How to provision all assignments in OK status to backend(ABAP, JAVA)
Hi Experts,
SAP IDM 7.2, SP8
Sometimes due to inconsistencies, users have assignments (inherited privileges (part of role)) with OK status in IDM but missing in backend systems.
Question 1: Is there any standard way to provision such user's all assignments (with OK status)?
1. I have tried uIS_RepairEntry internal function but it does not touch assignments in OK status if there are no structural changes required.
2. uPrivReconcile only reconcile failed/declined assignments.
3. I have tried uIS_SetDirty internal function but it does not trigger any assignment which is in OK status.
Infact it says that If an MX_PERSON entry is set dirty, this entry is marked dirty and all assignments will be reconciled but assignments in OK status are not provisioned.
Question 2: What does "all assignments will be reconciled" means here if it does not provision all assignments in OK status (mcExecState = 0 or 1).
4. I have created a job and created a script to use uProvision internal function to implement logic to trigger hook task 4 of repo(ABAP/JAVA) for the user.
for ABAP it works fine but for JAVA repo , stored procedure “mxpt_get_privilege_type” checks for audit id and pending privilege mskey and so check fails.
so, executing task “SetJavaRoleForUser&Group” directly via script works fine.
Question 3:
I am interested to know if anyone has implemented anything better than this (point 4) to provision all assignments (with OK status) of user from IDM to backend system.
Kindly assist.
Thanks a lot in advance.
Regards,
Pradeep
Thanks for posting this Pradeep. I was also looking for solution for the same issue.
Hi Siarhei,
I did IDM support for 2 customers and both had this issue and we resolved by re-adding the roles to the user. Its a cumbersome process as we have to remove the role, wait for de-provisioning tasks finish for all corresponding repositories and then add it back. If the user has only one role in IDM and removing them triggers user deletion in back-end which is a nightmare for support consultants and we have to answer alot of audit questions for manual operation on a user in a fully automated landscape (Priv:$rep:only can be added to avoid user deletion but the visibility was not allowed for us as it was considered as internal IDM system privilege).
Currently in my new assignment, we have no change access in production. Hence we cannot re-add the access. so we need to develop a solution for this issue before we go-live fully. Pradeep's 4th point is a good starting point for us.
Kind regards,
Jaisuryan
Similar Messages
-
How to see all the PO payment status with searching field project defin.
Dear all experts,
could you help me on the following issue?
In a large capital project, there are many POs, and all the POs are paid partially
for example, down payment 30%, 30% when the machine is received, 30% when the machine is commissioned, 10% is for warranty after a year.
how can i see the all the POs payment status with searching field project definition. for example, i have paid how much for which PO. i want to see the list by searching the project definition.
is it possible to achieve? or how can i do it?
Please share your opinion or give me some suggestions.
thanks a lot.
Judythanks for all of your replies.
i have activated FM. and i have a PO triggered by the project.
i enter the down payment for the PO using F-48.
i can see the down payment in the PO history.
but i can not see it using the committment item report, such as CJIA
is it correct or not? do i need to change something?
thanks a lot.
Judy -
How to process all events with a status of "No Match Found"
Hello Everyone,
I have a requirement of processing records reconciled from the target on the basis of their status as 'No Match Found'. Now I am considering only OIM as a authentic source of Provisioning, so all these records with 'No Match Found' status should get disabled at the target as and when OIM gets an event associated for it.
Can anyone suggest me an idea.I don't believe an entity adapter will work because you cant do a pre-insert, and the event might not have completed yet on the post-insert.
There are no APIs so you will need to create an instance of the OIM database and run the SQL queries and process the information within them and then you can use APIs. If you create a scheduled task, you need to use the following code which should provide you enough information to perform the query:
tcDataSet dsList = new tcDataSet();
String query = "select USR_KEY from USR";
log.debug(query);
try {
dsList.setQuery(getDataBase(), query);
dsList.executeQuery();
if (!dsList.isEmpty()){
log.debug("Total Rows Found:" + dsList.getTotalRowCount());
result = true;
for (int i = 0; i < dsList.getTotalRowCount(); i++) {
dsList.goToRow(i);
System.out.println(dsList.getLong("USR_KEY"));
users.add(dsList.getLong("USR_KEY"));
log.debug("User Key: " + dsList.getLong("USR_KEY"));
}else{
log.debug("No Users Found");
result = false;
} catch (tcDataSetException e) {
e.printStackTrace();
result = false;
-Kevin -
How to fetch all the portal groups into dropdown through webdynpro Java App
Hello All,
I have a requirement where I have to fetch all the groups available in user administrator in portal into a dropdown, so that the admin can select the group from the dropdown and after that when he executes a button u201CGet Detailsu201D he must be able to get the list of users who has been assigned that group .
I need to achieve this through WebDynpro Java.
Any pointers or documents on this is very very helpful.
Thanks,
Manasa.
Edited by: Manasa Boyapati on Sep 12, 2011 7:25 AMHi,
Can you try using the below code ?
IUser uid = UMFactory.getUserFactory().getUserByLogonID(Userid);
Iterator groups = uid.getParentGroups(false);
while (groups.hasNext())
String str_grpname = (String)groups.next();
IGroup Group = UMFactory.getGroupFactory().getGroup(str_grpname);
ary_groups.add(Group.getUniqueName());
Hope you can achieve you results by tweeking this..
Regards,
Vijay. -
How to use all fonctions of a C++ dll in a java program
package hello;
public class hello {
static {
System.loadLibrary("hello");
public native void afficherhello();
public static void main(String[] args) {
hello h = new hello();
h.afficherhello();
I obtain this exception:
Thread[main,5,main] (Alive)
Uncaught exception (java.lang.UnsatisfiedLinkError)
(hello).afficherhello()
hello.afficherhello()
hello.main(String [])
args=([Ljava.lang.String;) [Ljava.lang.String;@7dbd
h=(hello.hello) hello.hello@236b
I don't understand why I couldn't use the methods of my dll. Moreover, I am sure that my dll is already OK.
If you have an idea to help, I will be very pleased!
Pierre
Are you sure your dll is ok. It might work in other C++ programs, but java requires special naming. In your case, instead of a method afficherhello in your hello.dll, there should be a method called Java_hello_hello_afficherhello.
For more information about JNI, see http://java.sun.com/products/jdk/1.2/docs/guide/jni/ -
How to publish all the services in sicf
Dear All ,
I have installed SRM 5.0 (ABAP+JAVA) .
I am new to SRM, please help me how to publich all the servers which are in ' sicf '
Also please let me know whether any exta steps need to do after SRM instalation.
Is there any specific SAP doc. for this ?
Thanks,
Srikanth.Hi Muthu,
I executed the above report , got the out put as all the services are activated.
But when I tried to test the service sicf (bbpsc01 shopping cart).
I am getting the below error...
Error when processing your request
What has happened?
The URL http://gesrm.gecis.com:8000/sap/bc/gui/sap/its/bbpsc01 was not called due to an error.
Note
The following error text was processed in the system SRM : Attribute for user 703021396 contains errors. Inform system admin.
The error occurred on the application server gesrm_SRM_00 and in the work process 0 .
The termination type was: ABORT_MESSAGE_STATE
The ABAP call stack was:
Form: OUTPUT_EXPRESS_MESSAGES of program SAPLBBP_SC_UI_ITS
Form: EXTERNAL_SCREEN_DETERMINE of program SAPLBBP_SC_UI_ITS
Module: EXTERNAL_SCREEN_DETERMINE of program SAPLBBP_SC_UI_ITS
What can I do?
If the termination type was RABAX_STATE, then you can find more information on the cause of the termination in the system SRM in transaction ST22.
If the termination type was ABORT_MESSAGE_STATE, then you can find more information on the cause of the termination on the application server gesrm_SRM_00 in transaction SM21.
If the termination type was ERROR_MESSAGE_STATE, then you can search for more information in the trace file for the work process 0 in transaction ST11 on the application server gesrm_SRM_00 . In some situations, you may also need to analyze the trace files of other work processes.
If you do not yet have a user ID, contact your system administrator.
Error code: ICF-IE-http -c: 400 -u: 703021396 -l: E -s: SRM -i: gesrm_SRM_00 -w: 0 -d: 20090202 -t: 024703 -v: ABORT_MESSAGE_STATE -e: Attribute for user 703021396 contains errors. Inform system admin.
HTTP 500 - Internal Server Error
Please help me in this.
Thanks,
Srikanth. -
How to see all statuses maintained for campaigns in Customization.
Dear all,
Where can we see all statuses maintained for Campaign in Customization.
Under Basic Data in Campaign Screen, I can see Open, Approved and Released campaigns but when I search for these campaigns in customization, I couldn't find.
Where we are maintaining these statuses and how we assigning it to the Campaign Object.
Your suggestions will be highly appreciated.
Best regards
Raghu ramHi,
I have checked there(Transaction CRMBS02), but I can not see the system statuses over there.
How can I see the following system statuses visible in campaign-->Basic Data Screen.
Created
· Released
· Finished or Rejected
· Locked
· In Process
· Approved
Your help will be highly appreciated.
Best regards
Raghu ram -
Can you tell me how to copy all staff assignments(structure) in one to anot
Dear Experts,
can you tell me how to copy all staff assignments(structure) in one organization unit to another organization unit ?
Looking forward to your reply.
Thanks in advance.
Best Regards,
MerryRHCOPY00
use this report to copy the objects
even though if u are maintaint he staff assingments the same will be displayed in other types of the OM Module like expertmode simple maintainence etc the only thing is the method woudl be changeing -
How to get ALL validate-errors while insert xml-file into xml_schema_table
How to get all validate-errors while using insert into xml_schema when having a xml-instance with more then one error inside ?
Hi,
I can validate a xml-file by using isSchemaValid() - function to get the validate-status 0 or 1 .
To get a error-output about the reason I do validate
the xml-file against xdb-schema, by insert it into schema_table.
When more than one validate-errors inside the xml-file,
the exception shows me the first error only.
How to get all errors at one time ?
regards
Norbert
... for example like this matter:
declare
xmldoc CLOB;
vStatus varchar
begin
-- ... create xmldoc by using DBMS_XMLGEN ...
-- validate by using insert ( I do not need insert ;-) )
begin
-- there is the xml_schema in xdb with defaultTable XML_SCHEMA_DEFAULT_TABLE
insert into XML_SCHEMA_DEFAULT_TABLE values (xmltype(xmldoc) ) ;
vStatus := 'XML-Instance is valid ' ;
exception
when others then
-- it's only the first error while parsing the xml-file :
vStatus := 'Instance is NOT valid: '||sqlerrm ;
dbms_output.put_line( vStatus );
end ;
end ;If I am not mistaken, the you probably could google this one while using "Steven Feuerstein Validation" or such. I know I have seen a very decent validation / error handling from Steven about this.
-
How to send ALL message that is in Outbox without ...
How to send ALL message that is in Outbox without doing it one by one sending?
All status is either deferred, or failed. is there a way that can auto resend but not doing it one by one?
I have hundred of message un-send and stuck in outbox.
Please help.try select options then scroll down to mark mark all if this does not work you will either have to delete or resend,you can delete all messages via the same mark all option your best of to just remove,also keep your inbox to a minimum
If i have helped at all a click on the white star below would be nice thanks.
Now using the Lumia 1520 -
How to compile all objects.....in Oracle10g
Hi ,
The Oracle Doc about PL/SQL Packages and Types reffering to DBMS_UTILITY and the COMPILE_SCHEMA procedure....points out :
"Compiles all procedures, functions, packages, and triggers in the specified schema"
So how to compile views and possibly other db schema object types ......????
For example issuing the command :
select object_name from user_objects where status='INVALID';
we get all invalid objects, views , packages , e.t.c.
How to compile all types of objects ... except for EM10g env......
Many thanks....
SimYou may want to use Solomon Yakobson's utility available here:
http://apex.oracle.com/pls/otn/f?p=2853:5:4266218307366505 -
How to judge inspection lot is LTCA status?
Hi all, How to judge inspection lot is LTCA status? Can we see it in QALS table? But which field is for this status? Many thanks!
I'm hitchhiking on this thread.
I need to know not only that the inspection lot is cancelled (I get this on JEST table), but also when it was cancelled. For ex. on monday night I loaded from QM to BW an inspection lot that was registered during the day. This lot was cancelled for ex. on thursday. At the night load I have to identify it and load the lot to BW, to maintain is as cancelled also in BW.
What I discovered until now:
- The OBJNR on QALS is the constant "QL" plus the lot number (prueflos).
- On JEST table I have all my lots (from QALS), with the correct status. The cancelled lots have STAT = I0224. But the table doesn't have the cancelling date.
- JCDS table seems to be a good chance, it has status and date fields. But my lots (from QALS) are not there. And, curious, I didn't find any I0224 status.
Everything on the project is OK, this is the only unsolved question, so I'll appreciate any quick answer.
César -
How to fetch all the records from ztable
Hi
My program is outbound program.
According to the requirement i have to fetch all the records from ztable which are not tranmitted before to the third party and once the records are extracted and written to output file they will be marked as 'X' in the "status" field of that ztable for the next days run.
How to fetch the records.Please suggest me.
Thanks,
NeelimaHI,
Fetch all the records whose status is equal to 'X' as whatever data is sent to third party system is marked as 'X' in status field of table after sending.
You need to first fetch the data into internal table using the select statement where status EQ space. You get the data which is not yet transmitted to third part. And later in the program after trasmitting the data to third party modify the Records in the DB table which are transmitted with Staus eq 'X'. -
How do i test a record containing status E0008 and not containing status I0002
hello all,
how do i test a record containing status E0008 and not containing status I0002 for a given WBS Element....
the data(like pspnr, posid and objnr from table PRPS are avialable in internal table it_prps)....Hi,
You can check the received table from the function module as per your condition.
loop at it_prps.
call function STATUS_READ and pass objnr
"suppose tables parameter data is in table itab
Read table itab with key STAT = 'E0008'. "check for E0008
if sy-subrc = 0.
read table itab with key stat = 'I0002'. "if E0008 exists then check for I0002
if sy-subrc = 0.
"both status E0008 & I0002 exists so delete this record from it_prps
delete it_prps.
else.
"only status E0008 exists.
endif.
endif. -
How to remove all ALV buttons?
Hello all.
Does anyone know how to remove all the ALV buttons?
I now the IT_EXCLUDING option, but is there a different and
faster way?
(I'm using ALV classes).
Thanks!hii..
All the ALV Toolbar Buttons can be removed in Single Shot.
There is a method in CL_GUI_ALV_GRID->SET_TOOLBAR_VISIBLE.
it is protected method create class that is inheriting from CL_GUI_ALV_GRID.
CALL METHOD ME->set_toolbar_visible
EXPORTING
visible = '0'
* EXCEPTIONS
* error = 1
* others = 2
IF sy-subrc <> 0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
* WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Set visible to '0' will disable all the buttons.
Example Program:
*DATA DECALRATIONS
TYPES : BEGIN OF ty_sflight,
carrid TYPE sflight-carrid,
connid TYPE sflight-connid,
Fldate TYPE sflight-fldate,
price TYPE sflight-price,
currency TYPE sflight-currency,
END OF ty_sflight.
DATA : IT_SFLIGHT TYPE TABLE OF TY_SFLIGHT,
WA_SFLIGHT TYPE TY_SFLIGHT.
DATA : IT_FCAT TYPE LVC_T_FCAT ,
WA_FCAT TYPE LVC_S_FCAT.
data : o_cont type REF TO cl_gui_custom_container ,
o_grid type REF TO cl_gui_alv_grid.
CLASS LCL_ALV DEFINITION INHERITING FROM CL_GUI_ALV_GRID.
PUBLIC SECTION.
METHODS : M1.
ENDCLASS.
CLASS LCL_ALV IMPLEMENTATION.
METHOD M1.
CALL METHOD ME->set_toolbar_visible
EXPORTING
visible = '0'
* EXCEPTIONS
* error = 1
* others = 2
IF sy-subrc <> 0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
* WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
ENDMETHOD.
ENDCLASS.
START-OF-SELECTION.
CALL SCREEN 200.
*& Module STATUS_0200 OUTPUT
module STATUS_0200 output.
SET PF-STATUS 'ZDC'.
* SET TITLEBAR 'xxx'.
endmodule. " STATUS_0200 OUTPUT
*& Module USER_COMMAND_0200 INPUT
module USER_COMMAND_0200 input.
CASE SY-UCOMM.
WHEN 'BACK'.
LEAVE TO SCREEN 0.
ENDCASE.
endmodule. " USER_COMMAND_0200 INPUT
*& Module GET_DATA OUTPUT
module GET_DATA output.
SELECT * FROM SFLIGHT INTO CORRESPONDING FIELDS OF TABLE IT_SFLIGHT
UP TO 50 ROWS.
CLEAR WA_FCAT.
WA_FCAT-col_pos = '01'.
WA_FCAT-fieldname = 'CARRID'.
WA_FCAT-tabname = 'SFLIGHT'.
WA_FCAT-ref_table = 'SFLIGHT'.
APPEND WA_FCAT TO IT_FCAT.
CLEAR WA_FCAT.
WA_FCAT-col_pos = '02'.
WA_FCAT-fieldname = 'CONNID'.
WA_FCAT-tabname = 'SFLIGHT'.
WA_FCAT-ref_table = 'SFLIGHT'.
APPEND WA_FCAT TO IT_FCAT.
CLEAR WA_FCAT.
WA_FCAT-col_pos = '03'.
WA_FCAT-fieldname = 'FLDATE'.
WA_FCAT-tabname = 'SFLIGHT'.
WA_FCAT-ref_table = 'SFLIGHT'.
APPEND WA_FCAT TO IT_FCAT.
CLEAR WA_FCAT.
WA_FCAT-col_pos = '04'.
WA_FCAT-fieldname = 'PRICE'.
WA_FCAT-tabname = 'SFLIGHT'.
WA_FCAT-ref_table = 'SFLIGHT'.
APPEND WA_FCAT TO IT_FCAT.
CLEAR WA_FCAT.
WA_FCAT-col_pos = '05'.
WA_FCAT-fieldname = 'CURRENCY'.
WA_FCAT-tabname = 'SFLIGHT'.
WA_FCAT-ref_table = 'SFLIGHT'.
APPEND WA_FCAT TO IT_FCAT.
CREATE OBJECT o_cont
EXPORTING
* parent =
container_name = 'C1'
.DATA O_ALV TYPE REF TO LCL_ALV.
CREATE OBJECT O_ALV
EXPORTING
I_PARENT = O_CONT.
CALL METHOD o_ALV->set_table_for_first_display
CHANGING
it_outtab = IT_SFLIGHT
it_fieldcatalog = IT_FCAT
CALL METHOD O_ALV->M1. "method called to remove all the toolbar buttons
endmodule.
Maybe you are looking for
-
Variable sharing from one class to another??
Hi!! Suppose two classes, one class extend from JFrame and another from JDialog.I want to share the variable of Second one(extending JDialog) into firstone.How can I get this? please help me.
-
REPORT: Bug in OS X's anti-aliasing w/ rotated screen
This is a fairly substantial bug. This may not be the ideal place to post it, but could someone tell me where to submit this so Apple will take notice? A friend and I both have Mac Pros w/ ATI X1900 displays. This video card supports screen rotation
-
Why songs from library won't appear on ipod
Why does the songs added to my itunes library not appear on my ipod now. It worked fine until a few days ago.I have icloud.
-
Safari not opening in macbook pro
I have a macbook pro 13, Lion version 10.7.4. My safri application has stopped opening. Every time I click on it, the waiting rainbow icon appears and continues till i force quit the application. this is the error report: Date/Time: 2014-06-25
-
Please ignore it. By mistakely i posted this thread here. Hi All, I want to drop one user. If i made a attempt to drop that user, I rec'd "ORA-01940: cannot drop a user that is currently connected." error. So I checked with sessions with the username