Internet user role for BP category type "Organisation"
Dear All,
We have some BPs which is created under the BP category of "Organization" with role sold-to-party. Now the client wants to extend this BPs to Internet user role. Where as in Standard internet user role will be assigned to only person category.
Please advise me on the same.
Regards
Ashwini
Hi Ashwini,
you need to modify the logon routine and then in the user management (isauseradmin application) to do this. Then there are likely changes to the catalog identification, and very likely to most processes in the shop. I really wouldn't advise doing so. As accounts usually have contact persons: Why does your client insist in providing a login for the organization and not for a person?
To achieve something that looks almost like the desired solution you, e.g., could model a dummy contact person for each account that shall get a logon, that then does the job. The contact person could be named like the company and then you are back to plain standard.
Rgds
Thomas
Similar Messages
-
Problem assigning internet user Role through portal
Hi All,
Please could someone help me with the following:
I am creating a registration process that creates a new CRM Business partner with contact person and internet user roles. When i run the Bapi from with in CRM everything works fine however when i run my jsp dynpage application and call the same bapi, the internet user that i create does not have any of the logon details or roles. Does anyone know why this is? i am using the same user when running in crm and the portal.
Many thanks in advance
CalvinHi Sunil,
Thanks for your reply. answers to your questions:
1. Yes, all portal users are maintained and have the same roles as CUA users. Portal authenticates against CUA.
2. Yes the user is created correctly on the backend. i have created a BAPI that creates users, BP's and assigns roles. This Bapi works perfectly when run in CRM but as soon as it is accessed via the portal the internet user role does not have all the required information.
Many thanks
Calvin -
Assigning the End User Role for E learning management in Solution Manager
Hello Team,
In the E Learning Management in Solution Manager, I have to a assign the End User Role for each Bussiness Process. While assigning the role, I couldn't able to assign the role of type " JOB ". What have I do to get the type as JOB instead of "Organizational Unit" and "User"?
Regards,
Shyjith.KHi,
Have you maintained your Organizational data? Did you assign any job to any user in the organizational hierarchy. You need to maintain you PPOMA_CRM first in order to assign any roles there.
Hope this helps
Rajeev -
Security Issues with the BP Internet user role creation--SU01
Hi All,
We are implementing the B2B Internet sales scenario using CRM 4.0. we
have contact persons who logs in and chose the distributor and then
start placing orders or look at product catalog .... Now contact person
is created as a BP in CRM and relation ship is maintained to sold to
(bp). During this process the contact person should be created under
the Internet user role which uses the SU01. so we will be able to
change password or change the roles of the users while creating BP
under the internet user role -- same as what we do in SU01.
This is now a security Issue because who ever can access the BP
(create/change) will be able to do the things we can do under
transaction SU01. But we still need to access the Internet user role in-order to assign the user id to the contact person . Is there any other
way of doing this.
Please advice ASAP.
Thanks
VasuHi Ashwini,
you need to modify the logon routine and then in the user management (isauseradmin application) to do this. Then there are likely changes to the catalog identification, and very likely to most processes in the shop. I really wouldn't advise doing so. As accounts usually have contact persons: Why does your client insist in providing a login for the organization and not for a person?
To achieve something that looks almost like the desired solution you, e.g., could model a dummy contact person for each account that shall get a logon, that then does the job. The contact person could be named like the company and then you are back to plain standard.
Rgds
Thomas -
How to add a default user group for multiple document type's?
Hi,
I am trying to add same default user group for different document types when MA is created. Is there any way to setup using a single "Document Security Template"? Or I need to create different templates for different document types?
Please confirm.
Thanks,
SaloniHi Saloni,
Based on what your specific requirement, it might be easier to do it with scripting.
If you are doing it using Document Security Templates, you would have to create a Document Security Template for each of the 6 MA types and assign the default group. Create another one and leave the Document Type field blank, so it will apply to the other 4 MA types that don't have a default group.
Regards,
Vikram -
How to create Users/Roles for ldap in weblogic without using admin console
Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
or is there any ant script for creating USers/Roles?
Regards,
Raghu.
Edited by: user9942600 on Jul 2, 2009 1:00 AM
Edited by: user9942600 on Jul 2, 2009 1:58 AMHi..
You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
.e.g. wlst create user
..after connecting to admin server
serverConfig()
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
cmo.createUser("userName","Password","UserDesc")
..for adding/configuring a role
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
cmo.createRole('','roleName', 'userName')
...see the mbean docs for all the different attributes, operations etc..
..Mark. -
API User Hook for Restricting Category Creation in a sepcific catalog
Q: API User Hook for Restricting Category Creation in a sepcific catalog by a specific responsibility. I want to capture GO button process event?
Hi All,
Can anyone help me if anyone have used user hook for OLM? My requirement is to restrict course creation for the specific category... when we select category and select course and click on go button which process is calling? How can we identify the BP Package and Procedure name of that GO button?
urgent reply shall be a great help.
thank you.
Regards,
ADOK, I just tried to insert an element entry from the API and it works perfectly
The problem seems to be coming from the form. Is the form not using an API?
If this is the case, should I do a personalization and run a PL/SQL procedure each time a change is made? -
Office 365 API, error: The token has invalid value 'roles' for the claim type ''
Hi guys,
I am trying to develop a Daemon / Server application using the new Office 365 APIs. I have added a new application to Azure Active Directory. I am using cURL + the app ID and secret to get a JWT token, this is the exact request:
curl -X POST https://login.windows.net/TENANT_KEY/oauth2/token \
-F redirect_uri=http://spreadyDaemon \
-F grant_type=client_credentials \
-F resource=https://outlook.office365.com/ \
-F client_id=XXXX \
-F client_secret=XXXX=
I get back a JWT however it has no scopes for access set here is the decoded JWT claims:
"ver": "1.0",
"aud": "https://outlook.office365.com/",
"iss": "https://sts.windows.net/TENANT_KEY/",
"oid": "17fa33ae-a0e9-4292-96ea-24ce8f11df21",
"idp": "https://sts.windows.net/TENANT_KEY/",
"appidacr": "1",
"exp": 1415986833,
"appid": "XXXX",
"tid": "e625eb3f-ef77-4c02-8010-c591d78b6c5f",
"iat": 1415982933,
"nbf": 1415982933,
"sub": "17fa33ae-a0e9-4292-96ea-24ce8f11df21"
Therefore when I do a request to the exchange API endpoint I get the following response:
HTTP/1.1 401 Unauthorized
Cache-Control: private
Server: Microsoft-IIS/8.0
request-id: d08d01a8-7213-4a13-a598-08362b4dfa70
Set-Cookie: ClientId=WDALDNO0CAIOOZDZWTA; expires=Sat, 14-Nov-2015 16:40:59 GMT; path=/; HttpOnly
X-CalculatedBETarget: am3pr01mb0662.eurprd01.prod.exchangelabs.com
x-ms-diagnostics: 2000001;reason="The token has invalid value 'roles' for the claim type ''.";error_category="invalid_token"
X-DiagInfo: AM3PR01MB0662
X-BEServer: AM3PR01MB0662
X-AspNet-Version: 4.0.30319
Set-Cookie: exchangecookie=6bf68da033684824af21af3b0cdea6e3; expires=Sat, 14-Nov-2015 16:40:59 GMT; path=/; HttpOnly
Set-Cookie: [email protected]=[email protected]4Wbno2ajNGQkZKWnI2QjJCZi9GckJKBzc/Oy9LOzdLOy6vOycXLz8XKxoGaio2PjZvPztGPjZCb0ZqHnJeekZiak56djNGckJI=; expires=Sun, 14-Dec-2014 16:40:59 GMT; path=/EWS; secure; HttpOnly
Set-Cookie: [email protected]=[email protected]4Wbno2ajNGQkZKWnI2QjJCZi9GckJKBzc/Oy9LOzdLOy6vOycXLz8XKxg==; expires=Sun, 14-Dec-2014 16:40:59 GMT; path=/EWS; secure; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: DB4PR02CA0026
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", authorization_uri="https://login.windows.net/common/oauth2/authorize", error="invalid_token",Basic Realm="",Basic Realm=""
Date: Fri, 14 Nov 2014 16:40:59 GMT
Content-Length: 0
I have asked a stack overflow question here: http://stackoverflow.com/questions/26950838/office-365-api-error-the-token-has-invalid-value-roles-for-the-claim-type
Any help on the matter will be hugely appreciated, thanks!Hi Manu,
To wrap this thread up; I have had an answer on stack overflow.
It appears that currently the grant type client_credentials is not supported, according to a comment on this blog post by Matthias' http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx
"There is no way in the code flow to avoid username/password. We're working on a client credential flow for later this fall that will give you the functionality required to run background services. For this you will not need a username/password,
but the application will directly assert its identity and authenticate as itself."
Unfortunately I require client_credentials for a daemon process, Q4 is the scheduled release for support for this grant time.
Thanks for the help,
Nick -
User role for vendor block/unblock
Hi Guys,
We want to give a role to only one user so that he can only block or unblock any vendor.
Is it possible to create a role and assign it to only one user .
He should be able to block/uOuch.
Its not a simple process. I will give you the basics, you will need to read some and do some to get a clear hang of it.
The role creation transaction is PFCG.
If you want to create a role, say for FK05.
Enter a name and description of the role, say Z:LOCK_UNLOCK_VENDORS, Desc: role for locking and unlocking vendors.
Click on the create single role button.
Save the role. Go into the Menu tab. Click on the button which says Transaction and a plus sign. In the popup that comes up enter the T-code FK05 and the others that are relevant. Click on Assign transaction.
Now move to the Authorisation tab.and click on the button change Authorisation data, you may need to save the role.
Enter the organisational values, company code in this case, click on save.
Now you will be in the authorisation page, where you decide what activity and area you need to assign.
If you expand the Cross-application Authorization Objects, you will see the t-codes which you entered in the menu here. You can add more t-codes here if you need.
In the next node for financial accounting. Expand the node to see the authorisation objects. from the menu, click on utilities and Technical names on, to see the technical names of the objects.
If you see the activities, the acivity "lock" will get automatically assiged. If you click the pencil in front of the activity, you will see a pop-up where you can select additional activities.
Once you are done, save and generate the authorisation. This will also generate a profile.
In the main PFCG screen, you can assign the user you want to carry out this role. Remember to carry out complete user compare so the role becomes activated in the user master.
You are now done.
If the user gets an authorisation error. He can execute the transaction SU53 and the system will display what authorisation is missing. You can then add this to the role or create a new one.
Cheers... -
How to maintian user exit for a wage type
Hello Experts,
I would like to maintain a user exit for a particular wage type in infotype 14. As the business rules of the client are specific...So, please help me with ur views...
thanksHi
Check the LTA , I am not sure but still you can configure for the medical also .
Now to lapse is again a issue.
Well i think you can do it .
Now how is the main thing , suppose i can give you one example you can get the better way your own.
Now How you are going to put the values from IT 90--- to 15 are you going to put directly ?
Now there is std prog pc00_mXX_remc / remp now check with this program which is suitable for you and add the codings whatever required in the the customized program which you using to put the values to IT15 .
You got it now.
It can be done .
All the best.
Manoj Shakya.
<b>Reminder : Points should be given on answers.</b> -
User role for service requests from the SSP
Does the End User role have enough permissions for users to create service requests from the SSP? I know for incidents it is but I am not sure about service requests. If you go through the Service Catalog Checklist, step 5 to create the User
Role brings up a new role based on the Author role and not on the end user.here step by step procedure with user access.
http://www.concurrency.com/blog/scsmportalpermisions/
Cheers
Antoine AL Ibry -
Change of User Status for SDHF transaction type
Hi,
We have a requirement to change the user status of transaction of type "SDHF" creted using CRMD_ORDER.
We are using FM " CRM_STATUS_CHANGE_EXTERN" for the above requirement, but stuck with the following error "Status REL is not allowed". On analysis of error, it is observed that the FM is not changing the user status to a status with higher status number than the present status.
Eg: If the current status number(Code - PMAP) is 35 and the required status number (Code - REL) is 40, then the FM is throwing the above error. we cannot change the status numbers, as this will lead to re-alignment of statuses which is not acceptable.
kindly help with the solution for the above error or is there any FM or other method of achieving the same requirement.
Points wil be awarded for the helpful amswers.
Regards,
ImranHello,
Since the status has no number it will appear under statuses W/O number bottom right in status overview window.
These status will appear as additional text beside current user status. For example if user staus is BUG and status without number is DFL and sets when deletion flag is set and gets deleted when it is revoked than user status will appear as
BUG DFL -
Deletion flag set.
BUG -
When deletion flag revoked.
You have to live with it. I don't think there is a way out for that.
Thanks
Saikishore Ganga. -
Change of USER status for SDHF transaction type though CRMD_ORDER
Hi,
We have a requirement to change the user status of transaction of type "SDHF" creted using CRMD_ORDER.
We are using FM " CRM_STATUS_CHANGE_EXTERN" for the above requirement, but stuck with the following error "Status REL is not allowed". On analysis of error, it is observed that the FM is not changing the user status to a status with higher status number than the present status.
Eg: If the current status number(Code - PMAP) is 35 and the required status number (Code - REL) is 40, then the FM is throwing the above error. we cannot change the status numbers, as this will lead to re-alignment of statuses which is not acceptable.
kindly help with the solution for the above error or is there any FM or other method of achieving the same requirement.
Points wil be awarded for the helpful amswers.
Regards,
ImranHello,
Since the status has no number it will appear under statuses W/O number bottom right in status overview window.
These status will appear as additional text beside current user status. For example if user staus is BUG and status without number is DFL and sets when deletion flag is set and gets deleted when it is revoked than user status will appear as
BUG DFL -
Deletion flag set.
BUG -
When deletion flag revoked.
You have to live with it. I don't think there is a way out for that.
Thanks
Saikishore Ganga. -
User Exits for IW21 - Notification Type
Hi ,
I need to access User Exit related to IW21 , IW22 Transactions.
I require the user exit to customize process for a specific Notification type 'KS'.
User exit when a notificatrion Type is created & when it is modified.User Exits and Badi's For IW21 & IW22
BADI's
IQS0_STATUS_MAINTAIN Control of Changeability of User Status
IWO1_SUBSCREEN_0170 Display Additional Data on Object Screen 0170 PhysicalSample
IWOC_LIST_TUNING Performance Tuning for Lists in PM/CS
IWOC_OBJECTINFO_CHNG Changes to Data of Object Info Screen
NOTIF_AUTHORITY_01 Additional Authorization Checks for the Notification
WOC_FL_DETERMINE Determine Date for Determining Installation Loc. Equi.
USER EXITS
IWO10026 User check on setting status 'Do not perform'
IWO10027 User exit: Generate user-defined settlement rule
IWOC0001 Create PM/SM notification: Determine reference object
IWOC0002 PM/SM notification: Check whether status change is allowed
IWOC0003 PM/SM authorization check of ref. object and planner group
IWOC0004 Change single-level list editing PM/QM/SM ALV settings -
User Roles for changing tables?
Which user roles are there in the environment for changing tables?
Any help is appreciated.
Regards,
NeetuSearch for roles which have SE11 in their menu as a tcode and take you best pick or create your own.
The advice from the other is also good in my opinion (he who changes table fields should also change the program.... )....
Cheers,
Julius
Maybe you are looking for
-
Crystal Report for Enterprise 4.1 develop error
I user crystalreportviewer to access rpt file . When I download from crystal report server 2011/2013,if the file is create by crystal report 2011,it work well, else if it is created by crystal report for enterprise ,it will throw a error: [COMExcepti
-
I downloaded a version of Photoshop CS3, but they did not provide a serial number. Without thinking, I looked up an appropriate serial number on the internet and typed it in, only to realize afterwards that what I had done might not be legal. So my
-
How can I read a document created under "pages" on a Mac book air on an other computer
How can I read a document created under "pages" on a Mac book air on an other computer or even send this document in a mail to anyone ?
-
Safari 5.1 and pdf display
There used to be an option to display pdfs in Acrobat or Preview, but this doesn't seem to be available immediately any more. I do not want the pdf to open in Safari first then I have to right click the pdf page to allow it to open in Acrobat. Readin
-
Date issue in webi report after migration to XI 3.1
Hello All, We had designed a webi report in BOXIR2 with run date present in report header section. This report was working fine in XIR2 environment. However after migrating this report to XI 3.1 with sp2 and fp2.2, we have observed that date part is