Implementing "object-group service"
Running 8.2(3) on an ASA 5510
I have created the two following object groups.
object-group service gatewayTCP tcp
port-object eq 88
port-object eq 135
port-object eq 445
port-object eq ldaps
port-object eq 3268
port-object eq 3269
object-group service gatewayTCP-UDP tcp-udp
port-object eq domain
port-object eq 389
port-object eq 464
port-object range 49152 65535
I have run into an issue with "domain" working in the tcp-udp type. The following access-list does not work without explicitly calling out "domain" for both TCP and UDP. Everywhere I looked I appear to be doing it right so what am I missing. Does "permit tcp" need to be "permit ip" to cover both tcp and udp? I found one article with someone suggestiong just make it "permit tcp" and it will work. Not in a position to test at the moment so figured I'd ask here. Want to be sure I'm not getting bit anywhere else related to these object groups in case I am not implementing them correctly?
access-list dmzAccess extended permit tcp host 172.26.11.10 host 10.16.11.203 object-group gatewayTCP
access-list dmzAccess extended permit tcp host 172.26.11.10 host 10.16.11.203 object-group gatewayTCP-UDP
Is this a bug with service object groups? Is there some place I need to enable this feature?
Hi,
Have you tried configuring it like this
object-group service GATEWAY-SERVICES
service-object tcp eq 88
service-object tcp eq 135
service-object tcp eq 445
service-object tcp eq ldaps
service-object tcp eq 3268
service-object tcp eq 3269
service-object tcp eq 53
service-object udp eq 53
service-object tcp eq 389
service-object udp eq 389
service-object tcp eq 464
service-object udp eq 464
service-object tcp range 49152 65535
service-object udp eq 49152 65535
access-list dmzAccess permit object-group GATEWAY-SERVICES host 172.26.11.10 host 10.16.11.203
I am not sure if it was only after software 8.3+ that the command under the actual "object-group" was of format "service-object tcp source" / "service-object tcp destination" (or the same for UDP)
- Jouni
Similar Messages
-
Hello Guys,
my question is do below access-lists operate the same way? I am confused about source and destination ports in object-group based acl.
ip access-list extended 101
deny tcp any any eq bgp
deny tcp any eq bgp any
deny tcp any any eq ftp
deny tcp any eq ftp any
service object group services
tcp eq bgp
tcp eq ftp
ip access-list extended 101
deny object-group service any any
Following question is if the purpose is to deny any traffic where source port is bgp (e.g. deny any eq bgp any), how it can be configured using object group service.
Thanks in advance
RegardsHi,
Have you tried configuring it like this
object-group service GATEWAY-SERVICES
service-object tcp eq 88
service-object tcp eq 135
service-object tcp eq 445
service-object tcp eq ldaps
service-object tcp eq 3268
service-object tcp eq 3269
service-object tcp eq 53
service-object udp eq 53
service-object tcp eq 389
service-object udp eq 389
service-object tcp eq 464
service-object udp eq 464
service-object tcp range 49152 65535
service-object udp eq 49152 65535
access-list dmzAccess permit object-group GATEWAY-SERVICES host 172.26.11.10 host 10.16.11.203
I am not sure if it was only after software 8.3+ that the command under the actual "object-group" was of format "service-object tcp source" / "service-object tcp destination" (or the same for UDP)
- Jouni -
SNAT to single host using object-group service
Hi, I have a single host that I want to static nat a number of services to. I want to use service object groups to simplify commands. I guess the beginnig is:
object-group service OG-SERVICES-INSIDE-MYSERVER
service-object tcp destination eq ftp
service-object tcp-udp destination eq www
service-object tcp destination eq 1723
object network NETWORK_OBJ_INSIDE-MYSERVER
host 192.168.1.100
How would the NAT configuration be?Hi Samuel,
I think object NAT does not allow us to use service object-group.
In order to achieve your requirement we need to create network object per static nat per service.
This is because there can be only one nat statement per network object.
Hope this helps.
Thanks,
Rishabh -
We recently installed a pair of ASR1004 routers and were somewhat (unpleasantly) surprised to find that the "object-group network" and "object-group service" were not supported. After doing some searches on the forums here I found this discussion:
https://supportforums.cisco.com/message/3573041#3573041
At that time (28 Feb 2012) it was mentioned that support for object-groups for ACLs were planned for 3.9S / Q1CY2013. We're running 3.10S and still no object groups so I was just wondering if anyone has heard an updated estimate of when this feature will be added to IOS-XE?As the release notes state, this feature is implemented in 3.12S:
http://www.cisco.com/c/en/us/td/docs/routers/asr1000/release/notes/asr1k_rn_rel_notes/asr1k_feats_important_notes_312s.html#pgfId-3452835 -
Access list with multiple object groups
Hello Everyone,
I am using a cisco ASA 5525 with 8.6 code. I am trying to setup access list for oubound access meaning hosts accessing the internet. I have created an access list called outbound_access and did "access-groupc outbound_access in interface inside "
I am trying to use object-groups where ever i can. Here is an example.
object-group service obj_Meraki_outbound
service-object tcp destination eq 443
service-object tcp destination eq 80
service-object tcp destination eq 7734
service-object tcp destination eq 7752
service-object udp destination eq 7351
object-group network obj_Meraki_lan
network-object 10.2.11.0 255.255.255.240
network-object 10.5.11.0 255.255.225.240
object-group network obj_Meraki_pub
des This group lists all hosts associated with Meraki.
network-object host 64.156.192.154
network-object host 64.62.142.12
network-object host 64.62.142.2
network-object host 74.50.51.16
network-object host 74.50.56.218
object-group service obj_Meraki_outbound
service-object tcp destination eq 443
service-object tcp destination eq 80
service-object tcp destination eq 7734
service-object tcp destination eq 7752
service-object udp destination eq 7351
object-group network obj_Meraki_lan
network-object 10.x.x.x 255.255.255.240
network-object 10.x.x.x 255.255.225.240
object-group network obj_Meraki_pub
des This group lists all hosts associated with Meraki.
network-object host 64.156.192.154
network-object host 64.62.142.12
network-object host 64.62.142.2
network-object host 74.50.51.16
network-object host 74.50.56.218
I have tried tying all these groups together in multiple ways but cannot figure out how to do this. This what i think it should be "access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub"
What i want is the use the service objects and the source network would be obj_Meraki_lan and destination would be obj_Meraki_pub. It seems the rules completely change when you use object groups. Can someone explain this maybe with a few examples. I am already using object groups in many acls but not for every element.
ThanksHi,
Seems to work on my test ASA
Attached it to my current LAN interface.
ASA(config)# packet-tracer input LAN tcp 10.2.11.1 12345 64.156.192.154 80
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 WAN
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outbound_access in interface LAN
access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub
object-group service obj_Meraki_outbound
service-object tcp destination eq https
service-object tcp destination eq www
service-object tcp destination eq 7734
service-object tcp destination eq 7752
service-object udp destination eq 7351
object-group network obj_Meraki_lan
network-object 10.2.11.0 255.255.255.240
network-object 10.5.11.0 255.255.255.240
object-group network obj_Meraki_pub
description: This group lists all hosts associated with Meraki.
network-object host 64.156.192.154
network-object host 64.62.142.12
network-object host 64.62.142.2
network-object host 74.50.51.16
network-object host 74.50.56.218
Additional Information:
access-list outbound_access line 1 extended permit tcp 10.2.11.0 255.255.255.240 host 64.156.192.154 eq www (hitcnt=1) 0x4d812691
Also have used such configuration in some special cases where the customer has insisted on allow specific TCP/UDP ports between multiple networks. And nothing is stopping from adding ICMP into the "object-group service" also.
- Jouni -
Migrate network object group members; risk
We upgraded to new 5555 hardware and jumped from 8.2 to 9.1 last year. Our objects listing is now a bit messy. I have never run the "Migrate Network Object Group Members" menu option in asdm. I see what it is going to do, I am not sure it really helps me clean old objects, it seems low risk, but when I walk up to execution, there are a lot of changes it wants to make. We always save backup configurations but, if there are "gotchas" I don't want to put the company in that position. What has been the communities, Cisco's experience? Thanks for any feedback. jc
John,
if you feel that is risky, you can always go for plan B.
- you can take closure look at the object groups and decide new object naming convention policy.
- from ASDM or CSM, you can see overlapped or duplicate rules, so you can start with reducing them
- you can see same services used in couple of rules with different service groups.
- like object-group service WEB-PORTS tcp
port-object eq http
port-object eq https
object-group service APPLICATION-PORTS tcp
port-object eq http
port-object eq https
object-group service APPS-PORT tcp
port-object eq www
port-object eq https
- you can replace all these different object-group with one object group. like WEB-PORTS.
- same way you can do excercise for network group as well.
hope this helps.
JD... -
CSM service-object groups.
Hello,
I have a question. I'd like to maintain an ehanced service object group. When I create a service-object, it splits the service-object
into
sobjname.tcp
and then
sobjname.udp
But it doesn't tell you its going to do this until you deploy ( very annoying ).
How can I create an enhanced service-object group with the protocol & port objects. I have both CSM 3.3. and 4.1.
Also is there an UNDO command that I don't know about when modifying (cutting and pasting access rules around in CSM).?
Thanks!
-M-Hello Bobby,
The object-groups look good,
The way to use them will be with ACLs so config looks cleanear and smaller,
Regards,
Julio Carvajal -
Response Group Service stops repeatedly.
Hi,
We have a 3 node Lync 2013 FE pool, running on Windows 2012 R2 Datacenter.
The response group service on all nodes stops periodically at different times. Obviously once all the pool members have stopped this service the Response Groups no longer function. We see the following events in the logs that show the issue:
Log Name: Lync Server
Source: LS Application Server
Date: 1/20/2015 4:07:06 AM
Event ID: 32007
Task Category: (1055)
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxx
Description:
The Application Host stopped due to an unhandled exception in the application.
The Application Host received an unhandled exception while running application urn:application:RGS. Exception information: Exception: System.Reflection.TargetInvocationException
> Message: Exception has been thrown by the target of an invocation.
> StackTrace: at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.Rtc.ApplicationServerCore.EventQueueEntry.ExecutionContextRunCallback(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at Microsoft.Rtc.ApplicationServerCore.EventQueueEntry.InvokeEvent(Boolean executingSynchronously, EventSerializer serializer)
at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvent(Boolean executingSynchronously, EventQueueEntry entry)
at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvents(EventQueueEntry entry)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
> Source: mscorlib
> HResult: -2146232828
Inner Exception: System.NullReferenceException
> Message: Object reference not set to an instance of an object.
> StackTrace: at Microsoft.Rtc.Acd.MatchMaking.CallHandler.StopQueueTimer()
at Microsoft.Rtc.Acd.MatchMaking.CallHandler.RouteToAnotherQueue(QueueCallHandler currentQueue, QueueCallHandler newQueue)
at Microsoft.Rtc.Acd.MatchMaking.CallHandler.RouteCallOnQueueTimeout(QueueCallHandler currentQueue)
at Microsoft.Rtc.Acd.MatchMaking.CallHandler.OnStateTimerExpired()
at Microsoft.Rtc.Acd.MatchMaking.AgentPresenceManager.OnTimerExpired(Object sender, TimerExpiredEventArgs args)
at Microsoft.Rtc.Acd.MatchMaking.PresenceProvider.EventQueue.OnExecuteWorkItem(QueueWorkItem workItem)
> Source: Microsoft.Rtc.Acd.MatchMaking
> HResult: -2147467261
Cause: Unhandled exception.
Resolution:
Check the events prior to this to resolve the unhandled exception.
Log Name: Lync Server
Source: LS Application Server
Date: 1/20/2015 4:07:06 AM
Event ID: 32002
Task Category: (1055)
Level: Information
Keywords: Classic
User: N/A
Computer: xxxxxxxxxx
Description:
The Application Host has stopped an application.
The Application Host has stopped application RTCRGS
Log Name: Lync Server
Source: LS Response Group Service
Date: 1/20/2015 4:07:06 AM
Event ID: 31207
Task Category: (2001)
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxx
Description:
An unhandled exception was encountered in Response Group Service.
Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Rtc.Acd.MatchMaking.CallHandler.StopQueueTimer()
at Microsoft.Rtc.Acd.MatchMaking.CallHandler.RouteToAnotherQueue(QueueCallHandler currentQueue, QueueCallHandler newQueue)
at Microsoft.Rtc.Acd.MatchMaking.CallHandler.RouteCallOnQueueTimeout(QueueCallHandler currentQueue)
at Microsoft.Rtc.Acd.MatchMaking.CallHandler.OnStateTimerExpired()
at Microsoft.Rtc.Acd.MatchMaking.AgentPresenceManager.OnTimerExpired(Object sender, TimerExpiredEventArgs args)
at Microsoft.Rtc.Acd.MatchMaking.PresenceProvider.EventQueue.OnExecuteWorkItem(QueueWorkItem workItem)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.Rtc.ApplicationServerCore.EventQueueEntry.ExecutionContextRunCallback(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at Microsoft.Rtc.ApplicationServerCore.EventQueueEntry.InvokeEvent(Boolean executingSynchronously, EventSerializer serializer)
at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvent(Boolean executingSynchronously, EventQueueEntry entry)
at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvents(EventQueueEntry entry)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
Cause: Internal error in Response Group Service.
Resolution:
Restart the service. If the problem persists contact product support.
Log Name: Application
Source: .NET Runtime
Date: 1/20/2015 4:07:06 AM
Event ID: 1026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxxxx
Description:
Application: OcsAppServerHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.TargetInvocationException
Stack:
at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvents(Microsoft.Rtc.ApplicationServerCore.EventQueueEntry)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
Log Name: Application
Source: Application Error
Date: 1/20/2015 4:07:07 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxx
Description:
Faulting application name: OcsAppServerHost.exe, version: 5.0.8308.0, time stamp: 0x5050e359
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x5318237f
Exception code: 0xe0434352
Fault offset: 0x00000000000043c8
Faulting process id: 0x3cbc
Faulting application start time: 0x01d033d48b291c99
Faulting application path: C:\Program Files\Microsoft Lync Server 2013\Application Host\OcsAppServerHost.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: b4e25672-a083-11e4-80ce-005056b06583
Faulting package full name:
Faulting package-relative application ID:
I initially though this may be due to AV scanning but this has been disproved. Please assist me with troubleshooting this issue.
thanks
ChrisHi,
Please make sure CMS replication update to the latest status.
Try to install the latest update for Lync Server and reboot the server.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Business Objects, external services and application services in CAs
Hi All,
right now we are developing our first eSOA Composite Application with CE and I have some questions regarding Business Objects, the import of external services and the development of application services.
As I understood there are two ways to provide business functionality for composite applications:
a. Import backend functionality as an external service (e.g. BAPI, RFC) at the CAF, build the application service which can be used as a callable object for UIs or the GPs
b. Develop a local Business Object (in CAF) providing the business logic, create the application service which again can be used as a callable object. Furthermore the application service can be exposed as a Web Service (external service).
My questions:
1. When is it appropriate to to import external services in stead of developing local BOs?
2. Under what conditions is it advisable to (solely) develop local BOs?
3. What are the advantages / disadvantages regarding the reusability of the services (in option a and b)?
Note: We are developing on NetWeaver 2004s.
Please let me know, if you need more information to answer the questions!
Thanks for your advice in advance,
Regards,
IvonneHi Ivonne,
first of all, the CAF Business Objects (BOs) itself don't contain any business logic, they're basically just local database tables (with some CRUD services on top).
Business logic is implemented in Application Services (AS).
Now, regarding local BO's vs. external services, it depends on your use case. If the data is already available somewhere in your backend system it makes sense to use external services. For instance you wouldn't want to store business partners all over different composites. For data that is specific to your composite (in particular configuration, customizing etc.) and not likely to be reused by other applications you should use local BOs.
Accessing local BO's is also much faster than calling external services.
You can do reuse in both scenarios, since the CAF services can be exposed as web services.
Regards,
Christian
Edited by: Christian Loos on Apr 8, 2008 6:11 PM -
Wondered if anyone had seen this before , we're getting the following error on all our Lync 2013 Front Ends but we aren't seeing any impact at all
Event 31149, LS Response Group Service
Unhandled Exception occurred when the service was running on a thread pool used by the platform.
Unhandled Exception: System.NullReferenceException - Object reference not set to an instance of an object.
Inner Exception: ~
Cause: Unhandled exception.
Resolution:
Restart to service
Just to confirm restarting the service does not resolve this and the error comes in every 15 minutes.
Thank youTry to install the latest update for Lync Server and reboot the server.
Lisa Zheng
TechNet Community Support -
I have an ASA 5510 and have just started using object-groups which are super handy in theory, but not working in reality. I have a service object-group with a mix of tcp, icmp, and udp ports. Let's call it Sample_Port_Group. I'm trying to apply it to my dmz_access_in ACL. Here's the line giving me problems:
access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 any
The asa throws up an error between 192.168.1.1 and any. When I put up a ? after Sample_Port_Group, it gives me the option of putting in an IP address, any, etc. When I put in a ? after 192.168.1.1, it only gives me the option of putting in an IP address.
Going off these posts:
- http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml
- http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/nwaccess.html
Those posts gave me the impression my line was possible, especially the "access-list outsideacl extended permit object-group myaclog interface inside any" line, which is at the end of the 2nd article linked.
What am I doing wrong?
Thanks in advance for any help.Hi Adam!
You are doing it right, you are just missing on little keyword.
The line should be as this:
access-list dmz_access_in extended permit object-group Sample_Port_Group host 192.168.1.1 any
or you could specify the subnetmask as:
access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 255.255.255.255 any
Regards -
Business objects data services
Hi,
We are doing some feaibility study to implement the reports distribution by splitting the file according to vendors and sending the mail accordingly. As part of this i would like to know can we split the file as mentioned above and send email to the vendors using To and CC in the mail with the attachment of either .TXT file or XLS file using the Business objects data services.
Thank you
Best regards,
MANREDDY
Edited by: MANREDDY on Aug 13, 2011 8:28 AMYou might have better luck in the (somewhat misnamed) [Data Integration and Data Quality Management|Data Services and Data Quality; forum:
This forum is dedicated to topics related to SAP BusinessObjects Data Services (Data Integrator, Data Quality Management, Text Data Processing), SAP BusinessObjects Information Steward (Metadata Management, Data Insight), SAP BusinessObjects Rapid Marts and SAP BusinessObjects Data Federator.
(emphasis added)
Regards,
Sean -
Sample for Business Objects Web Services for Admin Tasks
Hi,
Anyone has any idea that where can I get a sample using Business Objects Web Services for Admin Tasks like:
- How To Set Security Rights
- How To Manage Categories
- How To Manage User Accounts
- How To Manage User Groups
Thanks,
HarshadSamples are available at:
https://www.sdn.sap.com/irj/sdn/businessobjects?rid=/webcontent/uuid/e02e0a54-6471-2b10-c99c-d66e07fab102&startindex=21
Check BOSAP notes and other samples page for more info. -
How to implement "my appraisals" service in ESS ?
hi,
i am configuring ESS in EP 6.0. My back end system is MySAP ERP. i wanted to implement "My Appraisals" service in ESS but i dont see any iview for it . Can anyone tell me how to implement it in ESS?
regards,
aditiHi Aditi
if u dont' found ZEMPLOYEE_CAREER_MBO (customer specific)
crate ur own by following
spro ->IMG ->cross-application components ->Homepage Framework-> resources ->define resources ->define resources (add entry)
click on new entry
specifi the following
resource key -
>ZEMPLOYEE_CAREER_MBO
description -
>Appraisals In Process
object name----->hap_document/documents_todo.htm
url of pcd page-->pcd:portal_content/com.sap.pct/every_user/com.sap.pct.ess.employee/com.sap.pct.ess.roles/com.sap.pct.ess.employee_self_service/com.sap.pct.ess.employee_self_service/com.sap.pct.ess.area_career_job/com.sap.pct.ess.bsp_career_job
save ur entry. release the request.
now create the service.
spro ->IMG ->cross-application components ->Homepage Framework-> services->define services->define services(add entry)
click on new entry specifie following
service key -->EMPLOYEE_CAREER_APPRAISALS
service link text-->Appraisals
service type--->service build with BSP
link resource--->ZEMPLOYEE_CAREER_MBO
save ur entry.
now click on assign services to subarea->Assign Services to Subareas (Find Entries)
create new entry.
subarea key---->EMPLOYEE_CAREER_SUBAPPRAISALS
service key short---->EMPLOYEE_CAREER_APPRAISALS
position--->1
if u have any query revert back
regards,
kaushal -
ICR 002 - Object Groups and Sets
Hi,
Tcode here is FBCR009.
I need one help on the PROCESS 002 for ICR. In the current system, we have implemented the Object groups and Sub groups as mentioned below:
Object Group - 100
Object Subgroup 100
Object group Sequence Company Field Company Set Description Partner Field Partner Set description
100 1 RACCT RULE2A B/S Cash Management RACCT RULE2B B/S Cash Management
100 2 RACCT RULE3A B/S ST Interest Bearing RACCT RULE3B B/S ST Interest Bearing
100 3 RACCT RULE4A B/S ST Non-Interest Bearing RACCT RULE4B B/S ST Non-Interest Bearing
100 4 RACCT RULE5A B/S ST Non-Interest Bearing Derivatives RACCT RULE5B B/S ST Non-Interest Bearing Derivatives
100 6 RACCT RULE7A P&L LT Interest RACCT RULE7B P&L LT Interest
100 7 RACCT RULE8A P&L ST Interest RACCT RULE8B P&L ST Interest
100 8 RACCT RULE9A P&L Toll RACCT RULE9B P&L Toll
100 9 RACCT RULE10A P&L Royalties RACCT RULE10B P&L Royalties
100 10 RACCT RULE11A P&L Rent RACCT RULE11B P&L Rent
100 11 RACCT RULE12A P&L Brokerage Commission RACCT RULE12B P&L Brokerage Commission
100 12 RACCT RULE13A P&L Warehousing RACCT RULE13B P&L Warehousing
100 13 RACCT RULE14A P&L Misc/Other RACCT RULE14B P&L Misc/Other
100 14 RACCT RULE15A P&L Insurance RACCT RULE15B P&L Insurance
100 15 RACCT RULE16A B/S LT RACCT RULE16B B/S LT
I am a little confused here. The following sets under the sub-group has a logical u201CANDu201D . the customer corporate reporting group would like to see the Config to allow each group of accounts defined as ruleXa reconciled to group of accts defined as ruleXb, e.g.
Rule 2A with Rule 2B
Rule 3A with Rule 3B etc
Each Company set should only reconcile with the partner set.
looked at this OSS Note 1499183 - ICR: Documents are not assigned to the object groups & got even more confused.
Request if you can advice here.
Regarzds
AahishHello Johannes,
Unfortunately what you are trying to do is not possible.
Object groups are defined using the information in the totals table. Therefore fields only available in the line item table cannot be used when setting up object groups. Unfortunately it is also not possible to set up status fields on the totals level because of the standard update process of those fields when setting a status (the line item table is modified directly, there is no totals update). Depending on the details of your setup you might be able to simply add a "normal" field on the totals level and then fill it via BADI. This would probably work quite well if the field does not have to be set manually - and in this case you do not really need the functionality of setting a status manually either.
I hope this helps you in your efforts!
Ralph
Maybe you are looking for
-
How to create Tree format in Table Rn in one Column having data?
Hi Gurus, i got the new requirement it's very interesting pl z help me... My Requirement is i have one Table Rn in Table Rn having 5 columns There here one column name is 'Competencies ' That Competencies column having the more rows liki FUNC.ADMIN.A
-
Intercompany Sale-Excise Issue
Guru's We have a Intercompany scenario as below Two company codes A and B Two Plants A and B Two Sale Org A and B Company A and sale org A receives the order and sees that material is avaialbe in Plant B so get's from there, intercompany price(PI01)
-
Satellite A50-105 will only start in safe mode or enable VGA mode
After cleaning all the rubbish off my computer I must have deleted something I should not have. When I start it up the Windows Xp screen comes up then after a while it just goes blank. I can start it up in safe mode or VGA enabled but when I try to c
-
Self registration and modification of tjspSelfRegistrationTiles.jsp
Hello, How can the tjspSelfRegistrationTiles.jsp be modified to add a combo box to the self registration form? Where can we find this file? Do we need to also modify the FormMetadata.xml file? Where can we find documentation on how to modify the tjsp
-
Hello, To the best of my knowledge I've matched my LiveType and FCP settings. I imported my LiveType file into FCP so that when I need to make changes to the LiveType file it automatically updates in FCP. Works great! Here's my problem....any time I