Implementing "object-group service"

Similar Messages

• IOS - object-group service

  Hello Guys,
  my question is do below access-lists operate the same way? I am confused about source and destination ports in object-group based acl.
  ip access-list extended 101
    deny tcp any any eq bgp
    deny tcp any eq bgp any
    deny tcp any any eq ftp
    deny tcp any eq ftp any
  service object group services
  tcp eq bgp
  tcp eq ftp
  ip access-list extended 101
    deny object-group service any any
  Following question is if the purpose is to deny any traffic where source port is bgp (e.g. deny any eq bgp any), how it can be configured using object group service.
  Thanks in advance
  Regards

  Hi,
  Have you tried configuring it like this
  object-group service GATEWAY-SERVICES
  service-object tcp eq 88
  service-object tcp eq 135
  service-object tcp eq 445
  service-object tcp eq ldaps
  service-object tcp eq 3268
  service-object tcp eq 3269
  service-object tcp eq 53
  service-object udp eq 53
  service-object tcp eq 389
  service-object udp eq 389
  service-object tcp eq 464
  service-object udp eq 464
  service-object tcp range 49152 65535
  service-object udp eq 49152 65535
  access-list dmzAccess permit object-group GATEWAY-SERVICES host 172.26.11.10 host 10.16.11.203
  I am not sure if it was only after software 8.3+ that the command under the actual "object-group" was of format "service-object tcp source" / "service-object tcp destination" (or the same for UDP)
  - Jouni

• SNAT to single host using object-group service

  Hi, I have a single host that I want to static nat a number of services to. I want to use service object groups to simplify commands. I guess the beginnig is:
  object-group service OG-SERVICES-INSIDE-MYSERVER
   service-object tcp destination eq ftp
   service-object tcp-udp destination eq www
   service-object tcp destination eq 1723
  object network NETWORK_OBJ_INSIDE-MYSERVER
   host 192.168.1.100
  How would the NAT configuration be?

  Hi Samuel,
  I think object NAT does not allow us to use service object-group. 
  In order to achieve your requirement we need to create network object per static nat per service.
  This is because there can be only one nat statement per network object.
  Hope this helps.
  Thanks,
  Rishabh

• ASR IOS-XE and object groups

  We recently installed a pair of ASR1004 routers and were somewhat (unpleasantly) surprised to find that the "object-group network" and "object-group service" were not supported.  After doing some searches on the forums here I found this discussion:
  https://supportforums.cisco.com/message/3573041#3573041
  At that time (28 Feb 2012) it was mentioned that support for object-groups for ACLs were planned for 3.9S / Q1CY2013.  We're running 3.10S and still no object groups so I was just wondering if anyone has heard an updated estimate of when this feature will be added to IOS-XE?

  As the release notes state, this feature is implemented in 3.12S:
  http://www.cisco.com/c/en/us/td/docs/routers/asr1000/release/notes/asr1k_rn_rel_notes/asr1k_feats_important_notes_312s.html#pgfId-3452835

• Access list with multiple object groups

  Hello Everyone,
  I am using a cisco ASA 5525 with 8.6 code.  I am trying to setup access list for oubound access meaning hosts accessing the internet.  I have created an access list called outbound_access and did "access-groupc outbound_access in interface inside "
  I am trying to use object-groups where ever i can.  Here is an example.
  object-group service obj_Meraki_outbound
  service-object tcp destination eq 443
  service-object tcp destination eq 80
  service-object tcp destination eq 7734
  service-object tcp destination eq 7752
  service-object udp destination eq 7351
  object-group network obj_Meraki_lan
  network-object 10.2.11.0 255.255.255.240
  network-object 10.5.11.0 255.255.225.240
  object-group network obj_Meraki_pub
  des This group lists all hosts associated with Meraki. 
    network-object host 64.156.192.154
    network-object host 64.62.142.12
    network-object host 64.62.142.2
    network-object host 74.50.51.16
    network-object host 74.50.56.218
  object-group service obj_Meraki_outbound
  service-object tcp destination eq 443
  service-object tcp destination eq 80
  service-object tcp destination eq 7734
  service-object tcp destination eq 7752
  service-object udp destination eq 7351
  object-group network obj_Meraki_lan
  network-object 10.x.x.x 255.255.255.240
  network-object 10.x.x.x 255.255.225.240
  object-group network obj_Meraki_pub
  des This group lists all hosts associated with Meraki. 
    network-object host 64.156.192.154
    network-object host 64.62.142.12
    network-object host 64.62.142.2
    network-object host 74.50.51.16
    network-object host 74.50.56.218
  I have tried tying all these groups together in multiple ways but cannot figure out how to do this.  This what i think it should be "access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub"
  What i want is the use the service objects and the source network would be obj_Meraki_lan and destination would be obj_Meraki_pub.   It seems the rules completely change when you use object groups.  Can someone explain this maybe with a few examples.  I am already using object groups in many acls but not for every element.
  Thanks

  Hi,
  Seems to work on my test ASA
  Attached it to my current LAN interface.
  ASA(config)# packet-tracer input LAN tcp 10.2.11.1 12345 64.156.192.154 80
  Phase: 1
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   0.0.0.0         0.0.0.0         WAN
  Phase: 2
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group outbound_access in interface LAN
  access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub
  object-group service obj_Meraki_outbound
  service-object tcp destination eq https
  service-object tcp destination eq www
  service-object tcp destination eq 7734
  service-object tcp destination eq 7752
  service-object udp destination eq 7351
  object-group network obj_Meraki_lan
  network-object 10.2.11.0 255.255.255.240
  network-object 10.5.11.0 255.255.255.240
  object-group network obj_Meraki_pub
  description: This group lists all hosts associated with Meraki.
  network-object host 64.156.192.154
  network-object host 64.62.142.12
  network-object host 64.62.142.2
  network-object host 74.50.51.16
  network-object host 74.50.56.218
  Additional Information:
  access-list outbound_access line 1 extended permit tcp 10.2.11.0 255.255.255.240 host 64.156.192.154 eq www (hitcnt=1) 0x4d812691
  Also have used such configuration in some special cases where the customer has insisted on allow specific TCP/UDP ports between multiple networks. And nothing is stopping from adding ICMP into the "object-group service" also.
  - Jouni

• Migrate network object group members; risk

         We upgraded to new 5555 hardware and jumped from 8.2 to 9.1 last year. Our objects listing is now a bit messy. I have never run the "Migrate Network Object Group Members" menu option in asdm. I see what it is going to do, I am not sure it really helps me clean old objects, it seems low risk, but when I walk up to execution, there are a lot of changes it wants to make. We always save backup configurations but, if there are "gotchas" I don't want to put the company in that position. What has been the communities, Cisco's experience? Thanks for any feedback. jc

  John,
  if you feel that is risky, you can always go for plan B.
  - you can take closure look at the object groups and decide new object naming convention policy.
  - from ASDM or CSM, you can see overlapped or duplicate rules, so you can start with reducing them
  - you can see same services used in couple of rules with different service groups.
       - like object-group service WEB-PORTS tcp
                      port-object eq http
                      port-object eq https
               object-group service APPLICATION-PORTS tcp
                      port-object eq http
                      port-object eq https
                 object-group service APPS-PORT tcp
                      port-object eq www
                      port-object eq https
  - you can replace all these different object-group with one object group. like WEB-PORTS.
  - same way you can do excercise for network group as well.
  hope this helps.
  JD...

• CSM service-object groups.

  Hello,
  I have a question. I'd like to maintain an ehanced service object group. When I create a service-object, it splits the service-object
  into
  sobjname.tcp
  and then
  sobjname.udp
  But it doesn't tell you its going to do this until you deploy ( very annoying ).
  How can I create an enhanced service-object group with the protocol & port objects. I have both CSM 3.3. and 4.1.
  Also is there an UNDO command that I don't know about when modifying (cutting and pasting access rules around in CSM).?
  Thanks!
  -M-

  Hello Bobby,
  The object-groups look good,
  The way to use them will be with ACLs so config looks cleanear and smaller,
  Regards,
  Julio Carvajal

• Response Group Service stops repeatedly.

  Hi,
  We have a 3 node Lync 2013 FE pool, running on Windows 2012 R2 Datacenter.
  The response group service on all nodes stops periodically at different times. Obviously once all the pool members have stopped this service the Response Groups no longer function. We see the following events in the logs that show the issue:
  Log Name:      Lync Server
  Source:        LS Application Server
  Date:          1/20/2015 4:07:06 AM
  Event ID:      32007
  Task Category: (1055)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      xxxxxxxx
  Description:
  The Application Host stopped due to an unhandled exception in the application.
  The Application Host received an unhandled exception while running application urn:application:RGS. Exception information: Exception: System.Reflection.TargetInvocationException
  > Message: Exception has been thrown by the target of an invocation.
  > StackTrace:    at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
     at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
     at System.Delegate.DynamicInvokeImpl(Object[] args)
     at Microsoft.Rtc.ApplicationServerCore.EventQueueEntry.ExecutionContextRunCallback(Object state)
     at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
     at Microsoft.Rtc.ApplicationServerCore.EventQueueEntry.InvokeEvent(Boolean executingSynchronously, EventSerializer serializer)
     at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvent(Boolean executingSynchronously, EventQueueEntry entry)
     at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvents(EventQueueEntry entry)
     at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
     at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
     at System.Threading.ThreadPoolWorkQueue.Dispatch()
  > Source: mscorlib
  > HResult: -2146232828
  Inner Exception: System.NullReferenceException
  > Message: Object reference not set to an instance of an object.
  > StackTrace:    at Microsoft.Rtc.Acd.MatchMaking.CallHandler.StopQueueTimer()
     at Microsoft.Rtc.Acd.MatchMaking.CallHandler.RouteToAnotherQueue(QueueCallHandler currentQueue, QueueCallHandler newQueue)
     at Microsoft.Rtc.Acd.MatchMaking.CallHandler.RouteCallOnQueueTimeout(QueueCallHandler currentQueue)
     at Microsoft.Rtc.Acd.MatchMaking.CallHandler.OnStateTimerExpired()
     at Microsoft.Rtc.Acd.MatchMaking.AgentPresenceManager.OnTimerExpired(Object sender, TimerExpiredEventArgs args)
     at Microsoft.Rtc.Acd.MatchMaking.PresenceProvider.EventQueue.OnExecuteWorkItem(QueueWorkItem workItem)
  > Source: Microsoft.Rtc.Acd.MatchMaking
  > HResult: -2147467261
  Cause: Unhandled exception.
  Resolution:
  Check the events prior to this to resolve the unhandled exception. 
  Log Name:      Lync Server
  Source:        LS Application Server
  Date:          1/20/2015 4:07:06 AM
  Event ID:      32002
  Task Category: (1055)
  Level:         Information
  Keywords:      Classic
  User:          N/A
  Computer:      xxxxxxxxxx
  Description:
  The Application Host has stopped an application.
  The Application Host has stopped application RTCRGS
  Log Name:      Lync Server
  Source:        LS Response Group Service
  Date:          1/20/2015 4:07:06 AM
  Event ID:      31207
  Task Category: (2001)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      xxxxxxxxxx
  Description:
  An unhandled exception was encountered in Response Group Service.
  Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
     at Microsoft.Rtc.Acd.MatchMaking.CallHandler.StopQueueTimer()
     at Microsoft.Rtc.Acd.MatchMaking.CallHandler.RouteToAnotherQueue(QueueCallHandler currentQueue, QueueCallHandler newQueue)
     at Microsoft.Rtc.Acd.MatchMaking.CallHandler.RouteCallOnQueueTimeout(QueueCallHandler currentQueue)
     at Microsoft.Rtc.Acd.MatchMaking.CallHandler.OnStateTimerExpired()
     at Microsoft.Rtc.Acd.MatchMaking.AgentPresenceManager.OnTimerExpired(Object sender, TimerExpiredEventArgs args)
     at Microsoft.Rtc.Acd.MatchMaking.PresenceProvider.EventQueue.OnExecuteWorkItem(QueueWorkItem workItem)
     --- End of inner exception stack trace ---
     at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
     at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
     at System.Delegate.DynamicInvokeImpl(Object[] args)
     at Microsoft.Rtc.ApplicationServerCore.EventQueueEntry.ExecutionContextRunCallback(Object state)
     at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
     at Microsoft.Rtc.ApplicationServerCore.EventQueueEntry.InvokeEvent(Boolean executingSynchronously, EventSerializer serializer)
     at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvent(Boolean executingSynchronously, EventQueueEntry entry)
     at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvents(EventQueueEntry entry)
     at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
     at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
     at System.Threading.ThreadPoolWorkQueue.Dispatch()
  Cause: Internal error in Response Group Service.
  Resolution:
  Restart the service.  If the problem persists contact product support.
  Log Name:      Application
  Source:        .NET Runtime
  Date:          1/20/2015 4:07:06 AM
  Event ID:      1026
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      xxxxxxxxxxxx
  Description:
  Application: OcsAppServerHost.exe
  Framework Version: v4.0.30319
  Description: The process was terminated due to an unhandled exception.
  Exception Info: System.Reflection.TargetInvocationException
  Stack:
     at Microsoft.Rtc.ApplicationServerCore.EventSerializer.ProcessEvents(Microsoft.Rtc.ApplicationServerCore.EventQueueEntry)
     at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
     at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
     at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
     at System.Threading.ThreadPoolWorkQueue.Dispatch()
  Log Name:      Application
  Source:        Application Error
  Date:          1/20/2015 4:07:07 AM
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      xxxxxxxxxx
  Description:
  Faulting application name: OcsAppServerHost.exe, version: 5.0.8308.0, time stamp: 0x5050e359
  Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x5318237f
  Exception code: 0xe0434352
  Fault offset: 0x00000000000043c8
  Faulting process id: 0x3cbc
  Faulting application start time: 0x01d033d48b291c99
  Faulting application path: C:\Program Files\Microsoft Lync Server 2013\Application Host\OcsAppServerHost.exe
  Faulting module path: C:\Windows\system32\KERNELBASE.dll
  Report Id: b4e25672-a083-11e4-80ce-005056b06583
  Faulting package full name: 
  Faulting package-relative application ID: 
  I initially though this may be due to AV scanning but this has been disproved. Please assist me with troubleshooting this issue.
  thanks
  Chris

  Hi,
  Please make sure CMS replication update to the latest status.
  Try to install the latest update for Lync Server and reboot the server.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Business Objects, external services and application services in CAs

  Hi All,
  right now we are developing our first eSOA Composite Application with CE and I have some questions regarding Business Objects, the import of external services and the development of application services.
  As I understood there are two ways to provide business functionality for composite applications:
  a. Import backend functionality as an external service (e.g. BAPI, RFC) at the CAF, build the application service which can be used as a callable object for UIs or the GPs
  b. Develop a local Business Object (in CAF) providing the business logic, create the application service which again can be used as a callable object. Furthermore the application service can be exposed as a Web Service (external service).
  My questions:
  1. When is it appropriate to to import external services in stead of developing local BOs?
  2. Under what conditions is it advisable to (solely) develop local BOs?
  3. What are the advantages / disadvantages regarding the reusability of the services (in option a and b)?
  Note: We are developing on NetWeaver 2004s.
  Please let me know, if you need more information to answer the questions!
  Thanks for your advice in advance,
  Regards,
  Ivonne

  Hi Ivonne,
  first of all, the CAF Business Objects (BOs) itself don't contain any business logic, they're basically just local database tables (with some CRUD services on top).
  Business logic is implemented in Application Services (AS).
  Now, regarding local BO's vs. external services, it depends on your use case. If the data is already available somewhere in your backend system it makes sense to use external services. For instance you wouldn't want to store business partners all over different composites. For data that is specific to your composite (in particular configuration, customizing etc.) and not likely to be reused by other applications you should use local BOs.
  Accessing local BO's is also much faster than calling external services.
  You can do reuse in both scenarios, since the CAF services can be exposed as web services.
  Regards,
  Christian
  Edited by: Christian Loos  on Apr 8, 2008 6:11 PM

• LS Response Group Service

  Wondered if anyone had seen this before , we're getting the following error on all our Lync 2013 Front Ends but we aren't seeing any impact at all
  Event 31149, LS Response Group Service
  Unhandled Exception occurred when the service was running on a thread pool used by the platform.
  Unhandled Exception: System.NullReferenceException - Object reference not set to an instance of an object.
  Inner Exception: ~
  Cause: Unhandled exception.
  Resolution:
  Restart to service
  Just to confirm restarting the service does not resolve this and the error comes in every 15 minutes.
  Thank you 

  Try to install the latest update for Lync Server and reboot the server.
  Lisa Zheng
  TechNet Community Support

• ASA 5510 & Object-groups

  I have an ASA 5510 and have just started using object-groups which are super handy in theory, but not working in reality. I have a service object-group with a mix of tcp, icmp, and udp ports. Let's call it Sample_Port_Group. I'm trying to apply it to my dmz_access_in ACL. Here's the line giving me problems:
  access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 any
  The asa throws up an error between 192.168.1.1 and any. When I put up a ? after Sample_Port_Group, it gives me the option of putting in an IP address, any, etc. When I put in a ? after 192.168.1.1, it only gives me the option of putting in an IP address.
  Going off these posts:
  - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml
  - http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/nwaccess.html
  Those posts gave me the impression my line was possible, especially the "access-list outsideacl extended permit object-group myaclog interface inside any" line, which is at the end of the 2nd article linked.
  What am I doing wrong?
  Thanks in advance for any help.

  Hi Adam!
  You are doing it right, you are just missing on little keyword.
  The line should be as this:
  access-list dmz_access_in extended permit object-group Sample_Port_Group host 192.168.1.1 any
  or you could specify the subnetmask as:
  access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 255.255.255.255 any
  Regards

• Business objects data services

  Hi,
  We are doing some feaibility study to implement the reports distribution by splitting the file according to vendors and sending the mail accordingly.  As part of this i would like to know can we split the file as mentioned above and send email to the vendors using To and CC in the mail with the attachment of either .TXT file or XLS file using the Business objects data services.
  Thank you
  Best regards,
  MANREDDY
  Edited by: MANREDDY on Aug 13, 2011 8:28 AM

  You might have better luck in the (somewhat misnamed) [Data Integration and Data Quality Management|Data Services and Data Quality; forum:
  This forum is dedicated to topics related to SAP BusinessObjects Data Services (Data Integrator, Data Quality Management, Text Data Processing), SAP BusinessObjects Information Steward (Metadata Management, Data Insight), SAP BusinessObjects Rapid Marts and SAP BusinessObjects Data Federator.
  (emphasis added)
  Regards,
  Sean

• Sample for Business Objects Web Services for Admin Tasks

  Hi,
  Anyone has any idea that where can I get a sample using Business Objects Web Services for Admin Tasks like:
  - How To Set Security Rights
  - How To Manage Categories
  - How To Manage User Accounts
  - How To Manage User Groups
  Thanks,
  Harshad

  Samples are available at:
  https://www.sdn.sap.com/irj/sdn/businessobjects?rid=/webcontent/uuid/e02e0a54-6471-2b10-c99c-d66e07fab102&startindex=21
  Check BOSAP notes and other samples page for more info.

• How  to implement "my appraisals" service in ESS ?

  hi,
  i am configuring ESS in EP 6.0. My back end system is MySAP ERP. i wanted to implement "My Appraisals" service in ESS but i dont see any iview for it . Can anyone tell me how to implement it in ESS?
  regards,
  aditi

  Hi Aditi
  if u dont' found ZEMPLOYEE_CAREER_MBO  (customer specific)
  crate ur own by following
  spro ->IMG ->cross-application components ->Homepage Framework-> resources ->define resources ->define resources (add entry)
  click on new entry
  specifi the following
  resource key -
  >ZEMPLOYEE_CAREER_MBO
  description -
  >Appraisals In Process
  object name----->hap_document/documents_todo.htm
  url of pcd page-->pcd:portal_content/com.sap.pct/every_user/com.sap.pct.ess.employee/com.sap.pct.ess.roles/com.sap.pct.ess.employee_self_service/com.sap.pct.ess.employee_self_service/com.sap.pct.ess.area_career_job/com.sap.pct.ess.bsp_career_job
  save ur entry. release the request.
  now create the service.
  spro ->IMG ->cross-application components ->Homepage Framework-> services->define services->define services(add entry)
  click on new entry specifie following
  service key -->EMPLOYEE_CAREER_APPRAISALS
  service link text-->Appraisals
  service type--->service build with BSP
  link resource--->ZEMPLOYEE_CAREER_MBO
  save ur entry.
  now click on assign services to subarea->Assign Services to Subareas (Find Entries)
  create new entry.
  subarea key---->EMPLOYEE_CAREER_SUBAPPRAISALS
  service key short---->EMPLOYEE_CAREER_APPRAISALS
  position--->1
  if u have any query revert back
  regards,
  kaushal

• ICR 002 - Object Groups and Sets

  Hi,
  Tcode here is FBCR009.
  I need one help on the PROCESS 002 for ICR. In the current system, we have implemented the Object groups and Sub groups as mentioned below:
  Object Group - 100
  Object Subgroup 100
  Object group  Sequence      Company Field  Company Set   Description                   Partner Field     Partner Set    description
  100     1     RACCT     RULE2A     B/S Cash Management     RACCT     RULE2B     B/S Cash Management
  100     2     RACCT     RULE3A     B/S ST Interest Bearing     RACCT     RULE3B     B/S ST Interest Bearing
  100     3     RACCT     RULE4A     B/S ST Non-Interest Bearing     RACCT     RULE4B     B/S ST Non-Interest Bearing
  100     4     RACCT     RULE5A     B/S ST Non-Interest Bearing Derivatives     RACCT     RULE5B     B/S ST Non-Interest Bearing Derivatives
  100     6     RACCT     RULE7A     P&L LT Interest     RACCT     RULE7B     P&L LT Interest
  100     7     RACCT     RULE8A     P&L ST Interest     RACCT     RULE8B     P&L ST Interest
  100     8     RACCT     RULE9A     P&L Toll     RACCT     RULE9B     P&L Toll
  100     9     RACCT     RULE10A     P&L Royalties     RACCT     RULE10B     P&L Royalties
  100     10     RACCT     RULE11A     P&L Rent     RACCT     RULE11B     P&L Rent
  100     11     RACCT     RULE12A     P&L Brokerage Commission     RACCT     RULE12B     P&L Brokerage Commission
  100     12     RACCT     RULE13A     P&L Warehousing     RACCT     RULE13B     P&L Warehousing
  100     13     RACCT     RULE14A     P&L Misc/Other     RACCT     RULE14B     P&L Misc/Other
  100     14     RACCT     RULE15A     P&L Insurance     RACCT     RULE15B     P&L Insurance
  100     15     RACCT     RULE16A     B/S LT     RACCT     RULE16B     B/S LT
  I am a little confused here. The following sets under the sub-group has a logical u201CANDu201D . the customer corporate reporting group would like to see the Config to allow each group of accounts defined as ruleXa reconciled to group of accts defined as ruleXb, e.g.
  Rule 2A with Rule 2B
  Rule 3A with Rule 3B etc
  Each Company set should only reconcile with the partner set.
  looked at this OSS Note 1499183 - ICR: Documents are not assigned to the object groups & got even more confused.
  Request if you can advice here.
  Regarzds
  Aahish

  Hello Johannes,
  Unfortunately what you are trying to do is not possible.
  Object groups are defined using the information in the totals table. Therefore fields only available in the line item table cannot be used when setting up object groups. Unfortunately it is also not possible to set up status fields on the totals level because of the standard update process of those fields when setting a status (the line item table is modified directly, there is no totals update). Depending on the details of your setup you might be able to simply add a "normal" field on the totals level and then fill it via BADI. This would probably work quite well if the field does not have to be set manually - and in this case you do not really need the functionality of setting a status manually either.
  I hope this helps you in your efforts!
  Ralph