How to Mirror a user in CUP - Compliant User Provisioning
Hello
We are setting up CUP GRC 5.3 SP12
I currently do not see any way in the application for the requestor to just request that they want a new hire set up like (mirror) user x. Does this functionality exist? It appears the manager of the request would have to look up employee x (the mirror) and select all of the roles that user currently has in the system, and select them while in CUP. it seems like there should be a way to mirror or pull up someones current access in SAP and select those roles with just one click. Please let me know if this is possible and how your company deals with this issue if you are currently using CUP.
Thanks in advance
Hi Vitale,
You can do so with CUP 5.3. There is one option in CUP which helps you u select the role in that request like some user already had. When creating request, click on select role button. On next screen select type of access Model My access by option. Now you can search a user and select it. After that CUP will bring all role that this user had for the corresponding system. now u can select all, if you want to create a mirror image. Afterwards submit the request.
Kind Regards,
Srinivasan
Similar Messages
-
Compliant User Provisioning implementation
What would you say is the amount of time it would take to implement CUP, in the simplest way possible? In other words, barring unforeseen circumstances, and with the simplest workflows, how long would it take?
Thanks a lot ...
SantoshHi Santosh
I hope you have RAR installed in your system.
To implement CUP you can follow the plan below,
1. Compliant User Provisioning Implementation 14 days
2 Complete AE Pre-Implementation Checklist 1 day
3. Deploy and install AE on NW 1 day
4. Perform AE post -installation configuration and connectivity 1 day
5. Perform AE issue resolution 1 day
6. Discussion & Configuration of Test workflows 7 days
7. Run end to end request scenario testing for each workflow path 3 days
It is upto your project resource allocation and working hours to minimise the task ASAP.
Regards,
Sudip. -
GRC 5.3 CUP SP16 - User info not loading from LDAP into CUP
Hello,
We have multiple LDAPS that we needed to connect to our CUP system to authenticate the userids before a request can be created for them. And also to bring in Manager ID and manager email from LDAP as the first level approver for requests.
My client hasn't maintained the actual LDAP userids, Manager and manager email fields correctly, so we utlized three other custom fields in LDAP and then did field mapping in CUP for those fields. But even when the connection to all the LDAPs is successful, there's no user information being pulled in from LDAP into CUP. I noticed that when I use our backend SAP QA system as 'User Data Source' while using multiple LDAPS for 'User Detail Source Data' , it only reads data from SAP QA system SU01 area and even when I'm trying to create requests, no Manager info is being pulled from LDAPS for that user id.
SAP does not allow the use of multiple LDAPS for the configuration-->User Data Source , top option. So, if a client has userids in multiple systems, it can only read from one data source. But even when I temporarily assigned one active directory LDAP to the 'user data source' option, it stated, no records found. So, something is up that no data is being pulled from LDAPs even when the connection to those systems is successful. I just asked our AD guy to temporarily assign domain admin rights to that LDAP connection ID to see if it's access issue, and still I am not getting any LDAP data to read into GRC CUP.
Anyone else has had this issue? Is there especial access that the LDAP connection id needs access in LDAP to be able to retreive data into GRC? Is there any jobs that need to be run to read LDAP data. I thought it should be live as the system is connected to LDAPs. I don't understand if the connection is successful, why the user info is not being pulled from there and even after the LDAP custom field mapping is done, those field values are not showing up on requests.
We need the following to happen:
1). Authenticate the custom userid field in LDAPs to ensure this user exist as an employee b4 request can be created for the user. For this I have configured the multiple LDAPS for the 'Authentication'. But it doesn't seem to confirm that option when creating a request for a user.
2). The user details info source should bring in the custom manager id and manager email into the request to send the first level of approval via workflow to that manager. Since SAP doesn't give the option to define approvers per user group values in CUP, we had to actually map all the User Owner approvers this way since their direct managers are not aware of what to request as the User owner approvers per user group are. So, we added custom fields for Manager id and Manager EMail into LDAP to be ready automatically into the request when reading user id while creating request.
I will greatly appreciate anyone's help on how they got the LDAP field values to be read into GRC CUP for request processing and what type of encripted access can a LDAP connection id have without assigning it complete domain admin rights on an open port 389 for LDAP and GRC CUP connection.
Thanks and Regards,
AlleyHi Alley,
1). Authenticate the custom userid field in LDAPs to ensure this user exist as an employee b4 request can be created for the user. For this I have configured the multiple LDAPS for the 'Authentication'. But it doesn't seem to confirm that option when creating a request for a user.
This is not possible. You can have only 1 LDAP. Why you want to authenticate the user in different sources?? CUP looks at only one user source, not many. The below wiki explains you the configuration part:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b089fb71-a3b7-2a10-64a2-8c77243b0664
2). The user details info source should bring in the custom manager id and manager email into the request to send the first level of approval via workflow to that manager. Since SAP doesn't give the option to define approvers per user group values in CUP, we had to actually map all the User Owner approvers this way since their direct managers are not aware of what to request as the User owner approvers per user group are. So, we added custom fields for Manager id and Manager EMail into LDAP to be ready automatically into the request when reading user id while creating request.
Based on user group is not possible. However, if you wish to maintain the Manager's Field, ensure that the CUP mapping is done correctly from the Configuration, Field Mapping, LDAP Mapping.
While defining the workflow, take the approver determinator as Manager. This will route the request to the users manager. Also, ensure that LDAP is the source in all the confiuration areas in CUP.
Check note 1228996 for more information.
Hope this helps!!
Regards,
Raghu -
Hi Gurus ,
As per Oracle docs "Normal redundancy disk groups provide 3 voting disk files, 1 OCR and 2 copies(one primary and one secondary mirror).
Does it means there are 2 OCR in this diskgroup ? .Then ,
Where is the OCR primary and Mirror created in this case?Are they been on separate failure group ? Then how can I check the same through asmcmd?
Here is my environment set up
[grid@xxxx01 ~]$ ocrcheck
Status of Oracle Cluster Registry is as follows :
Version : 3
Total space (kbytes) : 262120
Used space (kbytes) : 2800
Available space (kbytes) : 259320
ID : 1074808153
Device/File Name : +OCR_VOTE
Device/File integrity check succeeded
Device/File not configured
Device/File not configured
Device/File not configured
Device/File not configured
Cluster registry integrity check succeeded
Logical corruption check bypassed due to non-privileged user
My +OCR_VOTE is in normal redundancy , while looking at ASM level
[grid@xxxx01 ~]$ asmcmd
ASMCMD>
ASMCMD> cd +OCR_VOTE
ASMCMD> ls
ehrptpi-cluster/
ASMCMD> cd xxxxxi-cluster/
ASMCMD> ls
ASMPARAMETERFILE/
OCRFILE/
ASMCMD> cd OCRFILE/
ASMCMD> ls -l
Type Redund Striped Time Sys Name
OCRFILE MIRROR COARSE JAN 07 20:00:00 Y REGISTRY.255.763526561
ASMCMD>
Here I can see only one OCR file . Then what is meant by 1 OCR and 2 copies ?
Can somebody shed some light on how OCR mirroring actually works ?
Thanks and Regards,
MahiHi Thomas,
Thanks for the guidance .Please find the output from my RAC environment.
SQL> select distinct g.name "Diskgroup", g.type "redundancy",
d.failgroup "Failgroup" ,d.path "diskwithinfailgroup"
from v$asm_diskgroup g,
v$asm_disk d
where g.group_number = d.group_number
and g.NAME = 'OCR_VOTE'
SQL> /
Diskgroup redund Failgroup diskwithinfailgroup
OCR_VOTE NORMAL OCR_VOTE_0000 /dev/oracleasm/disks/GRID01
OCR_VOTE NORMAL OCR_VOTE_0001 /dev/oracleasm/disks/GRID02
OCR_VOTE NORMAL OCR_VOTE_0002 /dev/oracleasm/disks/GRID03
SQL>
SQL> select distinct GROUP_KFFXP, NUMBER_KFFXP, name, DISK_KFFXP from x$kffxp, v$asm_alias where GROUP_KFFXP=GROUP_NUMBER and NUMBER_KF
FXP=FILE_NUMBER and system_created='Y' and name like '%REGIST%';
GROUP_KFFXP NUMBER_KFFXP NAME
DISK_KFFXP
1
253 REGISTRY.253.852564731
0
1
253 REGISTRY.253.852564731
2
1
255 REGISTRY.255.852564731
0
1
255 REGISTRY.255.852564731
1
1
255 REGISTRY.255.852564731
2
SQL>
select group_number,disk_number,failgroup,substr(path,1,48) as "Path(48 Chars)" ,mount_status,header_status,mode_status,state,total_mb,free_mb
from v$asm_disk order by group_number,disk_number;
GROUP_NUMBER DISK_NUMBER FAILGROUP Path(48 Chars) MOUNT_S HEADER_STATU MODE_ST STATE
0 0 /dev/oracleasm/disks/DATA15 CLOSED FORMER ONLINE NORMAL
0 6 /dev/oracleasm/disks/DATA14 CLOSED FORMER ONLINE NORMAL
0 10 /dev/oracleasm/disks/DATA10 CLOSED FORMER ONLINE NORMAL
0 11 /dev/oracleasm/disks/DATA09 CLOSED FORMER ONLINE NORMAL
1 0 OCR_VOTE_0000 /dev/oracleasm/disks/GRID01 CACHED MEMBER ONLINE NORMAL
1 1 OCR_VOTE_0001 /dev/oracleasm/disks/GRID02 CACHED MEMBER ONLINE NORMAL
1 2 OCR_VOTE_0002 /dev/oracleasm/disks/GRID03 CACHED MEMBER ONLINE NORMAL
2 0 ORADATA_0000 /dev/oracleasm/disks/DATA01 CACHED MEMBER ONLINE NORMAL
2 1 ORADATA_0001 /dev/oracleasm/disks/DATA02 CACHED MEMBER ONLINE NORMAL
2 2 ORADATA_0002 /dev/oracleasm/disks/DATA03 CACHED MEMBER ONLINE NORMAL
2 3 ORADATA_0003 /dev/oracleasm/disks/DATA04 CACHED MEMBER ONLINE NORMAL
2 4 ORADATA_0004 /dev/oracleasm/disks/DATA05 CACHED MEMBER ONLINE NORMAL
2 5 ORADATA_0005 /dev/oracleasm/disks/DATA11 CACHED MEMBER ONLINE NORMAL
2 6 ORADATA_0006 /dev/oracleasm/disks/DATA12 CACHED MEMBER ONLINE NORMAL
2 7 ORADATA_0007 /dev/oracleasm/disks/DATA13 CACHED MEMBER ONLINE NORMAL
3 0 ORAFRA_0000 /dev/oracleasm/disks/DATA06 CACHED MEMBER ONLINE NORMAL
3 1 ORAFRA_0001 /dev/oracleasm/disks/DATA07 CACHED MEMBER ONLINE NORMAL
3 2 ORAFRA_0002 /dev/oracleasm/disks/DATA08 CACHED MEMBER ONLINE NORMAL
18 rows selected.
From the group number and disk_number I am able to find out to which disks oracle internally stripes OCR. But little confused with the 2nd select query output . Why its having different values for NUMBER_KFFXP (253 and 255) .??
Also if oracle internally maintain mirrored copy of OCR in normal and high redundancy disk group , Why should we create a separate OCR (upto 5) on different disk groups?
How to find out the master OCR?
Thanks in advance.
Mahi -
So I AD integrated UCM (6.1) and I see 3300 end users. Now when I flip over to CUP (7.0) I only see 1,062 users....
My fear is that I have hit a limit on the box, but my hope is that someone has a work around.
It is a 7825 which has a user limit of 1,000, but I had assumed that the limit was based on the number of CUP/CUPC enabled users and not on the total user count.
I really hope there is a workaround.
Thanks,
-ScottPlease clarify what you mean by CUP only sees 1062 users? CUPS or CUPC? In CUPS, I thought that the user list would only show the users you flagged in CUCM with the CUPS/CUPC feature. IOW, users are only replicated when they are enabled for CUPS use. At least, that is my understanding.
From an LDAP query perspective. I believe this is done by CUPC (even though CUPS has a the LDAP search string specified).
The question I have: How many users in CUCM are enabled with the CUPS/CUPC feature? Is it 1062?
HTH.
Regards,
Bill -
How can I grant Application access to a user via API ) programattically
how do I grant access to a portal user from API
I want to grant access to a user from an API, ie I need a
command to grant "SCOTT" access to "EXAMPLE_APP" APPLICATION as
an end user?Hi,
I am assuming that you have already updated the EUL in the Administrator Edition, correct? If not, open Discoverer Administrator and login to the database you want to connect to. You must use your EUL user name which I assume has already been created and assigned the correct privileges in the database. You will be asked to update your EUL. Follow the prompts.
Once logged into the EUL, go to Tools \ Privileges and find the user that you want to give administrator access to.
Hopefully, this answers your question.
Regards,
Nancy -
How to get the Useru2019s position when the user doesnu2019t have CP relation
We have a custom program which will add / delete attributes (In transaction PPOSA_BBP). It is working fine for users which were assigned with CP relation But it fails for users which doesnu2019t have CP relation (since we are getting the position of users form HRP1001 then we are retrieving the existing attributes based on the position after that updating the attributes) as we are getting the position from HRP1001 it fails for users were no CP relation.
Help us how to get the Useru2019s position when the user doesnu2019t have CP relation. Suggest us any function module or how to query the HRP1001 or some other table if exists
Regards
PaulHi Paul,
Have a look at these tables.
Using table BUT000 the central business partner data are stored, f.e. partner type, partner names, partner number, partner guid, person number, etc. In table BUTBKK the bank data to a business partner are stored.
Central business partner address data
The table ADRC is used for the address of a business partner. Table BUT020 links the business partner number with the address number. Using table BUT021 several addresses to a business partner with different usages (modes), f.e. correspondence or delivery address, can be stored. The personal data of a business partner person are stored with key person number in table ADRP. The person number is assignd to a business partner person in table BUT000. Communication data of business partners as e-mail, telephone, fax, etc. are stored in the tables ADDR1 u2013 ADDR12. The business address of a contact person or an employee consists of the organization address (company resp. org.-unit) and of an address addition, which describes f.e. a building, a room number, etc. The address addition is stored in table ADCP and is identified by the keys address number of the organization address and person number.
Relationships between business partners
Table BUT050 contains the relationships between a business partner organization and a business partner person using relation types. The relation types are defined in table TBZ9, f.e. the relation type u2018has employeeu2019 corresponds to identifier u2018BUR010u2019, the relation type u2018has contact personu2019 corresponds to identifier u2018BUR001u2019. Table BUT051 stores communication data of a contact person relationship (compare to table ADCP). Table BUT052 stores several address numbers to one business partner relationship (including a standard flag).
Hope this helps,
Kind Regards,
Matthew -
How do I move Contacts & Calendar from one User to another User on the same Macbook Pro?
How do I move Contacts & Calendar from one User to another User on the same Macbook Pro? OSX 10.9.5
is this second library in a different account on the computer?
Look at Home Sharing.
iTunes: How to share music and video - http://support.apple.com/kb/HT2688 - about Music Sharing and Home Sharing
Home Sharing Support page - http://www.apple.com/support/homesharing/
iTunes: Setting up Home Sharing on your computer - http://support.apple.com/kb/HT4620
iTunes Home Sharing now works between users on same computer - https://discussions.apple.com/thread/3865597 -
How do I move imove content from one user to another on the same computer?
We bought our Macbook pro about six months ago. We made the mistake of creating two users for it (my husband and myslef) but bow we only log in under my user name. The problem is we originally imported all of our video camera content to his "log in" and now it is in his imovie folder, and not mine. I want to make a movie on my log in with the fottage that we imported to his. So, how do I get video content from one users login on the SAME computer to the other log in users? I cannot seem to move it for the life of me. I did not expect this to be so difficult.
Hi,
You need to log into his account and look, under the Movies folder, for iMovie Events. Inside, you'll find folders with the events names and still further will be the movie itself. Copy each to an external media or use the Shared folder so both accounts can reference them.
Another option would be to attach an external HD and via iMovie (Events Library pane) move them to the new disk. You would preserve the thumbnails and analysis already performed on the videos.
Good luck! -
How to share administrator iPhoto library with other users on same iMac?
How to share administrator iPhoto library with other users on same iMac?
This is the part I'm referring to:
If you want the other user to be able to see the pics, but not add to, change or alter your library, then enable Sharing in your iPhoto (Preferences -> Sharing), leave iPhoto running and use Fast User Switching to open the other account. In that account, enable 'Look For Shared Libraries'. Your Library will appear in the other source pane.
Any user can drag a pic from the Shared Library to their own in the iPhoto Window.
Remember iPhoto must be running in both accounts for this to work.
The library stays in the Pictures folder for this. -
My boyfriend and I have our own iPhones but share an iPad. How do we create two different profiles or user accounts, etc?
Unfortunately, at the moment you cannot create two user profiles on one iOS device.
-
How do you transfer songs to second iTunes user account; same computer
How do I transfer songs from one user account to another user account on the same computer?
I've given my son his own account on our second computer. Prior to this, he shared his sister's iTunes account, using a playlist to populate his ipod. Now that he has his own account, he wants to transfer his music to his own account. Is it possible to do this quickly? I've been able to copy some actual song files from the first iTunes library and physically move them to the new account using a flash drive, but this is cumbersome. Any better options? Thanks.Name wrote:
Sounds like a good plan. What folder/files do I move...the entire 'iTunes Media' folder? ...and how do I point to it...through the advanced preferenced feature?
It would be the folder you have selected as your Library folder. Usually Mac HD/Users/[User]/Music/iTunes/iTunes Media
See below:
Select Mac HD/Users/Shared/Music - CREATE IT if need be
Move your iTunes folder to the new Music folder. You'll probably have to "re import" the Library in iTunes. (Clear the old library first)
But ionce it;s in the Shared Music folder, EVERY account on the comp can access those files for their own library (whichever songs THEY want) and you onle need ONE copy of everything.
Each user can only access or modify THEIR OWN library while logged on so it prevents someone erasing another's library, because the iTunes Library file is in a locked folder when others are logged in. -
How we can lock No more than one user can use the table at a single time
Hi Abapers,
0) which function modules to lock & unlock a table.
1) When you execute the program, we can check if there is any lock on this table. If yes, the user should be able to only view the table contents and not modify.
2) If there is no lock, then lock the table and go into change mode.
3) On exiting from the program, unlock the table using the function module.
4) more than one user can't modify the table just display.
Note: If there is any lock, display message saying table is locked.
Plz help me for this requirement.
Thanks
NaniHello Nani
Have a look at the lock object EMMARAE (<i>Lock MARA and MARM/MAKT exclusively</i>) in transaction SE11.
Inspect the F1 help for field <b>Lock mode</b>:
DE ENQMODE
Short Text
Lock mode
Definition
Defines how to synchronize table record access by several users.
The following modes exist:
Exclusive lock
The locked data can be read or processed by one user only. A request
for another exclusive lock or for a shared lock is rejected.
Shared lock
Several users can read the same data at the same time, but as soon
as a user edits the data, a second user can no longer access this
data. Requests for further shared locks are accepted, even if they
are issued by different users, but exclusive locks are rejected.
Exclusive but not cumulative lock
Exclusive locks can be requested by the same transaction more than
once and handled successively, but an exclusive but not cumulative
lock can only be requested once by a given transaction. All other
lock requests are rejected.
If you want to lock a standard table search whether the table is used in lock objects (<i>Where-Used-List</i>). If it is a customer table you have to create your own lock object (including two function modules: one for enqueuing and the other for dequeuing).
The lock modules can be found in menu <b>GoTo -> Lock Modules</b>.
Given these lock modules the logic should be quite clear after starting the program:
1. Request lock -> if successful, continue in Change mode; -> if failed, continue in Display mode
2. Before leaving the report remove lock (note: no problem if no lock has been set in the beginning).
Regards
Uwe -
How can i share my admin user contacts with other users
I have sat in front of my computer for 2 days now and still cant work our how to share my contact book with other users on the same macbook air, can anyone help?
I have just found out for myself finally, I added my icloud account to his emails and just unticked the mail option and the contacts appeared as if by magic.
Hopefully if anyone else has this problem they will see this answer -
How to use migration assistant without creating dual user accounts
I want to use migration assistant to transfer apps, software & files on my macbook pro to my new macbook air. How can I do this without creating two user accounts for myself on the m-book air -- my account from the m-book pro & the one that the air makes me create as soon as I do start-up? Can I just use the same name & password for both? or will that make things go badly awry?
Thanks!If you have not booted the MBA for the first time and gone through the Setup Assistant, then I would use the Setup Assistant to make the transfer before you even create another user account. However, if you've already created the new user account on the MBA, then create a new admine one with a different username than the account you will migrate. Log into this new account, delete the first account you made, then use Migration Assistant to transfer your account from the MBP.
Maybe you are looking for
-
Is anyone having the same type of problems I'm having with Lion. I have a new MacBook Pro, received 7 weeks ago, preinstalled with Leopard 10.6.7. I didn't migrate anything from my old iMac, wanted a clean install from the Apple Store. While there, I
-
Backing up documents without Time Machine
Could someone please explain to me how to back up my pictures without using Time Machine? I bought an external hard drive but when I plug it in, it immediately connects to Time Machine every time. I don't want my entire computer backed up, just pictu
-
I just learned how to use the JFileChooser, but I can't figure out how to actually open the file. Does anyone know how to do that? Thanks Mike
-
Problem managing printer in iManager
Hi, created an printer in iManager 2.7.4 on OES2 SP2 Linux with all patches. Trying to manage the printer from an XP workstation, selecting drivers, a window pops up with Content "Drivers" and stayed forever. I close this window, the OS list states L
-
Hi team, My Device BBZ10 is running on OS 10.2.1.2941 and its having battery issue and some kind of Application leak . when i checked in internet forums people are advicing me to upgrade to 10.2.1.2947 & 10.3.xx , But in my device when i am checkin