JOB Based Roles

Hi,
We are planning to go for Job Based roles design in our SAP (ECC,BW & Portal)
Can any one please give me an idea of how the process works
Thanks in advance

Hi KT
The whole concept around assigning a Business Roles is to provide a specific set of functions to a specific user or user group.
There should not be any reason for a User to log off from one role and then log in with another.
If for example you want a user to have some Sales Professional access as well as some Service Professional access then you would copy Sales Professional Role to you own custom role, remove the Sales Professional attributes that you do not want, then add in the required Service Professional attirbutes required.
The WEB UI views can then be configured for that particular Custom role you have created.
Hope this helps
Arden

Similar Messages

How to schedule a background Job based on events

Hi,
We are on 4.6 C.
We have a background job that has two ABAP programs.
We need to start the 2nd ABAP program only after the first one has run successfully.
If the second ABAP program does not run, the the job should have a status "FINISHED".
Help appreciated.
Thanks
Mala

Hi,
How to schedule a background Job based on events,please refer to the follow SAP help:
You can use events that have already been defined, or you can create new events for scheduling background jobs.
If you wish to use new events, do the following to implement the event scheduling:
Define and transport the event as a user event with transaction SM62.
You must define only event IDs; event arguments are not defined in the R/3 System. Instead, you specify event arguments when you schedule a job to wait for an event and when you trigger the event.
If you define a new event, you must also transport it to your production systems. The event transaction does not have a connection to the transport system. Instead, you must create a transport request for the event yourself.
Do this to transport an event:
Create a transport request.
Start the editor in the transport request and enter the following:
R3TR TABU <table name> where table name is BTCSEV for a system event ID, BTCUEV for a user event ID.
Press F2 with the cursor on the table name to call up the screen for specifying the table entries to transport. In this screen, enter the event IDs that you have created.
Save and release the transport request. Ensure that it is imported into your production system(s).
To trigger an event, add:
the function module BP_EVENT_RAISE to your ABAP program, or
the program SAPEVT to your external script, batch file, or program.
When your programs execute these keywords, an event will be triggered in the R/3 background processing system. The event-based scheduler is started immediately. It in turn starts all jobs that were waiting upon the event, subject to normal background processing restrictions, such as the requirement that the job has been released to start.
Schedule the jobs that are to run when your events are triggered.
You can schedule jobs for one-time start or to be started whenever an event is triggered.
Regards,
collysun

Structural Authorisation & Position Based Role Mapping ( Indirect Roles)

Hi
I have few queries on Structural Authorization & Position Based Role Mapping (Indirect Role Assignment).
This is a public sector implementation. We are migrating from the traditional based (assigning roles to users) to Indirect role assignment.
1. Can we integrate both structural authorizations and position based role mapping in one system?
2. If we implement structural authorizations and position based role mapping in a single system, then do we need to assign the role to the chief position or it would automatically have the authorizations which are assigned to the users below chief position.
3. First step do we need to create the users in SU01 / SU10 or can we create the entries in PA30. Which one comes first or both independent.
4. If the user moves from one position to the another position then there would need to be a grace period of shift over of Roles. Where do we maintain the shift over value of days. Do we need to maintain in both.
Any help or suggestions on the above would be appreciated.
Thanks and Regards
Arun R

Hi
1. Can we integrate both structural authorizations and position based role mapping in one system?
Yes you can. Structural authorisations and position based role mapping can be assigned to the same org plan in SAP.
2. If we implement structural authorizations and position based role mapping in a single system, then do we need to assign the role to the chief position or it would automatically have the authorizations which are assigned to the users below chief position.
No, the SAP role is unique to the postion it is assigned to. But remember not all employees will be assigned to a position - in this case you have to assign the sap role directly to the user in SU01/SU01
3. First step do we need to create the users in SU01 / SU10 or can we create the entries in PA30. Which one comes first or both independent.
Create user in SU01.SU10 first before creating infotype 105 in PA30.
4. If the user moves from one position to the another position then there would need to be a grace period of shift over of Roles. Where do we maintain the shift over value of days. Do we need to maintain in both.
*When a users assignment in the org structure changes then you must run RHRPROFL0 to update the user assignment to the new position.
Also the number of days an employee can have access to their previous data is controlled by the parameter is called ADAYS - tx OOAC . SAP currently defaults this to 15 days and this is used to control the number of days that the employee can still access the data they created even though they are assigned to a different organisation with different authorisations.
Hope this helps.
Charmaine

Template for Position Based Role Generation - Grouping of Transaction

Hi
We have almost 3500 Roles. They are all Role based / Transaction Based. We would like to shift it to Position Based Roles.
Is there any template or high level document which can give you the information regarding the grouping of transaction with respect to module vise like HR, SD, MM, PP etc..
It should narrow down further to give you info regarding the transactions with respect to the the standard postions provided by SAP which we can use it as a baseline and develop on that.
Any help would be appreciated.
Thanks and Regards
Arun

Hi,
please have a look at the standard SAP* roles. They are grouped by applicaiton and alos some are grouped by position. So this may be an entry point for you.
b.rgds, Bernhard

Rule based Role membership in OIA is not pushing to OIM

Hi All,
Rule based Role membership in OIA is not pushing to OIM due to error as
00:01:38,055 DEBUG [DBIAMSolution] Group Role container for JDE.JDE_BHRUSRTT found...
00:01:38,144 ERROR [DBIAMSolution] Error Occured while adding users to role
Thor.API.Exceptions.tcAPIException: Error occurred while find User information: USER_NOT_FOUND
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at Thor.API.Operations.tcGroupOperationsIntf_13pobh_tcGroupOperationsIntfRemoteImpl_1035_WLStub.getAllMemberUsersx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy396.getAllMemberUsersx(Unknown Source)
at Thor.API.Operations.tcGroupOperationsIntfDelegate.getAllMemberUsers(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Meth
Any one can help will be appreciate...
Thanks
Bikas
Edited by: Bikas Mandal on Mar 27, 2013 6:15 AM

Try these steps and let me know what you see:
Login to OIA > Administration > Configuration > Workflows
Select Role membership create workflow
And check if you have added OIM provisioning server in the Step5 of the workflow.
Cheers,
Vamsi.

Security to schedule a broadcast job based on datachange

Hi All,
I am attempting to schedule some broadcast jobs based on "Execution with DataChange on the InfoProvider". If I login with my normal id and click the schedule button in a Broadcast job, I do not see this option. I only see the Direct scheduling option.
However, when I login with an id that has "SAP_ALL", I see the option for "Execution with DataChange....". Can anyone tell me what security I am missing? Is it related to broadcaster? Could it be that I can't see the event that is triggered to flag a datachange?
Thanks in advance.
Rodney

Hi Rodney,
You need the following Auth:
S_RS_BCS with RS_EVTYP (Event Type) as DC (for Data Change). You can further specify the name of the InfoProvider in the RS_EVID (Event ID) if required.
Hope this helps...

Job and salary for that job based on the department!!!

Please, can somebody help me with this. I'm facing some challenges getting the required result with my queries.
Here's what am trying to do:
A query to display the job, the salary for that job based on the department number, and the total salary for that job, for departments 20, 50, 80, 90, assuming the schema in use is the hr schema. The job should be distinct, no duplicates.
Thank you for your anticipated answers.
I really appreciate your replies in advance.
T.O

846641 wrote:
Please, can somebody help me with this. I'm facing some challenges getting the required result with my queries.
Here's what am trying to do:
A query to display the job, the salary for that job based on the department number, and the total salary for that job,What do you mean by "the salary for that job"? It sounds like you want something besides the total salary (which is what the SUM function provides). What is that other something? The avgerage salary (that would be the AVG function)? The smallest salaary (MIN)? The biggest salary (MAX)? The number of rows that have a salary (COUNT)? If you can explain what you want, someone will help you get it.
for departments 20, 50, 80, 90, assuming the schema in use is the hr schema. The job should be distinct, no duplicates.GROUP BY automatically gets distinct results for each of the GROUP BY expresssions, so there's no need to say SELECT DISTINCT . The previous solution could be better written as:
SELECT    job_id
,       SUM (salary)     AS total_salry
,       department_id
FROM       hr.employees
WHERE       department_id     IN (20, 50, 80, 90)
GROUP BY department_id
,            job_id
ORDER BY department_id
,            job_id
;The output that this produces from the Oracle-supplied hr.employees table is:
JOB_ID     TOTAL_SALRY DEPARTMENT_ID
MK_MAN           13000            20
MK_REP            6000            20
SH_CLERK         64300            50
ST_CLERK         55700            50
ST_MAN           36400            50
SA_MAN           61000            80
SA_REP          243500            80
AD_PRES          24000            90
AD_VP            34000            90I hope that's what you wanted.
If not, post the results you do want from this same table. Explain how you get those results.
Always say which version of Oracle you're using. It might not matter in this case, but why take a chance?

Long Running Jobs based on average time of last 5 run

Hi Experts,
I need a query to find out the Long Running Jobs, based on average time of last 5 run.
Could you please help me.
Thanks in advance.
--------------------------------- Devender Bijania

SELECT
[sJOB].[name] AS [JobName]
, CASE
WHEN [sJOBH].[run_date] IS NULL OR [sJOBH].[run_time] IS NULL THEN NULL
ELSE CAST(
CAST([sJOBH].[run_date] AS CHAR(8))
+ ' '
+ STUFF(
STUFF(RIGHT('000000' + CAST([sJOBH].[run_time] AS VARCHAR(6)), 6)
, 3, 0, ':')
, 6, 0, ':')
AS DATETIME)
END AS [LastRunDateTime]
, CASE [sJOBH].[run_status]
WHEN 0 THEN 'Failed'
WHEN 1 THEN 'Succeeded'
WHEN 2 THEN 'Retry'
WHEN 3 THEN 'Canceled'
WHEN 4 THEN 'Running' -- In Progress
END AS [LastRunStatus]
, STUFF(
STUFF(RIGHT('000000' + CAST([sJOBH].[run_duration] AS VARCHAR(6)), 6)
, 3, 0, ':')
, 6, 0, ':')
AS [LastRunDuration (HH:MM:SS)]
, CASE [sJOBSCH].[NextRunDate]
WHEN 0 THEN NULL
ELSE CAST(
CAST([sJOBSCH].[NextRunDate] AS CHAR(8))
+ ' '
+ STUFF(
STUFF(RIGHT('000000' + CAST([sJOBSCH].[NextRunTime] AS VARCHAR(6)), 6)
, 3, 0, ':')
, 6, 0, ':')
AS DATETIME)
END AS [NextRunDateTime]
FROM
[msdb].[dbo].[sysjobs] AS [sJOB]
LEFT JOIN (
SELECT
[job_id]
, MIN([next_run_date]) AS [NextRunDate]
, MIN([next_run_time]) AS [NextRunTime]
FROM [msdb].[dbo].[sysjobschedules]
GROUP BY [job_id]
) AS [sJOBSCH]
ON [sJOB].[job_id] = [sJOBSCH].[job_id]
LEFT JOIN (
SELECT
[job_id]
, [run_date]
, [run_time]
, [run_status]
, [run_duration]
, [message]
, ROW_NUMBER() OVER (
PARTITION BY [job_id]
ORDER BY [run_date] DESC, [run_time] DESC
) AS RowNumber
FROM [msdb].[dbo].[sysjobhistory]
WHERE [step_id] = 0
) AS [sJOBH]
ON [sJOB].[job_id] = [sJOBH].[job_id]
AND [sJOBH].[RowNumber] = 1
ORDER BY [LastRunDateTime] desc,
[LastRunDuration (HH:MM:SS)] DESC
Best Regards,Uri Dimant SQL Server MVP,
http://sqlblog.com/blogs/uri_dimant/
MS SQL optimization: MS SQL Development and Optimization
MS SQL Consulting:
Large scale of database and data cleansing
Remote DBA Services:
Improves MS SQL Database Performance
SQL Server Integration Services:
Business Intelligence

Sql agent jobs based on the database and the user

Dear All,
I have a requirement of configuring an user who should only have access to one database out of all and also able to create, view and modify sql agent jobs only for the allowed database. For allowing to see the selected database to particular user I have
granted permissions as per below,
create LOGIN mhtc WITH PASSWORD='mhtc', CHECK_POLICY = OFF;
USE master;
GO
DENY VIEW ANY DATABASE TO mhtc;
USE master;
GO
ALTER AUTHORIZATION ON DATABASE::MHTC TO mhtc;
GO
but user not able to see sql agent jobs so I want to give necessary permission to this user to view,create and modify sql agent jobs only in allowed databases. Basically I want to separate users from each database and separate sql agent jobs based on the
user and database.
Your expert advices are highly appreciated.
Thanks,
Manjula

I want to give necessary permission to this user to view,create and modify
sql agent jobs only in allowed databases.
Hello Manjula,
SQL Server Agent Jobs are not created / dedicated for a user database. The Jobs are store in System database "msdb".
See
Implement SQL Server Agent Security for Details about required permissions.
Olaf Helper
[ Blog] [ Xing] [ MVP]

Schedule Jobs based on Resource

I want to schedule jobs based on server resource , If resource is low it should autometically decide to stops some jobs and if resourse is high then it should autometically increase jobs for better output.
Is it possible or I can write some program to handle this. How to know about server resource after running jobs.

Hi,
First you should note that the Scheduler already does this automatically - if the server is more loaded then fewer jobs will be scheduled to run at the same time.
If you want finer control over this you might want to look into setting up Scheduler windows . A window is a scheduled period of time when a certain resource plan is in effect. In that resource plan you can limit the number of sessions or the amount of cpu dedicated to a particular resource group. You can then put jobs into different resource consumer groups. This allows you to fine-tune how many resources should be allocated to different groups of jobs during different times during the day.
Hope this helps,
Ravi.

I Need to Create a report for batch jobs Based on Subject Area.

Hi SAP Guru's,
I need to create a report , that it must show the status of batch jobs Completion Times based on Subject area(SD,MM,FI).
Please help me in this issue ASAP.
Thanks in Advance.
Krishna.

You may need to activate some additional business content if not already installed but there are a lot BI statistics you can report on. Have a look at this:
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/46/f9bd5b0d40537de10000000a1553f6/frameset.htm

Error in reconcilation Function - Job "Reconcile roles and privileges"

SAP NW 7.0 SP2 Patch 3
Roles contain Privileges
Help file says: "If you are using roles and privileges, you will need to perform a reconciliation of the roles/privileges assigned to the users in the identity store after the roles are modified. "
Job imported as described.
When I let the job run on the ID-Store, for each entry, the following error message occurs:
runFunctionsInString($FUNCTION.reconcile( MSKEY )$$) got exception
org.mozilla.javascript.NotAFunctionException: reconcile( MSKEY )
...where MSKEY is, of course, the MSKEY of the entry.
If I let run the job with the Windows-Dispatcher and as a VB-script, it produces no error; however, in the output file, there are a lot of Messages like
"!ERROR: Invalid use of Null"
Only some entries (of Type MX_PERSON) show the "Priviliege added: (...)" output. But the job does not add the Privileges assigend to the role, as it should.
So, I would suggest that one redefines the SQL-Query of the Job so that it runs only on MX_PERSONS. But then, still, in my case, it does nothing.
Has anyone better experiences with the Job?
Edited by: Thomas P. Felder on Sep 25, 2008 10:32 AM

The job when imported by default uses java runtime engine but the script is written in vbscript syntax so you have to change the engine or the script syntax.
When you did your select statement did you use SELECT DISTINCT. That will also cause errors. I do not narrow the entry type to MX_PERSON.
I'm installing the patch now; I will see if I get any errors.

Grant Rights to Start, stop, view Oracel-Jobs inother roles

Hi,
i need a little help.
how can i grant rights to my jobs, that the users of other roles can start, stop and view my jobs?
Thanks
Greetings
John

Not easily. You would have to give grants on DBA_JOBS, dbms_job to the other user, and give execute on what the job is running to the other user as well.
Then the other user would need to change the ????_USER column of the job, know either the job number of the WHAT, e.g.
update dba_jobs set log_user = 'OTHER_USER', priv_user = 'OTHER_USER', schema_user = 'OTHER_USER'
where job=42; -- OR where WHAT like '%sp_insert_into_tab1%' ;
Then not forget to set it back to the original owner.

Form Based Role Validation

I am trying to use the form based security role validation. I am using JDeveloper's built in OC4J. I am getting to my login form but when I try to submit I get the following:
java.lang.IllegalArgumentException: Resource /j_security_check?j_username=myuserhere&j_password=mypasswordhere not found
I have the user defined in the principals.xml file I am specifying the location of the principals.xml file in the WEBAPPNAMEHERE-oc4j-app.xml file which seems to be where JDeveloper wants it.
Any ideas?

See section 12.5.3.1 of the Servlet 2.3 specification for details. You need to be sure your HTML file uses the j_security_check, j_username, and j_password names like this:
<form method=POST action=j_security_check>
<input type=text name=j_username>
<input type=password name=j_password>
</form>
The method must be POST, not GET. This means that the user/pass information will not be visible in the URL that is set back to the server; it will instead be in the HTTP request body.

Trigger a job based on a job that will be created during runtime

I searched sdn and I did not find any threads addressing my issue(Trigger JOB B after a JOB A which will not be available untill runtime).
My Req:
I have a where in, a JOB 'A' will trigger to execute a BDC session in program A using a SUBMIT ...RETURN statement.
I will have to trigger a different job 'B' using program B, the moment the 1st job runs completed.
I thought this would be possible, by handling the events and trigger the FM in program A after the SUBMIT statement. But the problem is SUBMIT statement would just create the job and return the control back to the program A and immediately call the FM to raise the EVENT. In this case, my job B will trigger and even complete before JOB A could complete successfully.
I tried using AFTER JOB option in SM36 instead of AFTER EVENT. The problem with this option is, JOB A will be available ONLY during runtime and hence cannot schedule program B with the option AFTER JOB.
Any thoughts are highly appreciated.
Thanks for your help.
Best Regards,
Kiran

Hi Thomas,
I programmed the way you mentioned and this triggers both the jobs at the same time.
DATA: number TYPE tbtcjob-jobcount,
      jobname LIKE tbtcjob-jobname.
jobname = 'JOB1'.
CALL FUNCTION 'JOB_OPEN'
EXPORTING
    jobname          = jobname
IMPORTING
    jobcount         = number
EXCEPTIONS
    cant_create_job = 1
    invalid_job_data = 2
    jobname_missing = 3
    OTHERS           = 4.
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
          WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ELSE.
SUBMIT zhbn_life_premium_summary_rpt
VIA JOB    jobname
      NUMBER number
      AND    RETURN.
IF sy-subrc EQ 0.
    CLEAR: jobname.
    jobname = 'JOB2'.
    CALL FUNCTION 'JOB_OPEN'
      EXPORTING
        jobname          = jobname
      IMPORTING
        jobcount         = number
      EXCEPTIONS
        cant_create_job = 1
        invalid_job_data = 2
        jobname_missing = 3
        OTHERS           = 4.
    IF sy-subrc <> 0.
      MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
              WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
    ELSE.
      SUBMIT zhbn_life_premium_summary_rpt
      VIA JOB    jobname
          NUMBER number
          AND    RETURN.
      IF sy-subrc EQ 0.
        WRITE: 'job 2 success'.
        jobname = 'JOB2'.
        CALL FUNCTION 'JOB_CLOSE'
          EXPORTING
            jobcount             = number
            jobname              = jobname
            strtimmed            = 'X'
          EXCEPTIONS
            cant_start_immediate = 1
            invalid_startdate    = 2
            jobname_missing      = 3
            job_close_failed     = 4
            job_nosteps          = 5
            job_notex            = 6
            lock_failed          = 7
            invalid_target       = 8
            OTHERS               = 9.
        IF sy-subrc <> 0.
          MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
                  WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
        ENDIF.
      ENDIF.
    ENDIF.
ENDIF.
jobname = 'JOB1'.
CALL FUNCTION 'JOB_CLOSE'
    EXPORTING
      jobcount             = number
      jobname              = jobname
      strtimmed            = 'X'
    EXCEPTIONS
      cant_start_immediate = 1
      invalid_startdate    = 2
      jobname_missing      = 3
      job_close_failed     = 4
      job_nosteps          = 5
      job_notex            = 6
      lock_failed          = 7
      invalid_target       = 8
      OTHERS               = 9.
IF sy-subrc <> 0.
    MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
            WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDIF.
Am I missing anything?
Thanks
Kiran

JOB Based Roles

Similar Messages

Maybe you are looking for