Making WF_Admin a Role

We currently have a single user set up as the Work Flow admin in transaction SWDC. We want any system notifications from workflow to go to more than this one individual. We attempted to set up the WF Admin as a Role but it does not seem to work. Looking for advice on the best way to do this.
This is what we tried.
Created a role called BCQAS:WF_ADMIN.
assigned two people to this role using PFCG.
Changed wf admin to be Role BCQAS:WF_ADMIN using SWDC.
We have an event defined which, when executed, is guarenteed to generate the error "Error in event receiver".
When we set up the WF Admin as a User, only that user recieves workflow system messages.
When we set up the WF admin as a Role, nobody recieves the system message.

We needed to get SAP involved to help work out the kinks but this is now working. This is what we did:
1) Created a new role (role name less than 12 characters per OSS note above)
2) Assigned several SAP Logon ID's to that role.
3) Had each of those individuals activate Auto Forwarding in their Office Settings to an Outlook Email address.
4) Now the WF Admin and the technical support staff all recieve the notifications.
Thanks to All.
-don.

Similar Messages

  • Question re: making root a role

    Once root is made a role, you cannot log directly in as root, even on the console. If all your user accounts are maintained in NIS/NIS+/LDAP etc, and your naming service is unavailable, does that mean you cannot log in? Is it a standard practice to always create a local account with the root role?
    Thanks,
    Mark

    Yup works fine... to add even more complexity - there wasn't a cable in the house long enough to reach between the APExtreme and the Cisco switch, so I tried something else.. I had my bluray player plugged into the rj45 of an  Airport Express in wireless bridge mode. I plugged that AP Express into port 2 on the Cisco switch, and my laptop into port 1, turned off wifi on the laptop - everything works fine.
    A little laggy, but it proves that the setup works, and I can get to moving some components around now so that I can run a cable between the AP Extreme and the Cisco switch.
    Thanks for the help!
    Don

  • How to track role change

    We have several groups making changes to roles in our portal. Is there a way to track roles changes and where can I find this information.
    We have several plants and portal admins at each site making changes to "shared roles". I need to track these changes.
    Thanks
    Mikie

    How do you transport the roles and groups?
    You should have a development and a test portal.
    You should also look into the Netweaver Developer Infrastructure.
    This should give you some help on tracking the changes!
    You should also set up your authorizations for your admins so that they cannot change the "shared roles".
    Check the portal security guide at:
    http://help.sap.com/saphelp_nw04/helpdata/en/5c/429f00a14aa54195b1c63ae1512d10/frameset.htm
    Regards
    Fredrik

  • Role Assignment does not get distributed from CUA

    Hi all.
    I create user and role in CUA client.
    There is no error in role generation.
    When I try to find my role in SU01 by pressing F4 of my role (Y*), system give me message role not found. But that's not my biggest problem.
    I can assign my role by typing manually.
    My biggest problem is only SAP ID get distributed into target system, not the role assignment.
    So in the target system I can see my user id without role assign to it.
    I checked my user id from SCUL. User and profile does not contain any error message in target client.
    I tried with transaction RSCCUSND, still my user id does not contain role.
    I checked my SCUM transaction, profiles and roles has Global settings.
    Does someone can give me a clue why this happens and how to solve this issue.
    Many thanks

    Lets try to simplify the thing in layman language.
    CUA is to manage user ids of different SAP systems (client level) centrally from one system without logging into each of those child systems. To do so, the Central system stores the information of the Roles (and their Text and Generated Profile Name ONLY) and Profiles (standard or non-generated profiles) in few of it's tables like: USLA04, USRSYSACT, USRSYSACTT, USRSYSPRF, USRSYSPRFT etc.
    It doesn't mean that the Roles for the corresponding child system is present in the central system and no need of creating (or making available) such roles in the Child systems. The physical existence of the Role for each system doesn't get transferred in the Central system when you do the Text comparison rather the identity only against the corresponding system.
    So the Roles has to be there in the corresponding Child systems and the Assignment (not physical assignment  -  only linking the name for that child system) of them to the user ids can be done from Central system.
    Also you have got the idea of Text comparison and requirement of keeping or creating roles in each system based on it's nature from the other posts.
    Let us know any more questions you have.
    regards,
    Dipanjan

  • Business partner role replication to R/3

    Dear ALL,
    Im making a BP role as contact person in crm  and wants it to replicate to R/3. But in PIDE in r/3 there is classification and classification has only organisation , consumer etc there is no contact person avaliable so how do i assign contact person BP role to classification which in turn would be assigned to account grp in PIDE for successful replication of BP roles.
    I hope im able to explain the scenario.
    Pls help me
    Regards
    Shibashish

    To replicate the contact person. You dont need PIDE setting or Account groups or classification.
    First download DNL_CUST_TSAB and DNL_CUST_TPFK. Then once run CUSTOMER_REL and then BUPA_REL in R3AS.
    Create a contact peron in Tx. Bp and Assign this contact person to customer/Sold-to party in Relationship tab.
    Go there and select "Has contact person" and put this contact person and Hit Create. You will have BUPA_REL generated as BDOC with no aparent destination as "OLTP". But you can see this contact person in XD03 of ECC on main screen "Contact person" tab.

  • How do you export separate audio tracks for Pro Tools?

    I need to give separate audio tracks to my sound mixer but am confused on how to do so in FCP X.
    So far I've:
    Set the dialogue roles and stems for each character
    Then I went into Master File>Settings
    Selected:
    "Format: Audio Only"
    "Audio File Format: Wav File"
    "Roles as: Audio only as separate files"
    "Dialogue"
    Sara
    "Stereo"
    And when I export and listen back to the wav file, there is either no audio or I hear select dialogue.
    The only thing I can think of that I am doing wrong, is that each characters dialogue is not on the same track like the picture below. The tracks highlighted is of one character's dialogue that I am trying to export onto one linear track to export into Pro Tools.
    Can tracks be assigned in FCP X? Or is there a crucial step that I am forgetting tthat explains why the audio for each character is not being exported.
    Thanks!

    If you're dumping audio for ProTools, you should be able to export XML for use in PT. Haven't done it myself, but the option's been there for a while now. You should be able to find instructions easily.
    If you want to stick with making Roles work, I suggest making sure the roles are assigned properly to each clip. Kind of a super pain in the neck, to go one by one, but ... that's the way. There are key commands for the three default roles, but if you've created custom ones then it's more time consuming. Is that 'Sara' one a custom Role that you've created?
    My only thought is you have compound audio clips there. Maybe go in and set the roles on the individual files inside the compound clips. Dunno...
    The visual organization shouldn't matter (one track above another). That's the X way.
    ((In your picture, you say you have some files selected. When I select, I get a yellow border; yours are light green and dark green. What is that?))

  • PAPI-WS data outdated after changes thru Process Administrator

    Hi.
    We have a strange problem. We are making changes in roles and participants using the Process Administrator. Then we have a development that uses PAPI-WS to access that info. But only if we restart the enterprise server we manage to see those updates to roles and participants thru the PAPI-WS. It seems that the PAPI-WS has a cache that is not updated nor refreshed.
    Any clues ? Can we force the cache refresh ?
    We are using Oracle BPM 10.3
    Thanks !
    Best regards,
    Matias.

    Hi Matias,
    PAPI-WS is a PAPI wrapper that exposes PAPI functionality through webservices.
    So, what I told you for PAPI also applies to PAPI-WS.
    Another PAPI (and also PAPI-WS) characteristic is that it doesn't refresh the roles of a participant while it is logged in. If you want to refresh your roles, you have to close your session and log in again. (like in the workspace)
    But... there is a single thing in PAPI-WS that PAPI does not have. That's the session pool.
    PAPI-WS has a session pool so as to avoid opening and closing sessions on every single request.
    So, in PAPI-WS you don't control explicitly the session log out. That's why the "participantCurrent" roles may not get updated.
    The good thing is that PAPI-WS session pool can be configured in papiws.properties.
    There is an interesting property "fuego.papiws.pool.timeout" that specify the session timeout (in minutes).
    The default value is 5 minutes.
    # Session timeout in minutes.
    # Related to the length of the interval between calls from the same user.
    fuego.papiws.pool.timeout=5
    May be you can do reduce that timeout to 1 minute and make the following sequence.
    1) Execute the participantCurrent webservice
    2) Assign a new role to a participant from the process administrator
    3) Execute the participantCurrent webservice (this time, it will show an outdated info)
    4) Wait one minute plus some seconds (the timer has low precision)
    5) Execute the participantCurrent webservice (this time, it should show the updated info)
    Hope this helps,
    Ariel

  • Authorizations for document management

    Hi,
    I'm trying to figure out what every authorization means and which effects it has...
    I created a new user, gave him all the necessary authorizations to use certain transactions in Document management by making a new role/profile for him
    After trying everything out, I still have a few questions:
    - with Authorization for change object link (C_DRAD_OBJ)I have the following properties:
    Activity: change, display
    document type: DRM-DRM
    linked SAP object: *
    document status: *
    I know how to display my object link, but how can I change it? <b>Do they mean with changing the object link, the creating of long text for the link or is there more to it?</b>
    - with authorization for document access (C_DRAW_DOK), I can't figure out what the options "Display Application archive" and "Change application archive" mean.  Which effect does it have when I choose them? Where do I consult the application archive? What is the application archive? => SOLVED
    - Do I also have to give the authorization "Display" when I want to give the authorization to delete something?  How can I delete a document info record without displaying it? =>SOLVED
    - <b>With "Status dependent authorizations for documents" (C_DRAW_TCS) what do the following options do?</b>
            *change application start (which difference with change?)=>SOLVED
    display application start (which difference with display)=>SOLVED
            *<b>request</b>
            *display archive =>SOLVED
            *change archive=>SOLVED
    I know it are a lot of questions but I'm making documentation on the authorization profiles of document management and when I figured those few last things out, I can share my documentation with the rest of you...
    Message was edited by: Vicky Liesens

    Good morning,
    Havent been watching this thread for some time now, so please shout if you do have any questions.
    Just a quick note on deleting documents:
    Setting the deletion indicator will simply mark the DIR for deletion, but, it will still be on the dB.
    After you have set the DIR for deletion, you need to run the program "MCDOKDEL", which has a test mode and a real mode.
    This program will physically delete the documents that you have marked for deletion.
    Regards,
    Freddie Botha
    www.documation.co.za
    SAP DMS, CAD Integration, Data Archiving, Imaging and Scanning and Workflow
    [email protected]

  • Transaction RZ10 is lock how parameter change of profile

    please, y help me,
    when I change some settings in the rz10 to record the transaction is blocked me
    thank you very much for the cooperation and support I can provide
    LEONOR ELENA DIEZ QUIROZ

    Hi,
    If you are unable to access RZ10 then the only reason could be that the user through which you are logging in
    does not have the authorization to run this transaction.
    You can assign authorization by either editing the existing role assigned to the user or by making a new role with RZ10 authorization and adding this role to the users profile using SU01.
    Or Login at OS level using <SID>ADM user and password and follow the path usr/sap/ and edit the profiles there.
    Also change the login/no_ automatic_ user_ sapstar parameter to 0 to enable the sap* user.
    Good Luck
    Rasheed.

  • Leave Request, Message that has 'Coming Soon' to our users

    Hello Everyone,
    We are going live with ESS in the next few months and although we are rolling ESS out to everyone, we are piloting Leave Request to our Exempt population.  I would like for our Exempt associates to access Leave Request normally, but have our other ESS users see a message titled 'Coming Soon' when they access Leave Request.  For our other (non-exempt users) they should see the 'Coming Soon' message  but also not see any of the functionality of Leave Request.  My preference is to do this without making two portal roles.
    Does anyone know of a good way to accomplish this in SAP Config.  If no option exist in config, then how about the Portal/WDJ?
    Thank you for your help.
    Scott

    Hi Everyone,
    I would like to follow up on this to see if anyone has any further ideas on how to show a message on leave request that is based on the employee (payroll area). 
    Unfortunately using a proxy class is not going to work for us because we are not using the homepage framework.
    An alternative solution to a message is to hide certain fields on the leave request application for a group of associates that have a certain payroll area (ABKRS).  For example, it would be beneficial for us to hide the fields 'Type of Leave', 'Date', 'Time', etc because we do not want to allow a group of associates to submit leave; however, it would be ok for them to see their Team Calendar.
    Does anyone know how this could be accomplished?  If a change to the WDJ is required, then will you please give direction as to where and how in the WDJ this could be changed?  I have imported the WDJ already but I am at a loss as to what to do next.
    Best Regards,
    Scott

  • Making existing roles watertight for HR data

    Hello,
    I hope to get nudged in the right direction in here. I already descended pretty much to the end of my rope and ... well ... I need some more rope
    The situation is like this - I inherited everything that has to do with maintenance of authorizations on our system half a year ago, the guy that did that before me is no longer in the company (so there's no use in asking what he was thinking (if anything) when he was putting the roles together). Documentation is scarce/non-existing. When it exists it's usually not up to date. I'm not exactly a newbie in authorizations field, but at the same time I'm not really that far away from being a newbie yet, so I'm not beyond listening to basics being pointed out to me.
    <u>The Utopia</u>:
    There are five single roles built for all users of our system (say R1, R2, ... , R5). They're supposed to build on one another, R1 being the basic role, R2 having a couple more authorizations than R1, and so on until R5 which is the role that also has all HR authorizations.
    <u>The Reality</u>:
    The roles have been designed in a hurry and from the top down starting with the sap_all profile and removing some (or most of the) CA, BC and HR authorizations. They were not properly tested. They do not derive from one another in any way ... R2 for example is a complete copy of R1 with some additional objects and values, same for all the others. Every problem needed to be fixed five times, once for every role. That of course resulted in chaos, things got changed just in one place and the basic role suddenly got more powerful than all the rest. These roles are in use in the production system and there are no plans to substitute them with something better in the very near future.
    <u>The Problem</u>:
    Suddenly (yeah, right ) the need arose to have these roles watertight with regard to HR data. I did some rudimentary testing and sure enough they're nowhere near watertight even for the most common HR transactions. There are ranges defined in S_TCODE for which I have no idea why they are as they are, there was access to SA38 given where SAP HR programs with no authorization group (and no transaction code) assigned could be run by everyone ... there's god knows how many other security holes. The only help I got from the HR consultants was the list of all 2000 or so HR transactions (taken from the SAP menu tree) which shouldn't be accessible to a normal user. I suspect I might be in need of a typing monkey to check them all five times
    <u>Question</u>:
    How do I close as many security holes in these roles as possible? What's the strategy when dealing with such tasks? I've made it clear to the management that we probably won't have watertight roles if we don't create new ones, but making a set of new roles created properly from the bottom up is out of the question at this moment.
    I'd be extremely grateful for any advice or if anyone could point me to any kind of documentation about making roles like ours more secure for protecting HR data (and also keeping the users away from any BC stuff).
    In the meantime, I'm off to searching through the archives of the forum.
    ursa

    Mopping the floor with the water running is a spot on description
    Actually we're in the process of setting up new and improved authorizations but (of course!) the testing phase turned out to be much more time consuming than anticipated. No surprise to me, however someone obviously thought authorizations are a matter of defining roles and their menus and the system does everything else by itself. Riiight.
    What I did so far - first I educated myself on the specifics of HR authorizations. I never had to deal with those before, so (for example) it was a surprise to me that there's actually a separate SAP course dealing with HR authorizations Then I compared the existing roles to each other like you suggested and figured out a way that allowed me to do all the modifications with least amount of work. I cleaned most of the infotypes out of P_ORGIN and (to cover my behind), adjusted the ranges in S_TCODE to exclude the 2000 HR transactions our HR consultant listed for me.
    Most importantly - I made it clear to the guys above me, that with the roles we use I can't guarantee HR data to be inaccessible for people who should stay away from it. So ... back to the testing of the new authorizations
    Thanks for your help! It always makes a huge difference to get something like a second opinion when one can't decide if left is better than right or if it's the other way around.
    ursa

  • Making Customer Pricing procedure mandatory in BP Role-CRM 5.0

    Hi
    Our requirement is to make Customer Pricing procedure mandatory in BP Role "Sold to Party"-CRM 5.0. I have configured for the same in IMG Field Grouping. Now when a end user goes for BP creation & goes to Sales area maintenance then an error message is displayed for the same.
    But if only general data is maintained then this message is not displayed. Now requirement is to display an error message if a person leaves without maintaining sales data.
    Please help me in resolving this.
    Thanx in advance.
    Cheers
    Hits

    In the completeness procedure detail, use the object Pricing and field Customer pricing procedure. relevance header / item or both, message category - Error
    Hope this helps
    <b> <i> IceCube </i> </b>

  • Making Dimensions invisible for a role in ssas cube

    Hi All,
    I have a dimension and I don't want the users of a specific ssas role to use/see this dimension. At moment I am using attribute security by defining a deny member set. Is it possible that the user (belonging to that specific role), while browsing/querying
    the cube, can not see the dimension itself?
    I can use perspectives but I am looking for some other way, if any.
    Nitesh Rai- Please mark the post as answered if it answers your question

    Hi Nitesh,
    Perspective is not a solution, it's a workaround. SSAS don't provide an opportunity to hide dimension from specific role.
    Your issue is discussed
    here and
    here too.
    Best regards.

  • Making users available for OpenSSO realm group and role assignment?? Help.

    Here is the situation. We have 3 Open SSO realms set up. One we have called OpenSSO-Admin, a second called OpenSSO-Provider and a third OpenSSO-Internal. We are having issues provisioning and managing the OpenSSO-Internal OpenSSO-Provider realms, but OpenSSO-Admin seems to be fine.
    Here is the behavior that is manifest.
    In the 2 'broken' realms, when we create users and assign them to the appropriate Open SSO realm, they appear to be provisioned correctly in IDM as well as the realm (We have validated user creation in LDAP and everything about the user appears to be fine). When we view the groups and roles in the specific resources, we are presented with a list of users that are in Brackets and appear to be provisioned. The brackets indicate that the users are not found as available users. The bracketed users can not be unassigned, nor can any others. note, our bracketed users in the list of assigned users are created from a workflow which assigns them directly to the appropriate group and role based on their business role.
    The third realm, OpenSSO-Admin works fine and we can add, and manage users in the groups and roles within the realm.
    We have ruled out the workflow as a source as the problem persists when we use the tool to manage users. We can create a user from scratch and add them to the realms. In the 'Broken' relms, the users do not appear in thelist of available users to be assigned to the groups or roles. Yet in the 'good realm, everything appears fine. We can move users from one realm to another and the problem persists in the broken realms, but when a user is added to the 'good' realm, everything is fine.
    I have tried reconciling and get no different results.
    Question is, We have isolated that the issue seems to be in the generation / management of the left hand "Available Users" list. How and where is this generated from and how can we check/fix or regenerate this list?
    Thanks.
    Joe

    I should clarify. We are using Sun IDM 8.1

  • Issue while making duplicate roles from standard roles.

    Hi Expert,
    I have copied ESS and MSS role to a Z_ESS and Z_MSS role and assigned this role in
    permission->set this under medium_security .
    Portal Links donot get open when i click on it, it shows "page not available or not found".
    But if i assign Standard roles(ESS and MSS)  then it is working fine.
    Please assist what needs to done to make it copy roles as standard roles

    Hi rishavsharma,
    you are referring with  medium_security to the Security Zones, but the roles need to set the PCD Pemission setting correct in the permission area of the PCD itself (Content Admin and in the menu you should see persmissions) and don't forget the enduser flag for the user/group who use the role.
    Also ESS/ MSS Role changes need also changes in the backend if Webdynpro ABAP is used.
    Regards,
    Kai

Maybe you are looking for