Identifying Duplicate Roles and Traching Composite Role Assigned to the Use

Similar Messages

• Function module to Delimit the roles assigned to the user

  Hi All,
  I am working on security role automation process abap report.My requirement is to delimit the roles assigned to the user on account of employee termination or retirement. I have used the function module "BAPI_USER_ACTGROUPS_ASSIGN"  to delimit the role assigned to the user.
  Passing the importing parameter "username" and in the Tables parameter"ACTIVITYGROUPS"  passing the respective parameters AGR_NAME(Role), FROM_DAT(Start Date),TO_DAT(termination date - 1). When I passing the parameters as mentioned above,the role assigned to the user is getting deleted,instead of delimitation of the role assigned to the user.
  Is there any other function module we can use to delmit the roles assigned to the user?  Please help.
  Regards,
  Krishnan

  hai,
  please try this.
  /VIRSA/RE_BAPI_CREATE_ROLE- Create Roles
  /VIRSA/ROLE_ASSIGN_CUA_NH
  /VIRSA/RE_BAPI_ROLE_TO_USERS
  ASSIGN_USERS_HIERARCHY - User Assignment to Role - this is a Normal FM
  try this bapis this may work
  BAPI_USER_LOCK
  - BAPI_USER_PROFILES_ASSIGN
  - BAPI_USER_LOCPROFILES_ASSIGN
  - BAPI_USER_LOCACTGROUPS_ASSIGN
  - BAPI_USER_CHANGE
  - BAPI_USER_UNLOCK

• Dynamic role Assignment in Portal using Web dynpro Java?

  Hi All,
  We have following requirement for dynamic role assignment.
  1) User Login to Portal.
  2) User Clicks on Home Tab in Portal, through RFC/BAPI, get Role from Backend(ECC) and compare the role ID with Portal Object ID through UME.
  Role gets assigned in Portal after comparison, if it exists in Portal.
  Can you please let me know what all steps I need to do to complete the above assignment.
  Thank you
  Ravi

  Thanks Tobias.
  To be precise I will explian my requirement.
  1) User Login ( User ID will be input to RFC)
  2) RFC will get Role for that user ID from Backend(ECC) and return that role ID to Portal.
  3) Now With the help of UME API, need to search role ID in Portal, If it exists, no action.
  If Role ID does not exists, then it shuld assign that role in Portal.
  Sorry for tedious comment.
  I am a bit new to webdyn pro.
  Can you please tell me each step i need to follow to complete the above requirement.
  Many Thanks,
  Ravi

• How can I wipe my hard drive and restore to factory settings without the use of the original OS CD?

  I have a 2010 MacBook and I need to wipe the hard drive and restore to factory settings.
  The problem is that even though I have the original disc, the CD drive has stopped functioning and will reject any disc put into it.
  Therefore, is there another method to do this without the CD?

  Not very easily.  To restore to factory software you need the original installation DVD (CDs).
  If you have another Mac which is the same make and model so that those installation DVD (CDs) would work, you can use a Firewire cable between the 2 Macs and then put your Mac to be reset into Target mode and use the other Mac to install the software.  However I suspect that is unlikely.

• Mac book pro, overheats and shuts down as 2 hours the use

  mac book pro, overheats and shuts down as 2 hours the use

  Hi, I am facing the same issue.
  Did you able to solve your issue? Please advise.

• Approve quote(cart) to be ordered based on the workflow assigned to the use

  hi,
  how to approve the quote(cart) to be ordered when user clicks place order based on the workflow activity assigned to the user.
  regards
  yesukannan

  New W/F creation to ensure the order needs to be approved based on the approver tied up with the transaction type.

• OIM - Multi Level approval - Role assignment at the time of approval

  I have to provision to two target applications. But, the roles in each application are different. So, at the time of approval, the groupmanager (same from both apps- first level authentication) have to assign the roles individually to each application and the request will go to second level authentication . A person can have multiple roles in the application. How to achieve this functionality.
  Thanks in advance.

  You have two create different APproval Workflow for different resources.
  Attach two objects form each parent and child.
  First Approver can edit the object form data to add roles and then he will aprove.
  In you approval workflow two tasks will be there
  Approval1
  Approval2 > conditional
  Open Approval1 task and in the responses tab select Approve and in Task to Generate select Approval2.
  In Assignment tab you can assign it to anyone you want.
  Save.

• The Apple Store requires an apple Id and password. Apple also required the use of the Apple Store to upgrade Apple Applications.  How to I get multiple Apple ID's etc. for the many Computers I manage/administer?  I don't wish to use my personal ID or PW.

  Acquiring multiple Apple ID's

  For Mac Apps
  Apple Software Volume Licensing
  The fast, easy way to digitally download, install, and deploy Apple software to every Mac in your business or educational institution.
  http://www.apple.com/mac/volume-licensing/
  For iOS apps
  App Store Volume Purchasing for Business
  Unleash the power of the App Store to your entire workforce.
  http://www.apple.com/business/vpp/

• HT5622 I changed ISP and as a result, I lost the use of my email address which I used as my apple id. I changed my id on one iPad (I have two) but the change is not recognized on the 2nd. I keep being asked to sign in under the old id. What's up?

  I changed ISP and as a result lost access to the email address I used as my Apple ID   I went to the Apple ID page and changed my id to my new email address for my personal iPad.  But when I use my other iPad, I am asked to login using my old email address and password. When I try to reset my id for the 2nd iPad, using the Apple ID page, it shows my new email. How do I import the hanged Apple ID to my 2nd iPad?

  Sign out and sign in with new Apple ID
  Settings>iTunes and App Store>Apple ID

• Modifying and saving a Excel file by the use of Blob-Stream Method?

  Hi everyone...
  I'm trying to change and modify a Excel file which is received as Blob variable from database.
  I wrote a PL/SQL Procedure which get the Excel file and convert it to blob; after that send it as the parameter of a Java source called TestPrintExcel
  CREATE OR REPLACE DIRECTORY VMI_TEST_DIR AS '/afc/opt/dba/test_utl_dir';
  GRANT READ, WRITE ON DIRECTORY SYS.VMI_TEST_DIR TO SYSTEM;
  declare 
     bfi  bfile := bfilename('VMI_TEST_DIR','TestFzglist.xls');
     bin  blob;
     cout clob;  
  begin
     dbms_lob.open(bfi);
     dbms_lob.createtemporary(bin, true);
     dbms_lob.loadfromfile(bin, bfi, dbms_lob.getlength(bfi));
     dbms_lob.close(bfi);
     dbms_lob.createtemporary(cout, true);
     dbms_java.set_output(100000);
     TestPrintExcel(bin);
     dbms_output.put_line('done!');
  end;With the following Java procedure I can read the content of the Excel file and write it to database perfectly. But the question is, how can i save the excel file with the same way, if i would change or insert any cell? I mean with the same way that to save as blob stream. Because i get permission error when i use another methods like FileOutputStream, FileInputStream etc. That's way i want to resolve this problem with the blob-stream method. Can anybody tell me how i can do that or what a method i have to use?
  Thanks.
  create or replace and compile java source named xltest as
    import org.apache.poi.ss.usermodel.WorkbookFactory;
    import org.apache.poi.ss.usermodel.Workbook;
    import org.apache.poi.ss.usermodel.Sheet;
    import org.apache.poi.ss.usermodel.Row;
    import org.apache.poi.ss.usermodel.Cell;
    import org.apache.poi.ss.util.CellReference;
    import org.apache.poi.ss.usermodel.DataFormatter;
    import org.apache.poi.ss.usermodel.FormulaEvaluator;
    import java.util.*;
    import java.sql.*;
    import oracle.sql.*;
    import oracle.jdbc.driver.*;
    public class XLTEST {
      public static void printx( oracle.sql.BLOB xblin ) throws SQLException {                       
        Connection Conn = null;
        try {
          Conn = DriverManager.getConnection( "jdbc:default:connection:" );
          Workbook wb = WorkbookFactory.create( xblin.getBinaryStream() ); // "/afc/opt/dba/test_utl_dir/TstFzglist.xls"
          for ( int sheetNum = 0; sheetNum < wb.getNumberOfSheets(); sheetNum++ ) {  //NumberOfSheets
            String TableName = new String();       
            switch( sheetNum )
              case 0:
                TableName = "freeimportxls_s1"; break;           
              case 1:
                TableName = "FreeImportXLS_S2"; break;
              case 2:
                TableName = "FreeImportXLS_S3"; break;
              default:
                break;                  
            Sheet sheet1 = wb.getSheetAt(sheetNum);         
            java.util.Iterator<Row> ri = sheet1.rowIterator();                 
            while ( ri.hasNext() ) {
              Row row = ri.next();
              java.util.Iterator<Cell> ci = row.cellIterator();                       
              while ( ci.hasNext() ) {
                Cell cell = ci.next();
                CellReference cellRef = new CellReference( row.getRowNum(), cell.getColumnIndex() );                         
                switch( cell.getCellType() ) {
                case Cell.CELL_TYPE_STRING:                            
                  Values   += "'" + cell.getRichStringCellValue().getString() + "'";               
                  break;
                case Cell.CELL_TYPE_NUMERIC:
                  Values   += "'" + cell.getNumericCellValue() + "'";
                  break;
                case Cell.CELL_TYPE_BOOLEAN:
                  Values   += "'" + cell.getBooleanCellValue() + "'";
                  break;
                case Cell.CELL_TYPE_FORMULA:
                  Values   += "'" + cell.getCellFormula() + "'";
                  break;
                default:
                  Values   += "''";               
                int Counter1 = cell.getColumnIndex() + 1;
                int Counter2 = row.getLastCellNum();
                if ( Counter1==Counter2 ) {
                  Values   += ")";                          
                else {
                  Values   += "," ;
              } System.out.println ( Values );               
              if ( ( sheetNum >= 0 ) && ( sheetNum <=2 ) ) {
                 String sqlUpdate = "INSERT INTO " + TableName + " VALUES " + Values;
                 PreparedStatement pstmt = Conn.prepareStatement( sqlUpdate );                                          
                 pstmt.executeUpdate();           
                 pstmt.close();              
          } Conn.close();
        } catch ( java.sql.SQLException e ) {       
          System.err.println( e.getMessage() );
          e.printStackTrace( System.err );
          Conn.close();}        
    };

  Hi,
  Because i get permission error when i use another methods like FileOutputStream, FileInputStream etc.Permission errors are generally resolved by granting the proper privilege via DBMS_JAVA.grant_permission procedure.
  Have you already tried that?
  http://download.oracle.com/docs/cd/E11882_01/java.112/e10588/chten.htm#BABHDBCJ

• Report to see user type and roles assigned to users in EP?

  Hi,
  a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
  b) If  the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.

  By default Portal UME comes along with the installation of portal.
  Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories.  But you can also create users in the portal UME.  The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
  You can check them in user administration->identity management and search for the users.
  THere you can see some users will be from UME and some from LDAP.
  User Admin tool is nothing but User Administration only.
  Raghu

• Status of roles assigned in SU01

  Hi All, Need help to understand the status of a role and effect of user comparison on it... in SU01 assignment to a ID....Cases as below:
  1.Role assigned to the ID has expired....The color of the role I have noticed becomes red...why is it so? is it because the role had a new profile generated since the time role got expired in that user? or is it just because role has got expired and so it becomes red in SU01?
  And are roles and corresponding profiles which got expired removed from the ID automatically or just both role&profile left as it is with only the role turned red giving the text (User comparison required)...
  2.Role assigned to a ID with validity start date set as some date in future. Have seen that in this case too role becomes red after a day!! PFCG_TIME_DEPENDENCY runs..But why is it so??Why does it turn red?

  Hi,
  Role assigned to the ID has expired. the color of the role becomes red. This is because each role assigned to the user has a validity end period. once this date is crossed, the user will not have authorization to objects contained in the role. You can check more details in AGR_USERS table. there you will find that each role attached to a user has a start and end date.

• Indirect Role Assignment Within CUA

  Hi Experts,
  Weu2019re implementing indirect role assignment in SAP HR and exploring the feasibility to include this client as part of CUA. Has anyone implemented this before? Appreciate if you could share.
  I understand that CUA able to distribute DIRECT role assignment made from central client to the child client(s), but not so sure if it is possible for INDIRECT role assignment approach. My previous project exclude client with indirect role assignment from the CUA distribution landscape and I wonder why.
  Appreciate your input in this matter and looking forward for further discussion.
  Best regards and million thanks in advance.

  Hi,
  So I worked on a CUA managed landscape that had systems that featured indirect org assignment hooked in.  The association between the User ID and the HR org based position was still maintained locally as the local system contained the HR Org structure, but direct access was still blocked by CUA The roles assigned indirectly were visible from CUA in a different colour.  You can still maintain users directly from CUA on top of this.  This may be an alternative to consider.
  If the local system does not contain the HR Org structure you are probably going to have to export the structure, so if that is the case you might as well import it to CUA if all org relevant users are maintained there and manage it centrally via the advised link anyway.
  Cheers
  Steve

• AD user with no role assignment cannot login

  We have created AD users that are being authenticated through OBIEE 11g. In the AD we currently have the user, password and group information associated with all the users created.
  As per system behavior if an user's group is not mapped to a role within the EM, it should automatically be tagged with the authenticated-role which being a part of the 'BIConsumer' role will give the corresponding privileges to that user. This does not seem to be happening. Any insights on why this would be the case?
  Additionally - If there is a group associated with a AD user within the active directory itself, is it mandatory that the AD groups be associated with a role? What I mean by this is, if we have RPD level init block to map authenticated users to custom database roles imported within the RPD and EM, would they not work unless there is a direct AD group to role assignment?

  The RPD had no access set for "Authenticated Users" and "BI Consumer Role" for all subject areas as part of the presentation layer permissions, hence unless a user was assigned to a role that could access either one of the subject areas the default authentication would not work.

• Structural role assignment in SRM

  Hi all,
  This is my first post, I hope I will find an answer to my question.
  We are about to implement SRM and our security strategy is to use the structure to assign the roles to the position and to the org unit. We did this in our ECC system and it works as expected, however in SRM the relationship between the employees and the user ID via Infotype 0105 doesn't exist. In the SRM structure the relation is with the BP, does anyone know if there is a program like PFCG_TIME_DEPENDENCY in SRM to update the users roles base on their position assignment.
  I tried many things like USER_GEN, BBP_BP_OM_INTEGRATE but it doesn't seem to do what I'm looking for. Also, does anyone know what is the purpose of attribut role. I tried to assign role to this attribut but it seems useless.
  Thanks,

  Hi regarding  SRM indirect role assignment,
  Are you using organizational management /structure from HR or you have built/configured the OM/sturcture  in SRM?
  are  you taking a simple PFCG role and performing indirect role assignment to a position.
  BP configuration needs to be done , I remember the configurator assigning roles when doing that, I dont remember how the position was linked from BP?
  BP documentation for SRM
  http://help.sap.com/saphelp_srm50/helpdata/en/5d/55b158638111d2b408006094b92d37/frameset.htm
  I forgot to ask?
  Did you check if an userid is mapped to the position ( Meaning the test user )
  Please check the below link for related  information
  SRM - ppoma_bbp: how to link central person with the position
  Edited by: Franklin Jayasim on Jul 28, 2010 10:23 PM