Initial Load - AS ABAP - getting only user with a group
Hi,
when i start initial load, i just get users with groups. Is that standard?
Br,
Philip
First of all - you'll need to familiarize yourself with the database for effective learning and debugging. I'm talking about the MS-SQL or Oracle-DB where you installed the IC-schema. It often helps me to understand whats going on behind the scenes.
Secondly - I read some of your posts - I would advise you to install the dispatcher and everything on the server where the DB is hosted - at least as long as you're in development. The MMC can still be on your local pc/laptop, although some things won't work well there (Import, Dispatcher-Status, ...). This'll ease things a lot I suppose.
About the service-user... SAP delivers a role you can import into PFCG (SAP_BC_SEC_IDM_.SAP-File in misc-folder of installation media). This role should be sufficient for your communication user, is updated every now and then and contains only the necessary permissions. Maybe you'll have to extend it (Z_SAP_) in case you want to read special tables not supported by the SAP framework (e.g. license data).
I can hardly believe that the current role assigned to your user only has permissions to users with groups != empty
By now I have no clue why you only see users in IdM with groups assigned in SU01... look up the SQL-table I mentioned if there are more users.
BR
Michael
Similar Messages
-
can i get only the users into a group?
I use the search_s function but it returns to me the users and also the groups.
this is my function:
my_attrs(1) := 'uniquemember';
filter :='cn='||nameGroup;
my_session := DBMS_LDAP.init(ldap_host,ldap_port);
retval := DBMS_LDAP.simple_bind_s(my_session,ldap_user, ldap_passwd);
retval := DBMS_LDAP.search_s( my_session,
ldap_base,
DBMS_LDAP.SCOPE_SUBTREE,
filter ,
my_attrs,
0,
my_message);
my_entry := DBMS_LDAP.first_entry(my_session, my_message);
ecc..
the output is:
cn=gatano_188,cn=users,dc=s,dc=com
cn=gatano_187,cn=users,dc=society ,dc=com
cn=gatano_799,cn=users,dc=society ,dc=com
cn=gatanogruppo_5,cn=groups,dc=society ,dc=com
I would want only the users.
how can I filter the users?
thanksThanks for the reponse. I appreciate that very much. Please do provide a link of any document explaining this mogration procedure or any other relevent document that can help us achieve it.
Thanks one again.
kymlaik -
Hi.
Initial load from ABAP described in following PDF document failed.
Identity Management for SAP System Landscapes: Configuration Guide
http://service.sap.com/~sapidb/011000358700001449662008E
System log Error
lang.ExceptionInInitializerError: JCO.classInitialize(): Could not load middleware layer 'com.sap.mw.jco.rfc.MiddlewareRFC'
JCO.nativeInit(): Could not initialize dynamic link library sapjcorfc [C:\WINDOWS\system32\sapjcorfc.dll: Can't find dependent libraries]. java.library.path [C:\Program Files (x86)\Java\j2re1.4.2_16\bin;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS;......
Environment is
IdM 7.1
NW AS JAVA 7.0 SP 17
Windows 2003 Server 64bit
SQL Server
Any help will be most appreciated !Hi You Nakamura,
We are facing the same problem during AS ABAP - initial load with the same error message.
I downloaded the msvcp71.dll file and placed it in System32 folder. But the problem remains the same (even after server restart).
The system log shows the same error message and no entries in job log.
Please let me know if you had followed any different way to install the dll file.
Regards,
Vijay.K -
Where do I see Sharepoint user with no group or permission in the UI ?
Hello All -
The powershell cmdlet 'New-SPUser' has only 2 mandatory parameters UserAlias and Web. Group and PermissionLevel are not required.
This means I can create a user with no group or no permission level. However UI does not allow this to happen, it forces you to select either one (group or permission level).
My question is where do I see the user in UI which was created using powershell without any group or permission level ? The reason I ask is UI when it displays user, a group is always selected.
Thanks!You should be putting the "_catalogs/users/detail.aspx" section into your url. For example if you were to go into your site settings page your url might start as:
"http://manju.sharepoint.domain.com/sites/manjuTest/_layouts/settings.aspx"
and it should become:
http://manju.sharepoint.domain.com/sites/manjuTest/_catalogs/users/detail.aspx -
Getting a user's primary group from Active Directory
I'm coding a java web app that should authenticate a user to Active Directory and return his primary group.
Using JNDI apis I realized the first part (authentication) and functions well but still having problems with the second part (getting the user's primary group).
Is there somebody who knows/gets some codes for getting this info from Active Directory using java?
Thanks a lot.
Regards.
John.I'm coding a java web app that should authenticate a user to Active Directory and return his primary group.
Using JNDI apis I realized the first part (authentication) and functions well but still having problems with the second part (getting the user's primary group).
Is there somebody who knows/gets some codes for getting this info from Active Directory using java?
Thanks a lot.
Regards.
John. -
Listing of Users with associated Groups
Is there an easy way to generate a listing of APEX users and their associated groups? I know how to get the current user and how to determine what groups they are part of, but am looking for a simple query I can run to generate a complete list of Users and their associated groups.
Thanksif you want to return the application groups that a user is assigned to, you can use the WWV_FLOW_GROUP_USERS intersection table. For example;
SELECT group_name
FROM wwv_flow_group_users
WHERE user_id = (SELECT user_id
FROM wwv_flow_users
WHERE user_name ='MRITTMAN')
would list out all of the groups that the user 'MRITTMAN' belongs to
So to get all users and their groups, remove the where clause..
(You will need read rights to the view, some dba's deny read rights to these objects in the name of security..)
Thank you,
Tony Miller
Webster, TX -
How to List view web part to display document library for only users with access permission
Hi
I am trying to accomplish this requirement but I don't know if that is possible or how to get there. Any suggestion or advice are helpful.
On a site collection, I have several document libraries, with each library have unique permission to a few user or SharePoint group.
I want to create a web part page and make that the site home page. On this web part page, I want to create a Content Search Web Part to list the content of the document library that the logged on users have permission to see.
Is this possible with CSWP or is there anything easier or if it is not possible at all, please advise.
Thanks
SwanlHi ,
Based on your description, my understanding is that you want to create a Content Search Web Part to list the documents that the logged on users have access permission.
It is feasible with CSWP, you can follow the below step:
Edit Content Search Web Part->Change query-> Select a query: Items matching a content type (System); Restrict by app: Current site collection; Restrict by content type: Document.
Best Regards,
Lisa Chen
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet
Subscriber Support, contact [email protected] -
Initiator Task not visible to other users in the Group
Hi
JDeveloper 11.1.1.6, WLS 10.3.6, BPM 11.1.1.6
I have a Process and the swimlane containing the Initiator Task is assigned to a Group.
All the users in the group are able to Initiate the Task.
But when the Task is initiated, the Task is assigned to the User specifically, but not to the Group. I guess this is the default behavior.
The Human Task Assignee - defaultPerformer for the Initiator Task is uneditable in the initiator.task file.
What I was expecting is that, since the Initiator swimlane is assigned to the Group, All the users in the Group should be able to see the Tasks initiated by anyone in the Group.
I want this behavior in the Initiator type of tasks specifically. (The normal Tasks other than Initiator tasks are working as expected.)
The reason why we want this is, let us say after the task is created, and before it is submitted, there is a lot of work to be done, for example, data entry, should be done by many people in the Group.
If all the users in the Group are able to see the Initiator Task, then it will help to share the responsibility of data entry among the users of the group.
I tried Reassigning the task to Group, and it works, but we am looking for something automatically assigning to the Group when the Process is created. (We may not be using the Oracle BPM Workspace at all).
Can anyone please tell us if there is a way to make the Initiator Task automatically assigned to the Group instead of just the user?
Thanks for any help
SameerHi Ashwini
Thanks for replying.
I did the same and it was working for me even if the Type is Single.
I just gave the Group name and all users were able to see the task. This is fine with me.
I just observed one more thing.
When the task is created, all the users in the Group are able to see it in 'Me & My Group'.
But the data entered by the creator is not seen by other users.
There is an action 'Save' in the Task. If the creator clicked on it, then the task is automatically 'Acquired' by the creator.
Other users in the group are able to see the task and the saved data, but are not able to Submit.
What I expected the Save button to do is only to Save the data in the Payload. Not Claim it.
Is there a way to make the payload data only to save but not to claim the task?
Thanks and Regards
Sameer -
Only users with admin privileges can connect to shares
i have set up a 10.6.4 server but only admin users can see the shares.
other users can connect but no shares appear. (their connection appears in the log and on 10.3.9 you get a blank list of shares available)
i do have the users set via POSIX as the group owner (all users are in the assigned group).
i have propogated the permissions as well.
i did alter the access pane to make it so all could use AFP.
i tried making it restricted and adding all groups and users to no avail.
i feel it's something pretty silly i'm missing.
any advice would be appreciated.bzzzz wrote:
i have set up a 10.6.4 server but only admin users can see the shares.
other users can connect but no shares appear. (their connection appears in the log and on 10.3.9 you get a blank list of shares available)
i do have the users set via POSIX as the group owner (all users are in the assigned group).
i have propogated the permissions as well.
i did alter the access pane to make it so all could use AFP.
i tried making it restricted and adding all groups and users to no avail.
i feel it's something pretty silly i'm missing.
any advice would be appreciated.
Two possibilities spring to mind -
1. The Service security settings may not allow users to connect, look in Server Admin, click on the Access icon at the top, check the security settings for the AFP service.
2. ACLs (Access Control Lists) override the POSIX security settings, and Leopard and Snow Leopard much prefer using ACLs (Tiger like POSIX better). If no ACLs are defined for a directory then the POSIX permissions apply. -
Get only range with multiple evdre
Hi
Gurus
how to get to select only one EVDRE cells to send data when i have two evdre's ina worksheet.
Well i tried with having applied getonly range to complete one EVDRE, but when i tried to send I still see that the dimensions and members from the first evdre are read.
inthe first evdre i have parent members and so the EVDRE is not successfull when sending data from the second evdre
thanksHi,
Whenever you are sending data, it has to be send on the base level members only. If you enter it in the parent level members, it will not be sent.
If you dont want to send data for a particular membersheet you can enter NOSEND in Option range. It will not send any data for that EVDRE report.
While sending the data for some EVDRE, you are always asked for Active Worksheet to Workbook option. If you select worksheet, it will only send data for that particular worksheet only.
Hope this clarifies.
Rgds,
Poonam -
Hierarchical sql-how to get only branches with at least one not null leaves
On 10gR2 we want below hierarchical query to return only the branches which at least have one not NULL leaf ;
-- drop table corporate_slaves purge ;
create table corporate_slaves (
slave_id integer primary key,
supervisor_id references corporate_slaves,
name varchar(100), some_column number );
insert into corporate_slaves values (1, NULL, 'Big Boss ', NULL);
insert into corporate_slaves values (2, 1, 'VP Marketing', NULL);
insert into corporate_slaves values (9, 2, 'Susan ', NULL);
insert into corporate_slaves values (10, 2, 'Sam ', NULL);
insert into corporate_slaves values (3, 1, 'VP Sales', NULL);
insert into corporate_slaves values (4, 3, 'Joe ', NULL);
insert into corporate_slaves values (5, 4, 'Bill ', 5);
insert into corporate_slaves values (6, 1, 'VP Engineering', NULL);
insert into corporate_slaves values (7, 6, 'Jane ', NULL);
insert into corporate_slaves values (8, 6, 'Bob' , 3);
SELECT sys_connect_by_path(NAME, ' / ') path, some_column col, connect_by_isleaf isLeaf
FROM corporate_slaves
CONNECT BY PRIOR slave_id = supervisor_id
START WITH slave_id IN
(SELECT slave_id FROM corporate_slaves WHERE supervisor_id IS NULL) ;For this example wanted output is like this one since Marketing has no NOT NULL some_column leaves where as Engineering and Sales has at least one;
PATH
/ Big Boss
/ Big Boss / VP Sales
/ Big Boss / VP Sales / Joe
/ Big Boss / VP Sales / Joe / Bill
/ Big Boss / VP Engineering
/ Big Boss / VP Engineering / Jane
/ Big Boss / VP Engineering / Bob Regards.Here is a slightly modified version, you can try it:
WITH SRC AS (
SELECT SYS_CONNECT_BY_PATH(NAME ,
'/ ') path,
SOME_COLUMN COL,
CONNECT_BY_ISLEAF ISLEAF,
CONNECT_BY_ROOT SLAVE_ID ROOT_SLAVE_ID,
SLAVE_ID slave_id,
CONNECT_BY_ROOT SUPERVISOR_ID SUPERVISOR_ID,
SOME_COLUMN
FROM CORPORATE_SLAVES
CONNECT BY PRIOR SLAVE_ID = SUPERVISOR_ID
SELECT path, col, isleaf
FROM SRC
WHERE SUPERVISOR_ID IS NULL
AND SLAVE_ID IN (SELECT ROOT_SLAVE_ID FROM SRC WHERE SOME_COLUMN IS NOT NULL)
PATH COL ISLEAF
/ Big Boss 0
/ Big Boss / VP Sales 0
/ Big Boss / VP Sales/ Joe 0
/ Big Boss / VP Sales/ Joe / Bill 5 1
/ Big Boss / VP Engineering 0
/ Big Boss / VP Engineering/ Bob 3 1
6 rows selectedI tested it for 1000 records in the source table (tested on Oracle 10 XE),
and .... the performance was a big surprise:
INSERT INTO corporate_slaves
SELECT SLAVE_ID + X SLAVE_ID,
SUPERVISOR_ID + X SUPERVISOR_ID,
NAME || ' ' || X NAME,
some_column
FROM CORPORATE_SLAVES
CROSS JOIN (
SELECT 10*LEVEL x
FROM DUAL
CONNECT BY LEVEL <= 100
COMMIT;
SELECT count(*) FROM corporate_slaves;
COUNT(*)
1010 Your query (slightly modified - removed leading space from the separator in CONNECT_BY_PATH):
set timings on;
CREATE TABLE BUBA1 AS
SELECT SYS_CONNECT_BY_PATH(NAME,
'/ ') path,
some_column col,
connect_by_isleaf isleaf
FROM corporate_slaves
WHERE slave_id IN (SELECT connect_by_root slave_id "slave_id"
FROM corporate_slaves
WHERE some_column IS NOT NULL
CONNECT BY PRIOR slave_id = supervisor_id)
CONNECT BY PRIOR slave_id = supervisor_id
START WITH SLAVE_ID IN
(SELECT SLAVE_ID FROM CORPORATE_SLAVES WHERE SUPERVISOR_ID IS NULL)
CREATE TABLE succeeded.
6 095ms elapsedrewritten query:
CREATE TABLE BUBA2 AS
WITH SRC AS (
SELECT SYS_CONNECT_BY_PATH(NAME ,
'/ ') path,
SOME_COLUMN COL,
CONNECT_BY_ISLEAF ISLEAF,
CONNECT_BY_ROOT SLAVE_ID ROOT_SLAVE_ID,
SLAVE_ID slave_id,
CONNECT_BY_ROOT SUPERVISOR_ID SUPERVISOR_ID,
SOME_COLUMN
FROM CORPORATE_SLAVES
CONNECT BY PRIOR SLAVE_ID = SUPERVISOR_ID
SELECT path, col, isleaf
FROM SRC
WHERE SUPERVISOR_ID IS NULL
AND SLAVE_ID IN (SELECT ROOT_SLAVE_ID FROM SRC WHERE SOME_COLUMN IS NOT NULL)
CREATE TABLE succeeded.
167ms elapsed
SELECT COUNT(*) FROM BUBA1;
COUNT(*)
606
SELECT COUNT(*) FROM BUBA2;
COUNT(*)
606
SELECT COUNT(*) FROM(
SELECT * FROM BUBA1
INTERSECT
SELECT * FROM BUBA2
COUNT(*)
606 ANd now the above tests repeated for 10.000 records
truncate table corporate_slaves;
insert into corporate_slaves values (1, NULL, 'Big Boss ', NULL);
insert into corporate_slaves values (2, 1, 'VP Marketing', NULL);
insert into corporate_slaves values (9, 2, 'Susan ', NULL);
insert into corporate_slaves values (10, 2, 'Sam ', NULL);
insert into corporate_slaves values (3, 1, 'VP Sales', NULL);
insert into corporate_slaves values (4, 3, 'Joe ', NULL);
insert into corporate_slaves values (5, 4, 'Bill ', 5);
insert into corporate_slaves values (6, 1, 'VP Engineering', NULL);
insert into corporate_slaves values (7, 6, 'Jane ', NULL);
insert into corporate_slaves values (8, 6, 'Bob' , 3);
INSERT INTO corporate_slaves
SELECT SLAVE_ID + X SLAVE_ID,
SUPERVISOR_ID + X SUPERVISOR_ID,
NAME || ' ' || X NAME,
some_column
FROM CORPORATE_SLAVES
CROSS JOIN (
SELECT 10*LEVEL x
FROM DUAL
CONNECT BY LEVEL <= 1000
COMMIT;
SELECT count(*) FROM corporate_slaves;
COUNT(*)
10010
CREATE TABLE BUBA22 AS
WITH SRC AS (
SELECT SYS_CONNECT_BY_PATH(NAME ,
'/ ') path,
SOME_COLUMN COL,
CONNECT_BY_ISLEAF ISLEAF,
CONNECT_BY_ROOT SLAVE_ID ROOT_SLAVE_ID,
SLAVE_ID slave_id,
CONNECT_BY_ROOT SUPERVISOR_ID SUPERVISOR_ID,
SOME_COLUMN
FROM CORPORATE_SLAVES
CONNECT BY PRIOR SLAVE_ID = SUPERVISOR_ID
SELECT path, col, isleaf
FROM SRC
WHERE SUPERVISOR_ID IS NULL
AND SLAVE_ID IN (SELECT ROOT_SLAVE_ID FROM SRC WHERE SOME_COLUMN IS NOT NULL)
CREATE TABLE succeeded.
345ms elapsed
CREATE TABLE BUBA11 AS
SELECT SYS_CONNECT_BY_PATH(NAME,
'/ ') path,
some_column col,
connect_by_isleaf isleaf
FROM corporate_slaves
WHERE slave_id IN (SELECT connect_by_root slave_id "slave_id"
FROM corporate_slaves
WHERE some_column IS NOT NULL
CONNECT BY PRIOR slave_id = supervisor_id)
CONNECT BY PRIOR slave_id = supervisor_id
START WITH SLAVE_ID IN
(SELECT SLAVE_ID FROM CORPORATE_SLAVES WHERE SUPERVISOR_ID IS NULL)
CREATE TABLE succeeded.
526 437ms elapsed
SELECT COUNT(*) FROM BUBA11;
COUNT(*)
6006
SELECT COUNT(*) FROM BUBA22;
COUNT(*)
6006
SELECT COUNT(*) FROM(
SELECT * FROM BUBA11
INTERSECT
SELECT * FROM BUBA22
COUNT(*)
6006 Wow.... 526 seconds vs. 0,4 seconds !!!
131500 % performance gain ;)
I have got similar results on Oracle 11.2 -
Get 365 users with all licenses
I am looking for a script that can output all my office 365 users and then tell me which licenses they have assigned to each of them. For example something like below. It doesent have to be in that format. I have been looking but all I have seen is scripts
like this: Get-MsolUser | where-Object { $_.isLicensed -eq "TRUE" } UserPrincipalName, DisplayName, Country, Department | Export-Csv C:\testdoc.csv But all this does is show me the users that are licensed in 365.
UserName Program Licensed
tjackson 365 Enterprise E3 True
Visio False
Project TrueHi,
The PowerShell command Syntax to display information about all users and their licenses type should be:
Get-MsolUser -All | FT Displayname,Licenses
To display information about License Options assigned to ALL Users:
Get-MsolUser -all | ForEach-Object { "============="; $_.DisplayName; $_.licenses[0].servicestatus }
Please note we don't provide script support in this forum, personally I'm not a master of script, so the information I can provide is quite limited, since this problem is more Office 365 related, if you need further assistance, I suggest you post the
question in Office 365 Community:
https://community.office365.com/en-us/f/default.aspx
Regards,
Melon Chen
TechNet Community Support -
The website is for invoicing and the very large company that has their invoicing on there is not going to upgrade to fix the problem, they say just download a previous version in order to access the site. However, I cannot find on here where to download a previous version of firefox.
The only previous version that is still supported with security updates is Firefox 3.6.x.
All other versions from Firefox 4 till the current Firefox 9.0.1 version are security and stability updates and add new features. It is not recommended to downgrade to such a version.
You can install the portable Firefox 3.6.x version to access websites that do not work with Firefox 5+.
*http://portableapps.com/apps/internet/firefox_portable#legacy
*http://portableapps.com/apps/internet/firefox_portable/localization#legacy36
See also:
*https://support.mozilla.org/kb/Installing+a+previous+version+of+Firefox -
I am updating roles and would like to use the [me] and [my group] tokens for views. I am planning on updating all the templates to specify an ad group in the "Assigned to User" field that corresponds to the appropriately selected support
group. I would like to avoid having the "Assigned to User" blank (this could happen either via using a generic template, or when re-assigning workitems) so I think I need a workflow to remediate any workitems that have no Assigned to Users.
There does not seem to be an easy way to do this just with a workflow configuration. Do I need to create a workflow with the authoring tool? Can I create a workflow that will compare a support group (enumeration?) and assign an appropriate
AD group?probably the easiest way to do this would be to create a console workflow that runs on create (or update, if you want this to be reoccurring) and checks for the looks for the Display Name of the Assigned to user. This would only be populated if there was
a legitimate user, and would be null otherwise.
you could create console workflows for each support group (i.e. If Supportgroup = NumberA and AssignedtoUser.Displayname is blank) that applies a template that contains the correct user or group for that support group enum.
other options are available, so let us know what you're ideal conditions are. -
I send emails to a list that is divided into four groups.
Recently the fourth group has stopped working.
It has seventy addresses in it.
The others have between 70-100 and work fine.
When I type the name of the other groups into the address panel and click on it the addresses all appear.
When I do this with the fourth group only the name appears and not the addresses, so it does not send.
I now have to put each address into the panel individually which is time-consuming and annoying.
Please help if possible. Thanks.Assuming you are talking about Logic Pro X.... (You may want to update your Equipment list that shows below you post btw)
Go to Logic Pro X's preferences and turn on all the advanced features under the Advanced Tab...
Now LPX will be running under the full Logic Pro mode and not the cutdown 'Garageband Pro' mode and the missing features will be present.
Maybe you are looking for
-
Voice dial does not confirm nor allow cancel
When I use voice dial (usually via bluetooth headset on iPhone 3GS), if the iPhone decides it has found an exact match, it will notify me of the match and then start dialing. It does not confirm the match with me, and when it starts dialing, the "Ca
-
Images not loaded from WEB-INF/lib/images.jar
The images are found in root/images/*.gif, but not when jarred up and placed in the lib folder. I've looked everywhere for a solution but all I've seen is suggestions of other places to put the folder, or to add it to the classpath. The jar is being
-
Heya Guys, I have a Mac Mini with two partitions one is a standard server and the other one is an advanced server. The standard server uses its IP address as its DNS name and ISP DNS server, the advanced one uses its own DNS though, but I don't know
-
Any AP Suppliers API for update?
Hi everyone, I have a large volumes of suppliers that need to be updated. Are there any API's that I can use for update. I need to update Receiving and Invoice Managment information for suppliers Is this possible or not a good idea to do that. what w
-
Convert lines of itab into csv
Hi! I have an itab with many lines and want to save this itab to a file as csv. That means, that the fields of the structure the table consists of should be separated by a comma, not the lines! I found the solution in this forum, the function 'SAP_CO