimately, the CUA concept can be entirely driven by SAP including the MS ADS ID's for the network.  It involves a proposal that is uploaded into the ADS which includes the SAP required schema.  When populated (or if configured as such) they can be applied as user properties for the backend systems.  There is a tool within R/3 called LDAPSYNCH that allows the replication (either direction) of user data.
  This concept is referred to as Identity Management.  Start at http://service.sap.com/security.  Then go to "Security in Detail" ==> "Secure User Access" ==> "Identity Management".  There you can find info/docs on the CUA concept within the SAP landscape as well as the integration into the corporate LDAP.
  I have seen most customers use separate R/3 backend User Management from the ADS.  I assume that this is due to the complexity of adopting a whole new global user management process with existing "cultured" processes.  However the SAP systems can support the entire corporate user management driven from within the R/3 core (HR).
  I hope that this helps,
  Regards,
  Judson

• Drop down list for User ID's and SAP List viewer format

  Couple of quick questions. Any help will be greatly appreciated.
  1) I need to put User ID on the selection criteria screen. And also, I need to build a dropdown list for user ID selection by finding all user IDs in the Finance department and put it on the list.
  2) I need to display the report in the SAP List viewer format, which enable these functions including sorting, hiding fields, filtering, exporting to an excel file as necessary. My output is currently plain vanilla as follows
  loop at ibkpf where belnr = ibseg-belnr.
         read table iskat with key saknr = ibseg-hkont.
         read table icepct with key prctr = ibseg-prctr.
         read table icskt with key kostl = ibseg-kostl.
         write:/
         iBKPF-BELNR,     " Accounting document number
         iBKPF-BUKRS,    " Company code
         iBKPF-GJAHR,     " Fiscal Year Range
         iBKPF-MONAT,     " Period
         iBKPF-USNAM,     " Username
         iBSEG-BELNR,      "Document #
         iBSEG-BUZEI,      "Item #
         iBSEG-BSCHL,      "Posting Key
         iBSEG-SHKZG,      "Debit/credit indicator
         iBSEG-PRCTR,      "Profit Center
         icepct-ktext,
         iBSEG-KOSTL,      "Cost Center
         icskt-ltext,
         iBSEG-HKONT,      "G/L Account
         iskat-TXT20,
         iBSEG-DMBTR,      "Local currency
         iBSEG-WRBTR,      "Document currency
         iBSEG-SGTXT,      "Explanation
         iBSEG-KOART.      "Account type

  Hello Syed
  Here is a sample coding for a dropdown listbox:
  *& Report  ZUS_SDN_DROPDOWN_LIST
  REPORT  zus_sdn_dropdown_list.
  TYPE-POOLS: vrm. " Value Request Manager: Typen und Konstanten
  DATA:
    gt_values   TYPE vrm_values.
  PARAMETERS:
    p_usrid    TYPE xubname AS LISTBOX VISIBLE LENGTH 13.
  INITIALIZATION.
  * Select the allowed values for dropdown listbox
    SELECT bname AS key FROM  usr02 INTO TABLE gt_values
           WHERE  bname  LIKE 'S%'.
    CALL FUNCTION 'VRM_SET_VALUES'
      EXPORTING
        id              = 'P_USRID'
        values          = gt_values
      EXCEPTIONS
        id_illegal_name = 1
        OTHERS          = 2.
    IF sy-subrc <> 0.
  * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
  START-OF-SELECTION.
  END-OF-SELECTION.
  You have two fields for the listbox available:
  - KEY (obligatory)
  - TEXT (optional)
  Regards
    Uwe

• Time-Zone Help. User Time Zone and SAP Time Zone!

  Hi Experts,
  Guys, I want to know how to check and change time in SAP system. The reason I want to know if when I go to su01 and display my user, under Default tab>> Sys. Time Zone is different. So, I am guessing that I have to change time zone which is causing my CCMS-Alert auto-reaction.
  Thanks,
  I will reward points.

  Hi Prince,
  Cool!! Just wanted to confirm and clear things up.
  1. My OS time is PST and upto date. I have checked by typing date in unix.
  2. As you have mentioned (Txn STZAC). I think STZAC is a T-code in which I can change time zone but what is Txn? Also, when changing time zone, do I have to make client modifiable in se06?
  3. As you have also wrote that I can add (TIME_ZOME) in parameter of Auto-reaction Z_method. Just to confirm, is that how I will add.
  Parameter Name: Time_Zone
  Parameter Value: PST
  on the Parameter value, do I need to add any syntax or characters such as $PST, (pst) etc...
  Thanks for your help!

• Users not provisioned to SAP

  While creation we used to provision the user to AD and SAP resource. but now while creation through on screen or scheduler users are provisioned only to AD. We are unable to trace the cause.Can any one help me out.

  There can be a number of reasons why you have this problem.
  Lets start by trying to narrow things down a bit. Do you have debug level logs enabled? If so what does the logs say?
  Best regards
  /M

• OIM - SAP Employee Recon and SAP User Management Connectors vs. OC4J

  In reading through the SAP connector documentation I've found that we cannot use OC4J to run OIM if the 9.0.3 SAP User Management Connector or SAP Employee Recon Connector is used. This is all related to a conflict in JDK versions supported between the SAP JCo (Java Connector) library and OC4J. A thought we've had is to use a Remote Manager for these connectors. Can anyone validate this approach? Is it possible to use a different JDK version with your remote manager? Is there another workaround that anyone is aware of?
  Thanks

  Hi,
  The remote manager should work with different JDKs. We are going to be doing the same thing for one of our adapters.
  As for SAP, I cannot think of another workaround -- we actually abandoned the SAP JCo approach and are doing web services with XI.
  Thanks,
  Deborah
  http://www.linkedin.com/in/dvolk

• Purchase Order Release Strategy and SAP user RelationShip

  Hi,
  We are currently developing a work flow to streamline PO release in our company . What we want to achieve is that
  E.g
  A purchase order 100001 is creates and a release strategy s1 is applied to it which is a 3 level relase statrgy having release code c1,c2,c3 which are uniquely assigned to user/employee of the company and no 2 users'employee can have the same release code.
  Now when c1 release the purchase order a work item should be created to for the user/employee who is assigned the c2 code.
  Currently this workflow is not implemented in our company adn the relase stategy is handeled by authorization oobjects and when ever a po user relase the po he calls up the other persona next in relase strategy to notify him about the work he has to do .
  I am need to know can we develop a relationship b/w the release code and sap user or employee
  Regards
  Kamran ellahi

  Hi,
  We are currently developing a work flow to streamline PO release in our company . What we want to achieve is that
  E.g
  A purchase order 100001 is creates and a release strategy s1 is applied to it which is a 3 level relase statrgy having release code c1,c2,c3 which are uniquely assigned to user/employee of the company and no 2 users'employee can have the same release code.
  Now when c1 release the purchase order a work item should be created to for the user/employee who is assigned the c2 code.
  Currently this workflow is not implemented in our company adn the relase stategy is handeled by authorization oobjects and when ever a po user relase the po he calls up the other persona next in relase strategy to notify him about the work he has to do .
  I am need to know can we develop a relationship b/w the release code and sap user or employee
  Regards
  Kamran ellahi

• I am loging in SAP. Initial screen come where it display User Menu and Sap

  Dear All,
  When i am loging in SAP. Initial screen come where it display User Menu and Sap Menu, but User menu is in active not showing but T code are executing then what object i have missed.
  can u help me?
  Thanks,
  Regards,
  Sachin

  Hi Sachin,
  It doesn't care if you're using SAP_ALL or any of those profile. That is not relevant. I had that case a few days ago, I'm not using any of those profiles and I made it work with help of one post.
  If you put the transactions in the tab "Menu" of the role in the PFCG, and if you activate parameters I mentioned in a prior post, then you should see the Menu.
  Tables SSM_CUST and USERS_SSM. The first is global and the other is user-especific.
  The link in one of the first post of this thread hace all the info.
  That should work, that worked in my case.
  What values the parameters have on those tables? The more the info the better.
  Updating the parameters on those tables should help. If still doesn't work then you should check another parameter using transaction RZ10 or report RSPARAM.
  If my info solves your problem, points are appreciated, if not, we will try...
  Jose

• Installing SAP GRC AC 5.3 and 5.2 in same windows server

  Hi All,
  Is it possible to run both SAP GRC AC 5.3 and 5.2 on the same server? Basically for testing purpose prior to upgrade?
  What would be the technical issues?
  Regards,
  Nagendran

  Hi All,
  We have a similar requirement:
  We have WAS640AC5.2 running in a windows server connecing to backend landscape "A". We plan to install WAS700AC5.3 in this same server for backend landscape "B".
  What i would like to know is WAS640AC5.2 & WAS700AC5.3 can exist together in the same server?
  Regards,
  Muruga

• Unable to access user DDIC and SAP*

  +Hi GURUS,+
  +I installed solutionmanager 4.0 and i loggen in the system(000) with DDIC user and check the TCODE SICK.+
  ++When i restarted the server it was not allow me to login awith user  DDIC and SAP in 000 client.++*
  +It's giving error message:+
  +Password log on nolonger possible too many times failed attempts.+
  ++Could you please help me out is there any way to set DDIC and SAP from windows level(i mean sap inst directry..usr/sap/<sid>/sys/profile)*
  Regards
  JAn

  Hi,
  Unlock it at Database level
  UPDATE usr02 SET uflag = 0 WHERE bname = "SAP*" AND mandt = <client number>
  Or
  Run the sql query at sql prompt and then login to sap with sap* and password "pass".
  SQL> delete from usr02 where mandt=<your login client> and banme='SAP*';
  Rakesh

• How can i know about any users who log on sap last one month..all data and

  Dear all,
  how can i know about any users who log on sap last one month..all data and  transaction code they used in a month.
  Regards,
  ASHUTOSH
  9891595497

  Dear Ashutosh,
  I think your question is in the wrong forum. This is for SAP MDM related questions and answers. SAP MDM does not use Transaction codes. So you may not get much help here.
  Please try posting your question in the ABAP forums and you may get the right resources to help you.
  Thanks.
  Siva K.

• SAP GRC 10 - PSS Access from SAP ECC System

  I have configured Password Self Service in GRC System and is working perfectly fine for all password resets if access provided to NWBC from  GRC System.
  We have requirement to provide end users to reset password using SAP ECC System only. I have tried to access NWBC using SAP ECC System but is giving me error that Menu not configured or roles not assigned.
  Currently Maintain Data Sources is configured as below
  User Search Data Sources , User Detail Data Sources  & User Authentication Data Sources set to ECC Connector and End User Vertification Set to yes.We are not using LDAP / Active Directory for the User Search Database and instead ECC Only
  Can anyone provide the roles to be assigned in SAP ECC System to access NWBC - Password Reset .

  Hi Anil,
  In support to Colleen's comments, It seems that you have not configured the USER on the End User Services.  You need to make sure that the guest user (not available in GRC) is configured in each of the 10 services in SICF for the end user Login Pages to work.
  Here are the 10 required services to be activated:
  1.)GRAC_OIF_MY_PROFILE_EU
  2.)GRAC_GAF_NAME_CHANGE_SERV_EU
  3.)GRAC_POWL_REQUEST_STATUS_EU
  4.)GRAC_GAF_PWD_SELFSERVICE_EU
  5.)GRAC_OIF_USER_REGISTER_EU
  6.)GRAC_GAF_ACCREQ_WITH_REQREF_EU
  7.)GRAC_OIF_REQUEST_SUBMISSION_EU
  8.)GRAC_GAF_ACCREQ_WITH_TEMPL_EU
  9.)GRAC_GAF_ACCREQ_WITH_USEREF_EU
  10.)GRAC_UIBB_END_USER_LOGIN
  You can refer note#http://service.sap.com/sap/support/notes/1628387
  If the user is not present in GRC system then, they have to go with end-user-logon page to reset their passwords where you can always define the user authentication configurations.
  Regards,
  Ameet
  Message was edited by: Ameet kumar

• EP 6.0 and ABAP UME Issue

  Discovered a strange occurance when using EP6.0 SP19 with ABAP based UME.
  If you change the user details (email address for example) in SU01 - it is not reflected in the portal UME details BUT a change of the same users details in the portal UME is immediately reflected in the SU01 user record in the backend.
  I havent managed to arrange a UME restart yet to see if the new data is pulled through then but there must be a UME setting for this surely?  Some sort of UME cache setting?
  Anyone any ideas?
  Thanks........ Haydn

  Hi Haydn,
  Invalidating the cache should not force you to log on again, at least not in 7.0. I was able to try this this morning. (My coworker tells me that you might have a problem in your authschemes.) This is completely independent of the session management. When you log on the UME stores your user and the relevant groups, roles, actions, and account objects in the cache. These object then expire after an hour by default. The UME uses this cached information in most cases. If the information it requires is not cached, the UME gets the information it requires from the data source directly and stores it in the cache.
  See also: http://help.sap.com/saphelp_nw04s/helpdata/en/45/77e32308d072ace10000000a1553f7/frameset.htm
  -Michael

• GRC AC 5.3 and WebShop CRM 2007

  Hi All,
  my undarstaning was GRC AC  5.3 will be available to enable user provision for all SAP JAVA Stack applications.
  I just heard that GRC AC 5.3 will not be able to manage user for WebShop CRM 2007.
  Is anybody aware of this limitation on the new version of GRC AC ?
  Kind Regards,
  Giampaolo

  This is a topic for the Forum about [Governance, Risk and Compliance |Governance, Risk and Compliance (SAP GRC);
  Kind regards
  Frank Buchholz

• No user is able to login through User Management Engine in SAP Web AS Java

  Hi,
  We are facing an error"User Authentication failed" in SAP Web AS Java(Stand-alone).
  No user is able to login through User Management Engine but we were able to login as administrator into Visual admin.Tried SAP* (Emergency User Activation in config tool) also.SAP* is also able to login to Visual Admin But not into UME.Login in Visual Admin was successful when we tried with SAP* or administrator.
  Feels like some UME configuration might have changed.Can anyone help me in this.
  Thank You.
  Regards,
  Sudheer.

  Hi Sudheer Koppireddy
  login VA with SAP*
  go to services -- key config login ticket and see in right hand side entry deleate all entry
  and save it
  then go to sm 59 and check HMI connection (http connection to R/3)
  deleate it and recreate it
  Thanks
  Amit Shivhare
  PS:Reward Point