Km authorization in a Enterprise

assume there are two roles in the system:
km content administrator in headquarter
km content administrator in branch office
all the km contents should be classified in enterprise hiberarchy
km content administrator in headquarter should have the authorization to manage all content in the enterprise scope. km content administrator in branch office only have the authorization to manage the content in the branch office scope.
is it possible to do that?
thanks

You can create KM Navigation iViews and give the root folder to headquater and branch office repository/folder.
And then finally assign these to specific roles of headquater and branch office administrator roles. This way each will only have access to their content will full right only to their specific areas.
Hope this helps.
Ankur

Similar Messages

XML Validation in PI 7.1 - Restart and skip validation possible, but how?

Hello all,
I read about schema validation in PI 7.1 and did a few tests on my own, but could not restart and skip validation for invalid payloaded messages. The documents say it is possible.
Anyone know how? Thanks.
BTW, I really think putting the schemas in server file system will cause a lot of authorization trouble in enterprises. No one gives access to the server filesystem and I don't think they will also like to open the required subdirectories for share. Asking the basis team to create the folder structures and maintaining schemas would be another pain. Don't you also think that SAP could find a better approach, like automatically uploading the schemas to the filesystem, or validating them from repository directly if possible?
Kind regards,
Gökhan

Hi Gökhan,
I am facing the same issue.
I set up outbound xml validation in receiver agreement and tested it with valid and invalid messages.
The validation works fine.
But in case of validation error I tried to restart with skipping the validation. But this wasn't possible.
I am always facing the same valdiation error.
I already tried all different tools I know (sxi_monitor, message monitoring in rwb and in nwa)
I am working on PI 7.11 SP6
Did you find a solution for skipping the validation for a single message out of the monitoring?
I know that there is the possibility of deactivate the validation in receiver agreement but thid doesn't meet the requirement of skip the validation only for a single message.
Maybe anyone else faced and solved this issue already.
Thanks in advance
Jochen

Travel Management Locking and Scan Documents

Dear All,
Please help :-
1. How to lock the trip completely if required i.e. no corrections possible even after having posted the same to FI. In a normal case it is permissible in R/3, whereas based on authorization on the Enterprise Portal after posting to FI the same stands uneditable by the employee.
Is it only controllable through authorization or is there any other way ?
2. There is an option to upload document against each Expense Type in the Comments field using load local file but I think this accepts only the text document.
Is there any other option to attach scan documents by central repository team against each Travel Expense Report ?
3. Later if this scanned document needs to be stored at some common text server and once stored on the common text server, user while trying to directly access this common server wants to know if which document belongs to which Trip number. Please advise on this central storage and relating of document to respective trips.
Regards
Anil

Anil,
Did you ever find out how to do this? I have the same requirement and have not found yet how to attach scanned or faxed receipt images to the expense report.
Thanks,
John

How to read ST01

I get an authorization error ""you do not have the authorizations to perform this function" when I attempt to save my report in Report Designer.
As per an exisiting thread I did the authorization trace to find which authorization I was missing.
But, I do not know to read the output of the trace display.
hh:mm:ss:ms|    Type   | Lasts(us) |     Object                    |         Text
14:24:14:866 |    AUTH |   - - -           | S_RS_ERPT RC=4 | RSERPTID=EREP_20090414_212411;RSZOWNER=RSUDARSA;ACTVT=01;
14:24:14:866 AUTH    - - -   S_RS_ERPT RC=4 RSERPTID=EREP_20090414_212411;RSZOWNER=RSUDARSA;ACTVT=01;
Can someone give an explanation on this output

Raadooo wrote:
> I get an authorization error ""you do not have the authorizations to perform this function" when I attempt to save my report in Report Designer.
>
> As per an exisiting thread I did the authorization trace to find which authorization I was missing.
> But, I do not know to read the output of the trace display.
>
> hh:mm:ss:ms|    Type   | Lasts(us) |     Object                    |         Text
>
> 14:24:14:866 |    AUTH |   - - -           | S_RS_ERPT RC=4 | RSERPTID=EREP_20090414_212411;RSZOWNER=RSUDARSA;ACTVT=01;
>
>
> 14:24:14:866 AUTH    - - -   S_RS_ERPT RC=4 RSERPTID=EREP_20090414_212411;RSZOWNER=RSUDARSA;ACTVT=01;
>
> Can someone give an explanation on this output
Hello,
the frist entry is the timestamp. The object "S_RS_ERPT" shows you the problem. You do not have the authorization for the enterprise report ("EREP_20090414_212411"). Add the object to your authorizations in a role with TC PFCG.
Go in the pfcg -> choose the role -> maintain the role -> maintain the authorization values (second tab) -> add the object "S_RS_ERPT" manually -> maintain the object (place in every row a " * " -> generate and save the role -> disconnect and connect again -> try again
I hope it was usefull.
Buy,
André

Whats deployment descriptor

hi
im doing servlets with "advance java how to program of deitel and deitel".
actually i dont get the idea of deployment descriptor file.
an xml file
can anyone tell me what is the use of this deployment descriptor file.
ill be thankful to you.
regards
AKY

A deployment descriptor is an Extensible Markup Language (XML) text-based file with an .xml extension that describes a component's deployment settings. An enterprise bean module deployment descriptor, for example, declares transaction attributes and security authorizations for an enterprise bean. Because deployment descriptor information is declarative, it can be changed without modifying the bean source code. At run time, the J2EE server reads the deployment descriptor and acts upon the component accordingly.
In the EJB Development Environment, a special class that is serialized and that contains run-time settings for an enterprise bean.
An XML file provided with each module and application that describes how they should be deployed. The deployment descriptor directs a deployment tool to deploy a module or application with specific configuration requirements that a Deployer must resolve

Enterprise/ SAP Authorization in CMC

Hi Experts,
Just need to clarify that if we are using CMC with Enterprise Authorization, is it necessary to use InfoView with same Authorization or can we use SAP Authorization with it?
Thanks & Regards,
Sumeet

Hi,
thats the most common way you are explaining.
End- Users are using the SAP Auth. for InfoView and the Administrator(s) are using the Enterprise Administrator with the Enterprise Authentication in the CMC.
Regards
-Seb.

HR Authorization - How to stop looking historical enterprise structure

Hello Experts,
I have few user who is assigned to display the master data of personnel area 5400. Now an employee is moved from personnel area 5400 to personnel area 5900. And this user is still able to view the master data of 5900. How to stop that checking the authorization based on the historical data.
Please advise.
Thank you.
saplover

> I have few user who is assigned to display the master data of personnel area 5400.
Okay.
> Now an employee is moved from personnel area 5400 to personnel area 5900.
Okay.
> And this user is still able to view the master data of 5900.
Okay
> How to stop that checking the authorization based on the historical data.
You cannot code a back-dated authority-check, atleast not easily nor performance wise.
If the employee is moved, then records (which were also moved, created...) for the personnel area they have access to are subsequently visible to them as well, if they have access to that infotype, subtype, etc.
Perhaps you need to change their role, if they changed their job function??
Take a read through function module HR_READ_INFOTYPE for a better understanding. The HR objects are generally designed to give access for HR people... unless reporting people (in aggregated form => object P_ABAP...) or unless personally (object P_PERNR...).
Take a look in tcode SU21 for more infos.
Cheers,
Julius

Analysis Authorization in BO 4.0 Webi report

Hi All,
I am using BO 4.0 and creating connection from Information Design tool to a BW query using BICS client. This connection is then published to CMC.
We are using SAP authentication and importing the roles from BW system. We have added profiles to this role and these profiles have Analysis Authorization set on Company Code. So one user can access data to one company code and vice versa. Now this works well in Bex Analyzer, but if I try to create a report in Webi, the analysis authorization fails. I went through the forum before posting this question and I found that is in 3.1 version and in most cases using SSO in universe connection solved the problem.
However in 4.0 I am using BICS client and followed the same processes to create a connection but for some reason it doesn't work ? Is this suppose to work differently in 4.0 ?
I have tried:
1. To create connection in Information Design tool using SSO, selecting user ID and password. It doesn't work.
2. Checked the Bex query and it already has Company code as a Characteristic restrictions (I have made it a mandatory variable).
3. Publish the connection to CMC with my Enterprise and SAP ID and in both cases it doesn't work.
Please let me know if anyone encountered a similar issue and what is the best method to resolve this.
(BO 4.0 no service pack or fix pack installed on the system yet)
Thanks - Appreciate your help !
Prasad Rasam

Ingo,
1. To create connection in Information Design tool using SSO, selecting user ID and password. It doesn't work.
>> Correct you need to setup you OLAP Connection with SSO.
>>> What I meant was I created the connections using both the methods, Using SSO it allows me to create a connection. The ID which I am using to create a connection has Admin access to BOBJ system. When I login as a regular user to create a Webi report and select this new connection, it throws an error message 'The DSL Service returned an error: com.businessobjects.dsl.services.workspace.impl.QueryViewAnalyzer$CannotGetCubeFromConnectionException: Cannot get the cube from the connection'
Using the other method to create a connection with User ID and password, I can create a connection and with the normal user login I can connect to the BW query but Analysis Authorization doesn't work.
Ingo : Could you be more specific what you mean here with the different users ? When you say "regular" user are you referring to an SAP credentials or SAP BusinessObjects Enteprrise credentials ?
2. Checked the Bex query and it already has Company code as a Characteristic restrictions (I have made it a mandatory variable).
>> The variable in the BEx query needs to be an authorization variable.
>>> This has already been set as Authorization variable. There is still a question here. If I select the variable as Authorization variable, I cannot set the other parameters in the query properties such as Mandatory variable (as this is greyed out).
Ingo : What other parameters would you like to configure ? Could you perhaps describe the scenario with more details ?
regards
Ingo Hilgefort

Error in Opening a query after Authorization.

Dear Experts,
in a requirement to restrict the users to access some specific queries only I have created the role and assigned some queries to those role in PFCG. The user is able to see only the authorized queries when he login to BEx Analyzer . Now the problem is that when he opens the query instes of getting the prompt for variable values entry he is getting some message as
" Error in specifying the value for variable for Fiscal year and plant."
however the query is opened success fully with my ID which has all authorization.
in Role maintenance I have provided following authorization to the user .
1. Business Explorer - Global variables
2. Authorization Check for RFC Access
3. Transaction Code Check at Transaction Start
4.BI Analysis Authorizations in Role
Business Explorer - Components
Business Explorer - Components: Enhancements to the Owner
Business Explorer - Enterprise Reports
Business Explorer - Folder View On/Off
Data Warehousing Workbench - Hierarchy
Data Warehousing Workbench - InfoCube
Data Warehousing Workbench - InfoObject
Data Warehousing Workbench - MultiProvider
Data Warehousing Workbench - DataStore Object
Authorization Object for RS Trace Tool
5. Business Explorer - Variants in Variable Screen
could please some one tell where i am missing , are what is wrong with it.
Thanks !

you may wish to try executing the queries using the RSECADMIN and analyzing the log for the same.
Hope it Helps
Chetan
@CP..

Implementing the Enterprise Support in Solution Manager

Hi Experts,
Can anybody tell me what are the pre requisites to implement Enterprise support in solution manager?
Also let me know what are steps involved in implementing the enterprise support.
Thanks in Advance
Hari

Hello Hari,
In order to implement Enterprise Support your organization should registered as a Value Added Reseller(VAR) with SAP. You can get all the required documentation under https://websmp104.sap-ag.de/solutionmanager --> Information for VARs, ASPs and AHPs which is in the left hand side of the page. However, you need to have a S-user ID of the VAR.
The following are the steps need to perform in implementing the Enterprise Support firmly known as Service Desk for VARs.
1. SAP Solution Manager basic settings (IMG)
a) Initial Configuration Part I
b) Maintain Profile Parameters
c) Maintain Logical Systems
d) Maintain SAP Customer Numbers
e) Initial Configuration Part II
     1) Activate BC Set
         a) Activate Service Desk BC Set
         b) Activate Issue Monitoring BC set
         c) Set-up Maintainance optimizer
         d) Change online Documentation Settings
         e) Activate Solution Manager Services
         f) Activate integration with change request Managemnt
         g) Define service desk connection in Solution Manager
   2)Get components for SAP Service Market place
        a) Get SAP Components
   3) Get Service Desk Screen Profile
       a)generate Business Partener Screen
   4)Copy By price list
       a)activate Service Desk BC Set
       b)Activate Issue Monitoring BC set
       c)Set-up Maintainance optimizer
      f) Business Add-In for RFC Connections with several SAP customers
      g) Business Add-In for RFC Connection of Several SAP Cust. no.
      h) Set-Up SAP Support Connection for Customers
      i) Assign S-user for SAP Support Portal functionality
      j) Schedule Background Jobs
      k) Set-Up System Landscape
      l) Create Key Users
      m) Create Message Processor
2. Multiple SAP Customer Numbers
      a) Business Add-In for RFC Connections with several SAP customer numbers
      b) Set-Up SAP Support Connection for Customers
3. Data transfer from SAP
      a) Data Transfer from SAP
4. Create u201COrganizationu201D Business Partner
5. Service Provider function (IMG)
      a) Business Add-In for RFC Connections with several SAP customer numbers
      b) Business Add-In for Text Authorization Check
      c) Activate BC Set for Service Provider
      d) Activate Text Types
      e) Adjust Service Desk Roles for Service Provider Menu
6. Service Provider: Value-Added Reseller (VAR)
      a) Business Add-In to Process Actions (Post-Processing Framework)
     b) Activate BC Sets for Configuration
     c) Create Hierarchy and Product Category
     d) Set-Up Subcategories
     e) Create Business Partner as Person Automatically
     f) Set-Up Automatic Confirmation of Messages
    g) Maintain Business Partner Call Times
    h) Set-Up Incident Management Work Center
7. Work Center (Web UI)
    a) Activate Solution Manager Services
    b) Assign Work Center Roles to Users
Hope it helps.
Regards,
Satish.

System landcape in large enterprise with solution manager

Dear Guru,
Do you have any ideas of how to set up Solution Manager in a big national enterprise? Let's suppose
a big company has a headquarter and serveral branches.
Every branch has its ERP, BW, etc, do you think it is better to set up respective Solution Manager system
for each branch or just create a powerful one centrally in the headquarter. Of course the latter means
less management but more authorization seperation related actions.
Is there any recommendation for this situation? Your opinion and insight is highly appreciated.
Thanks
Ray

Dear Gugu,
I know Solution Manager support some scenarios for multiple customer .e.g VAR in service desk.
But is it possible for hide solution or project infomation, especially content of respective business blueprint
to different customers?
I mean we want to use one single Solution Manager for multiple customers, but customers do not want their
owned document and business process information shared with other customers.
e.g. one customer log on to SOLMAN, then he could view project or solution information of other customer,
furthermore, he could also build up his business blueprint referring to other customer's business blueprint.
Is it possible to segregate this infomation?
Thanks a lot.
Ray

Hierarchy Analysis Authorization in BW and BOBJ Webi Report

Hello,
We have a scenario wherein we have implemented Analysis Authorizations (Hierarchy) on Organizational Unit info object (0ORGUNIT) and need to report on BOBJ WEBI. Our scenario is as following
ORGUNIT    - L0 (Overall Enterprise Level)
-     L1 (Enterprise - Continent Wise Split)
-     L2 (Enterprise u2013 Country Wise Split)
-     L3(Enterprise u2013 City Wise Split)
E.G-
      LO (Company ABC) MANAGER 0 will have access to the entire organization
           -L1 (ASIA) MANAGER1 will have access to ASIAN Subcontinent
                  -L2 (India) MANAGER 2 will have Access to country India
                            -L3 (New Delhi) MANAGER 2.1 will have access to city Delhi
                            -L3 (Mumbai) MANAGER 2.2 will have access to city Mumbai
                   -L2 (Malaysia) MANAGER 3 will have access to Country Malaysia
                              -L3 (Kuala Lampur)
                              -L3 (pahang)
             - L1 (Europe)
                                        u2026..
The requirement is that the CEO of the company should be able to see the entire set of data ( L0-L4).We have continent managers who can see that data specific to their continent, similarly at L3 Level the city manageru2019s should see the data only for their specific city.
In BI we have used analysis authorization based on hierarchies. We have created an authorization object say ZAUTH1 and have assigned the hierarchy L0 from RSECADMIN. Now, in Webi when we create a report a sample row comes as :
L0 Org Unit     L1 Org Unit     L2 Org Unit     L3 Org Unit     SALES Key Figure
Company ABC     Asia          India          Mumbai          1000
Now, we have MANAGER 2.2 who has only access to the data specific to his city (Mumbai). There is an Analysis Authorization object created for him ZAUTH2, by ONLY assigning the org unit hierarchy L3 (for Mumbai). When we run the bex report with the user MANAGER 2.2 u2013 it correctly displays the result and the user is only able to see the data for L3 Org Unit (Mumbai). However when you bring this data to Webi u2013 the report comes in the below format:
L0 Org Unit     L1 Org Unit     L2 Org Unit     L3 Org Unit     SALES Key Figure
Mumbai                                           1000
The L3 org unit has now got assigned to L0 Org unit , as this is the only org unit assigned to the MANAGER 2.2 user .
In such a case we are not able to write any generic formulae for the report. Is there a way to correct this issue? u2018Mumbaiu2019 should either get assigned to the L3 OrgUnit column is webi report , or is there a workaround that is possible ?
Thanks and Best Regards,
Vj

Hi Vijay,
The problem you speak of is known and comes from the fact that the hierachy is flattened in the process of delivering it to WebI. Therefore there is no real 'solution' to the problem, just some work-arounds you can think of...
1)
Create a report variable that starts looking at the lowest level, if it is empty check one up, and so on until you found what you were looking for (the lowest leaf available), which by definition must be there (even if it is top level).
Using similar logic you can also get a 'number of levels avaible' and so fill in the complete tree (duplicating the highest level).
This is difficult to explain when end users create their own reports, though you could provide a template report with these variables in there already.
2)
Extend the hierarchy with duplicates below the lowest level.
So i.e. L0 Company - L1 Continent - L2 Country - L3 City- L4 City - L5 City- L6 City.
This will give back on the four levels for top authorization
L0 Company - L1 Continent - L2 Country - L3 City
For authorization on Continent:
L0 Continent - L1 Country - L2 City- L3 City
For autorization City
L0 City- L1 City - L2 City- L3 City
So in all situations the fourth level, the L3 Object will hold the City level.
This you can then use in your report.
Hope this helps,
Marianne

Client certificate authentication with custom authorization for J2EE roles?

We have a Java application deployed on Sun Java Web Server 7.0u2 where we would like to secure it with client certificates, and a custom mapping of subject DNs onto J2EE roles (e.g., "visitor", "registered-user", "admin"). If we our web.xml includes:
<login-config>
 <auth-method>CLIENT-CERT</auth-method>
 <realm-name>certificate</realm-name>
<login-config>that will enforce that only users with valid client certs can access our app, but I don't see any hook for mapping different roles. Is there one? Can anyone point to documentation, or an example?
On the other hand, if we wanted to create a custom realm, the only documentation I have found is the sample JDBCRealm, which includes extending IASPasswordLoginModule. In our case, we wouldn't want to prompt for a password, we would want to examine the client certificate, so we would want to extend some base class higher up the hierarchy. I'm not sure whether I can provide any class that implements javax.security.auth.spi.LoginModule, or whether the WebServer requires it to implement or extend something more specific. It would be ideal if there were an IASCertificateLoginModule that handled the certificate authentication, and allowed me to access the subject DN info from the certificate (e.g., thru a javax.security.auth.Subject) and cache group info to support a specialized IASRealm::getGroupNames(string user) method for authorization. In a case like that, I'm not sure whether the web.xml should be:
<login-config>
 <auth-method>CLIENT-CERT</auth-method>
 <realm-name>MyRealm</realm-name>
<login-config>or:
<login-config>
 <auth-method>MyRealm</auth-method>
<login-config>Anybody done anything like this before?
--Thanks

We have JDBCRealm.java and JDBCLoginModule.java in <ws-install-dir>/samples/java/webapps/security/jdbcrealm/src/samples/security/jdbcrealm. I think we need to tweak it to suite our needs :
$cat JDBCRealm.java
* JDBCRealm for supporting RDBMS authentication.
* This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* In order to plug in a realm into the server you need to
* implement both a login module (see JDBCLoginModule for an example)
* which performs the authentication and a realm (as shown by this
* class) which is used to manage other realm operations.
* A custom realm should implement the following methods:
* <ul>
* <li>init(props)
* <li>getAuthType()
* <li>getGroupNames(username)
* </ul>
* IASRealm and other classes and fields referenced in the sample
* code should be treated as opaque undocumented interfaces.
final public class JDBCRealm extends IASRealm
 protected void init(Properties props)
 throws BadRealmException, NoSuchRealmException
 public java.util.Enumeration getGroupNames (String username)
 throws InvalidOperationException, NoSuchUserException
 public void setGroupNames(String username, String[] groups)
}and
$cat JDBCLoginModule.java
* JDBCRealm login module.
* This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* In order to plug in a realm into the server you need to implement
* both a login module (as shown by this class) which performs the
* authentication and a realm (see JDBCRealm for an example) which is used
* to manage other realm operations.
* The PasswordLoginModule class is a JAAS LoginModule and must be
* extended by this class. PasswordLoginModule provides internal
* implementations for all the LoginModule methods (such as login(),
* commit()). This class should not override these methods.
* This class is only required to implement the authenticate() method as
* shown below. The following rules need to be followed in the implementation
* of this method:
* <ul>
* <li>Your code should obtain the user and password to authenticate from
* _username and _password fields, respectively.
* <li>The authenticate method must finish with this call:
* return commitAuthentication(_username, _password, _currentRealm,
* grpList);
* <li>The grpList parameter is a String[] which can optionally be
* populated to contain the list of groups this user belongs to
* </ul>
* The PasswordLoginModule, AuthenticationStatus and other classes and
* fields referenced in the sample code should be treated as opaque
* undocumented interfaces.
* Sample setting in server.xml for JDBCLoginModule
* <pre>
* <auth-realm name="jdbc" classname="samples.security.jdbcrealm.JDBCRealm">
* <property name="dbdrivername" value="com.pointbase.jdbc.jdbcUniversalDriver"/>
* <property name="jaas-context" value="jdbcRealm"/>
* </auth-realm>
* </pre>
public class JDBCLoginModule extends PasswordLoginModule
 protected AuthenticationStatus authenticate()
 throws LoginException
 private String[] authenticate(String username,String passwd)
 private Connection getConnection() throws SQLException
}One more article [http://developers.sun.com/appserver/reference/techart/as8_authentication/]
You can try to extend "com/iplanet/ias/security/auth/realm/certificate/CertificateRealm.java"
[http://fisheye5.cenqua.com/browse/glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/certificate/CertificateRealm.java?r=SJSAS_9_0]
$cat CertificateRealm.java
package com.iplanet.ias.security.auth.realm.certificate;
* Realm wrapper for supporting certificate authentication.
* The certificate realm provides the security-service functionality
* needed to process a client-cert authentication. Since the SSL processing,
* and client certificate verification is done by NSS, no authentication
* is actually done by this realm. It only serves the purpose of being
* registered as the certificate handler realm and to service group
* membership requests during web container role checks.
* There is no JAAS LoginModule corresponding to the certificate
* realm. The purpose of a JAAS LoginModule is to implement the actual
* authentication processing, which for the case of this certificate
* realm is already done by the time execution gets to Java.
* The certificate realm needs the following properties in its
* configuration: None.
* The following optional attributes can also be specified:
* <ul>
* <li>assign-groups - A comma-separated list of group names which
* will be assigned to all users who present a cryptographically
* valid certificate. Since groups are otherwise not supported
* by the cert realm, this allows grouping cert users
* for convenience.
* </ul>
public class CertificateRealm extends IASRealm
 protected void init(Properties props)
 * Returns the name of all the groups that this user belongs to.
 * @param username Name of the user in this realm whose group listing
 * is needed.
 * @return Enumeration of group names (strings).
 * @exception InvalidOperationException thrown if the realm does not
 * support this operation - e.g. Certificate realm does not support
 * this operation.
 public Enumeration getGroupNames(String username)
 throws NoSuchUserException, InvalidOperationException
 * Complete authentication of certificate user.
 * As noted, the certificate realm does not do the actual
 * authentication (signature and cert chain validation) for
 * the user certificate, this is done earlier in NSS. This default
 * implementation does nothing. The call has been preserved from S1AS
 * as a placeholder for potential subclasses which may take some
 * action.
 * @param certs The array of certificates provided in the request.
 public void authenticate(X509Certificate certs[])
 throws LoginException
 // Set up SecurityContext, but that is not applicable to S1WS..
}Edited by: mv on Apr 24, 2009 7:04 AM

Do I need an Apple Enterprise Account to use MDM, do I need an Apple Enterprise Account to use MDM

Hello,
we want to use iPads in our company and manage them using a MDM Server.
My Question is, do you need an Enterprise Account to do this, or is this just for developing inhouse Apps?
thx,
best regards
nev

In order to use any 3rd party MDM, you must have an enterprise developers account. After you get it, apple gives you a certificate that authorizes the use of the MDM.
In Lion Server, you can create a self signed certificate that doesn' t require the Developers account, although Lion's MDM solution is not so fully developed as some of the MDM solutions out there.

BI authorization objects not appearing in RAR, error while generating role

Hi
I am facing certain problems relating to integration of BI module version 7 with GRC Access Controls version 5.3 and support package 06. I am describing the problems in details below:
(a) In Risk Analysis and Remediation (RAR) component, I am creating Functions and
      Risks for Business Intelligence (BI) module. For that I have downloaded the
      descriptive text and authorization object data from BI development system and
      uploaded the same in RAR. Then I have created 2 Function Ids DBI1 (having action
      RSA1) and DBI2 (having actions RSA11, RSA12, RSA13, RSA14, RSA15) and 1
      Risk Id for BI (having Function Ids DBI1 and DBI2) in RAR. But when I checked
      the permission tabs of the Function Ids DBI1 and DBI2, I could not find any
      authorization objects for the actions in them.
(b) In Enterprise Role Management (ERM), when I am trying to create a Role TEST-BI
       in DBI 100 and I put the BI transaction codes in authorization data , I get the
       authorization objects . Risk analysis is also being done successfully. But at the time
       of Role generation in background mode , it is giving an error message :
       Error generating role TEST-BI for system DBI 100: Unable to interpret * as a number.
       I am thus unable to generate any role in DBI 100.
(c) In Compliance User Provisioning (CUP), I have imported a standard role from DBI
      100. Then I have added Functional Area, Business Process, Subprocess and
      Criticality Level to this role in CUP. But when I try to assign this Role to an user, it
       gives an error Error creating request. But requests are getting created and roles are
       being assigned to users in ECC development systems using the same Initiator, CAD, stage
       and path.
Can anyone please help me ?

-

Km authorization in a Enterprise

Similar Messages

Maybe you are looking for