IdM: Automatically assign a privilege when create a user

Dear all,
I want automatically assign a privilege to a user, when a create this user. How I have to do this? Must I use dynamic group?
My idee is: All of our people need a account in the SAP portal, so I want to assign automatically the privilege PRIV:PORTAL:ONLY to the user.
Best regards,
Hans

Lot of options depending your requirements..
Dynamic group is one option but it requires small configuration effort.
If it's all users, maybe then an add event task for MX_PERSON where you grant the privilege? Takes 5 minutes to do.
Are there any exceptions? Do you have also non-dialog users in your IdM?
Any requirements for deprovsioning?
Where do you get the users? If it's SAP HCM-integration case and no users are created in the UI, then add the privilege in the job that moves the identities from staging Id Store to your master Id Store.
regards, Tero

Similar Messages

  • Insufficient privileges when creating MV with alter session set current_sch

    I am getting Insufficient privileges when creating MV with alter session set current_schema=Application schema name. User running the alter session is DBA user. If run as SYSDBA, MV is created successfully. DB Version is 10.2.0.3
    I observed similiar issue with regular View also in 9.2.0.6 also.
    Any advice is greatly appreciated.
    Thanks,
    Siva

    Sounds like your management needs a stern lecture on the concept of change management. <g>
    I am not debating what you do. I am questioning the logic, or lack thereof, of doing it that way. My recommendation would be to change your procedure to one that:
    A. Is more in line with good change management practices.
    B. Works.

  • Error when creating a user - IAM-3010183 : An error occurred while checking if a user already exists with the Common Name generated.

    Error when creating a user - IAM-3010183 : An error occurred while checking if a user already exists with the Common Name generated.

    in OIM 11g R2
    Message was edited by: 2b3c0737-074f-48d0-a760-e24e3ed9a37c

  • Syntax error when creating a user-defined table type in SQL Server 2012

    Why am I getting a syntax error when creating a user-defined table type in SQL Server 2014?
    CREATE TYPE ReportsTableType AS TABLE 
    ( reportId INT
    , questionId INT
    , questionOrder INT );
    Results:
    Msg 156, Level 15, State 1, Line 1
    Incorrect syntax near the keyword 'AS'.

    Hope these posts could help, 
    https://social.msdn.microsoft.com/Forums/sqlserver/en-US/37a45a9a-ed8c-4655-be93-f6e6d5ef44be/getting-incorrect-syntax-while-creating-a-table-type-in-sql-server-2008-r2?forum=transactsql
    Regards, Dineshkumar,
    Please Mark as Answer if my post answers your question and
    Vote as Helpful if it helps you

  • Autoassign privilege when creating idm identity

    Hi,
    iam using the SAP PF.
    When i create a new Identity with the Template "Create Identity" i also want to create a User in UME and assign him to "idm.authenticated".
    I solved the user creation by linking the "ProvisionJava" (System specific as java tasks) to the "Create Identity" Task. In order to make it possible that i can login with this user the identity needs the "idm.authenticated" privilege. This should be done automatically.
    Can you tell me how to achive this?
    Br,
    Philip

    Hi,
    as far as I understand what you want to achieve is that every user will have access to IdM UI. Good way how to do it is to create a privilege that will represent an account in Java AS and assign provisioning tasks to this privilege. IdM will automatically provision user when this privilege is assigned to user. During identity creation you can just assign this privilege to every identity. The whole process is also described [here|http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/304280b4-25d0-2b10-b6a4-89c27409dea7].
    Cheers

  • Automatically add MK- role when creating a related person for a student

    Hello,
    When creating a related person for a student there are 3 roles added to the BP:
    -000000     BP (General)
    -FS0000     Financial Services BP
    -PSCI10     Related Person
    Can anyone help me further on how to automatically add the MKK role when creating a related person?
    Thanks for your help,
    Lukas Molenaar

    Hi Michael,
    Thanks for answering it really helped me out. But Iu2019m not quite there yet.
    I have the Role Grouping Category and Role Group with the 2 roles (PSCI10 and MKK).
    My suspicion is that somewhere else in the IMG lays the problem. Because when you check settings for students as business partners in the IMG Path: Campus Management -> Campus Management Master Data -> Students -> Students as Business Partners -> Check Settings for Students as Business Partners.
    Line nr 7 says: u201CThe definition of BP role for related person PSCI10 is correctu201D. From that I conclude (hope that is correct) that when you make a related person the BP is only created with BP role u201CPSCI10u201D.
    This is because when I deliberately make that check fail (so I have the help for that line) it says:
    u201CIn IMG activity Define BP Roles, you define a BP role for related person, assign this BP role to BP role category PSCI10, mark this BP as the standard assignment of BP role category PSCI10, and assign this BP role to BP view PSCI10.
    That tells me it is only linked that the BP role u201CPSCI10u201D.
    Can you please help me further with my problem?
    Thanks,

  • ORA-01031: insufficient privileges when creating a table in other schema

    Dear all,
    I appreciate your help please in this issue :
    when i try to issue the below statement to create a table in an another schema than the user i am connected in
    CREATE TABLE SCHEMA_NAME_B.HST_ARCH nologging AS
    SELECT *
    FROM HST
    WHERE 1 = 0;
    I always get ORA-01031: insufficient privileges error, even if i have granted the create table privilege to the user i am connected in.
    What other privileges should i grant also,
    Please if you have any idea.

    user562674 wrote:
    Dear all,
    I appreciate your help please in this issue :
    when i try to issue the below statement to create a table in an another schema than the user i am connected in
    CREATE TABLE SCHEMA_NAME_B.HST_ARCH nologging AS
    SELECT *
    FROM HST
    WHERE 1 = 0;
    I always get ORA-01031: insufficient privileges error, even if i have granted the create table privilege to the user i am connected in.
    What other privileges should i grant also,
    Can you show us a cut/paste from the sql*plus of session of yours which should show that you have given the privilege directly to this user and after that the command fails?
    Aman....

  • Avoid automatic Transfer Order confirmation when created.

    Hi Gurus,
    When creating the Transfer Order, it automatically gets confirmed. How can we separate the TO creation and confirmation? Where are the switches? So we can either confirmed the TO in LT12 or by using interface.
    Any help is really appreciated.
    Many Thanks

    hi Jyoti,
    Thanks for the input. I checked in OMLX and it looks like our Warehouse is not listed for the Separate confirmation of pick and transfer to set up two step confirmation.
    But when I try to set this up, system pop up an error saying 'An entry already exists with the same key' whereas this entry is not maintained.
    Can you please elt me know what needs to be doen.
    Many Thanks

  • Insufficient privileges when creating user logged in as SYS

    Hi,
    I'm working on 11.1.0.6.0 Enterprise Edition, Advanced Security options, Label Security a and Database Vault installed. (for testing purposes)
    I'm creating a new user being logged as SYS using this sentence:
    CREATE USER "HR_DIRECTOR" PROFILE "DEFAULT" IDENTIFIED BY "*******" DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" ACCOUNT UNLOCK;
    However, the command fails with the message "Failed to commit: ORA-01031: insufficient privileges . You do not have enough privileges to perform this operation. You must have the appropriate system and object privileges to create, edit, or drop database objects or objects outside of your schema."
    Please note that I'm working on a fresh DB install and I have also installed Database Vault in this instance for testing purposes, but still haven't configured any realm or command rules on it.
    Is it possible Vault is the reason why I am not able to create a new user?
    Thanks and Regards,
    Leandro

    Hi, It seems I've found it.
    After you install Database Vault and associate it with your SID, SYS user is revoked the CREATE USER system privilege.
    Only a user with the DV_ACCTMGR role may create, alter or drop a user. This is done in order to separate responsabilities in your database. A SYS user cannot grant himself this role or the DV_OWNER role.
    (If interested, check page 10-4 from http://www.oracle.com/pls/db111/to_toc?pathname=server.111/b31222/toc.htm)
    Regards,
    Leandro

  • Insufficient Privileges when create materialized view as user system

    If I login as system (connect sys/****@DevDB) and try to create a materialized view for another schema (e.g. XDCONTROLDB), I get the insufficient privileges error. If I login as sys as sysdba then I can create successfully.
    I have searched some ariticles in Google and grant create any snapshot, create any table, create any view, global query rewrite, select any table system privileges to system but still get the same error.
    Any other privileges I need to grant to system?
    Cheers
    below is a sample script to create the view which get the error:
    CREATE MATERIALIZED VIEW XDControlDB."XDTest1" PCTFREE 10
    PCTUSED 0 MAXTRANS 255
    STORAGE ( INITIAL 64K NEXT 0K MINEXTENTS 1 MAXEXTENTS
    2147483645 PCTINCREASE 0)
    TABLESPACE "USERS"
    BUILD IMMEDIATE
    REFRESH COMPLETE START WITH sysdate NEXT sysdate + 1/24
    ENABLE QUERY REWRITE AS
    SELECT * From XDControlDB.RiskInstance;
    Message was edited by:
    user500168
    Message was edited by:
    user500168

    Thanks for your reply. After I grant privileges to system, I login as system and try to create the view as below which I get the insufficient privileges error:
    CREATE MATERIALIZED VIEW XDControlDB."XDTest1" PCTFREE 10
    PCTUSED 0 MAXTRANS 255
    STORAGE ( INITIAL 64K NEXT 0K MINEXTENTS 1 MAXEXTENTS
    2147483645 PCTINCREASE 0)
    TABLESPACE "USERS"
    BUILD IMMEDIATE
    REFRESH COMPLETE START WITH sysdate NEXT sysdate + 1/24
    ENABLE QUERY REWRITE AS
    SELECT 1 From XDControlDB.RiskInstance;
    As you can see, I try to create the view under a schema called 'XDCONTROLDB'. If I login as sys as sysdba, then it create successfully.
    After I create UserA, and grant the privileges I mentioned in the ealier post, I login as UserA, and run the statement above I get the same privileges error. But if I change the stament to below which will create the view under UserA's schema, then it create successfully:
    CREATE MATERIALIZED VIEW UserA."XDTest1" PCTFREE 10
    PCTUSED 0 MAXTRANS 255
    STORAGE ( INITIAL 64K NEXT 0K MINEXTENTS 1 MAXEXTENTS
    2147483645 PCTINCREASE 0)
    TABLESPACE "USERS"
    BUILD IMMEDIATE
    REFRESH COMPLETE START WITH sysdate NEXT sysdate + 1/24
    ENABLE QUERY REWRITE AS
    SELECT 1 From XDControlDB.RiskInstance;
    Looking for your suggestions,
    Cheers

  • Runtime Error when creating SUS user

    Hi All,
    I started configuring SUS demo for my client, but when i created user with role "SAP_BC_BASIS_MONITORING" and "SAP_EC_SUS_ADMIN_VENDOR",
    i am getting:
    Runtime Errors:  DBIF_RSQL_INVALID_REQUEST
        Short text:  Invalid call of database interface.
    Do i need to configure anything before creating SUS users with this roles? Please help me?
    Regards,
    Ravi
    Message was edited by:
            Ravi Varma Nadimpalli

    Hi
    Which SUS Verson are you using ? Are you using SUS on the same system, where EBP is installed ?
    You can create users and assign role to respective users in SUS for creating
    Bids in Bidding starting form SUS. But you must replicate users from SUS to EBP.
    Then only systems will identify each other while logging.
    <u>Meanwhile, Please go thrugh the following pointers and SAP OSS Notes -></u>
    Re: Clarifications on EBP-SUS and MM-SUS Scenario
    Note 893714 - SUS30: Replication of bidding users from SUS to EBP
    <u>Related Notes</u>
    1060329 - Mandatory check of form of address during user creation SUS
    895217 - SUS30: SUS not integrated with CUA currently
    880735 - UME/SUS: error with administrational user creation
    779658 - SRM40/SUS/BP: Error during change of employee
    Note 778483 - SRM-SUS: Force a user to change password on initial logon
    Note 1060329 - Mandatory check of form of address during user creation SUS
    Note 946159 - SRM-SUS 4.0: Termination when users are created
    Regards
    - Atul

  • Adding object classes when creating ldap user in workflow

    I'm creating ldap users in a workflow and when I assign the object classes in the workflow I get an object class violation. It seems that when I call check in view and when my break point stops in Update User the default object classes on the resource have been removed from the user.accounts[LDAP].objectClass attribute which I just set. Not sure what's going on here. Is there another way to assign more than just the default object classes to a new ldap user through the workflow? Thanks in advance.

    Multiple things I can think of
    1) put all the object classes you may be expecting with the user account in the resource configuration panel. LDAP is smart enough to assign the related object classes to the object based on the attributes assigned to the user.
    2) Check if you have the object class in the schema of LDAP.

  • How to avoid shut down BPELPM Server when creating a user?

    Hi,
    How to avoid shut down BPELPM Server when creating a JAZN user and after doing changes to user-properties.xml?
    Thanks,
    Jorge

    this configuration is only supported on a midtier - there is a work around for a standalone install, nevertheless I would not recommend this for production ..
    if this is NOT a production enviroment - I can try to get you the information .
    /clemens

  • TS2529 there is no none option on payment option even when creating new user id

    I was attemting to download free apps on iphone but itunes wouldnt let me because of past due balance of 6.00 dollars. Unfortunately my bank account is overdrawn right now and have no valid payment options. I tried to created to USER ID and password, and there is no "NONE" option when asking for paymnet method. All im trying to do is download free apps. Please help?!?

    Hi brian,
    You have to download the free app first, then create the new ID:
    http://support.apple.com/kb/HT2534?viewlocale=en_US&locale=en_US
    Cheers,
    GB

  • Is there any difference between these cluster images when creating a user event?

    I'm sure you experts will know instantly what I'm doing wrong.
    I am trying to create a user message for TestStand communication in the LabVIEW UI (based on the simple example OI that comes with TestStand)
    Perhaps it's just cosmetic but the trouble is I can't get the image of my cluster constant to look the same as the one in the example.
    I'm right clicking on the 'Create User Event' icon on the User Event Data Type connection and selecting Cluster - Cluster Constant, then adding a numeric constant to it.
    You can see the result here. The top one is the good one from the example, and the bottom one is my attempt - but I just can't get it.
    I'd appreciate your thoughts (I know the event number can't be the same - but I made it the same for the comparison). I have LabView 8.6.1.
    Thanks,
    Ronnie
    TestStand 4.2.1, LabVIEW 2009, LabWindows/CVI 2009
    Solved!
    Go to Solution.

    Use the color tool and right click on the lable of the numeric. I guess you will see that the Background Color of the one is black, of the other is white.
    But this is really just cosmetic's of the code.
    Felix
    www.aescusoft.de
    My latest community nugget on producer/consumer design
    My current blog: A journey through uml

Maybe you are looking for

  • Print Layout Desigener print date

    Dear all, In our Balance Report we want to fill in the Print Layout the Print Date. is there a possibility for filling this? The path of  balance report is : Financials__ Financial Reports__ Financial__ Trial Balance Thank you and best regards to all

  • Is imac and cinema display the same quality monitor?

    I'm looking to buy an imac but am really concerned about color quality. I currently have a cinema display and looking at this as a second computer. I've read some posts that suggest that the display technology in the imac is different than the qualit

  • How do I identify Mason Framework in Dreamweaver html pages?

    I have told that my website has "mason framework" components that will not be compatiable with an update of the Unix servers the site is hosted on. How do I identify the "mason framework" code on the html pages or folder structure on my site? I am un

  • PLease Describe The Structure of Web Application

    Hi Java Guru I use apache tomcat web server can tell me the design of an application.I am going to write an school application Also tell me Who is servlet container and jsp containe .What is their name.

  • Variants Migration 3.0 to 7.0

    Hi, We are migrating Queries, Work Books & Web temples to 3.0 to 7.0. I have gone through many links for Query or Work Book Variants Migration 3.0 to 7.0. I found some of the tables like RSRPARAMETRIZA - Parameterization for a query, workbook, and we