Managing Roles in SAP

Similar Messages

• Content Management Roles in SAP

  Hello Everyone,
  There are three Content Management Roles provided by SAP, but when we search for these roles in User Administration -> Roles,  only one Content Management role is shown up. Can anyone explain ??

  Hello,
  If u search for "Content Manager" in  the search tab under Content Administration role, u'll b able to see 3 Content Manager roles as follows:
  Content Manager with PCD Location   "pcd:portal_content/com.sap.pct/specialist/com.sap.km.ContentManager/com.sap.km.ContentManager"
  Content Manager with PCD Location 
  "pcd:portal_content/specialist/contentmanager/ContentManager"
  Content Manager with PCD Location "pcd:portal_content/specialist/contentmanager/com.sap.km.ContentManager"
  But if u do the same search in User Administration -> Roles, only one Content Manager role with PCD location "pcd:portal_content/specialist/contentmanager" is shown up. This was what I meant.
  Any idea on the same?

• Error While creating Collection Management role

  Hi
  We did a client copy and Iam getting the error "Database error UDM_PR_HEAD UDM_COLL_BUPA 5" whenever I tried to create collection management roles.
  Database error UDM_PR_HEAD UDM_COLL_BUPA 5
  Message no. UDM_WORK_LIST010
  Diagnosis
  Database instruction UDM_PR_HEAD was not successful.
  Procedure
  If you can reproduce the error message, contact SAP Support.
  Anyone knows anything about this error?
  Thanks

  Hi Ram,
  sorry for the inconvenience, can you provide the collections management(ecc6.0) configuration document.
  i am trying to learn that but i could not find any related document .
  Thanks,
  Ravi

• Creating Roles in SAP ECC for autority in BO

  Hi Guru's,
  Can anyone point me to additional information about how provisioning works in SAP ECC for BO?
  I am also looking for information on how to create some general roles in SAP ECC to transport into BO to control authority.
  I have already read through the "Business Objects Enterprise Admin Guide".
  Thank you in advance,
  Steven

  Hi,
  to synchronize the roles you can use CUA. In CUA, you define 1 system as a central store for user administration and then distribute the users + roles + groups to the systems. You configure your EP and ECC to receive the user data from that system, therefor, you user information is in sync.
  SAP Help: http://help.sap.com/saphelp_nw70/helpdata/EN/07/622441cd87a12be10000000a1550b0/frameset.htm
  For more information, there is an SAP product: Identity Management.
  SDN: https://www.sdn.sap.com/irj/sdn/nw-identitymanagement
  To upload ECC roles to EP:
  SDN Article: https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/06a0e690-0201-0010-4b9f-e529c345a831
  User Mapping is for logging in to a backend, when the userid in the backend is different from the userid in the portal
  SAP Help: http://help.sap.com/saphelp_nw04s/helpdata/en/f8/3b514ca29011d5bdeb006094191908/frameset.htm
  br,
  Tobias

• Content Management Role missing in EP 7

  Hi Experts,
  I have to store some documents in SAP EP KM. I have noticed that Content Management Role missing. We are using EP 7. Its strange. Can you please let me know the reason. Earlier I was using Content Management role for storing documents, Collaboration etc.
  Regards,
  Gary

  Hi,
  Go to User Administration ->  Identity Management.
  Select the user and  click the modify button.
  Go to the assigned roles tab
  search for the Content Manager
  Add only pcd:portal_content/specialist/contentmanager/ContentManager role and save.
  Hope that helps.
  Raghu

• Enterprise Risk Management Approach in SAP GRC

  Hi All,
  Can you please let me know  as to what is the approach followed for implementation of  Enterprise Risk Management (ERM) in SAP GRC.  Also please tell me how the internal control frameworks like COSO, COBIT is mapped to ERM in SAP GRC.
  Regards
  Vivek

  Dear Vivek,
  While assigning roles to users, you will be displayed the risks that are identified with those roles, if any. You can either mitigate or remove the roles.
  The process covered by GRC Risk management includes the following steps:
  -Risk Planning: Determines the approach to risk management in each business area or project. This includes setting up the risk management organization and defining risk thresholds . This phase is partially supported by a software application.
  -Risk Identification and Analysis: Identifies the risks in order to analyze and prioritize them along different attributes, such as probability of occurrence and potential total loss associated to the risk.
  -Risk Response: Decides on actions needed to respond to a risk. One action could be to actively mitigate the risk to reduce probability of occurrence and/or potential impact.
  -Risk Monitoring: Includes the regular update of risk information and the risk reporting to monitor progress along the risk management process.
  The Risk Management application provides a set of different reporting capabilities based on the individual needs of the target groups:
  -A set of built-in reports that are delivered with the application. These reports allow risk managers to review the current risk state.
  -Visual Composer based dashboards that provide information about the current risk status on an aggregated basis. The dashboards fulfill the risk reporting needs of senior managers and line managers.
  Step 1: You maintain the Risk structure
  1. You set up the organizational hierarchy
  2. You set up the Activity Hierarchy
  3. You set up the Risk Hierarchy
  Step 2: You perform the Risk Assessment
  1. You identify the risks
  2. You analyze the risks
  3. You respond to risks
  4. You document the Incidents
  Step 3: You analyze risk reports
  1. You generate risk reports
  2. You report the incidents
  Step 4: You analyze the dashboards
  Refer SAP documentation on GRC for more information.
  Regards,
  Naveen.

• Solution Manager and a SAP GRC AC 5.3

  Hello,
  We have a Solution Manager and a SAP GRC AC 5.3
  We ant to know if somebody knows how to connect or the architecture os infrastructure to connect the Solution MAnager with the GRC.
  What we have to do is... If someone in the Solman does a user or role request, the SAP GRC gets this request and begins the necesary workflows.
  I need help
  Best regards.
  Pablo Mortera.

  Hi,
  As per your requirement, you want that the request should be automatically trigerred from Solman to GRC.
  In GRC, CUP is used to provision the user and roles. The request can directly be created in CUP by a functionality known as HR triggers however this requires SAP_HR module which is not present in Solman.
  So it is not possible to create request directly from solman. User can login to CUP and then can create the request for his login.
  Regards,
  Shweta

• Travel Management: Role and authorization

  Dear forumers!
  What standard travel management role can I copy and modify according to my requirements in order to let the user only watch t-codes TRIP, PR05, etc. without a right to edit data? Or there should be some other actions with a role to make it for watch only without editing?
  Standard roles are:
  SAP_FI_TV_TRAVELER - we don't need this one
  SAP_FI_TV_TRAVEL_ASSISTANT
  SAP_FI_TV_ADMINISTRATOR - I already use this role
  SAP_FI_TV_MANAGER_GENERIC
  SAP_FI_TV_ADVANCE_PAYER - we don't need this one
  SAP_FI_TV_TRAVEL_MANAGER - I already use this role
  Best regards,
  Eldar

  Hi,
  Always the best process to do is to copy the standard role and customize it for own authorization concept (Business requirement). I think there is an another thread with the same issue in SAP HCM as well.
  Regards,
  Dora.

• Integrate external identity management solution in SAP GRC Access Control

  We need to integrate an external identity management solution into SAP GRC Access Enforcer. Some white paper mention extensibility is provided by web services. It seems that none of these web services are documented. Does anybody have infos about these services and documentation. Any hint is appreciated.
  thanks
  Detlef

  Unfortunately Access Enforcer doesn't implement a number of critical requirements and implementing it "as is" would be a lot of steps backwards in our process.
  what do the published webservices do? Is there any documentation about them?
  In a part of our process, we must manually pick the current roles(1), the pending roles(2) (roles that were approved but not given due to training prerequisites) and the requested new roles(3) and make the simulation in the VCC.
  The information (1) and (2) and (3) we have in our internal system, the information (1) we have inside VCC and (2) and(3) must be manually inputted by the operator to run the simulations. Since this operation is repeated 6000+ times a month in my company, eliminating this manual input will cause a great gain in efficiency.
  Other thing that we want to do is to create a job where it would automatically desassociate the mitigating controls if the user does not have the risks anymore (users can lose roles automatically in some events here, so it would be coherent that the user also loses the associated mitigating controls)
  IMHO as a former programmer, these are classic cases where I would like to consume some webservices for this tasks to avoid a lot of ctrc ctrlv from the operators (inefficient and error prone)
  VCC has any documentation that would help me to find how I would do this integrations?
  Thanks in advance

• BP Role in SAP CRM 7.0

  Hi Gurus,
  As i am new to SAP CRM, not able to understand from where to start the config can anybody help in this regards.
  Which are the steps to follow for BP-LEAD-OPPORTUNITY-QUOTATION
  and also give your ideas regarding How to create BP Role in SAP CRM 7.0
  Thanks in advance....
  Regards,
  Dinesh Deshpande.

  Well, first of all you should do a business blueprint so that you know what business process you need to support. And then you can consider the actual implementation.
  And then you can use SAP's best practice guides as a starting point when doing the actual setup. Here are some links:
  http://help.sap.com/bp_htel603/BBLibrary/Content_Library_HTE_EN_US.HTM
  http://help.sap.com/bp_crmv12007/CRM_DE/BBLibrary/html/BBlibrary.htm
  /Anders

• Managed Role Scope

  I learned that roles in DS are scoped to where they are created. Meaning if I create a managed role called role1 in ou=Roles,dc=sun,dc=com only entries (ie users and groups) under the ou=Roles branch will have visibility to role1. But since all my users are created underneath a different ou (ie ou=People), how do I get role1 to be visible to the users under ou=People? From a day's worth of reading, this doesn't seem possible. The only way around is to create the role under the ou=People branch. In this approach, all the member searches are behaving correctly. My concern is we will have thousands of roles, what's the scalability of having that many roles mingled with all 750,000 user entries under ou=People...
  Any help is appreciated!

  The problem with that is the nsRole virtual attribute never gets >calculated. While, the nsRoleDN will allow me to find all the roles for a >given user with a search filter like this:
  uid=user1 nsRoleDN
  I need the nsRole virtual attribute to find role members (all members >with a particular role)
  for example, using this search filter
  nsRole=cn=role1,ou=roles,dc=sun,dc=com
  to retrieve all members of role1. and this does not work unless role1 >was in the same scope as the user or aboveWhat about using
  nsRoleDN=cn=role1,ou=roles,dc=sun,dc=com
  It should return all members of role1. In the same time usage of on-the-fly computed nsRole attribute in searches isn't supported - please see Note 2 in the same link:
  http://docs.sun.com/source/816-5606-10/roles.htm#1117631

• Update manager in IdM automatically when the manager changes in SAP HR

  Hi Experts
  I have been given a requirement where the manager of a user in IdM should be updated automatically when the manager changes in SAP HR.
  The HR extraction job is currently in place and runs every 30mins.
  Please could you give me some ideas on how to implement this.
  IDM 7.2 SP 6
  Thanks
  Ran

  Hi Deepak
  I have been discussing this a bit more in detail with the client. So, the issue is as follows
  When a new/replacement manager is hired
  When people are moved from one org unit to another
  The scheduled extraction job (RPLDAP_EXTRACT_IDM with a variant with the delta tick on) does not update the new manager info in IDM for the relevant users who report to that manager. The client has to run the program (RPLDAP_EXTRACT_IDM with a variant with the delta tick off) manually each time for the affected users which updates the manager info successfully in idm.
  I investigated the query LDAP_IDM_QUERY from user group /SAPQUERY/L1 and want to know if the below should be ticked as well. Your thoughts please?
  Please advise.
  Thanks
  Ranjit

• Document Management System for sap mm point of view steps

  Hi All.
  Document management system for sap mm point of view steps required.
  Thanks in advance for all sap mm forum members.
  Regards.
  Parameshwar

  Hi,
  Customizing settings can be collected by processes into Business Configuration Sets (BC Sets). BC Sets make Customizing more transparent by documenting and analyzing the Customizing settings. They can also be used for a group rollout, where the customizing settings are bundled by the group headquarters and passed on in a structured way to its subsidiaries.
  BC Sets are provided by SAP for selected industry sectors, and customers can also create their own.
  When a BC Set is created, values and combinations of values are copied from the original Customizing tables into the BC Set and can be copied into in the tables, views and view clusters in the customer system. The BC Sets are always transported into the customer system in which Customizing is performed.
  Advantages of using BC Sets:
  1.     Efficient group rollout.
  2.     Industry sector systems are easier to create and maintain.
  3.     Customizing can be performed at a business level.
  4.     Change Management is quicker and safer.
  5.     Upgrade is simpler.
  To create BC sets follow the below step:
  Choose Tools ® Customizing ® Business Configuration Sets® Maintenance in the SAP
  menu, or enter the transaction code SCPR3 in the command field.
  Choose Bus.Conf.Set ® Create.

• "Discovery Manager" role cannot place a mailbox on hold

  My Company is testing Exchange 2013 and Exchange Online. We would like to have all discovery functions managed by our legal team.  We have assigned test users the “Discovery Manager” role.  That role should allow them rights to search all mailboxes
  and put search results on hold. Additionally, the discovery manager role should allow them to select a user mailbox in EAC, open the "Mailbox Features" page and enable litigation hold on the mailbox (no searching required). 
  We have found the second feature, enabling litigation hold without searching, is unavailable to discovery managers when using EAC. The "Mailbox Features" page is not exposed to discovery mangers using EAC.  The discovery manager can place a mailbox
  on hold using PowerShell but that would not be a reasonable option for our legal team.
  Please confirm if my understanding is correct, discovery manager should be able to place a mailbox on hold as well as in-place hold using EAC.
  Thanks in advance,
  Ron

  Does "Get-RoleGroup "discovery Management" | FL *role*" show that the Legal Hold role is assigned to the Discovery Mgmt role Group? If so, then  you may need to assign the "Recipient Management" or "Help Desk" role to those users as well or if you wish
  to security trim their access, create a customized RBAC role for them.
  Alternatively, see if they can simply set litigation hold via Powershell with set-mailbox
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Setting the Roles in SAP

  Hi,
  I am integrating SAP with IDM. I have developed a code to create the user in SAP and at the same time trying to set the roles and timezone to the user. There is no problem in creating the user object. But, Roles and timezones are not set in the user object.
  I need your help in setting up the values in SAP...
  Thanks
  Ilayarajan

  Nikhil,
  As you suggested, I have created an object to set the roles in SAP.
  <Object name='SAP'>
  <Attribute name='activityGroups' value='ROLE1'/>
  <Attribute name='fromDate' value='07/15/2007'/>
  <Attribute name='toDate' value='12/31/9999'/>
  </Object>
  * 'activityGroups' is the resource mapping variable. I am using this code snippet in my provisioning WF. But, the vaue is not setting in the SAP.
  Could you Pls, tell me what changes I have to make to set the Roles in SAP.
  Thanks
  Ilayarajan P