IDM70: MX_ROLE assignment does not assign MX_AUTOPRIVILEGE
Hi there
I used the SAP-Provisioning-Framework InitialLoad-Jobs to create Privileges (MX_PRIVILEGE) for ABAP and ADS.
When I assign these privileges directly to an IdentityStore user he gets provisioned to the corresponding systems.
Now I created a simple Role-Structure (MX_ROLE) for testing: "ROLE:SuperUser", and nested wihtin that "ROLE:NormalUser".
In the Role-tab of ome of the imported privileges I added these Roles.
I add one of the Roles (no matter which one) to a brand new IdentityStore user and nothing happens (only the ModifyUser Task is run).
I can verify in MonitoringUI that this user has the Role-entry in MXREF_MX_ROLE and MX_AUTOROLE but he isn't assigned to the privileges and hence not provisioned to the systems.
What am I doing wrong?
Is there some option I have to set in MX_PRIVILEGE or MX_ROLE?
Any help appreciated
Regards
Michael
Michael,
We had the same issue at first - associate the privilege with role on the Role Members tab rather than the Roles tab.
Additionally, if the user already had the role assigned to them you'll need to run the reconcile to see the privilege changes - use have the global constant for Reconcile turned on in dev but otherwise you can just remove the role and then add it back to the user.
-Geoff
Similar Messages
-
Error "Account assignment 00 for purchase document does not exist " when u
Hai,
I am encountering the following problem when posting a PO based Invoice using BAPI_INCOMINGINVOICE_CREATE.
The error says " account assignment 00 for purchasing document does not exist".
The scenario is very simple. I need to raise an Invoice against a PO. the PO has a single line item of quantity 10 net price 10. Tax code is U2 ( 7% tax).
I am passing the following at header level.
Invoice_indicator ( as 'X'),company code,doc date , posting date, gross amount (107, currency USD, calc tax indicator as 'X'.
At line item i am passing Invoice document item 000001, po number , po item number, tax code(U2) item amount (100),
Does this error has got any thing to relate configuration matters?
Regards,
UpenderHi Upender,
In some cases, depending on the type of PO / Posting,
you might have to populate the accounting data itab and pass in the BAPI parameter.
you can select the accounting data from EKKN for the PO.
Again it depends on the PO category, wether you need to populate Qty & Unit in accounting data.
Further, the accounting data should be exactly the same as there in EKKN ( all the fields except Qty & Unit ).
Thanks,
Ram -
OK; have been trying to setup a test VM based RDS deployment for a few days now with no luck.
this error mentioned above:
"Server <server name> either does not have a virtual switch configured or none of the configured virtual switches have an IP address assigned" error is driving me nuts!
I have removed and re-added the RD Virtualization Host role numerous times, each time having the "create a virtual switch" checkbox selected, but it did NOT create any virtual switch.
I created the external virtual switch manually and tried to create the desktop collection again, no luck with the same error.
a few questions:
1. you don't assign IP to a switch! you assign IP to Network Interfaces. why does the error puts it like this?! it is technically wrong.(yeah yeah I know all about how you'd assign IP to managed switches in real world to telnet into them and manage them.
you know better than me that it is not the case here!)
2.the RDS Virtualization hosts are using their wifi card as the card for the virtual switch. could that be the reason? I even disabled their unplugged wired NIC just to make sure that the wifi is the only available option for the RDS wizard to use for the
virtual switch creation; but it didn't use it and it didn't create any virtual switch automatically.
3.if WIFI nic is indeed the reason, is it your suspension or an official documents is there somewhere stating so (that the WIFI NICS on a Virtualization hosts are not supported as the hub for a virtual switch).
4.what are the properties of the virtual switch the RDS requires? does it have to be external? why can't it work even with my manually created external switch?
5.how would I fix it?
P.S: the environment is made up of 2 laptops, having windows 2012 R2 trial installed on them, using their wifi to connect to the out world. no cable is plugged into their wired NIC card.Hi,
Thank you for posting in Windows Server Forum.
The simplest short term solution was to connect each computer to a small switch that had no other connectivity. This brought up the link light on the external NIC and allowed the creation of the collection to complete. You need to use an external switch. You
can create one external switch which might fix the problem.
Please check below article for information.
VDI Deployment Error About Virtual Switch
In addition please referthis article for information regarding virtual switch.
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
Profit center assignment in 3KEH does not work
Hello,
I make posting (FB50) to a balance sheet account to which a profit center is assigned in t-code 3KEH (Additional Balance Sheet and P&L Accounts). I do not input any profit center in FB50. As a result of this posting I expect that the line item should be visible on the assigned profit center. Unfortunately this line item is not transferred to Profit Center Accounting - line item is not visible in KE5Z report. But when I input the profit center in FB50 manually, then the line item is visible on the profit center.
Could you please give me advice, what could be the reason that the assignment of profit centers to accounts in t-code 3KEH does not work?
I checked the settings in 1KEF and see that online transfer and line items transfer are allowed in Profit Center Accounting.
Best regards,
RobertHi Robert,
If you are using NewGL, you can then use trx. FAGL3KEH to set a default profit center on company code level.
Please read also note 826357. I hope this helps.
Best Regards,
Vanessa. -
The SIM card inserted in this iPhone does not appear to be supported.
The SIM card that you currently have installed in this iPhone is from a carrier that is not supported under the activation policy that is currently assigned by the activation server. This is not a hardware issue with the iPhone. Please insert another SIM card from a supported carrier or request that this iPhone be unlocked by your carrier. Please contact Apple for more information.Or if you've recently got the phone unlocked then you'll need to connect it to itunes and then do a fresh restore to unlock it ,although for most users simply connecting to itunes for few seconds did the trick.
-
Document type ZD does not allow you to assign to object MARA
hi ppl,
I have created a Z document type.but its not allowing me to assign in mm02.what might be the problem..? its throwing an error message Document type ZD does not allow you to assign to object MARA.You need to enable object linking to mara on your new document type. Go to Tcode DC10, select the document type and then go to the object links area. Create a new object link for your document type.
-
SG500 - DHCP server does not assign predefined static IP addresses to hosts
hi guys
I upgraded my SG500 switch firmware to 1.3.0.59, since there is a new functionality DHCP server v.4
well I must say I came accross the issue I cannot solve. DHCP server assign dynamic address - no hassles.
troubles start with static IP hosts.
I defined a couple of hosts with static address within the correct subnet. I tried with hardware address and client identifiers. no luck. my switch does not assign the IP address I assigned to the suitable mac address. to define it I use both CLI & Web.
no of them works. any idea ?
below the cut from my config:
ip dhcp pool host HP-Ellite
address 10.10.11.7 255.255.255.0 client-identifier 01:d8:d3:85:cf:09:72
client-name HP-Ellite
default-router 10.10.11.1
exit
ip dhcp pool host VAIO-Z
address 10.10.14.108 255.255.255.0 hardware-address 54:53:ed:1c:a1:46
default-router 10.10.14.1
exitTom, thnkas for a quick reply...
look, usually it is pretty easy to manage an issue with so precise instructions. but this particular time it is not.
as I understood the "dhcp option 61" is nothing more than "00" which go before pure hardware address.
so, coming back to my example from the first post
with this configuration, my switch assigns 169.254.110.130 255.255.0.0 address
ip dhcp pool host HP-Ellite
address 10.10.11.112 255.255.255.0 client-identifier 01:d8:d3:85:cf:09:72
client-name HP-Ellite
default-router 10.10.11.1
exit
with that configuration, my switch assigns 10.10.11.11 255.255.255.0 address
ip dhcp pool host HP-Ellite
address 10.10.11.112 255.255.255.0 client-identifier 00:d8:d3:85:cf:09:72
client-name HP-Ellite
default-router 10.10.11.1
exit
otherwords "00" does not work as explained (unless I misunderstood the meaing of dhcp option 61). my switch assigns first available dynamic IP address. atlhough the arp table is cleared, dynamic address table is cleared as well. swtich is rebooted, host is rebooted
once I change hardware address prefix to "01", my host asign itself 169.xxx.xxx.xxx adress. -
The SIM card inserted in this iPhone does not appear to be supported.
The SIM card that you currently have installed in this iPhone is from a carrier that is not supported under the activation policy that is currently assigned by the activation server. This is not a hardware issue with the iPhone. Please insert another SIM card from a supported carrier or request that this iPhone be unlocked by your carrier. Please contact Apple for more information
what can in do?Well unfortunatly that advice does not always work. I bought a unlocked iphone4 from apple several years ago and went to att on a no contract basis. Six months later the phone crashed while updating the operating system. Apple replaced the phone with a new one. All is fine till I got a iphone5 and gave te phone to my cousin. The phone is now locked to att but att says the IMEI number is not a valid ATT IMEI and therfore cant unlock it. Apple says there is nothing They can or are willing to do so now I am stuck for a 600.00 phone that can't be used.
If anyoun knows a way naround this situation mI would appreciate a heads up. -
Upgraded to Maverick. Now cannot connect to wifi. All my other devices will connect. Have rest wireless hot spot switch and cable modem. Other devices still connect but MacPro does not. MacPro wireless is self assigning an IP address blocking access. It will connect if I connect to my iPhone hot spot via wifi. Any ideas?
If you follow this video you'll see how to delete your WiFi AP from the OS, this will allow you to select it again which I feel will correct your problem.
https://app.box.com/s/fe7v7h7kywjr23spumqp -
APP-FND-01702 An assignment does not exit for these parameters
Hi,
I am facing this below error in AP,AR,CM,GL Modules. If any one knows the solution plz revert back ASAP,
I encountered the error message when I created an invoice in AP module:
APP-FND-01702:An assignment does not exist for these parameters and one is mandatory.
Cause:The profile option Sequential Numbering is defined to have
sequential numbering always used. The current set of parameters does not have a sequence assigned.
Acction: Go to the Assign Sequqnces screen and assign a sequenct to the current set of parameters.
Regards,
senthilHi Senthil,
this is an issue with the configuration only, when the profile option is Always used system is referring to your Sequential numbering configuration, which seems to be not right / incomplete...Hence verify whether you have defined assignment for all the categories in the modules and re-test the same again ....
You can change the profile option value to Partially used, which will not throw an error, it would only give you a warning ..
Regards,
Ivruksha -
5Th Gen AE Does Not Assign IP Address in Bridge Mode
I have three AEs in my house...two of which are 4th gen and one is 5th gen, and two of which are set up as bridge (a 4th gen and a 5th gen). The 5th gen does not generate ip addresses reliably...everytime I go to the room where the 5th gen AE is I have to turn off the wifi on my device and turn it back on to get an ip address. This happens 100% of the time. I have tried my MBP, as well as my iPhones (4s and 5.) I also noticed the ip address that is being assigned for the bridges is of totally different denimination. The 4th gen bridge gets an ip of 10.0.1.4 where as the 5th gen gets a 192.168.1.76...the DHCP address range for the main is 10.0.1.2 through 100 and it should be assigned one of those ips. I'm kinda suspecting this is why the bridge is not working properly. I just don't understand why this unit is acting this way. Any input to help solve this mystery will be greatly appreciated. CHEERS:-)
Did resetting to factory help this issue? I'm having the same problem with my 5th and 3rd gen AE's. I've added a new router (pfSense) and only need the AE's for access points. The following is the result on some problem tracking:
Working on my network ip addressing issue. I shut everything down. I brought up my internal wired network of pfSense router, internal switches, appleTv units, printers and a couple of computers. All Addresses were correctly assigned. I released/renewed the ip addresses to check if the address assigned would remain correct, and this test passed.
I then connected my cable modem to the internet, which connected with no problem. I then again tested release/renew of addresses, and this test pasted with no problems. And I had internet access.
My internal network follows the 10.0.1.xxx address range. I leave 20-99 open as my dynamic range, and assign my AppleTv, DirecTv, SlingBox, and MacMini server to static addresses via MAC reservation. All these are functioning correctly.
Final test. I add my Airport Extreme 5th gen, which is in bridge mode, with no guest network, and the light turns green. I open up my MacBook, connect via WiFi, and the address is 192.168.100.34, not correct. I turn WiFi on my MacBook off, then I turn it on, after three cycles I get a correct ip address.
I confirm via airport utility my settings. I see nothing to change. I replace my Airport Extreme 5th gen , with my older Airport Extreme 3rd gen, and I once again get a 192.168.100.22 address which is not correct. I cycle the WiFi setting in my MacBook and after a few cycles, I get a correct address.
My DHCP server is an older Dell system running the linux based software pfSense. I made this change after I started getting bad IP addresses from my Airport Extreme 5th gen. My cable modem is a Zoom 5431J DOCSIS 3.0. But my first test was verifying the assignment of addresses from pfSense, without the cable modem.
I've powered off both Airport Extremes and have checked the settings. Not sure what else I might try with these Extreme units. -
DHCP server does not assign IP addresses SG500 firmware 1.3.5
good day collegues
has any of you come across the following issue:
my switch (after upgrading to the newest firmware 1.3.5) does not assign IP addresses to some of the hosts.
after a couple of hours I managed (do not even how) to force my switch to assign IP addresses only to some of the hosts.
still some of them cannot get the IP address and remain with "funny" IP address like i.e. 169.254.100.100
additional info
1. if I boot my switch with the previous version of firmware (1.3.0.6) everything is OK. all my hosts get correct IP addresess
2. the hosts which do not get IP address were perviously entered in stat host table - now removed, ARP cleared, etc, everything many many times rebooted.
I ran out of ideas, could you pleae give me some hints ?
the config below:
config-file-header
SG500
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router queues-mode 4
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end zzz
no spanning-tree
vlan database
vlan 11,13-14
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
no ip dhcp snooping verify
ip dhcp snooping information option allowed-untrusted
ip dhcp snooping vlan 11
ip dhcp snooping vlan 13
ip dhcp snooping vlan 14
ip arp inspection logging interval infinite
green-ethernet energy-detect
no eee enable
arp timeout 1
ip dhcp server
ip dhcp pool host q409
address 10.10.11.2 255.255.255.0 client-identifier 01:00:08:9b:ac:8f:92
default-router 10.10.11.254
dns-server 10.10.10.1
exit
ip dhcp pool host PCH-100
address 10.10.11.10 255.255.255.0 client-identifier 01:00:06:dc:41:ef:ef
default-router 10.10.11.254
dns-server 10.10.10.1
exit
ip dhcp pool host q209
address 10.10.13.3 255.255.255.0 client-identifier 01:00:08:9b:ac:72:ba
client-name q209
default-router 10.10.13.254
dns-server 8.8.8.8
exit
exit
ip dhcp pool network HOME
address low 10.10.11.1 high 10.10.11.254 255.255.255.0
lease infinite
default-router 10.10.11.254
dns-server 10.10.10.1
exit
ip dhcp pool network GUESTS
address low 10.10.14.1 high 10.10.14.254 255.255.255.0
lease infinite
netbios-node-type b-node
default-router 10.10.14.254
dns-server 10.10.10.1 62.233.233.233
exit
ip dhcp relay address 10.10.10.1
ip dhcp relay address 10.10.11.254
ip dhcp relay address 10.10.13.254
ip dhcp relay address 10.10.14.254
no boot host auto-config
no qos
qos advanced-mode trust dscp
qos wrr-queue wrtd
exit
hostname SG500
line telnet
exec-timeout 0
exit
logging buffered debugging
no logging file
aaa authentication login Telnet local
aaa authentication enable Telnet enable
aaa authentication dot1x default none
line telnet
login authentication Telnet
enable authentication Telnet
password 999 encrypted
exit
no passwords complexity enable
passwords aging 0
username 999 password encrypted 999 privilege 15
ip http timeout-policy 0 http-only
clock timezone " " 1
clock summer-time web recurring eu
clock source sntp
clock source browser
sntp unicast client enable
clock dhcp timezone
ip domain name 999
ip name-server 10.10.10.1 62.233.233.233 8.8.8.8
ip host 999 10.10.13.3
ip telnet server
no service mirror-configuration
no security-suite deny syn-fin
security-suite syn protection mode disabled
interface vlan 1
ip address 10.10.10.254 255.255.255.0
no ip address dhcp
interface vlan 11
name HOME
ip address 10.10.11.254 255.255.255.0
ip dhcp relay enable
interface vlan 13
name DMZ
ip address 10.10.13.254 255.255.255.0
ip dhcp relay enable
interface vlan 14
name GUESTS
ip address 10.10.14.254 255.255.255.0
ip dhcp relay enable
interface gigabitethernet1/10
description "(99) QNAP 409"
switchport trunk native vlan 11
exit
macro auto disabled
macro auto processing type host enabled
macro auto processing type ip_phone disabled
macro auto processing type ip_phone_desktop disabled
macro auto processing type router enabled
mac address-table aging-time 10
ip default-gateway 10.10.10.1
snmp-server set 999 permitHi Andbor, please make a backup config of your file, factory reset the switch.
After this, manually configure a DHCP scope without any other configuration.
Just something simple like this
ip dhcp pool network GUESTS
address low 10.10.14.1 high 10.10.14.254 255.255.255.0
lease infinite
netbios-node-type b-node
default-router 10.10.14.254
dns-server 10.10.10.1 62.233.233.233
Verify your machine receive IP address with no other configuration.
In some ways, I'm afraid some of your connections black listed due to the arp inspection.
-Tom
Please mark answered for helpful posts -
Error - Account group does not exist, check classification assignment
Hi Guys,
I am having an BP replication issue from CRM to R3 when i create BP from Web IC with role UTIL_IC. BP gets replicated to R3 if i create BP from GUI.
Bdoc Error - Account group does not exist, check classification assignment
i have completed all the required configuration as below
Setup of no range for BP and assigned to grouping
PIDE settings in R3
Setup if account identification profile in IS solutions
Thanks,
NitinNitin,
Refer to [this|BP replication error; &[this|Contact Person Replication From CRM to R/3; thread. -
Assign PO Smartform in NACE error-Processing routine does not exist
I have created a Z-Smartform and Z-driverProgram and assigned both in NACE:
Medium- Program- Form- PDF/Smartform- Type
Print output- ZSFPOREPORT- -ZSFPOREPORT- SmartForm
but a error message : Processing routine in program ZSFPOREPORT does not exist ..
Do we need to code in driver prog under a Subroutine and call the same (or) Do we need to create a Form with Special Interface parameters similar to Entry_NEU ..
I am not sure as ENTRY_NEU is for a Script but we need to assign a SMARTFORM here...
So Gurus suggest.....Hi
DATA: fm_name TYPE rs38l_fnam.
*-- Call the Smartform for Label Printing.
CALL FUNCTION 'SSF_FUNCTION_MODULE_NAME'
EXPORTING
formname = 'ZLS_XXXXX'
IMPORTING
fm_name = fm_name
EXCEPTIONS
no_form = 1
no_function_module = 2
OTHERS = 3.
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
CALL FUNCTION fm_name
EXPORTING
v_XXXX = v_YYYYY
v_matnr = mara-matnr
EXCEPTIONS
formatting_error = 1
internal_error = 2
send_error = 3
user_canceled = 4
OTHERS = 5.
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
But this pattern is not same for all driver program. So you can do the following:
Step 1: Click on the area where you want to write function module.
Step 2: Click on "Pattern" at the top of the SAP window. Enter the function name as SSF_FUNCTION_MODULE_NAME and
press ok.
Step 3: Now fill up the reqd fields. Give the name of the smartform in
EXPORTING
formname = 'ZLS_XXXXX'
Step 4: Now go to the SMARTFORMS program Environment->Function Module Name and copy the Module Name.
Again click on "Pattern" and paste the module name. Again you will get a pattern(i.e. the second function)
Step 5: Replace the Function module name with "fm_name" as shown in the code above.
Then your code is ready.
Thanks & Regards
Rocky kr. Agarwal. -
Role Assignment does not get distributed from CUA
Hi all.
I create user and role in CUA client.
There is no error in role generation.
When I try to find my role in SU01 by pressing F4 of my role (Y*), system give me message role not found. But that's not my biggest problem.
I can assign my role by typing manually.
My biggest problem is only SAP ID get distributed into target system, not the role assignment.
So in the target system I can see my user id without role assign to it.
I checked my user id from SCUL. User and profile does not contain any error message in target client.
I tried with transaction RSCCUSND, still my user id does not contain role.
I checked my SCUM transaction, profiles and roles has Global settings.
Does someone can give me a clue why this happens and how to solve this issue.
Many thanksLets try to simplify the thing in layman language.
CUA is to manage user ids of different SAP systems (client level) centrally from one system without logging into each of those child systems. To do so, the Central system stores the information of the Roles (and their Text and Generated Profile Name ONLY) and Profiles (standard or non-generated profiles) in few of it's tables like: USLA04, USRSYSACT, USRSYSACTT, USRSYSPRF, USRSYSPRFT etc.
It doesn't mean that the Roles for the corresponding child system is present in the central system and no need of creating (or making available) such roles in the Child systems. The physical existence of the Role for each system doesn't get transferred in the Central system when you do the Text comparison rather the identity only against the corresponding system.
So the Roles has to be there in the corresponding Child systems and the Assignment (not physical assignment - only linking the name for that child system) of them to the user ids can be done from Central system.
Also you have got the idea of Text comparison and requirement of keeping or creating roles in each system based on it's nature from the other posts.
Let us know any more questions you have.
regards,
Dipanjan
Maybe you are looking for
-
Find and replace in files does not refresh when changes are made
Using RH10, I search for a term with the Find and Replace Options pod. I use the Find Results list as a reference only, and open each file from the Topic List. I do this instead of opening the topics from the Find Results tab because I want to see th
-
Need to Display columns depending on the prompt selection
I need to show the only the columns as per the prompt selection given by the user. Suppose there are 5 prompts say (first name, last name, phone number, address, DOJ). All the prompts should be optional. If the user gave input for first name and las
-
Hi All, I have a table and i want to fetch records where rownum>20 and rownum<31(i.e records from 21 to 30). What will be sql query for this.Kindly suggest. Thanks, Vineet
-
Toolbar hidden and clouded in the background
Hi Part of the Navigation menu - the home button, reload button, stop loading current page, Google PR button, etc - have disappeared from my Mozilla browser and I can't figure out how to get it back. The File, Edit, etc toolbar is fine and is still t
-
One iPhone, multiple computers
Hi, I'm using my iPhone 3G with a few computers (office, home, laptop etc.). Each of these computer is running the latest version of iTunes. I am able to sync outlook and IE information on all machines. The problem is that I can copy music to my ipho