Multiple PFCG Roles to a user and one business role

Similar Messages

• How to Automate to Add a Role for 250+ Users in One Shot ?

  Hi all,
    How can I add a Role 'X' for 250+ User in one shot. I could go to SU01 for each User and add a Role 'X' manually, but it will take at least more than two hours. Is there any automation to accomplish this task, PLEASE ?
  Thanks.

  Look at the How To paper on maintaining authorizations through flat file...
  <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1d8ea990-0201-0010-43b3-d13b83e2bf20">How to maintain authorizations through flat file</a>
  Hope this helps.

• List all users and their own roles.

  Hi everybody!
  I have to make a list of all sap users and their own separated roles by user. There are any transaction to do it? The SUIM transaction gives me a sap user and their own roles, but if I try with a lot users It gives me all the roles that are using those users but don't give me the roles for each one.
  Thanks a lot.
  Best regards.

  Hi Reynaldo,
  You can go to SE16 -> table name "AGR_USERS" and see the records for all users. Arrange them in ascending order by name and you will get the report what you have mention above.
  Download it and put it in EXCEL.
  Best Wishes.
  Kumar

• Calling one business role from another business role on CRM web client

  Hi,
  I have a requirement where, one business role can be launched just by click a navigation link on another.,
  For eg. in a UTIL_IC role frame work , I add a link by clicking on it, I go to UITIL_SALES role.
  This is required so that person need to launch crm_ui_frame again if he wants to login for another business role assigned to him..
  Please suggest the solution if possible for this one.
  Regards,
  Pratyasha Shishodia

  Hi Kavita,
  We are facing the same problem. Did you manage to solve this and if yes how?
  Kind regards
  Lars

• Role Config Key Not Working under Business Role

  Hi Gurus,
  I have created a Z role configuration key under a Z business role which is assigned to my user id. I have done some configuration changes under that role config key. Now when i login with my user id, i am not able to see the config changes. It always shows the standard config.
  Please let me know if i have to do any additional thing to get the custom config.
  Appreciate your inputs.
  Thanks,
  Sujani.

  Hi All,
  I have enhanced the standard component IUICOBJD for the Point of Delivery view. I have written the following code in the DO_CONFIG_DETERMINATION
      DATA: lr_config TYPE REF TO cl_bsp_dlc_configuration2,
               ls_ui_profile TYPE crms_ui_role_profile.
      lr_config ?= me->configuration_descr.
      cl_crm_ui_roles=>get_role_attrib( IMPORTING es_role_attributes = ls_ui_profile ).
      IF ls_ui_profile-role_config_key = 'ZPOD'.
        lr_config->if_bsp_dlc_config_appl~set_object_type( '<DEFAULT>' ).
        lr_config->if_bsp_dlc_config_appl~set_object_sub_type( '<DEFAULT>' ).
        lr_config->if_bsp_dlc_configuration~set_component_usage( '<DEFAULT>' ).
        lr_config->if_bsp_dlc_configuration~set_role_key( ls_ui_profile-role_config_key ).
  However, The standard configuration is still coming. If i perform some action on the screen then it is taking the custom configuration. I want to display the customer configuration the very first time.
  Please help me in this regard.
  Thanks,
  Sujani.

• Multiple ipods users and one computer

  Our household has several iPods but use one computer. I just purchased a new iPod and when I connected to the computer (Windows XP) it allowed me to identify my ipod but sunced the other ipod user's music. I'm lost - how can I or can I maintain 2 different syncs?

  When the iPods belong to different people, there are basically three ways of using multiple iPods on a computer and these involve:
  a) Sharing a single iTunes library
  b) Creating Multiple Libraries in a single user account
  c) Creating multiple user accounts.
  Note: When you are sharing an iTunes library, you don't have to set each iPod to update in the same manner, you can mix and match from the options below as each iPod has it's own update settings
  Sharing a Library and/or User Account
  If you want to share the one library, you can set either or all of the iPods so that they only get updated with only certain playlists (you can update from more than one if you wish): Loading songs onto iPod automatically - Windows
  Choosing the update option "Sync Music - Selected playlists" allows you to create a playlist specifically for the iPod and drag the tracks you want into it. If you tire of the list and want to change it, you just add or remove the songs you don't want. The ones you take out out remain in the library to be used some other time if you choose. You can read more about playlists at these links:
  iTunes: Creating playlists of your favorite songs
  How to create a Smart Playlist with iTunes
  Or you can choose to update any or all of the iPods manually and just drag whatever content you want to them: Managing content manually on iPod
  Loading the iPod shuffle differs slightly but it can still be used with the others, for details have a look at this page: Loading songs onto iPod shuffle - Windows
  Multiple Libraries
  It's also possible to have multiple libraries in a single account. To create or access a second (or more) library, hold down the Shift key (or the Option key on a Mac) when launching iTunes 7. In the resulting dialogue you will get the option to create a new library or navigate to the other Library.
  Note: You can only have one Library open at a time and iTunes will default to the last library opened if you don't use the keyboard command to choose one. This can prove tricky when using multiple iPods, if you don't use the keyboard command you can risk syncing to the wrong library: Using multiple iTunes libraries -Windows
  Separate User Accounts
  Another option is to create a separate User account for each person on your PC or Mac. Different accounts by definition would give you completely separate libraries. Each account has it's own iTunes folder, Library and iTunes Music folder and you load it with CDs etc just as you did with your original one. The iPod can be set to update however the owner chooses, sync all, manual or sync specific playlists
  I don't use Windows so I can't give you a step by step on that one, however I can point you to another web page which should help you out. You can read about Windows user accounts here: Using Windows XP User Accounts

• How do you set-up multiple NT Auth servers per Domain, but one per role

  I have a domain with three roles. These roles correspond to subsidiaries of our company, each with their own NT Auth Server. Shouldn't I be able to put in the NT information at the role level and not in the code for the iwtLoginChannel or on the domain Auth pages?
  What happens is I cannot authenticate any if I try this. If I try with the Host listed in the HTML for the iwtLoginChannel it works fine.

  Roles are used to assign a set of attributes (such as setting user preferences for different applications/channels) to a group of authentication authenticated users. Hence, it is not possible to assign a role, before the user is authenticated.
  A solution to your problem is to assign different NT Domain users to different iPS domains as iPS domains are identified using the Gateway URIs.

• BI Report - List all users and their assigned roles

  Hello,
  i need a report, which lists me all users and their roles.
  Which table stores this membership information about the users?
  USR or UGP does not have any values

  Hi Reynaldo,
  You can go to SE16 -> table name "AGR_USERS" and see the records for all users. Arrange them in ascending order by name and you will get the report what you have mention above.
  Download it and put it in EXCEL.
  Best Wishes.
  Kumar

• Installing ITunes on XP with 2 Users and one library.

  Is this possible ? My friend has an XP machine with 2 users, and they would like to be able to share there iTunes library with each other !
  Thanks.

  My wife and I who both have Macs can share iTunes accounts over 2 different computers (think you can go upto 5). I was just wondering if it's possible to share iTunes over 2 user accounts on the same computer, using the same iTunes account.

• SAP Technical roles and IDM Business roles mapping

  Hi Guys
  Just wondering if there is an easy way to export SAP Positions and create them automatically as Business Roles in IDM and the SAP technical roles that are related to that corresponding position into privledges assigned to that Business Role. Or am I going about this the wrong way? What do you normally do in terms of getting all your sap technical roles from the sap system and assigning them to business roles in IDM. Any help on this is much appreciated?
  Cheers
  Leo

  Thanks Matt,
  I think get I the picture now
  One thing that I am still not sure about is how the sap abap technical roles or profiles are provisioned through workflow
  Here is what Ive done so far
  1. HCM data loaded into productive identity store via vds
  2. Did an initial load of the abap system into the productive identity store (now the technical roles and profiles are loaded as privileges in the idstore)
  3. Through workflow I select a user that already has an abap account and assign that user some additional sap technical roles, for e.g. sap_all and sap_new. The corresponding privileges for these roles are namely PRIV:PROFILE:ECX:SAP_ALL and PRIV:PROFILE:ECX:SAP_NEW .
  4. For the provisioning to occur so that these new privileges are reflected in the ABAP system for this user, I have used the setABAPRole&ProfileForUser task from sap provisioning framework folder and set it as the add/mod/del  event task for the MXREF_MX_PRIVILEGE attribute. That way whenever a privilege is added to a user account the setABAPRole&ProfileForUser task will run and the sap_all and sap_new profiles will be added in the backend. This way I can avoid setting a provisioning task for each abap privilege that gets loaded.
  But it should be obvious now that there is a flaw with this kind of setup, because all non abap privileges that get added or removed will trigger the setABAPRole&ProfileForUser task anyway because the privileges use the same attribute i.e.MXREF_MX_PRIVILEGE. So it brings me to the question how do you provision abap technical roles or profiles through workflow without setting a provisioning task for each abap related privilege.
  Thanks again for all your help!
  Leo

• I have 2 e-mail accounts on my Ipad, one personal and one business, how do I navigate to send e-mails from the correct address?

  I have 2 e-mail acccounts on my Ipad, one personal, one business, how do I send from the correct
  address? At this point it does not give me an option.

  You can set a default email address here:
  Settings > Mail, Contacts, Calendars > underthe Mail section - Default Account.
  Any email you start will use this account by default but you can change this manuall by tapping the email address in the From field. That whill bring up a dial to select the email address you want to send from.

• LDAP Realm: One Directory to Users and One for Groups?

  Hi,
  I'm trying to use LDAP for authentication of users accessing WLS.510
  do all the users to be authenticated have to be in a single sub-directory?
  We were hoping to let WLS look in several sub-directories for users.
  i.e. store users of customer A in directory /ourcompany/custA/endusers
  and store users of customer B in diectory /ourcompany/custB/endusers
  is this possible?
  Cheers, Patrick.

  I don't think so.
  I've tried to put multiple 'directories' for my users, it doesn't
  work.
  This is how I put in ldaprealm.properties (I use ';' to seperate the
  DNs because we cannot use ',' and ';' is kinda standard way to
  seperate 2 entries, just like CLASSPATH)
  weblogic.security.ldaprealm.userDN=o=LatitudeWeb.com,ou=People;o=LatitudeWeb.com,ou=Customers
  Have you found a way to do so?
  On Wed, 11 Oct 2000 11:52:11 +0100, "Patrick Farley"
  <[email protected]> wrote:
  Hi,
  I'm trying to use LDAP for authentication of users accessing WLS.510
  do all the users to be authenticated have to be in a single sub-directory?
  We were hoping to let WLS look in several sub-directories for users.
  i.e. store users of customer A in directory /ourcompany/custA/endusers
  and store users of customer B in diectory /ourcompany/custB/endusers
  is this possible?best regards,
  Lawrence Law

• How to use multiple Simulink Models on on Target and One Host VI?

  My ultimate goal is to run two Simulink models simultaneously from one Real Time Target PC from one LabVIEW VI. As I understand it, this is possible but I have not found a solution or example on how to do this. For debugging and demonstration purposes, I would also like to run the same setup on my windows machine. We have had SIT (and VeriStand) working with one Simulink Model for some time now.  I have tried using the SIT connection manager and coping the code, but I have not had success doing this. We are using LV 2009 and Matlab 2009. Any thoughts or inputs would be appreciated. Thanks for your help.

  Just dawned on me to try and open two instances of Matlab, then set the SIT server on the second instance of matlab to a different port. This worked as I got two different simulink models to run. The question is, is there a better more efficent way of doing this? Any thoughts would be welcome.

• I am using apple mail on my Mac and have two different accounts set up, one personal and one business. when i send mail a copy of the message is being saved into my business account swell.

  Both accounts are Imap but the business one is Gmail and the persoanl one is 1and1. when i compose new mail in my personal account I make sure it says its going from my 1and1 account but for some reason the message appears in both sent boxes.
  I need to fix this as I dont want other people using the business account seeing my personal sent emails!
  This has only just started in last couple of days when I did something on accounts but cant think what that would have been.
  hope someone can help.

  I'd like to have one Apple Mail application for my one very important email account while the rest can stay on a different Apple Mail app.
  Consider using Thunderbird for the "rest."

• Business Role, Technical Profile, Application, Start Page in UI for service

  Hi CRM 2007 gurus,
  I have made all the settings in accordance with C04 to use the UI for the services role (copy of business role SERVICEPRO). Created the relevant PFCG role and a position in the org model; with a user and the business role assigned to the position. But I am getting an empty page on login.
  Then I changed the technical profile from DEFAULT to DEFAULT_IC; then it started giving an error "Permission denied".
  I then changed the start application to CRM_UI_FRAME and the start page to DEFAULT.HTM; then Internet Explorer started exiting on its own after the login.
  Can someone pls tell me what is amiss. Do I need to include some specific application and page as the "Startup Application" and "Start Page" in the technical profile (these are currently blank for the technical profile DEFAULT attached to the concerned business role).
  Points to be won; kindly help asap.
  Regards,
  DP

  Hi Deepak,
  few cents that might help:
  - Your problem is definitely not related to authorization issues. (easily derived by the nature of the error message and the point where it occurs (CL_BSP_WD_STREAM_LOADER))
  - The error message you received is being raised when CRM UI runtime tries to load a runtime repository. In case a runtime repository of a component has dynamic parts (e.g. the shell part itself), the repository is being loaded by the system via HTTP or HTTPS, depending on system settings. This results in the system sending a HTTP(S) request to itself.
  Now, there are two likely reasons for this going wrong:
  a) the system cannot "see" itself on the network (hosts problem, reverse proxy sceanrios, etc.)
  b) the runtime repository doesn't exist at all (ressource doesn't exist). This sometimes happens if component enhancements are active in a client (customizing settings) but the respective enhancement component (development objects) haven't made it into the system.
  c) In your case we can rule out this one: the SICF service for the UI component is not active - in that case the response would likely have been something like "Access forbidden" and you confirmed already all SICF services being active
  To get more clarity, you might want to proceed as follows:
  - Set a breakpoint in the line mentioned in the error message. You can access the source code of the releavant method using SE38 even though the include name looks pretty scary in the message (CL_BSP_WD_STREAM_LOADER=======CM02 or so).
  - In the debugger, check the name of the URL that had been tried to access (The variable should be available some lines above the breakpoint where the request gets sent).
  - try to access the same URL directly from your browser.
  Now, if you still don't get a valid response, b) might be the case. If you get an XML file back, a) might be the case.
  Good luck!
  Peter