Mass role & authorization creation

Hi all,
I have been assigned a task to create some 400+ authorizations. Using PFCG and creating one by one would take much time, so I wonder if there is a different approach.
Every role has a different number of transactions, but most of them have the same values for authorization objects (company code, purchasing group etc).
Anyone have an idea on how to do this?
Thank you,
Igor

What about ECATT or even BAPI usage? There are ECATT procedures for mass users creation. Can that be used for roles as well?
Not as far as I know.
In any case, I will never relay in mass creation of roles as this will represent a security issue, and In my personal opinion is why SAP does not offer mass creation of roles as a standard
Regards
Juan

Similar Messages

  • Mass roles creation

    Hi all,
    I am supposed to create 2000 roles in our system.
    Is there any way to create roles in mass.
    If there please provide me the details to do the mass roles creation.
    Thanks in advance.
    Regards,
    Suganya

    > I am supposed to create 2000 roles in our system.
    > Is there any way to create roles in mass.
    How do you mean 'in mass'? Do you want 2000 identical copies of one role, are you talking about derived roles or do you need to create 2000 completely different roles?
    Please give us some more information. (And prepare for the fact that some tasks do not have shortcuts...)
    Jurjen

  • Mass Role Creation

    Hi All,
    We have an requirement to create large number of roles in BW, is there any existing tool that we can use to create mass roles or should it be done through BDC on PFCG?
    Thanks for your answers in advance.
    Regards
    SS

    Deepu,
    Thanks for your reply. Could you give more details as to, how do we do it through PFCG?
    Regards
    SS

  • Mass role risk analysis issue

    Hello GRC Community,
    I have a following issue:
    When I use mass risk analysis the deactivated authorization objects in the role are displayed as result. At the same time, when I use Role Level Risk Analysis the role with deactivated critical authorization objects doesnt appear.
    Does anybody know how to solve this issue? Is there any configuration parameter to be adjusted?
    thanks
    best regards
    Sabrina

    Prasant,
    here are the screenshots of the Job result:
    1. Mass role Risk Analysis
    2. Risk Analysis on the (Single) Role Level
    Im Backend you can see that the role contains lots of deactivated autorization objects.
    I have run all sync Jobs, but seemingly it doesnt help.
    Thanks,
    Sabrina

  • E-Recruiting : Role Authorization in e-recruiting standalone scenario

    Hello Friends,
    We have EREC on a standalone system (ERD 100). HR ECC is another system (ECD 300), Enterprise portal in another system (EPD 100).
    we are on EHP 5, EREC 605, Support Pack 7.
    We have activated the single sign on mechanism.
    I have following queries regarding role authorizations on EREC in  standalone model.
    1) We have standard reference users  such as recruiter, manager, decision-maker, data entry clerk, rec.admic etc;  the" RCF_RECRUIT, RCF_MANAGER, RCF_CAND_INT, RCF_DATA_TYP" etc, Should this reference users be created both in EREC & HR system or only in EREC system ?
    2) If the "RCF_XXXX" reference users roles are supposed to be created only in EREC system, how to assign reference user roles to employees whose master data is in HR System. ?
    3) Can support teams concept help for mass authorizations? Can someone elaborate on the support team, support group concepts ?
    Kindly provide inputs.
    Regards,
    ER.

    Thanks Nicole for the inputs.
    Just  expanding my query on the 2nd point regarding assigning Reference users like manager, recruiter to certain employees :
    Example: Say I have Emp. No 20003000. He is an hiring manager, In HR System,  IT105, subtype user id is "20003000".
    To assign RCF_MANAGER reference user role to user id 20003000, should i have to recreate the userid in EREC system as well and assign it in SU01 for this user id.
    Would like to take your comments.
    Thanks,
    Regards,
    ER.

  • How to generate mass roles in SUPC

    Hi All,
    I have to generate mass roles at one time. There are 3000 roles to be generated. I am using tcode SUPC to do this but when give the list of roles and click on generate button it is taking only one role.
    I am generating derived roles.
    Please advise..
    Thanks,
    Masood

    > I am generating derived roles.
    Perhaps Salman123 wrote a CATT to hit the "Adjust derived roles" function once, or dug deeper?
    If you have less than 50 roles and all standard and maintained authorizations you are better off using the delete menu and import from role option in my opinion. (make sure the root node is small and use redundancy compression).
    If you have more than 50 roles, then (shame on me...) try to keep them very small with only selected objects and use the option to delete their profiles completely and upload them on mass. Such roles are anyway usually best suited for BW systems and an entirely different concept (Analysis Authorizations).
    You can avoid derived roles completely this way.
    Cheers,
    Julius

  • ERM - MASS ROLE UPLOAD

    Hi All,
    when using the Mass role upload from SAP backend systems, i expect that all roles will be uploaded to the final stage in the role methodology inthe ERM and that they will be already generated.
    After all, those roles already exists in the systems.
    well, i see that this is not the case and i have to go through the different stages with every role.
    is this indeed the system behavior or did we do somthing wrong ?
    thanks

    Hi
    We did as you suggested but configured the approval stage in the methodology since the role is already approved and is in ECC PROD.
    Now we encountered a situation where we need to update the role in ERM as part of continuos maintainance (after upload) but we don't have the authorization option to enter and change it but only the "save" and "change history" push buttons.
    We changed bach the methodology to the relevant one with all the stages but still we can't maintain the uploaded role. the change in the methodology did not effect the role already uploaded.
    Do you have any suggestions regarding how we can fix this issue?
    Thank you

  • Mass roles deletetion (PFCG ?)

    Hy,
    I'd like to do a mass roles deletetion as : "all client roles begining with ZFI* ".
    I did nt see anything with : PFCG, SE16 on TSTCT, SE38 (abaps like "PFCG*"),...
    Have you an idea ?.
    Thank's a lot.
    Etienne

    you use sap standard authorization object and not reporting authorization object that we create.
    using PFCG create a role and assign with authorization object s_rs_comp twice, one combination of with display(02) and query = * and the other change and az*.
    you may need s_rs_comp1 also, take a look this how to doc
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/fda2a990-0201-0010-5497-b81b1556df24
    hope this helps
    RSUSR002_ADDRESS - Users by address data
    In 4.6x you used Role for each users and SAP will generate the necessary profiles and authorizations.
    PFCG - Basic Maintenance
    Type in a meaningful  ZXXX role name and click Create
    Menu -> Transaction (insert all the transaction code for this role)
    Authorization -> Change authorization data -> Generate
    You can create a customizing role in PFCG:
    in the menu tab utilities/customizing auth; you can use a project IMG (maintainable in SPRO) to restrict the authorizations for example to FI or CO.
    regards
    vinod

  • Error during create CR for MDGC "Enter a relevant role for creation of customer master data"

    Hello Experts,
    I am unable to create a Customer CR in 'MDG 6.1 Customer UI' , the UI throws an error saying "Enter a relevant role for creation of customer master data".It looks like it is expecting me to mention the BP role ( like FLCU01 Customer or FLCU00 FI Customer ) , but I don't see that BP role section in the Customer UI to mention .
    While creating the vendor CR  , I am able to enter the BP role ( like FLVN01 vendor or FLVN00 FI Vendor ) in the UI BP Role section.
    Following are the UI's for Customer and Vendor
    Customers BS_OVP_BP: BS_OVP_CU > OVP: BS_CU_OVP - I do not see BP role section here.
    Vendors BS_OVP_BP: BS_OVP_SP > OVP: BS_SP_OVP - This is working fine  , I see BP role section here.
    Please advice what I am missing here , what should I do for the successful CR creation . Should I change the UI for Customers or do I need to do anything in CVI configuration.
    Thanks,

    Hi Abdullah,
    You were right in the first place the UIBB is missing  , the UIBB 'Role' was present in the 'Search Customer' page but not available in the 'Create Customer CR' page , so I created the 'Role' UIBB again and was able to create the CR now . Not sure how it got deleted in the first place , is there any options where we reset the UI screen to the default initial configuration
    But after approving the CR , only the Business Partner BP is getting created and the Customer is not getting created . Not sure what might be the issue now. Is there any config that tells to automatically create customer when BP is created. I was able to create Vendor using the create Vendor CR before.
    Thanks

  • Structural authorization - creation of employee number in webdynpro or abap

    Hello Experts,
    We are facing some problems with the combination of structural authorizations and the creation of a new employee.
    When we use PA40 to create a new employee this does not give any problem.
    In the webdynpro we first execute a call transaction PA40 to apply infotype 0000 and 0001. This works well.
    Except that the call transaction does not set the connection between PA and OM. (so we did program this ourselves)
    In PO13 and the table HRP1001 the same relations are made as when we use PA40 in the sap gui.
    After this we do call transactions PA30 for the next infotypes.
    When we check the SU53 it gives a message: problems with structural authorizations object P (with the employeenumber) starting at 01.01.1800, enddate is empty.
    The employee is manager and connected with his userid in infotype 0105.
    We use in the structural profile the function module  RH_GET_MANAGER_ASSIGNMENT
    We checked with transaction HRHAUTH.
    User has been adjusted to the tables T77UA etc.
    We do not use workflow in this webdynpro
    We used the trace function when this was executed, but it did not give more information about missing structural authorizations.
    This issue was before on SDN (Structural authorization - creation of employee number) but unfortunally there was no solution there for the issue!
    Hope one of you can help me to find the solution!
    With kind regards,
    Rita Mensink

    Hi.
    After 2½ days of frustration I finally nailed this.
    Function group RHAC, that handles the authority checks, initially buffers a table called VIEW containing all objects available for the user. As stated earlier in this conversation, SAP handles creation of relations in HRP1001 (links PA and OM). At this point the new employee number is appended to buffered table VIEW in function group RHAC.
    When execution the PA40 activity through CALL TRANSACTION, the creation of the relations are not handled - and the same goes for updating the buffered table VIEW. The table can be updated using the function module RH_VIEW_ENTRY_INSERT from the same fundtion group:
    This example might be useful
      data: ls_view_entry type hrview,
            ls_related_object type hrobject.
      ls_view_entry-plvar = '01'.
      ls_view_entry-otype = 'P'.
      ls_view_entry-objid = lv_pernr.
      ls_view_entry-begda = '18000101'.
      ls_view_entry-endda = '99991231'.
      ls_view_entry-maint = 'X'.
      ls_related_object-plvar = '01'.
      ls_related_object-otype = 'S'.
      ls_related_object-objid = lv_ny_objid.
      call function 'RH_VIEW_ENTRY_INSERT'
        exporting
          view_entry     = ls_view_entry
          related_object = ls_related_object.
    Best regards
    Poul Steen Hansen
    Senior Technical Consultant
    EDB Consulting Group A/S, Denmark

  • Mass sales order creation using BAPI

    Dear All,
    Can anyone help in  mass sales order creation using Bapi BAPI_SALESORDER_CREATEFROMDAT2.
    For example if i want to create 3 sales order with three item per order . i am populating
    HEADER = 3 Records
    Item   = 9 records
    schedule = 9 records
    partner  = 1 record.
    Then after populating the records I am calling Bapi BAPI_SALESORDER_CREATEFROMDAT2
    to create order. It should have created three order but unfortunately it creates
    only one sales order. I debugged and found that records are correct both in header,
    item, scheudle and partners.
    Could you please guide me what I am missing for creation of mass orders.
    I appreciate your time and many thanks in advance.
    cheers
    chandra

    Hi Chandra,
    Do like this.
    Loop at Header table into wa_header.
    *-- Move BAPI Header data
    Loop at item table into wa_item where condition.
    *--  in this move all Item and Schedule line item  to the BAPI.
      At end of item .
    Use the below function modules.
    BAPI_SALESORDER_CREATEFROMDAT2
    BAPI_TRANSACTION_COMMIT.
    Endloop.
    Endloop.
    Regards,
    Balavardhan.K

  • ERM - Mass Role Import Error

    I just upgraded to SP11 and am trying to mass import a few roles.  It doesn't give me an error on the mass input screen, but it doesn't import the role, so I put DEBUG on and looked at the system logs.  I created the download file as both ANSI and UTF-8 and neither is working.  Here is the system log output:
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG
    -- Request dump for Action Path is cnvMassRlImport.scrMassRlImport.loadMassRoleImport
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG recordHistory:0::true#
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG -- End Request dump for Action Path is cnvMassRlImport.scrMassRlImport.loadMassRoleImport
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG Current Module: |CFG| Conversation: |cnvSysLog| Screen: |scrSysLog|
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG  Module#CFG#Conversation#cnvMassRlImport#Screen#scrMassRlImport#Action#loadMassRoleImport#
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG Changing Conversation: FROM: cnvSysLog TO cnvMassRlImport
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG com.virsa.framework.Context : clearConversationRep :   : 0 entries cleared from conversation repositiory
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG com.virsa.framework.Context : clearScreenRep :   : 0 entries cleared from screen repositiory
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG Handler found:class com.virsa.re.configuration.action.MassRoleImportAction
    2010-03-23 11:26:51,160 [SAPEngine_Application_Thread[impl:3]_39] DEBUG forwarding to:/cfg_mass_role_import.jsp
    2010-03-23 11:27:09,316 [SAPEngine_Application_Thread[impl:3]_28] DEBUG
    -- Request dump for Action Path is scrMassRlImport.importRoles
    2010-03-23 11:27:09,316 [SAPEngine_Application_Thread[impl:3]_28] DEBUG -- End Request dump for Action Path is scrMassRlImport.importRoles
    2010-03-23 11:27:09,316 [SAPEngine_Application_Thread[impl:3]_28] DEBUG Current Module: |CFG| Conversation: |cnvMassRlImport| Screen: |scrMassRlImport|
    2010-03-23 11:27:09,316 [SAPEngine_Application_Thread[impl:3]_28] DEBUG  Module#CFG#Conversation#cnvMassRlImport#Screen#scrMassRlImport#Action#importRoles#
    2010-03-23 11:27:09,316 [SAPEngine_Application_Thread[impl:3]_28] DEBUG Handler found:class com.virsa.re.configuration.action.MassRoleImportAction
    2010-03-23 11:27:09,332 [SAPEngine_Application_Thread[impl:3]_28] DEBUG dirName-->E:\usr\sap\WMS\GRC\ROLEIMPORT\1269358029332
    2010-03-23 11:27:09,347 [SAPEngine_Application_Thread[impl:3]_28] DEBUG returnStatus###success
    2010-03-23 11:27:09,347 [SAPEngine_Application_Thread[impl:3]_28] DEBUG forwarding to:/cfg_mass_role_import_status.jsp
    2010-03-23 11:27:10,769 [SAPEngine_Application_Thread[impl:3]_31] DEBUG
    -- Request dump for Action Path is scrMassRlImport.generateRolesForeGround
    2010-03-23 11:27:10,769 [SAPEngine_Application_Thread[impl:3]_31] DEBUG -- End Request dump for Action Path is scrMassRlImport.generateRolesForeGround
    2010-03-23 11:27:10,769 [SAPEngine_Application_Thread[impl:3]_31] DEBUG Current Module: |CFG| Conversation: |cnvMassRlImport| Screen: |scrMassRlImport|
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG  Module#CFG#Conversation#cnvMassRlImport#Screen#scrMassRlImport#Action#generateRolesForeGround#
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG Handler found:class com.virsa.re.configuration.action.MassRoleImportAction
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG In LockedObjBO.getLockedObjListByType(String objType) starts.....
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG In LockedObjBO.getLockedObjListByType(String objType) ends.....
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG GET_BUS_PROC =====  SELECT BP.BPROCID, BP.BPROCNAM, BL.BPROCDES FROM VT_RE_BPROC BP LEFT OUTER JOIN VT_RE_BPROCLNG BL ON(BP.BPROCID = BL.BPROCID AND BL.LNGID=?), VT_RE_BPSPASSOC BSP WHERE BP.BPROCID = BSP.BPROCID AND BSP.SUBPROCID =?
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG bprocName ===== HR00
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG keys.size():- 42
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 1 cache statusid = 1 value = DEVELOPMENT Desc = Kehitys
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 2 cache statusid = 2 value = PRODUCTION Desc = Produksjon
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 3 cache statusid = 1 value = DEVELOPMENT Desc = ??
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 4 cache statusid = 1 value = DEVELOPMENT Desc = Development
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 5 cache statusid = 2 value = PRODUCTION Desc = �retim
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 6 cache statusid = 1 value = DEVELOPMENT Desc = Projektowanie
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 7 cache statusid = 2 value = PRODUCTION Desc = Production
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 8 cache statusid = 2 value = PRODUCTION Desc = Produ��o
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 9 cache statusid = 1 value = DEVELOPMENT Desc = Desarrollo
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 10 cache statusid = 2 value = PRODUCTION Desc = Production
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 11 cache statusid = 2 value = PRODUCTION Desc = Produzione
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 12 cache statusid = 1 value = DEVELOPMENT Desc = ??
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 13 cache statusid = 1 value = DEVELOPMENT Desc = ??
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 14 cache statusid = 2 value = PRODUCTION Desc = ??
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 15 cache statusid = 1 value = DEVELOPMENT Desc = Udvikling
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 16 cache statusid = 2 value = PRODUCTION Desc = Produkt�v
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 17 cache statusid = 1 value = DEVELOPMENT Desc = ??????????
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 18 cache statusid = 2 value = PRODUCTION Desc = V�roba
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 19 cache statusid = 2 value = PRODUCTION Desc = Productie
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 20 cache statusid = 1 value = DEVELOPMENT Desc = Fejleszt�s
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 21 cache statusid = 2 value = PRODUCTION Desc = Produktion
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 22 cache statusid = 1 value = DEVELOPMENT Desc = Desenvolvimento
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 23 cache statusid = 2 value = PRODUCTION Desc = ???
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 24 cache statusid = 1 value = DEVELOPMENT Desc = Ontwikkeling
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 25 cache statusid = 2 value = PRODUCTION Desc = V�roba
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 26 cache statusid = 2 value = PRODUCTION Desc = ????????????
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 27 cache statusid = 1 value = DEVELOPMENT Desc = Sviluppo
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 28 cache statusid = 1 value = DEVELOPMENT Desc = Utveckling
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 29 cache statusid = 2 value = PRODUCTION Desc = Tuotanto
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 30 cache statusid = 2 value = PRODUCTION Desc = Produkcja
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 31 cache statusid = 1 value = DEVELOPMENT Desc = Utvikling
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 32 cache statusid = 1 value = DEVELOPMENT Desc = V�voj
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 33 cache statusid = 2 value = PRODUCTION Desc = Produktion
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 34 cache statusid = 1 value = DEVELOPMENT Desc = V�voj
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 35 cache statusid = 2 value = PRODUCTION Desc = ??
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 36 cache statusid = 2 value = PRODUCTION Desc = Produktion
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 37 cache statusid = 2 value = PRODUCTION Desc = Proizvodnja
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 38 cache statusid = 1 value = DEVELOPMENT Desc = Entwicklung
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 39 cache statusid = 1 value = DEVELOPMENT Desc = Geli?tirme
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 40 cache statusid = 1 value = DEVELOPMENT Desc = Razvoj
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 41 cache statusid = 2 value = PRODUCTION Desc = Producci�n
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 42 cache statusid = 1 value = DEVELOPMENT Desc = D�veloppement
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 1RoleStatusName:- DEVELOPMENT
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG 2RoleStatusName:- PRODUCTION
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG MissingDescriptionHelperDAO.java@37:com.virsa.re.dao.MissingDescriptionHelperDAO.getMissingRoleDesc()missingLst.size(): 1
    2010-03-23 11:27:10,785 [SAPEngine_Application_Thread[impl:3]_31] DEBUG startIndex: 0; endIdex: 1
    2010-03-23 11:27:10,800 [SAPEngine_Application_Thread[impl:3]_31] DEBUG RoleImportBO.java@1393:com.virsa.re.bo.impl.RoleImportBO.createRole()Creating Role:ZM:HR_PY_DEPT_SUPP_COMP profile:'Z:DEPTSUPP'
    2010-03-23 11:27:10,800 [SAPEngine_Application_Thread[impl:3]_31] DEBUG  InsIde getLastGenerateDate(3572,11)
    2010-03-23 11:27:10,800 [SAPEngine_Application_Thread[impl:3]_31] DEBUG  InsIde getLastGenerateDate(3572,11) ResultSet and got an entry
    2010-03-23 11:27:10,800 [SAPEngine_Application_Thread[impl:3]_31] ERROR Cannot assign a java.lang.String object of length 389 to host variable 7 which has JDBC type VARCHAR(100).
    java.lang.Throwable: Cannot assign a java.lang.String object of length 389 to host variable 7 which has JDBC type VARCHAR(100).
         at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:85)
         at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:124)
         at com.sap.sql.types.GenericResultColumn.checkLength(GenericResultColumn.java:212)
         at com.sap.sql.types.VarcharResultColumn.setString(VarcharResultColumn.java:63)
         at com.sap.sql.jdbc.common.CommonPreparedStatement.setString(CommonPreparedStatement.java:511)
         at com.sap.engine.services.dbpool.wrappers.PreparedStatementWrapper.setString(PreparedStatementWrapper.java:355)
         at com.virsa.re.dao.jdbc.ChangeHistoryDAO.saveChangeHistory(ChangeHistoryDAO.java:318)
         at com.virsa.re.bo.impl.ChangeHistoryBO.saveChangeHistory(ChangeHistoryBO.java:77)
         at com.virsa.re.bo.impl.RoleBO.updateRoleWithChngeHist(RoleBO.java:469)
         at com.virsa.re.bo.impl.RoleImportBO.createRole(RoleImportBO.java:1437)
         at com.virsa.re.bo.impl.RoleImportBO.importRoles(RoleImportBO.java:639)
         at com.virsa.re.bo.impl.RoleImportBO.importRoles(RoleImportBO.java:333)
         at com.virsa.re.configuration.action.MassRoleImportAction.generateRole(MassRoleImportAction.java:597)
         at com.virsa.re.configuration.action.MassRoleImportAction.execute(MassRoleImportAction.java:78)
         at com.virsa.framework.NavigationEngine.execute(NavigationEngine.java:273)
         at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:230)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
         at com.virsa.comp.history.filter.HistoryFilter.doFilter(HistoryFilter.java:43)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

    Hi All,
    Two weeks ago, I have trying to load roles in ERM. The result hasn´t been than expected. I use SAP GRC AC (5.3). I need to load 6375 single roles, but only I have loaded 914 single role. Next I described to you a general context of my situation:
    1.  I divided the file VIRSA_RE_DNLDROLES.txt into 16 files (UTF - 8) with single roles per module (AM, PO, PS, GL, SD...)
    2. Each file contains segmented roles associated to a business process and multiples sub - business process.
    3. When I checked roles in ERM, I notice that just load any roles. Not all roles in template was loaded.
    4. Files size varies between 18 kb y 145 kb.
    5.  Files concerned "Mass Role Import" have the following extensions: Bulk Download File* (.txt), Enterprise Role Management Information File (.xls) and Primary Org. Level File (.xls).
    5. A error generated was "Unknown error occurred while performing operation (No space left on device (errno:28))."
    Honestly, I don´t know the reason for not loading all roles from template. Any suggestions? or ideas?
    Thanks in advance

  • How to determine role authorization of user in MAM?

    Hi everyone,
    I'm new to SAP and SAP MI, and I am currently implementing (or "enhancing") a MAM.  I have the following question on user authorization:
    In terms of role authorizations, does anyone know how I can determine what roles an authenticated user have from SAP?  For example, if user A logs into the MI Client, and if this user accesses the MAM, is there a way for the MAM to know what kind of user roles he/she has?  Is there a SyncBo that will give me such info?  I checked the JavaDocs for the SyncBo's, but they have NO descriptions.  The closest thing that I found was in MAM090 (Interface com.sap.mbs.mam.bo.MAM090).  There are getter methods for getRoleGen(), getProfileResource(), and getPartnerRole().  Are any of these usable?
    Are there any good documents that I can look at to determine what each SyncBo's does? 
    Many thanks!
    Jeffrey

    Hi Jeffrey!
    Here are the 3 different checks you have to look at"Users & Authorizations" for setting up your MAM Users.
    (1) SAP Backend:
    (1a) The SAP MAM User who synchronizes with the Backend from the MI Client should have all necessary authorizations for Plant Maintenance Components of the SAP System that are associated with your MAM Scenarios.Pl refer to the following SAP Authorization Objects I_ALM_ME ,I_AUART,I_BEGRP,I_BETRVORG,I_CCM_ACT ,I_CCM_STRC,I_ILOA,I_INGRP,I_IWERK,I_KOSTL ,I_QMEL,I_ROUT ,I_ROUT1,I_SOGEN,I_SWERK,I_TCODE ,I_VORG_MEL,I_VORG_MP ,I_VORG_ORD,I_WPS_MEB ,I_WPS_REV in your Backend System and have it assigned to the User Profile, based on your requirement.
    (1b) Service User for setting up the MAM & MI Landscape: This user logon info has to be setup in the RFC Destination that is associated with your MAM25 SyncBOs, to logon to the Backend System and this user should have the basic authorizations required to establish the connection.
    (2) MI Middleware: The SAP MAM User who synchronizes with the Backend from the MI Client should have the following Authorization Objects assigned to his/her profile. S_ME_SYNC, S_RFC, S_TCODE.
    (3) MI Client: Refer to MI Security Guide.Pl note that the MI Client MAM User is same as the Middleware User and the Backend User.You should be taking care of this already.This is just a FYI.
    Let me know, if you are looking for any other additional info.
    Thank You
    Gisk

  • Import roles to the ERM without using the "Mass Role Import

    Hello,
    I want to know if there is another way to import roles to the ERM without using the "Mass Role Import.
    Im'm using SAP GRC AC 5.3
    Best Regards.
    Pablo Mortera.

    Hi.
    There is NO other way to import roles..
    We need to use only ERM for "Mass Role Import.
    Regards
    Gangadhar

  • Role authorization for product selection

    Hi All,
    i have a requirement for which i need your help. Now my Account Manager can see all products while placing an order. I want to restrict his selection to only 5* and 6* products. That means when he will look for placing an order in the next time, he should only see 5* and 6* products not all products. Can you please tell me how to go about this role authorization. 
    your valuable inputs will be appreciated.
    Regards,
    Sasmita

    Hi,
    I feel Access Control Engine would be the most elegant and futuristic solution.
    However, you need to review all the solutions suggested. Solution suggested by Shalini and Ashish are more practical. However, generally partner product range is used in case of Sold-to parties.
    Please review all the solutions suggested and take decision based on circumstances at your client's end.
    You can get more information about Access Control Engine at
    http://help.sap.com/saphelp_crm40/helpdata/en/04/0177f9bb67ac4cafb84bb4d4c1d8fc/frameset.htm.
    Also there are several guides and cookbooks on ACE at service market place.
    Regards,
    Deepak

Maybe you are looking for