No sub department maintained for user

In the QA environment I am getting this message in FV50L "no sub department maintained for user" What do I have to maintain in order to prevent? Thanks in advance..

Hi,
If you getting this error during 'collection work item creation' then this is the issue of ISU or R/3 org structure, rather its issue of FICA related , and can not be solved in CRM. In R/3 or ISU system go to t-code PPOMW , there find out the relevant org unit from structure search for 'collection strategy' or the org unit related to the work item, and assign the required user IDs there on the position. Log out from web ui and try again.
Hope it will solve the issue.
Regards
Rahul.S

Similar Messages

Where can I find Firefox 7.0 to install? Is there a link maintained where all the firefox releases are available for users

Hello Team,
Is there a link maintained where all the firefox release and its patch are available for users to download & install

You can get Firefox 7 here
* http://releases.mozilla.org/pub/mozilla.org/firefox/releases/7.0.1/
buit its reccomend to use Firefox 8

How to auto populte selection screen for variant maintained in User Profile

Hi,
I have to auto populate selection screen of Custom Report , with the variant maintained in User profile of User .
Helpful answers would be awarded .
Thanks
Umesh

Hi,
use the PARAMETER-ID clausole of the PARAMETERS / SELECT-OPTIONS instructions.
See help for more informations.
You have to know the parameter id of the field and also the parameters, must be tight to the right data element (example : parameters : p_mara like mara-matnr and NOT parameters : p_mara(18) ).
Otherwise, use "get parameter id" in the initialization event to populate the selection screen.
Bye
Andrea

Problem in maintaining service user for CCM srm_cse

Hello all,
We are implementing SRM 4.0 (EBP 5.5) SSP scenario.
To support shopping of EBP we are also implementing CCM 2.0 as an add on.
Please note CCM and EBP are on same client and CAT & CSE are also on the same client.
No XI is involved as the catalog will be only uploaded in CSV format.
I am doing intial configurations for CAT and CSE.
Now we know that we need to configure a service user in the service of srm_cse.
I am adding the same in SRM client-> trans SICF -> default host -> sap -> bc -> bsp -> ccm -> srm_cse ->change service -> log on procedure- log on data reqd. -> Anonymous log on data - details of client, user, password, language.
since my SRM and CCM are in same client I have put the same client no. and given the user with role "/CCM/CATALOG_SEARCH"
But when I am saving this change in service I am getting an error messaeg that " Changes to Repository or cross-client Customizing are not permitted ".
I am in a same client hence there is no question of cross client customizing .
The other cause left is CHANGES TO REPOSITORY .
Can anybody tell me where I should do config so that this "changes to repository" error message will be be corrected?
Thanks for yr attention and apologies for lengthy matter.
Kind Regards,
Dinesh

Hello Yann,
Thanks a lot for your attention.
But my question was regarding particular error I am getting while maintaining service user in the service "srm_cse" as given in my first message.
Can you throw some light on that pl.?
My client configration as per yr path is present.
Regards,
Dinesh

History of the default printers maintained for a user to analyze

BOL and packing list trigger the activity based on the user profile . So we need the history of the default printers maintained for a user to analyze there issues.

Hi Raj,
If you want to check activity of perticular user for the problems then you can use trace on for particular user only for the time period. Please be careful trace on is not recommended by SAP.
I hope your problem will be solve.
Regards,
Anil

Maintaining sub element Costs for the Service Activity

Dear Experts & MM Gurus,
Requirement is to maintain the Sub Cost Elements for the activity and to maintain different unit & Rate for the sub cost elements .
Scenario is explained below.
1. while making Purchase Requisition for Services
in Services Tab at item level i maintained Service Activity and for that activity i had maintained sub cost elements (Such as cost estimate for the activity) like labour cost,material & consumables cost,Transportation cost with the help of Pricing MS0000.
2. My Concern is i need to maintain different unit and rate for the sub cost elements ,but system is not allowing to maintain different unit from unit available with activity unit.How can i maintain different unit for the Sub cost (pricing elements like PRSO,PRS1,PRS2) .
EXAMPLE :1. Activity is Laying of Road where unit is AU and price will be combination of all Sub cost elements .
2. Sub Cost Elements like labour cost where unit is man days,system doesnt allow to maintain this unit.
pl comment /suggest on the above scenario.
Thanks in Advance ,
Regds,
Injeti

Hi
For services, U create activity group in AC03.
U can have upto four levels.
And Model service specifications u maintain in ML10.
Then mainatin service conditions in ML33 / ML 39 based on with or with out plant.
Then create the document, the price will pick it from the conditios u maintained.
Please check and revert back
Regards,
Raman

Active substitute maintained for a user is not getting workitems for approv

Hi,
Active substitute maintained for a user is not getting workitems for approval.Earlier he was getting
but now a days he is not getting.
Roles wise also , i checked, it is proper.
Please advise me on this.
Regards,
Niti

Hi Check Table HRUS_D2 for the user id and cross check it with the users pa record and IT 105.
Also check the email address maintained in su01. And further you can check with the org attrib forward??? is maintained.
I hope this helps.
Saj

How do you stop BSPs on WebSEAL for asking for user-credentials?

Hi
We are currently having an issue with BSP Pages. When we test the BSP pages on the R/3 system they work OK. When we test them directly on the Portal then they too also work. The problem is that they are not working properly on our Intranet.
The intranet that we use is an IBM Tivoli product (also known as WebSEAL). We currently have WebSEAL SSO to our SAP Portal. This is working OK. When we use WebSEAL to access the portal we are prompted to enter our user-id and password so that the BSP page can be displayed. This should not be happening and it defeats the purpose of SSO. I have attached a screen shot document to demonstate this.
Some time ago we had a similar issue where the transactions on the portal (when executed from WebSEAL) were giving us a Webdynpro time-out error. I later determined that the cookie information was not being passed to WebSEAL. To fix this, I went to the Visual Administrator and went to server >> services >> web container and for the web container "sap.com/irj" I went to the cookie configuration to add a session cookie. By doing this I fixed my previous problem.
Coming back to my problem, I had a junction created in WebSEAL to point to the bsp directory (sap/bc/sap/bsp/*) on the host concerned. I had both a SSL and TCP junction created both resulted in error messages - stating that the client (SAP) is asking for user credentials.
Hoping that I have provided enough information above my question is as follows:
(1) How can I get the BSP messages to work on WebSEAL such that it will not ask for user credentials to be entered? Would this involve making a further change to a Web Container? If so - which container also needs a session cookie to be generated?
Thanks
Kind Regards
Rajdeep Kumar

Hi Peter
I am having an issue with the re-direct and am hoping you might be able to provide a little assistance. If not then not to worry.
My security department have logged a call with IBM 2 days ago yet have not received any response.
In your document you mention that you need to have a junction to AS-JAVA and a junction to AS-ABAP.
We have created the junctions "/sapep" (for AS-JAVA) and "saphr1" (for AS-ABAP).
The junction /sapep" also contains the junction mapping entries "/irj/" and "/SSOTicket/".
The direct URL to the hidden image is : https://uadsfi01.auiag.corp:53001/SSOTicket/1x1.gif. I have tested this (using my user id and password) and it works OK.
When testing the image through TAM (https://test.insideiaghome.iaglimited.net/sapep/SSOTicket/1x1.gif) we get an "unexpected authentication challenge"
I have reviewed the log below and it seems that we are having an authentication issue with the image:
==(START OF LOG)==
2008-06-16-19:59:58.365+10:00I----- thread(136) trace.pdweb.debug:2 /sand/cholt/laura_amweb510_11LA/src/pdweb/wand/wand/log.c:309: -
PD ===> BackEnd -
Thread_ID:52943
GET /SSOTicket/1x1.gif HTTP/1.1
via: HTTP/1.1 uattam01:443
host: uadsfi01.auiag.corp:53001
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 2.0.50727)
iv_server_name: uatin1-webseald-uattam01
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /
iagsapid: 52975
accept-language: en-au
referer: https://test.insideiaghome.iaglimited.net/sapabap.html
connection: close
iv-user: s52975
2008-06-16-19:59:58.373+10:00I----- thread(136) trace.pdweb.debug:2 /sand/cholt/laura_amweb510_11LA/src/pdweb/wand/wand/log.c:309: -
PD <=== BackEnd -
Thread_ID:52943
HTTP/1.1 401 Unauthorized
content-type: text/html
date: Mon, 16 Jun 2008 09:59:58 GMT
cache-control: no-cache
content-length: 1787
www-authenticate: Basic realm="Upload Protected Area"
server: SAP J2EE Engine/7.00
expires: 0
pragma: no-cache
connection: close
==(END OF LOG)==
When logging into the SAP Portal directly general user ids have no problem accessing this (Non-Administrator portal users), however through Tivoli it is causing an issue.
Do you know what may be causing this issue?
Thanks in advance for any assistance you can offer.
Kind Regards
Rajdeep Kumar

Weblogic with Active Directory Authentication provider problem: DN for user ....: null

I have a java application (SSO via SAML2) that uses Weblogic as a Identity Service Provider. All works well using users created directly in Weblogic. However, I need to add support for Active Directory. So, as per documentation:
- I defined an Active Directory Authentication provider
- changed it's order in the Authentication Providers list so that it comes first
- set the control flag to SUFFICIENT and configured the Provider Specific; here's the concerned part in config.xml:
<sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
 <sec:name>MyOwnADAuthenticator</sec:name>
 <sec:control-flag>SUFFICIENT</sec:control-flag>
 <wls:propagate-cause-for-login-exception>true</wls:propagate-cause-for-login-exception>
 <wls:host>10.20.150.4</wls:host>
 <wls:port>5000</wls:port>
 <wls:ssl-enabled>false</wls:ssl-enabled>
 <wls:principal>CN=tadmin,CN=wl,DC=at,DC=com</wls:principal>
 <wls:user-base-dn>CN=wl,DC=at,DC=com</wls:user-base-dn>
 <wls:credential-encrypted>{AES}deleted</wls:credential-encrypted>
 <wls:cache-enabled>false</wls:cache-enabled>
 <wls:group-base-dn>CN=wl,DC=at,DC=com</wls:group-base-dn>
</sec:authentication-provider>
I configured a AD LDS instance(Active Directory Lightweight Directory Services) on a Windows Server 2008 R2. I created users and one admin user "tadmin" which was added to Administrators members. I also made sure to set msDS-UserAccountDisabled property to FALSE.
After restarting Weblogic I can see that the AD LDS's users and groups are correctly fetched in Weblogic. But, when I try to connect with my application, using Username:tadmin and Password:<...> it does not work.
Here's what I see in the log file:
<BEA-000000> <LDAP Atn Login username: tadmin>
<BEA-000000> <authenticate user:tadmin>
<BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
<BEA-000000> <DN for user tadmin: null>
<BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
<BEA-000000> <DN for user tadmin: null>
<BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User tadmin denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:229)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
So, I tried to look why do I have: <DN for user tadmin: null>. Using Apache Directory Studio I reproduced the ldap search request used in Weblogic and, sure enough, I get no results. But, changing the filter to only "(&(cn=tadmin)(objectclass=user))" (NOTICE, no userAccountControl), it works; here's the result from Apache Directory Studio:
#!SEARCH REQUEST (145) OK
#!CONNECTION ldap://10.20.150.4:5000
#!DATE 2014-01-23T14:52:09.324
# LDAP URL : ldap://10.20.150.4:5000/CN=wl,DC=at,DC=com?objectClass?sub?(&(cn=tadmin)(objectclass=user))
# command line : ldapsearch -H ldap://10.20.150.4:5000 -x -D "[email protected]" -W -b "CN=wl,DC=at,DC=com" -s sub -a always -z 1000 "(&(cn=tadmin)(objectclass=user))" "objectClass"
# baseObject : CN=wl,DC=at,DC=com
# scope : wholeSubtree (2)
# derefAliases : derefAlways (3)
# sizeLimit : 1000
# timeLimit : 0
# typesOnly : False
# filter : (&(cn=tadmin)(objectclass=user))
# attributes : objectClass
#!SEARCH RESULT DONE (145) OK
#!CONNECTION ldap://10.20.150.4:5000
#!DATE 2014-01-23T14:52:09.356
# numEntries : 1
(the "[email protected]" is defined as userPrincipalName in the tadmin user on AD LDS)
As you can see, "# numEntries : 1" (and I can see as result the entry "CN=tadmin,CN=wl,DC=at,DC=com" in Apache Directory Studio's interface); if I add the userAccountControl filter I get 0.
I've read that the AD LDS does not use userAccountControl but "uses several individual attributes to hold the information that is contained in the flags of the userAccountControl attribute"; among those attributes is msDS-UserAccountDisabled which, as I said, I already set to FALSE.
So, my question is, how do I make it work? Why do I have "<DN for user tadmin: null>" ? Is it the userAccountControl ? If it is, do I need to do some other configuration on my AD LDS ? Or, how can I get rid of the userAccountControl filter in Weblogic?
I didn't seem to find it in config files or in the interface: I only have "User From Name Filter: (&(cn=%u)(objectclass=user))", there's no userAccountControl.
Another difference I noticed is that, even though in Weblogic I have set ssl-enabled flag to false, in the logs I see ldaps and not ldap ( I'm not looking to setup something production-ready and I don't want SSL for the moment ).
Here are some other things I tried but did not change anything:
- the other "msDS-" attributes were not set so I tried initializing them to some value
- I tried other users defined in AD LDS, not tadmin
- in Weblogic I added users that were imported from AD LDS in Roles and Policies> Realm Roles > Global Roles > Roles > Admin
- I removed all userAccountControl occurrences that I found in xml files in Weblogic (schema.ms.xml, schema.msad2003.xml)
Any thoughts?
Thanks.

I managed to narrow it down: the AD LDS does not support the userAccountControl.
Anyone knows how I can configure my Active Directory Authentication Provider in Weblogic so that it does not implicitly use userAccountControl as filter?
<BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>

How to restrict the department to not user other departments' equipment?

Dear SAPIENTS,
How to restrict the department to not user other departments' equipment? If suppose any one creating order for equipment having different authorization group then system should not allow me to do this.
Regards,
Kaushal Rai

Kaushal Rai,
Use Authorization group for technical objects, create authorization gruops in IMG and assign the same to the Equipment master and block the other department with the same authorization group. For ristricting the authorization group to other departments after creating and assigning it to the equipment seek help from your BASIS team.
goto the below path for cerating the Authorization group:
IMG - PMCS - Master data in PMCS - Technical Objects - Define Authorization groups:
Here you define the authorization groups, after completion of this step go to the Equipment master in General Data tab page there is a feild Authourization Group, mention the respective authorization group and provide this Authorization gruop value to the respective user in the user role with the help of BASIS Team.
Regards,
Praveen.

Attribute for user contains errors. Inform system admin

Hello,
We've got an issue with shopping carts created by a user that was deleted from system. When trying to see in Monitoring Shopping Carts header or item details of a given sc. A web error occurs:
The URL http://srp.srm.gruposalinas.com.mx:8000/sap/bc/gui/sap/its/bbpsc11/! was not called due to an error.
Note
The following error text was processed in the system SRP : Attribute for user contains errors. Inform system admin.
The error occurred on the application server srm-pro_SRP_00 and in the work process 2 .
The termination type was: TH_RES_FREE
The ABAP call stack was:
Form: OUTPUT_EXPRESS_MESSAGES of program SAPLBBP_SC_UI_ITS
Form: EXTERNAL_SCREEN_DETERMINE of program SAPLBBP_SC_UI_ITS
Module: EXTERNAL_SCREEN_DETERMINE of program SAPLBBP_SC_UI_ITS
We've cheked SAP NOTE 312058-BBPPU99: Error: Attribute for ... is missing. Inform ...
But it seems that none of the information applies to us, since this issue is only present for Shopping carts that were created by this deleted user.
So we tried to re-assing one of this sc, chaning PARTNER_NO,ADDR_NR
ADDR NP data in table CRMD_PARTNER according to a new given user, but it didn't work. So we need to know how to re-assing this sc or perhaps how to find what specific attribute is missing.
Any advice is welcome.
Thanks in advance.

Hi
Which SRM version are you using ? This is an SRM error message.
The manager role should be enough to change user attribute. The transaction is BBPATTRMAINT. Employee role should have BBPUM02 or BBPAT05 to change their own attribute.
Please check whether the User ID you are using to Log into BBP_PD (and seems to be assigned in the org structure also)is consistent and has no errors in tcode USERS_GEN. You should check the user, it's not set up properly in USERS_GEN Transaction, Else repair the user.
To maintain the user attributes you must have the Administrator role.. Your user should have role SAP_BBP-STAL_ADMINISTRATOR and be integrated in the org structure. your user must be integrated in SRM organizational structure. To see which attributes are missing, you can click on the user in PPOMA_BBP to see details, and go to last tab "Check". This will list all required attributes depending on used scenarios (so you may not require all of them). You can also use transaction BBP_ATTR_CHECK to check user's attributes for a particular scenario.
Please go through the following links as well ->
bbp_mon_sc attributes
Re: FM for attribute's value assignation in PPOMA ?
Note 751022 - Monitor Shopping Cart: Item deletion causes termination
Re: User Settings are not saved
Re: Not able to generate user users_gen
Re: SRM organization plan...
Re: User creation error
Hope this will definitely help. Do let me know.
Regards
- Atul

Drop down list for User ID's and SAP List viewer format

Couple of quick questions. Any help will be greatly appreciated.
1) I need to put User ID on the selection criteria screen. And also, I need to build a dropdown list for user ID selection by finding all user IDs in the Finance department and put it on the list.
2) I need to display the report in the SAP List viewer format, which enable these functions including sorting, hiding fields, filtering, exporting to an excel file as necessary. My output is currently plain vanilla as follows
loop at ibkpf where belnr = ibseg-belnr.
 read table iskat with key saknr = ibseg-hkont.
 read table icepct with key prctr = ibseg-prctr.
 read table icskt with key kostl = ibseg-kostl.
 write:/
 iBKPF-BELNR, " Accounting document number
 iBKPF-BUKRS, " Company code
 iBKPF-GJAHR, " Fiscal Year Range
 iBKPF-MONAT, " Period
 iBKPF-USNAM, " Username
 iBSEG-BELNR, "Document #
 iBSEG-BUZEI, "Item #
 iBSEG-BSCHL, "Posting Key
 iBSEG-SHKZG, "Debit/credit indicator
 iBSEG-PRCTR, "Profit Center
 icepct-ktext,
 iBSEG-KOSTL, "Cost Center
 icskt-ltext,
 iBSEG-HKONT, "G/L Account
 iskat-TXT20,
 iBSEG-DMBTR, "Local currency
 iBSEG-WRBTR, "Document currency
 iBSEG-SGTXT, "Explanation
 iBSEG-KOART. "Account type

Hello Syed
Here is a sample coding for a dropdown listbox:
*& Report ZUS_SDN_DROPDOWN_LIST
REPORT zus_sdn_dropdown_list.
TYPE-POOLS: vrm. " Value Request Manager: Typen und Konstanten
DATA:
gt_values TYPE vrm_values.
PARAMETERS:
p_usrid TYPE xubname AS LISTBOX VISIBLE LENGTH 13.
INITIALIZATION.
* Select the allowed values for dropdown listbox
SELECT bname AS key FROM usr02 INTO TABLE gt_values
 WHERE bname LIKE 'S%'.
CALL FUNCTION 'VRM_SET_VALUES'
 EXPORTING
 id = 'P_USRID'
 values = gt_values
 EXCEPTIONS
 id_illegal_name = 1
 OTHERS = 2.
IF sy-subrc <> 0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
* WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
START-OF-SELECTION.
END-OF-SELECTION.
You have two fields for the listbox available:
- KEY (obligatory)
- TEXT (optional)
Regards
Uwe

Unable to search for users in CUP

Hi Guru's
When I am tryin to create a request in CUP , I am unable to search for users , the search option doesnt return any values at all
I have checked my user data source which is LDAP, the connector is working fine , and I have the field mapping done etc ,but I still cannot search for users.
Any thought on this
Regards
KS

Hi Venkateshwar,
Thanks for the quick response ,
my user path looks somehtinkg like this
User path : DC=unity
This connector is defined by my Basis guy ,I am not sure what wouldl be the compelte path
have you got an example ?
I guess I will have to check with teh guys who maintain the active directory ( our LDAP system )
Thanks
KS

EHP5 - Counntry specific language for users in ESS

Hi Experts
We are using EHP5 and facing problem while enabling country specific language for users in ESS .
Here we have .
u2022     Made language field blank in JCO
u2022     Have maintained country specific language in SU01-Default and in UME
u2022     We have maintained country specific language in browser u2026also .
u2022     We have maintained entry in IMG (SAPDEFAULTESS_ERP2005 )
But itu2019s not working for us either in portal or in NWBC ( we have both connection available to our sandbox ). Other than English it works only for Germen (but not completely few services still appears in English e.g My processes )
Your advice will be greatly appreciated .
Thanks
Aditya

Hi Deepak And Siddharth
Thanks for your reply . I checked language packages in SMLT and here we have status for all languages other than English and German is yellow ( Warning ) Also
for NWBC in role menu only display translation options is available only for English and German and hence we have asked basis team to look into this ..Will keep you posted .
Thanks again
Aditya

IAC view and BSP iviews gives pop up for user id and password

Hello All,
I am facing a problem in quality portal.
we have SSO configuration between Portal and ECC system and the Jco connection using SSO with login tickets are working fine,test and ping both are succesfull.
The ESS and MSS webdynpro application are also working fine.
But the IAC iviews and BSP iviews says "session managment will not work ! Please check the DMS log files for details" and then ask for user id and password of the ECC system,But the system alias that i am using,is configured for SSO with logon tickets.
same iviews are working fine in devlopment system with system alias with SSO Login tickets but in qa it is asking for id and password ...
I have checked all the system properties also FQDN of ECC system is also maintained.
Please suggest what could be the issue ??
Thank you,
Regards,
Gunja

Hi,
When messages about Session management popup then it is 99% an FQDN issue, but you say you already checked it.
Did you also checked the parameters:
- ITS Host Name
- Web AS Host Name
... in your system object?
Cheers,
B.

No sub department maintained for user

Similar Messages

Maybe you are looking for