Missing user role assignments

Similar Messages

• How to find the user - role assignments in the database for EP6 SP9?

  L.S.,
  We have a quite specific requirement: to see which users have access to our portal environment (EP6 SP9). It does not immediately matter (though would probably still be nice to know if possible) which roles users have exactly.
  I've been looking in the database to find user-to-role assignments there, but I'm unable to find any. The closest I got is the PID filed in the UME_STRINGS table, but users remain listed there even when all their portal roles are revoked afterwards. Any ideas?
  Kind Regards,
  Steven Dijkman

  hi Steven,
       Sorry but you will have to write some code. the following lines of code will work for you.
  IRoleSearchFilter rolefilter = UMFactory.getRoleFactory().getRoleSearchFilter();
            ISearchResult result = UMFactory.getRoleFactory().searchRoles(rolefilter);
            while (result.hasNext()) {
                 String rolestr = (String) result.next();
                 IRole r = UMFactory.getRoleFactory().getRole(rolestr);
                 response.write(r.getDisplayName());
                 response.write("<br>");
                 Iterator users = r.getMembers(true);
                 while (users.hasNext()){
                      String userstr = (String)users.next();
                      IUser user = UMFactory.getUserFactory().getUser(userstr);
                      response.write(user.getDisplayName());

• User role assignments deleted in CUA child systems

  Hi All,
  i have the following problem
  newly started CUA from one newly created client in development. According the setup guide from SAP and best Practices in SCN.
  RFC's all OK users in RFC are Service users, as dialog users are requested by system setting to change password every 60 day's.
  PW all ok
  connections setup OK
  connection to the first 5 clients all OK but then a client with a existing LS connection to another SAP system the setup went wrong
  I had to use BD64 to complete model creation or WE20 to select.
  In SCUA -setup clients the traffic light came up green after a second save.
  and more client were connect with OK result
  2 more clients did not connect properly now they are after intervention with BD64
  All user download were done, Text comparison for the role assingements and profile assignements and checked some of the clients if role activation and changes were possible.
  All clients but 3 were OK.
  From the 3 clients i had to use BD64 for creation of distribution model are the roles missing from the clients
  I cannot read any role or assign any role
  All SCUl error are redistributed
  EDI ports on clients point to Central System.
  Pls advice
  Kind regards
  Hans

  Hi,
  This is SAP business one system administration forum. Please find correct forum and repost above discussion to get quick response.
  Please close this thread here with helpful answer.
  Thanks & Regards,
  Nagarajan

• ABAP Role Assignments stored in MSAD

  Hi all,
  unfortunately I have only found contradicting information in relation to the possibility to manage ABAP role assignments using a MS Active Directory.
  We plan to implement a WAS (ABAP) 6.40 SP14, synchronise data between the WAS and the corporate MSAD. While WAS (ABAP) is not capable of MSAD based authentication I suspect it is possible to manage the user/role assignments in MSAD. Am I right in my assumptions (see list below) that the following data entities can/cannot be managed and synchronised/stored with the WAS (ABAP) out of the box?
  WAS ABAP
  1. possible - user master data (e.g. userName, address, etc.)
  2. possible - user/role assignments
  3. not possible - user passwords (however, can be bypassed through SSO based on NTLM)
  Portal UME
  1. possible  - user master data
  2. possible - user password
  3. possible - role/group assignments
  4. possible - group/user assignments
  5. possible - user/group assignments
  6. possible - user/role assignments
  Thanks for the help!!
  Cheers Stefan

  Hi,
  Thanks for the suggestion. But ours was a different problem.
  The issue was with a faulty reconciliation job that had been fixed. But it had done its damage before the fix and this caused the inconsistent behavior.
  During the reconciliation job (to update changed and add new backend roles in IDM) various task trigger attributes get disabled and then re-enabled after the import. These disabled triggers did not get re-enabled for the privileges on some systems. And the reconciliation job was also delta enabled, so only new privileges, after the initial load, should have been impacted. But impact to many privileges -- all privileges of some target systems -- misled our investigation. The timing of the reconciliation job executions kind of added to the confusion and inconsistencies during the initial setup. But we finally tracked this down and wrote a custom job to fix the triggers for only the affected privileges. Assignments to all systems started to function successfully as expected.
  Best regards,
  Ashok

• SAP R/3 : Indirect Role assignments - Is position unique to every user?

  Hi.
  While am exploring /learning SAP R/3 roles and auth, I would appreciate if I could get clarity on the following :
  This  link on SDN on Indirect role assignments are very informative.
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/f03e6f6c-8c16-2a10-1581-ed8812e2effe
  This link is also more explanatory : http://my.affinitext.com/public/book/5442/-1/1423831
  So if my understanding is correct, it is better to assign roles - indirectly by position, so that if an employee's position changes, his role can be removed, based on position again ??? And somewhere we are linking with infotype 105.
  My only doubt is : if we are going to assign roles by position and remove the roles by position, so that as the position of an employee changes, the previous roles become null and void and new roles can be assigned as per new position.
  So would like to know :
  as to whether this position number which we see from PA20, is unique to every user on the system ?
  So that, if there is a need to remove a role based on postion, we could remove the role from PO13;
  BY doing that, then will it not affect other users ?
  Can somebody help me understand this.
  Because if i want to see the effect immediately, if i go to PFUD and put the role name and say execute, i see that the role which was removed from PO13 is gone immediately from the user.
  Many thanks
  Indu
  Edited by: Indumathy Narayanan on Nov 22, 2011 9:25 AM

  GOT IT THANKS.
  Hi Prashant.
  Good morning and wishes.
  Can you please help me understand this.
  I understand from HR person that position is uniquely defined (from hire to retire)
  and roles are generally given based on position.
  However, I see a person : whose roles have been assigned as per position all these years.
  He had 2 roles in project A. He now moved into a different project B.
  But. when i check, i still see the roles - reflecting on SU01  & well as in the tab of user of the role X under pfcg.
  BUT when i check PO13 - and put the position / relationship and say overview.
  I dont see the roles at all there.
  Why this is so.  Why the discrepancy on different screens.
  Also How can I get a confirmation that - these roles are actually removed and is not there for the user.
  Rather.
  How could the removal of roles based on position become completely effective on the system.
  So that all screens display the same information.
  Also would like to know - whether it is ok to remove the role expiry date directly from PFCG/ROLE Display/user tab/select user/
  and then make the role invalid or expired / or extend the expiry.
  Many thanks.
  Indu
  Edited by: Indumathy Narayanan on Dec 7, 2011 12:09 PM
  Edited by: Indumathy Narayanan on Dec 7, 2011 1:42 PM
  Edited by: Indumathy Narayanan on Dec 7, 2011 5:17 PM

• Admin tab user role missing!!!!!

  I need help,
  it seem I have error,
  when I play with user role in admin tab.
  when I restart pc server, I have problem to access my BI Publisher.
  I just see
  tab report, schedule.
  admin tab missing .
  and all my report I make missing to.
  How to fix it,
  Oh when I change password in analytics it change to in BI publisher,
  analytics = BI publisher,
  But admin tab missing how to fix it help me urgent!!!!
  Thanks.
  For Your help and Supporting.

  XMLP_ADMIN,XMLP_DEVELOPER,XMLP_SCHEDULER
  CREATE THESE GROUPS IN ADMINISTRATION.AND ADD ADMINISTRATOR IN THIS GROUPS.
  TRY THIS IT WILL WORK

• ORA-01935: missing user or role name

  Hello. I'm trying to change a users password, logged in as SYS. I'm using the script:
  ALTER USER dross IDENTIFIED BY 1111;
  Also tried:
  ALTER USER "dross" IDENTIFIED BY "1111";
  ALTER USER 'dross' IDENTIFIED BY '1111';
  ALTER USER 'dross' IDENTIFIED BY 1111;
  ALTER USER "dross" IDENTIFIED BY 1111;
  Any suggestions on what I could do?

  sb92075 wrote:
  is username 'DROSS' or 'dross'?Makes no difference. If user doesn't exist ALTER USER spits out
  ORA-01918: user 'XXX' does not existnot
  ORA-01935: missing user or role name To get the above error username must be omitted:
  SQL> ALTER USER IDENTIFIED BY XYZ
    2  /
  ALTER USER IDENTIFIED BY XYZ
  ERROR at line 1:
  ORA-01935: missing user or role nameSo ALTER USER statements OP posted doesn't add up with error that is raised. Have a feeling ALTER USER is generated dynamically and somehow username is NULL.
  SY.

• Default Every User Roles missing

  Hi,
     We installed the latest version on EP 6.0. After installation, when we looked into the available default roles in the portal, the dafault Every User Roles - " Role: Every User Core (eu_core_role)" and "Role: Control Center User (cc_user)" are missing in the list. Only the "Role: Standard User (eu_role)" is available. Could you please let us now what could be the problem?
  Thanks.
  Bhagya.

  hi,
     i could find eu_role and cc_user roles, no eu_core_role is found in my portal content folder. anyhow i assigned eu_role to the user, and when he logs in he could only see the home workset, "portal personalization " is not visible.
  i checked the hierarchy of the role in the role editor, but it shows "portal personlization" workset in the hierarchy
  could some one lemme know y is it like that..should i enable "portal personalization" workset by my own.
  version : ep6.0 sp12
  thankyou

• Windows Small Business Server User Roles - Missing or deleted

  I have a small business server sbs 2008 r2.
  The user roles, Standard, Administrator, Standard w/ admin are no longer available. I don't know why, or how. All I can guess is the previous IT admin, removed the roles, without permission.
  I am wondering is there a way to simply get them back?

  As Robert says, You can create them manually.
  http://technet.microsoft.com/en-us/library/cc794287(v=ws.10).aspx
  KnowHow :
   Behind the scenes, each User Role is created as a disabled user account in Active Directory, and these accounts are used as “Templates” for user creation. To view these, open Active Directory Users and Computers (from the
  Administrative Tools start menu folder, or through Start à Type “dsa.msc” and press enter. Drill down to the SBSUsers folder under “<yourdomain>\MyBusiness\Users\” and you’ll see several disabled user accounts listed.
  Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd - Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• One or more Object are missing in the User Role

  How to assign/add Objects to the User Role?
  Thank you in advance

  I dont understand exactly what you want to say...r u talking about how to generates roles..
  Pls visit the PFCG transaction enter the role name
  now goto change mode and maitain the values..or the object..
  From the SAP menu you can switch on the technical names for ur reference.
  Regards
  Prakhar

• User roles un-assigned in CUA but acces in child system is ok

  hi
  i am have a really weird issue. a user who has access in roles in child clients, suddenly his roles disappeared from CUA. it did not effect access in child systems. any suggestions how to investigate this.
  thanks

  Did you click the Naughty Button in SCUL? Check OSS Note 1074552...
  Could also be a cause of failing idocs.
  Regards,
  Trond
  PS: The above note is for cases where users loose their visible role assignments in CUA, although roles remain assigned in the child system(s), not for cases where role assignments from CUA never trickles through to the child systems. The mentioned OSS note is a direct result of a case worked on by yours truly in 2007. I include below a warning I posted on sapfans about the issue:
  Word of warning: RSUSR_CUA_CLEANUP_USZBVSYS is faulty!!!
  The program RSUSR_CUA_CLEANUP_USZBVSYS is available as a standard SAP program from at least version 6.20. It can be run from SE38/SA38 or launched from a pushbutton (far right) on the "results" screen of transaction SCUL.
  The program is intended to delete "obsolete" entries from table USZBVSYS, which contains log entries for assigned child systems in a CUA environment. The program is run in the main CUA system, and supposedly deletes entries for systems where users no longer have access.
  There is a serious problem with the program, as acknowledged and confirmed by SAP in an OSS note I opened a few days ago. Under certain circumstances (more than 500 entries for any child system in the CUA landscape), the program wipes clean the whole table, instead of just the obsolete entries.
  The consequences are dire. Table USZBVSYS is used for several fundamental CUA functions, such as remote password reset from the CUA master system. After the wipe, executing SU01 and attempting to reset a users password in a child system will no longer work. The assigned child systems are no longer visible in the reset password pop-up (nor anywhere else in SU01, including the Roles tab). You'll have to edit the user via SU01, and click on the annoying pop-up showing "new system assigned to user" for each system where the user has access...
  The only way to fix the issue is to re-run SCUG for all systems in the CUA landscape. We had to do this across 6 CUA's, each containing 30+ child systems/clients and 10000+ users, which was very time-consuming and annoying. Also, there seems to be cases where roles have been wiped out from users on the CUA master systems, possibly due to consequences of the empty USZBVSYS table.
  SAP has conceeded the program is faulty, and have proposed a new version (note 1074551). Without applying this correction, the program should NOT be run.
  Note that users can still log in to and work in the child systems, it's just the "visibility" from the CUA master system which is missing. Tables USLA04/USL04 are still intact.
  Just wanted to warn the community; we've spent some considerable time discussing with SAP and rectifying the mess created by RSUSR_CUA_CLEANUP_USZBVSYS...
  Edited by: Trond Stroemme on Aug 5, 2008 3:03 PM

• Request Offerings not showing up for custom User role in SMPortal

  Hello All,
  I've created a custom End User role and scoped it to the domain users group.
  To this role I want to show a specific set of Request Offerings on the portal
  For that Purpose I created a new Service Offering and added these Request Offerings to it.
  I then went on to create a Catalog Group and added the Service Offering to it.
  I then created the custom user role based on the EndUser role and allowed them to see all Forms, all Queues, All CI's and on the Catalog group I select that they could only see the Catalog Group which I just created.
  I then logged in into the SMPortal and was expecting that my Service Offering would be shown to them.
  However, they don't see the service offering.
  What could cause this?
  Is there something I'm missing?
  Thanks in advance!
  Filip

  You have to add the Service Offerings and the Request Offerings in the Catalog Group. Nesting doesn't work because Service Offerings and Request Offerings are different types of objects.
  This offers the option the manage the access to Service Offerings and Request Offerings very granular if needed. For instance you can control access to a Service Offering in one Catalog Group related to one user role (A) and use two additional Catalog Groups
  with different Request Offerings related to other user roles (B) and (C). Result will lead to:
  User in Role A and B -> Can see Service Offerings A containing Request Offerings B
  User in Role A and C -> Can see Service Offerings A containing Request Offerings C
  User in Role A, B and C -> Can see Service Offerings A containing Request Offerings B and C
  User in Role A only -> Don's see anything because of the missing permission on any Request Offering. So the "empty" Service Request won't show up in the portal.
  Hope his helps.
  Andreas Baumgarten | H&D International Group

• User roles in Integration Repository

  Hi everybody,
  does anybody have experience with user roles in XI 3.0? We want to limit access to various namespaces in the Integration Repository with use of these roles that can be created in the IR. That way, various XI developers working on the same XI-Repository should not be able to work in the namespaces of other developers.
  We created the role in the IR and assigned it to a user in the J2EE Engine. But so far, it doesn't seem to work.
  Am I missing something??
  Thanks a lot,
  Francis Wolf

  Hi,
  it looks like the integration to the "abap" backend (=IS-Server) is missing.
  J2EE-R3 integration regards user management maps R3 roles onto J2EE user groups. Thus, if the term "role" is used in R3 context, it has to be translated to "user group" in J2EE.
  Next steps:
  1. Create user in "R3", with transaction SU01.
  2. In "R3", create a role with transaction PFCG
  3. UME Admin WebApp: assign role to user group
  4. XI Exchange Profile WebApp: activate data-dependent authorization checks. Put: com.sap.aii.util.server.auth.activation" in section "IntegrationBuilder.Repository" to true
  Please check the documentation on Netweaver security and Integration of UME Roles with SAP Roles
  Hope that gives an idea!
  Good luck
  Holger

• User role component

  In one of my projects I need a component that features creation of users, roles and role assignments. Ofcourse, finally to user those user-roles to enable/disable a feature.
  Since this is a very generic requirement, I believe there must be some open source component/code to do this.
  any of you have any idea about it?
  thanks a lot in advance
  Dayanand.

  As for my concern I would go for page definition files.

• Participant 'userx' does not have role assignments in process '/ProcessP

  I am using Oracle BPM 10.3 MP2 Enterprise Edition
  Version: 10.3.2
  Build: #100486
  Have a process ProcessP and role RoleR.
  User 'userx' is assigned to role 'RoleR', when he tries logging into the workspace,
  getting exception message in page as below:
  "Participant 'userx' does not have role assignments in process '/ProcessP#Default-1.0'. This error usually takes place when the Process Execution Engine has not re-synchronized with the Directory Service. Try re-logging and executing the task again. If the problem persists, contact your Administrator"
  Tried deleting the user 'userx' from process admin and re-creating the user and gave role 'RoleR' but still the issue persists.
  This is working for other user 'usera', 'userb', 'userc' etc.
  Any suggestions.
  Thanks in Advance.

  Is restart of the engine server on which ProcessP deployed is the only solution since the error messages shows up as 'Process Execution Engine has not re-synchronized with the Directory Service. '