No user assigned to virtual group ....

Hi experts,
I am configuring UME to create virtual groups in Portal:
     ume.virtual_groups.user_attribute=department
     ume.vitrual_groups.user_attribute.namespace=com.sap.security.core
     ume.virtual_groups.names=Marketing;Production;Distribution
     ume.virtual_groups.name_prefix=VG_
And virtual groups can be found in the useradmin application. But no users are assigned to virtual groups, although there are users with the attributes department = Marketing or Production or Distribution in the portal.
where is mistake?
Best regards,
Andrei

problem solved.
in SAP Note 1372126 encountered a new value for namespace, different from help.sap.com (http://help.sap.com/saphelp_nw70/helpdata/en/43/fcfa2942ed7067e10000000a1553f6/content.htm).
after changing the namespace, the problem resolved
ume.virtual_groups.user_attribute.namespace = com.sap.security.core.usermanagement
Best regards,
Andrei
Edited by: Andrei Liashkevich on Oct 13, 2009 4:00 PM

Similar Messages

  • Query to get which user assign to what group in OID

    Hi All,
    Can you please help me out to get the details of users assigned to which groups in OID.
    I required sql query for the same.
    Please suggest for such query.
    Thanks-
    P

    You will use LDAP queries, not SQL.  You can query the objectclass of the group and the attribute with the multi value entry for the user.  Example:
    (&(objectclass=groupofuniquenames)(memberof=*)) ->  This will show you all groups that have members.
    (&(objectclass=groupofuniquenames)(memberof=cn=Joe Schmoe,cn=Users,dc=location,dc=com))  ->  Will show you all the memberships a specific user has.
    -Kevin

  • Self-registration user assigned to anonymous group auto

    hi experts,
    how can i make the user self-registration user belong to anonymous group,not everyone group
    best regards
    zlf

    Normally self  registered users automatically assigned to everyone group. If client needs they should automatically assign to someother group , it is the only possibility in my point.
    Ulitimately when modifying standard groups, this consultant should think about it whether modification really needed ?
    It is just an idea
    Koti Reddy
    Edited by: Koti Reddy Chimalamarri on Feb 8, 2009 12:03 PM

  • Unable to fetch task assigned to particular group from user

    Hi,
         I am usinf BPEL 10.1.3.0. The BPEL is configured to use the Oracle Infra as directory server for providing identity service.
         I have a two group created in oid by name AdminRole and TestRole.Have a one user assigned to each group.
         If i create a new user and assigned to both the role, so any task created for both the group will be visible to new user.
         But this is not happening the new user is not able to view any task assigned to AdminRole or TestRole.
         Any Help Apprecited.
    Regards,
    Bhavik

    Hi Dasaradh,
    If earlier issue (Pop message with 60) is not resolved, then it means your Service Constructor is old one. You will see this pop error message when you have more than 60 records to be fetched. The service solution component tables's maximum capacity was 60 only. We fixed the issue later.
    So if you still see this issue, I would suggest you to update your service constructor.
    For later issue [(Unknown Source)Error: Extension ID oracle.aia.codegen.codegenwizard in extension.xml does not match jar filename oracle.aia.aiaserviceconstructor], it looks like your Service Constructor install is not successful.
    Thanks
    Vikas
    Edited by: user10866611 on Nov 24, 2010 3:15 AM
    Edited by: user10866611 on Nov 24, 2010 3:16 AM

  • User assignment to purchasing organisation and purchasing groups

    Dear Experts,
    My issue is related to user assignment to purchasing organisation and purchasing groups.
    According to the project requirement, we are using central purchasing organisation and we should create the purchasing organisations and purchasing groups locally. it is not reflected from the back end systems through RFC.
    Also we have one more team working with indirect materials and they also use SRM. They have already created the organisation model. Two projects are inter-related and belongs to same department in the company, but main different is one uses direct and the other in-direct materials.
    Now we should create our purchasing organisation and purchasing groups and assign the users to it.
    If we create it separately means not uder the main root and assign the users, we are able to create shopping cart till the contract. But when i create the new purchasing organisation and purchasing groups under the main root which is created for other project which deals with in-direct materails, i am not able to create shopping cart with the user. I am getting the error
    ' Process scheme could not be found
    Please let me know how to deal with this scenario. here i need to add the purchasing organisation and purchasing groups under main root because of the reason that in the other project, purchasing organisation and purchasing groups defined needs to be accessed by our users as well. I mean the users should be able to access all the purchasing organisation and purchasing groups created under root node which gets the purchasing organisation and purchasing groups from the back end systems and the purchasing organisation and purchasing groups we created manually since we cant get it from back end system since it is central purchasing organisation.
    Please asvise
    Best regards,
    Srinath
    Edited by: srinath_Vijaya on May 27, 2010 4:21 PM

    Hello Masa,
    Thanks very much for your time and solution.
    Actually the problem was something else and was fixed.
    The reason for getting error 'Process schema was not yet defined' is because of missing definition of process schedma for the workflow since the process based workflow setting has been activated.
    So this has been resolved by copying the sap standard customizing BC set for SRM workflow using transaction SAPR20 and then process schema for workflow got configured or copied automatically from SAP BC set and the error was removed.
    Also the reason for error with user was that no purchaser assignment was done to the purchasing organisation and now it has been done and the users can access the SRM and create shopping cart and the contract.
    Regards,
    Srinath

  • Assign user external dir to group using MaxL

    Hi
    I have my essbase security sync with Shared services.
    Now i want to assign user to groups using Maxl
    Groups exist as Essbase native Groups
    Users exist as corporate directory and are NOT native users
    Now when i try to execute the following statement i get error saying 'user does not exist'
    Alter user 'username@corporatedir' add to group 'nativegroup';
    Is it not possible to assign users from external directory to native groups using Maxl?

    Not specifed your version.
    For 9.3.1 refer to page 103 for details. http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/hyp_security_guide.pdf
    The file looks like
    #group_children          
    id,user_id,user_provider
    myNativeGroup,User1,myProvider
    myNativeGroup,USer2,myProvider
    myNativeGroup,nativeUser3,Native Directory
    For better understanding, add one external user to a native group manually in shared services and then export using the utility.
    Then the exported file format can be used for your import.
    Hope it helps.

  • How to maintain master record for a user before assigning it to group?

    Hi!
    how to maintain master record for a user before assigning it to group?
    I am in SQ03 and would like to assign user to a group, but SAP sais that my user has no user master data... where it is maintained?
    Help will be appreciated,
    Mindaugas

    I  guess  it will be SU12 Transaction.
    Thanks
    Seshu

  • Assign user role to network group people

    Hi everyone,
    What user role should I assign to network people if they wan to be able to discovery(add) and manage their network devices by themselves. I have tried Advanced Operator and Operator two roles, but non of them came up with Discovery Wizard option. I really don't
    want to assign them to Operations Manager Administrators group because I'm pretty sure they will mess up SCOM within couple mins!!!!!

    Hi,
    We can create runas account for discovery with the network discovery wizard, the runas account type is community string only.
    Network devices that use SNMP v1 or v2 require a Run As account that specifies a community string, which acts like a password to provide read-only access to the device.
    Regards, Yan Li
    Hi Yan Li,
    After reading your post couple times, I'm confused now. I did have two run as account created for community string and snmpv3 authentication. When I ran Discovery Wizard for network devices, I can select either one of them to run without problem,
    and discover network devices. My account is under Operation Manager Administrators role, so I have full permissions to do anything I want.
    My question is that how to configure or create User Roles for network group people, so they can also run Discovery Wizard and manage their network devices without putting them into Operation Manager Administrators group. Ex: there is not Administration
    tab for them, they only see Network Monitoring folder under Monitoring. Because I don't want them to mess up those options under Administration.
    Is it just like the previous post said that only two options?  Thank you.
    1) grant them as a SCOM administrators right
    2) scom administrator help them to do network discovery

  • Problem to assign a User to an AD group

    Hi,
    I have a problem assigning a user to an AD group on the "Edit User" (Attributes tab) page.
    I can see my AD groups as "Available Groups" and I can "move" a group to "Selected Groups".
    Nevertheless, after I click on "Save", I can see the changes for the user, but the assignment to the group is missing and the user therefore is not added to the group in the AD.
    (One possible way to assign a user to an AD group is to edit the group manually on the Resources page.)
    As you can see I am quite new on the IDM-topic and I really appreciate your help.
    Thanks in advance!
    Andreas

    Hi,
    thank you all for your replies and sorry that I did not answer. I was out of the office for some exams.
    This is my gateway trace file:
    07/24/2007 15.53.58.905000 [620] (../../../../src/wps/agent/logging/WSTrace.cpp,150): trace active, level: 3, file: c:\gatewaytrace.txt, maxSize: 10000 KB
    07/24/2007 15.53.58.905000 [620] (../../../../src/wps/agent/logging/WSTrace.cpp,108): In WSTrace::init()
    07/24/2007 15.53.58.905000 [620] (../../../../src/wps/agent/logging/WSTrace.cpp,109): Gateway version: 'Sun Java System Identity Manager 7.1'
    07/24/2007 15.53.58.905000 [620] (../../../../src/wps/agent/logging/WSTrace.cpp,110): OS version: 'Windows Server 2003 Family Service Pack 2 (Build 3790)'
    07/24/2007 15.53.58.921000 [888] (../../../../src/wps/agent/connect/ntsvc.cpp,95): Service::svc
    07/24/2007 15.53.58.937000 [888] (../../../../src/wps/agent/connect/server.cpp,269): starting up server daemon PORT 9278
    07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 44 bytes
    07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 24, 40 wrapped up rawlength 40
    07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
    07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
    07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,474): MakeChallengeResponse(in,out):
    (22,3E) (D0,70)
    07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,476): (23,56) (E2,E2)
    07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 16 pad: 4
    07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 36 bytes
    07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 16, 32 wrapped up rawlength 32
    07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
    07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
    07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,571): Session key :
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 11188 bytes
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 11164, 11184 wrapped up rawlength 11180
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,567): Enter: handleRequest
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,636): command='get info'
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,467): Enter: ProcessCommand
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,76): Enter: sendBuffer
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 378 pad: 2
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,105): Exit: sendBuffer
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,562): Exit: ProcessCommand
    07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,699): Exit: handleRequest
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 11324 bytes
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 11300, 11320 wrapped up rawlength 11316
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,567): Enter: handleRequest
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,636): command='get'
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,467): Enter: ProcessCommand
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6434): Enter: getObject
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5137): Enter: openObject
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2527): Enter: getIdentity(obj,result)
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2564): Enter: getIdentity
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2627): Exit: getIdentity
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2628): return value: 'LDAP://<GUID=0b1d8258b7b2b54cb3d378e866120a0b>'
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2551): Exit: getIdentity(obj,result)
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5152): Enter: openObject - 1
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5162): Enter: openObject - 2
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4734): Enter: login(wstring**,EncyptedData**,wstring**,WavesetResult&)
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4716): Enter: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4727): Login: 1
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4728): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4737): Login: 1
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4738): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5176): ADsGetObject for LDAP://<GUID=0b1d8258b7b2b54cb3d378e866120a0b>
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
    07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
    07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5223): Bound with GID, rebinding with dn. ADsGetObject for CN=Alice Anderson,CN=Users,DC=SunIM,DC=test
    07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2564): Enter: getIdentity
    07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2627): Exit: getIdentity
    07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2628): return value: 'LDAP://CN=Alice Anderson,CN=Users,DC=SunIM,DC=test'
    07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5266): Exit: openObject - 2
    07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5155): Exit: openObject - 1
    07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5146): Exit: openObject
    07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6503): Enter: buildObject
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'co': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'company': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'department': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'division': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'employeeID': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'facsimileTelephoneNumber': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'groupMembershipSAM': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'homePhone': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'l': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'manager': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'middleName': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'mobile': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'postalCode': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'st': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'streetAddress': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'telephoneNumber': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'title': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
    07/24/2007 15.54.36.687000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,7108): Exit: buildObject
    07/24/2007 15.54.36.702000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,76): Enter: sendBuffer
    07/24/2007 15.54.36.702000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 10894 pad: 6
    07/24/2007 15.54.36.812000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,105): Exit: sendBuffer
    07/24/2007 15.54.36.812000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6479): Exit: getObject
    07/24/2007 15.54.36.812000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,562): Exit: ProcessCommand
    07/24/2007 15.54.36.812000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,699): Exit: handleRequest
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 7964 bytes
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 7942, 7960 wrapped up rawlength 7958
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,567): Enter: handleRequest
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,636): command='list all'
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,467): Enter: ProcessCommand
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9788): Enter: directorySearch
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9848): Searching container: 'LDAP://cn=Users,dc=sunim,dc=test'
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5162): Enter: openObject - 2
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4734): Enter: login(wstring**,EncyptedData**,wstring**,WavesetResult&)
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4716): Enter: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4727): Login: 1
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4728): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4737): Login: 1
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4738): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5176): ADsGetObject for LDAP://cn=Users,dc=sunim,dc=test
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
    07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
    07/24/2007 15.54.40.437000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5266): Exit: openObject - 2
    07/24/2007 15.54.40.437000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10243): Search query: '(&(objectClass=group))'
    07/24/2007 15.54.40.437000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9922): Getting first row
    07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10021): Closing search handle
    07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10118): Exit: directorySearch
    07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,76): Enter: sendBuffer
    07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 1996 pad: 8
    07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,105): Exit: sendBuffer
    07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,562): Exit: ProcessCommand
    07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,699): Exit: handleRequest
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 7964 bytes
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 7942, 7960 wrapped up rawlength 7958
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,567): Enter: handleRequest
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,636): command='list all'
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,467): Enter: ProcessCommand
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9788): Enter: directorySearch
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9848): Searching container: 'LDAP://cn=Users,dc=sunim,dc=test'
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5162): Enter: openObject - 2
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4734): Enter: login(wstring**,EncyptedData**,wstring**,WavesetResult&)
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4716): Enter: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4727): Login: 1
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4728): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4737): Login: 1
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4738): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5176): ADsGetObject for LDAP://cn=Users,dc=sunim,dc=test
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
    07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
    07/24/2007 15.54.43.952000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5266): Exit: openObject - 2
    07/24/2007 15.54.43.952000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10243): Search query: '(&(objectClass=group))'
    07/24/2007 15.54.43.952000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9922): Getting first row
    07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10021): Closing search handle
    07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10118): Exit: directorySearch
    07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,76): Enter: sendBuffer
    07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 1996 pad: 8
    07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,105): Exit: sendBuffer
    07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,562): Exit: ProcessCommand
    07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,699): Exit: handleRequest

  • Assign User ids to Recipient Group

    Hi All
    Could any one please tell us how to assign users into a recipient group.
    Recipient group can be found from SPRO IMG
    Training and event management --> Day to day Activities --> Correspondance --> Notification Abbreviations
    Regards
    Pritam

    Dear Pritam,
    With the Definition of the recepient groups you can specify for which recipient group which function module should be linked / should be used.
    In the function module it is decided whom the correppondece will be sent.
    F.e.:
    Recipient group Prebooked  -> RH_GET_ADDR_PREB (function module)
    If you prebook a course with one of your Objects (Person, User, Candidate, Org. Unit, etc..) than the object automatically belongs to the Prebooked group.
    For the "prebooked" group you can specify different notification types they call the function module.
    I hope i could clearify the question.
    Kind regards,
    Zsolt

  • Nesting Virtual Groups

    Hi All-
    I want to know if it is possible to nest virtual groups within portal. I have the groups being created correctly however when I go (in User Administration) to assign parent or child groups to any virtual group I receive two alerts:
    -Group attributes successfully modified
    -An error occurred while adding group assignments; to see the correct status, perform a new assigned groups search.
    .....And no assignment is made. If I try to make the same type of assignment with non-virtual groups, all is OK.
    Is this a limitation to virtual groups?
    Tim

    Hi Tim,
    You cannot nest virtual groups nor assign other groups to virtual groups. Virtual groups are based on the value of a configured user attribute and determined at runtime. You can however make a virtual group a member of another group.
    http://help.sap.com/saphelp_nw04s/helpdata/en/46/1051e7b4d84251e10000000a1553f6/frameset.htm
    -Michael

  • User assgined to a group, SSO to ITS is not working

    We had our security group add a ESS-User group.  We imported 500 users and assigned them to that group.  When logging into EP, we are getting access to the correct tabs, but ITS is requiring us to login. 
    But when logging in as a user that is not assigned to this group, the SSo to ITS is working. 
    What setup step are we missing?  Are we supposed to configure something in Visual Administrator.

    Hi Dena,
    A logon trace might provide the cause of the problem. See SAP note 495911 for starting.
    Thanks and regards,
    Dieter

  • How to implement a single user in mutiple AD groups?

    Hi all,
    I need your help in achieving the following requirement.
    1. Security should be applied based on a DeptName from DeptTable For example Department Name= A , Department Name =B, Department Name =C.
    2. Also security should be based on Officer Indicator from EmployeeTable= Yes or No.
    3. Employee Salary information is grouped into EmpFacts in presentation folder. Only a few users who belong to the group which has access to the folder, should be able to see this folder when they login.
    (DeptAOfficerYesEmpFactYesSuper. All the groups which has EmpFactYes are given permissions to EmpFact Folder in presentation Folder)
    4. On top of these all the users are classified into Mega and Super users. Mega users should have read only access to dashboards and Super users should be able to edit the dashboards. ( All the groups which are classified as Super are given access to "Edit Dashboard" in Presentation Catalog )
    NOTE: As we are deploying our rpd in the shared environment we are not supposed to use SESSION VARIABLES.
    TO achieve the above requirement we have created AD groups such that DeptAOfficerYesEmpFactYesSuper , DeptAOfficerNoEmpFactNoSuper and so on. By this method all the permutation and combinations will result in AD groups.
    We know that this approach will lead to severe maintenance issues and hence looking for other alternatives.
    We are now planning to have only DeptA, DeptB, DeptC groups and use them in conjunction with three other groups ( Officer, EmpFact, Super).
    Can we add a single user in all these user groups ?
    Kindly let me know if you need any clairty on this.
    Your help is highly appreciated.
    Edited by: user10682075 on May 11, 2011 7:24 PM

    Yes and no..meaning a user with just 1 group assigned will retrieve less data then a user with multiple groups assigned, so yes, more data to select will affecct your performace (a bit), but no, the use of multiple security groups by itself won't affect performance..
    The use of multiple security groups will reflect in the use of an IN or a subquery in your logical query, OBI will determine the best way in each case and your database (and statistics) will determine the best physical query and therefore query performance.
    M.

  • Policy Assignment to AD Groups

    Perhaps I'm going about this the wrong way, but can someone explain if this should work or not?
    I have ZESM 4.1 IR 1 installed on a Windows 2003 server with a seperate SQL box - all installed and configured fine.
    Created a user source pointing at AD, and have a single OU set up with 2 groups that I want to assign the policies to. When I open up a policy and click on the publish tab, I can expand down the AD tree to the OU and can see the relevant groups I've created.
    If I then add a user to one of the groups then attempt to publish a policy to the group, the ZESM Management Console says "Policy Assignment Complete", however, if I then right click on the agent on the taskbar and "Check for Update", its saying there is "No Policy Update at this time"
    If I assign the policy directly to the user, then it works correctly.
    Am I missing something?
    The reason I want to restrict it to a single OU and specific named groups is because we've had issues in the past with multiple admins in the system overwriting users policy assignments so I want to try and control policy assignments as much as possible.

    Hum, I think you're out of luck.
    At least with 3.5 it doesn't refreshes group memberships once they're added to the DB. So, group memberships are only "read" at directory configuration time. You can try this by deleting and re-creating the directory config once you update the group memberships and see if they publish to the correct users.
    However, I haven't tried this with the current 4.1. Good news are, this issue is addressed in ZCM/ZESM 11, since we'll be using the LDAP configuration that comes with ZCM.
    HTH,
    Daniel
    >>>
    From: andystewartSL<[email protected]>
    To:novell.support.zenworks.endpoint-security-management
    Date: 8/3/2010 5:16 AM
    Subject: Re: Policy Assignment to AD Groups
    Forgot to mention, the plan is, if any users are added/removed from the
    groups then the policy would be re-published to the group - I'm assuming
    this will work also?
    Andy Stewart - Somewhere In Scotland
    zcm 10.2.2, 4 servers in esx vm environment, 2000 users so far...
    (i'd still rather be snowboarding)
    andystewartSL's Profile: http://forums.novell.com/member.php?userid=1054
    View this thread: http://forums.novell.com/showthread.php?t=417317

  • Hide Top level navigation if user assigned only one role

    Hi,
    I would like to hide the top level navigation if user assigned with only one role.
    I can create role based rule to show desktop using Master rule collection, but is it possible by doing to with role count.
    If user has multiple roles show desktop1 else show desktop2

    not sure if this possible ,you may check feasibility of creating  a application which checks user role count and if role count is = 1 load the Portal url (URL alais) which had TLN iview invisible in the same window else do nothing and load the portal with the desktop which has tln.
    Put the application in framewrk page which has TLN visible.
    create a URL alias and create a desktop -framework page which dont have TLN ,assign this desktop to this URL alias in rule collection set its priority before user conditions check in rule collection so that it has high priority before user or group check in rule collection.
    you can create a poc in sandbox and check if it wiorks?

Maybe you are looking for