Mass Reprovisioning Business Roles

Similar Messages

• Mass recertification of business roles

  Hi community,
  I was wondering if there is a possibility to perform a mass recertification of business roles in GRC frontend. Via Role Maintenance, one can re-certify each role manually, but if you have 10.000 roles, this is obviously not a solution.
  I did not find any suitable way via Mass Update, or I kind of overseen the attribute. Do you know any way to perform a mass role recertification in NWBC?
  Thanks in advance.
  Kind regards,
  EM

  Hi Eric,
  I guess there is no mass certification.Raise a message to SAP for confrmation and share the update.
  It would be helpful..
  Thanks,
  Mamoon

• Use GRAC_USER_ACCES_WS to provision Business Role

  I have situation where I need to provision several hundred users across 90 business roles. I have been experimenting with FM GRAC_IDM_USR_ACCS_REQ_SERVICES (underlying FM for enterprice service GRAC_USER_ACCES_WS) to automate mass provisioning using GRC access requests. I figured out how to use the FM to provision technical roles to users but cannot get it to work for GRC Business Roles.
  If the service cannot provision business roles, that would imply that an IdM would also not be able to do so. We are currently looking at IdM (non-SAP) solutions. Now I wonder if the value of business roles we are building will be diminished if an IdM is used.
  Is it possible to provision business roles using the service and/or FM? If so, any details on the input values required would be much appreciated.

  Hi Harinam,
  Thanks for the details. I have already raised a OSS message to SAP.
  I have implemented SAP note 1930923 in GRC sandbox system and can see that the mail issue I am reporting was no longer appearing. But I have seen new one this time
  After note implementation: (Change Account Request Type with Business Role Assignment)
  Hi GRC User Demo 1 (Z_GRAC_USER1),
  The Request number : 592 , has been processed and the Request is Closed. The details are as follows:
  XX Business role assigned to Z_GRAC_USER1
  Kind regards,
  Access Control Administrator
  Before and After note implementation: (Change Account Request Type with Business Role removal)
  Hi GRC User Demo 1 (Z_GRAC_USER9),
  The Request number : 593 , has been processed and the Request is Closed. The details are as follows:
  YY Role removed from Z_GRAC_USER9 ( )
  Kind regards,
  Access Control Administrator
  Now the issue during role assignment is resolved, but during role removal mail notification says role has been removed from user and ends with empty brackets ().
  For single roles in this brackets it usually fills the system name. May be for business roles since there will not be any specific system it is coming empty, but I think SAP should fix this.
  Let me know if you are also facing the same
  Since you confirmed that you are using business roles, let me know any critical issues which you came across as part of SP13 as we are also on SP13 and could be helpful.
  Thanks once again for taking your time in replying for my issue.
  Regards,
  Sai.

• Restricting an administrator to only adding or removing Business Roles

  Hi:
  Is there an out of the box rule or form in IDM that can restrict an administrator to only adding or removing business roles from accounts?
  Thanks.

  Hi Dwayne,
  This BU ruling is somewhat of a newer function with OIA. For mass alteration, the old-school way would be to execute a SQL script directly towards the DB.
  Simply change the last line on what correlation you wish (in this situation, it's looking at the BU Name and the GU office name)
  delete from BU_GLOBALUSERS where businessunitkey > 0;
  insert into BU_GLOBALUSERS(BusinessUnitKey,GlobalUserKey)
  select BU.BusinessUnitKey, GU.GlobalUserKey from BUSINESSUNITS BU, GLOBALUSERS GU
  where BU.BusinessUnitName = GU.officename;
  Regards,
  Daniel Redfern
  Technicalconfessions.com

• Error while creating Business Role

  Dear Frnds,
  I am working on webclient , am trying set a Business Role of my own .But it say "You Cannot Assign one PFCG role to different business roles" .As when i copy the standard business role to that role there  is no  PFCG role assigned. Here i tried copying IC web Manager and do .
  Can anyone guide me to solve this.
  Appreciate your Help and Thanks in Advance.
  Cheers
  Ram

  Guys,
  I got resolved , Follow the Note :-1077251.
  Thnxs
  Ram

• Assigning Business Roles - No such task exists

  I am trying to create a user ID and assign a Business Role in the process.  The attribute that I am using is MXREF_MX_ROLE.  It is defined as a multivalue system attribute with a data type of entry reference and the reference type in MX_ROLE.
  From my workflow task, I can select the role from the selection window but when I click OK to save to the identity store, I get an error "You have tampered with the params".  From the Monitor UI, I see the message "Failed setting value for attribute Member of Role.  No such task exists"
  I have a Modify User task that uses the same attribute.  When I attempt to use it, I get the "Failed setting value for attribute Member of Role.  No such task exists".  But I do not get the "you have tampered with the params" message.
  I am only trying to set this in the identity store right now.  I am not yet ready to provision to my ABAP system.
  Any assistance is appreciated.

  Hi Lori,
  in case you have linked privileges to your role, SAP NW IdM searches for tasks in the related repository (as stated in the attribute MX_REPOSITORYNAME of your privileges). Type in the ID of some test tasks in the repository constants MX_DEPROVISIONTASK, MX_PROVISIONTASK and MX_MODIFYTASK and see if it works.
  Otherwise, there could be a missing relation the other way round from the role to the user. See if there is a MXMEMBER_MX_PERSON attribute in your role.
  Best regards,
  Nils

• Individual Account Creation in IC_AGENT business role.

  Hi,
  After system got upgraded from 6.0 to EHP1, marketing attributes are not working as expected.
  When i create an Individual Account type in ZIC_AGENT business role, it gets created successfully but its marketing attributes are not getting set when i check in the Account overview.
  There is a BADI implementation of "BUPA_GENERAL_UPDATE", i debugged and found that in FM "CRM_MKTBP_READ_KSSK_AUSP", system is trying to get the attributes from table "ausp"
        select * from ausp into table et_ausp
            where partner_guid = lv_guid
            and klart = 'BUP'.
  I think, somewhere configurations are not done correctly. But i am aware where i check all these configurations for markting attributes corresponding to BP. If you know then please let me know.
  Thanks
  Raman.

  Hi,
  You can check it in ,
  MARKETINGPRO ( business role ) -> Marketing ( work center ) -> attribute Sets
  search for the specific attribute/attribute set. go to OV page ..there will b check box for person and organization.
  Regards
  Sandeep Kumar B

• Getting error in IC agent business role while loading components.

  The user has been allowed and access to all business role.user are using all business roles but when user click on the IC agent business role the following error arise.
  Cannot display view CRMCMP_BPIDENT/BuPaMultipleLayoutVS of UI Component CRMCMP_BPIDENT
  An exception has occurredException Class CX_CRM_GENIL_GENERAL_ERROR - Component set CRMIC_DEFAULT cannot be loaded with BP_APPL+EMPTY+IC_ACCT_ID since multiple object definitions exist for component SO2
  Method: CL_CRM_GENIL_INTERNAL_MODEL=>LOAD_COMPONENT_SET
  Source Text Row: 124
  Initialization of view CRMCMP_BPIDENT/BuPaMultipleLayoutVS of UI Component CRMCMP_BPIDENT failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BPConfirmedPartners.MainWindow in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view CRMCMP_BPIDENT/BuPaMainVS of UI Component CRMCMP_BPIDENT
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BPConfirmedPartners.MainWindow in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Initialization of view CRMCMP_BPIDENT/BuPaMainVS of UI Component CRMCMP_BPIDENT failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRMCMP_BPIDENT/BuPaMultipleLayoutVS in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view MainWindow of UI Component CRMCMP_BPIDENT
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRMCMP_BPIDENT/BuPaMultipleLayoutVS in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Initialization of view MainWindow of UI Component CRMCMP_BPIDENT failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRMCMP_BPIDENT/BuPaMainVS in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view CRM_UI_FRAME/WorkAreaViewSet of UI Component CRM_UI_FRAME
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BPIDENT.MainWindow in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Initialization of view CRM_UI_FRAME/WorkAreaViewSet of UI Component CRM_UI_FRAME failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BSPWD_BASICS/WorkAreaHostViewSet in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view CRM_UI_FRAME/MainWindow of UI Component CRM_UI_FRAME
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BSPWD_BASICS/WorkAreaHostViewSet in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Initialization of view CRM_UI_FRAME/MainWindow of UI Component CRM_UI_FRAME failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRM_UI_FRAME/WorkAreaViewSet in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view Root.htm of UI Component CRM_UI_FRAME
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRM_UI_FRAME/WorkAreaViewSet in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  An error occurred during initialization of the application
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRM_UI_FRAME/MainWindow in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  I could not able to diagnose the error from where it is coming and I goggled lot but did not find anything about the above cited issue .
  if any of you can help me to solve this soon it will be highly appreciated .

  Hi,
  I am not sure if this appies here. You might check
  SPRO->CRM->crm cross-application components->
    Generic interaction Layer/Object Layer ->
       component-specific settings->
         define simple objects
  For these objects 2 rules apply:
  1. 'search object name' can only be used once.
  2. 'search object name' should not have the same name as any 'object
  name'.
  Do you have any entries, which break these rules?
  If it is related to component enhancement, note 1122248 might help.
  Best Regards,
  Sigrid

• Using fact sheet 'BP_ACCOUNT_FS' in IC business roles

  Hi experts!
  I have a requirement to customize the fact sheet in IC business role, where the 'ICCMP_AFS' fact sheet always opens. But I need all the assignment blocks and information that is in 'BP_ACCOUNT_FS' fact sheet.
  So, is there any way to make that in IC Business Roles there was fact sheet 'BP_ACCOUNT_FS' but not 'ICCMP_AFS'?
  This question is extremely important for me.
  Thanks in advance,
  Andrew.

  Hi, Chimalwar!
  What I've done:
  1. Defined logical link 'ZIC_AFS' in transaction CRMC_UI_NBLINKS, by copiyng it from standard 'IC_AFS'. I only changed the parameter and put it 'BP_ACCOUNT_FS'.
  2. Define Profile (choosed the profile I need) -> Define Generic OP Mapping
  Choosed my navigation bar profile and made the following customizing:
  Object type: FACTSHEET
  Obj.Action: B Display
  Use target: nothing checked
  Target Id: nothing selected
  Use Link: checked
  LogLink ID: ZIC_AFS
  3. Transaction 'BSP_WD_CMPWB', Component: BSP_DLC_FS -> Component structure browser -> Views -> BSP_DLC_FS/factsheet. I've created my own configuration, copying it from standard 'BP_ACCOUNT_FS':
  Config key: my own, for my business role
  Component usage: <DEFAULT>
  Object Type: 'BP_ACCOUNT_FS'
  Object Subtype: <DEFAULT>
  After confirming Business Partner I can see the fact sheet I defined.
  But my task was to see the fact sheet of the business partner when I select it in a call list, before I confirm it. And there was ABAP.
  Regards,
  Andrew.

• Mapping between ICProfiles in CRM 5.0 VS Business role in CRM 7.0

  We're upgrading CRM Webclient UI from CRM 5.0 to CRM 7.0. As per Upgrade Master Guide, there is listing of Migration activities. We're working on Migration Activities for IC Profiles in CRM 5.0 to Business Role in CRM 7.0.
  Please advise us how to do mapping to set up Business Profiles on the basis of IC Profiles in CRM 5.0
  Thanks,
  Saeed

  This issue has been resolved. MAy be closed.
  This is manual mapping process

• CRM 7.0 How to create Business role & generate

  Hi Team,
  Can you please let me know some breif idea about CRM 7.0 security guide.
  How to created Business role is this part of functional activity?
  Whats the role of Technical colleagues BASIS guys in CRM 7.0 security .
  Please help me to get some document regarding business role creation , generation , assignment & authorization checks in CRM 7.0.
  Thanks & Regards,
  Vyash Mishra

  Hello Viyash
  I will add the most important information for generation of business roles and assignment of authorizations to users.
  You must first create the PFCG roles. PFCG role is built based on the Business Role.
  Please see documentation in : SPRO
  SAP Implementation Guide =>  Customer Relationship Management
  UI Framework  > Business roles > Define Authorization Role
  Then the PFCG role can be assigned to the business role in 
  SAP Implementation Guide =>  Customer Relationship Management
  UI Framework  > Business roles > Define Business role
  Finally you must assign business roles to Organizations or positions in organizations in
  SAP Implementation Guide =>  Customer Relationship Management
  UI Framework  > Business roles > Define Organizational Assignment
  The users that are assigned to such organizations / positions will be therefore linked to the business role.
  With the previous steps the users will have the authorizations that are assigned to the PFCG profile that is linked to their business role.
  Business roles are the main way to configure authorizations for users in CRM but you have more options that give you flexibility.Each business role has assigned one PFCG role, but the relationship between business role and PFCG role is not strict. You can even assign a dummy PFCG role to a certain business role in business role customizing and then go to transaction PFCG and assign other PFCG role(s) to the users that are assigned to that business role.
  I would say that the previous tasks must be performed by the basis team but in cooperation with the functional team
  Best Regards
  Luis Rivera

• Copied SALESPRO business role in CRMC_UI_PROFILE, but odd results show.

  I have created an new role (Z_SALESPRO) using transaction CRMC_UI_PROFILE. The copied role had all objects copied and I can see that it has the Nav Bar profile of 'SLS-PRO', which is the same as the role 'SALESPRO', being the one that I copied from.
  When I log in using the WebUI I can choose the new Z role, but it does not display the 'Create' section in the Nav Bar. This is section that displays next to the 'Recent Items' section of the Nav Bar and has option like 'Appointment, Interaction log, task,E-mail. contact, Lead,Opportunity and Quotation' shown within the boxed area.
  If I use the SALESPRO role when logging into the WebUI I do get to see the 'Create' section, and yet the role and Nav Bar settings are IDENTICAL.
  Could this be some kind of authorisation issue, or is this problem down to something else?.
  Jason

  1. go to crm>ui framework>business role>efine business role
  2. select your Z business role
  3 in the left panel choose option "Adjust direct link groups"
  4. check if they are marked as visible (sometimes when coping business roles, this isnot copied)
  5. next select direct link group and click in left panel on sub node "Adjust direct links"
  6. check also for this level if they are marked as visible
  reagrds.

• Technical names in Business Role selection screen

  Hello,
  When I log on to the WebUI I get the selection screen for the Business Roles (correct because I'm assigned to multiple).
  But in the selection screen the Technical Names of the Business Role is hown too and I don't want to show these to the users.
  So does anybody know how we can disable showing the technical names in the business role selection screen?
  Can it be done in BSP crm_ui_start > Page Fragments  > selectBusinessRole.htm Selection of Business Role? If so, what do i have to change?
  Thnx!
  Regards,
  Joost

  Hi Joost,
  This technical information is the tooltip that is comming from the following line.
  crm_ui_start > Page Fragments > selectBusinessRole.htm
  at line no 29
        tooltip="<%= profile_detail %>"
  If you can remove this line then technical information, that comes up when you do mouse over the role description, wouldn't come.
  Regards
  Ajay

• Copied Business Role in Solution Manager ITSM

  Hi All
  This is eunhwa.
  I have a question regarindg copied business role in Solution Manager ITSM.
  To copy business role, I copied technical roles Navigation profile, configuration key and PFCT Role ID. And then I copied
  a business Role. And assign copied technical roles to copied business role.
  And I changed Direct link group UI. For example, in copied business role ZSOLMANPRO, There were many
  direct links, I only left ‘incident’ and ‘problem.
  However when I selected incident’ in direct link, there was no transaction ‘zmin’ assign. I couldn’t create a incident.
  Why this error happened? Is there anything which I miss?
  Thanks.
  Best Regards,
  Eunhwa Park

  Hi,
  Well, there are multiple things you can check.
  1. If you are using IE
  You have to add the page/pop-up to the compatibility mode of your Browser.
  IE -> EXTRAS -> Settings for Compatibility Mode -> Add -> Refresh the CRM WEB UI
  2. Check if you had assign SM-CREATE in the ZSOLMANPRO Navigation profile. (In Assigning the direct link groups to Nav. Bar profile.
  3. Check whether you had authorizations for ZMIN in PFCG profile.
  4. Additionally check
  1905448 - How to restrict the suggested transaction codes when creating an ITSM
  Incident using CRM Web UI - Solution Manager
  5. In define transaction types corresponding transaction types are active. (In SPRO under solman ->Capabilities->ITSM-> Transactions)
  6. Check the copy control whether they are fine. (In SPRO under solman ->Capabilities->ITSM-> Transactions)
  7. Ensure that the transaction type's channel definition in customizing is set to 'CRM Web-Client UI'
  If your issue is still not resolved yet, please paste the error/screen you are getting.
  Regards
  Rishav

• Business Role and PFCG Role

  Hi all,
      I am new to CRM 7.0 Can someone explain  What is a Business Role in CRM 7.0 and what is the relationship between Business role and PFCG role. What is the transaction Code to create a Business role.
     And also I heard that there is no PCUI in CRM 7.0. Is it true and if so what is used in place of the PCUI
  Thanks.
  Neha.

  Neha,
  Next time please do a search in this forum on business roles, and you would find many topics discussing this information more completely.  I'm locking this thread due to it fact that this question has been asked many times before by many different people.
  These threads explain the topic in more detail:
  Re: Reg: Business Role
  Assignment pfcg-role to user and assignment pfcg-role to business role
  Thank you,
  Stephen