OIM Attestation Process Default Administrative Groups

It seems that, by default, when a user creates an attestation process that it inherits all the groups that the user is a member of as members of the Administrative Groups for that process. Furthermore, these groups have write and delete privileges.
This is troublesome to me. Every OIM user is a member of the Employees group, therefore every attestation task could be deleted, modified, run, etc, by any user on the system. Surely this is not the intended behavior.
It would make sense if the Process owner group were added to the Administrative Groups, but not every single group that they are a member of!
Does anyone have an idea on how to correct this?

Martin, Thank you for the reply. The OIM product docs have content indicating that OIM supports attestation at entitlement level. So was wondering if there is any straightforward way to achieve and I was missing something. I guess there will be a lot of overhead in maintaining the AD Groups as resource objects in OIM. In certain cases there will be thousands of AD Groups. If you know could you please advise on the impact / care to be taken with this approach.
Thank you.

Similar Messages

  • OIM- Attestation Process

    Hello,
    Within OIM, is there a way to define attestation process that filters at the IT Resource level?

    Thank you.

  • OIM Attestation Process Stuck in 'Pending' State

    I have created an User Entitlement Attestation process that resulted in zero total records. I think that this was because I did not have any resources marked as 'financially significant'. Nevertheless, it seems that the process should have auto completed since there were no records found, but instead it is stuck in 'pending' with no tasks for anyone to perform.
    Anyone know what I should do to get the process to complete?

    Hi
    I also facing the same issues as you, User Entitlement Attestation process don't work.
    Did you able to fix it now ?
    Thanks in advanced
    Thanks
    John

  • Assign Administrative group to an organization in OIM

    Hi,
    I have created one User Group called "IDMAdministrator" and added all the desired menu items to it. Now my requirement is whenever any organization gets created/added to OIM I want to assign this group as the "Administrative Group" of that organization by default.
    Can I have some rule or something using which I can preform this action?
    One thing I understood is, if I got to Design console and select "Xellerate Organization" resource object and add my group "IDMAdministrator" under the "Administrators" tab of this resource object.
    Now if I create an Organization in OIM then this organization will be having two administrative groups "SYSTEM ADMINISTRATORS" and "IDMAdministrator".
    But can I achieve this functionality using some rule or some other way?
    Thanks & Regards,
    Yash Shah

    Hi,
    Suppose I want to add the task in Organization provisioning process then can you please tell me what that task will contain? (do I have to create my own adapter and attach it to the task?)
    Please describe, if I want to write an entity adapter also then what i have to specify in that. Is any OOTB adapter available to add Administrative group to Organization?
    Can you please give answer in some detail, as i am not able to understood your suggested approach completely.
    Thanks & Regards,
    Yash Shah

  • [OIM 9.1.0.2] Attestation Process scheduled is not automatically running

    Hi Gurus,
    IHAC that noticed that some attestation processes have not been triggered in the specified scheduled time, . So the Attestation tasks are not displayed into specified Reviewer's inbox (To-Do List).
    There is a group responsible for creating the attestation processes and they have created a lot of processes. It seems that for some reason the attestation scheduled task is not automatically running for some cases.
    For the attestation processes that were stopped, it is needed to run manually the scheduled task. With this action the attestation task flow runs.
    Any tip on what could I check?
    Thanks.

    Hi,
    I checked the Schedule task 'Initiate Attestation Processes'. It is Enabled, with frequency 30 min. Actual status: Inactive.
    I got the follow error on the logs:
    Something related to Memory.
    I am investigating why when I use 'Run Now' option the attestation process work. Any tip?
    <28/11/2012 03h32min51s BRST> <Info> <EJB> <BEA-010227> <EJB Exception occurred during invocation from home or business: [email protected]340a3f3 threw exception: java.lang.OutOfMemoryError: Java heap space>
    <28/11/2012 03h32min51s BRST> <Notice> <Stdout> <BEA-000000> <ERROR,28 Nov 2012 03:32:51,518,[XELLERATE.SCHEDULER.TASK],Error while resubmitting the attestation process for delegation
    Thor.API.Exceptions.tcAPIException: EJB Exception: ; nested exception is:
    java.lang.OutOfMemoryError: Java heap space
    at Thor.API.Operations.AttestationOperationsClient.updateResponses(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
    <28/11/2012 03h34min57s BRST> <Notice> <Stdout> <BEA-000000> <ERROR,28 Nov 2012 03:34:57,977,[XELLERATE.SCHEDULER.TASK],Error: Thor.API.Exceptions.AttestationProcessNotFoundException
    Thor.API.Exceptions.AttestationProcessNotFoundException
    at com.thortech.xl.ejb.beansimpl.AttestationOperationsBean.initiateAttestationProcess(Unknown Source)
    at com.thortech.xl.ejb.beans.AttestationOperationsSession.initiateAttestationProcess(Unknown Source)
    at com.thortech.xl.ejb.beans.AttestationOperations_yqqnsm_EOImpl.initiateAttestationProcess(AttestationOperations_yqqnsm_EOImpl.java:1033)
    at Thor.API.Operations.AttestationOperationsClient.initiateAttestationProcess(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

  • Explanation of Process Default Roles: Administrator and Owner

    HI experts,
    I am having some trouble understanding the reason of the existence of the process default roles:
    Administrator and Owner.
    In the CAF-GP Security guide, it says that the Standard Process Role Administrator can "Maintain process instances using the GP administration tools"; what this means ?
    My user has de GP Administration role and it DOESN`T have  the Standard Process Role Administrator from ANY process, and I can maintain ALL the process instances from the Administration workset, I don´t need to have the Standard Process Role Administrator assigned to me.
    The same happens with the Standard Process Role Owner ; the Security Guide says the person who is assigned that role can "Maintain process instances"; my question is:  If i assign the "Owner" role to a user that doesn´t have the GP Administrator role and this user wants to "Maintain Process instances" where he has to go? because he won´t have the administration workset !.
    Best regards,
    Marco.

    Hi Marco,
    First, check this link: http://help.sap.com/saphelp_nw2004s/helpdata/en/d9/273a4209a6ae04e10000000a1550b0/content.htm
    That will explain better the role of each role.
    Itu2019s important to you understand that each process may have a responsible person (admin or overseer) that will monitor the progress of the process.
    And you will have a u201CBASISu201D person that will have the GP Administrator role. This role allow to maintain process (with other kind of operations like terminate, complete step, etc.), maintain background queues, archiving, transport of objects, configurations, schedule and other admin tasks for all GP infrastructure.
    Regards,
    Reward points if itu2019s helpful.

  • Error in attestation process

    Hi,
    I have created an attestation process and ran the same. The task for the review got generated for the same and I can see the tasks in the reviews queue.
    Now when I try to perform any action on these task after login to OIM as reviewer I am not able to save action. I am getting following error when I click on Save Action button :
    <Nov 15, 2012 3:56:11 PM IST> <Error> <XELLERATE.ATTESTATION> <BEA-000000> <Class/Method: ManageAttestationTaskAction/saveAttestationRequestActions encounter some problems: {1} Thor.API.Exceptions.tcInvalidPermissionsException
    Thor.API.Exceptions.tcInvalidPermissionsException
    at com.thortech.xl.ejb.beansimpl.AttestationOperationsBean.submitReponses(AttestationOperationsBean.java:399)
    at Thor.API.Operations.AttestationOperationsIntfEJB.submitReponsesx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
    at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
    at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy363.submitReponsesx(Unknown Source)
    at Thor.API.Operations.AttestationOperationsIntf_r58oir_AttestationOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    at Thor.API.Operations.AttestationOperationsIntf_r58oir_AttestationOperationsIntfRemoteImpl.submitReponsesx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
    at $Proxy177.submitReponsesx(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
    at $Proxy316.submitReponsesx(Unknown Source)
    at Thor.API.Operations.AttestationOperationsIntfDelegate.submitReponses(Unknown Source)
    at com.thortech.xl.webclient.actions.ManageAttestationTaskAction.saveAttestationRequestActions(ManageAttestationTaskAction.java:623)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
    at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
    at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
    at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
    at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
    at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
    at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
    at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
    at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
    at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
    at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
    at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:31
    3)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:13
    6)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    >
    Please let me know what could be the reason for the same.
    Thanks.

    *<Nov 15, 2012 3:56:11 PM IST> <Error> <XELLERATE.ATTESTATION> <BEA-000000> <Class/Method: ManageAttestationTaskAction/saveAttestationRequestActions encounter some problems: {1} Thor.API.Exceptions.tcInvalidPermissionsException*
    Are you using XELSYSADM?
    One approach can be to give ALL USERS all the permissions temporarily to figure out which Permission is missing and where...
    You can assign permission via ALL USERS group profile --> Drop Down --> Permissions --> Assign..
    Note down the current permissions so that after you fixed issue, you can restore the current permissions

  • Customization of Attestation Process in Oracle identity Manager

    Hi all,
    In our case we have to create an attestation process for some users and they belong to some particular group.
    when reviewer of this attestation process view his inbox .He can see table with several column like user resource and options like certify, reject ,decline and delegate.
    we also need to display group to which above user belong as a column in this table.Can anybody help us on this that how we can customize this default table
    which is shown to reviewer.
    Thanks in Advance
    Regards
    Puneet Bassi

    Hi,
    As martin said its a custom interface.You will have to extend ManageAttestationTask class. You need to override few method particularly populateTableData and populateTableDataForRequestDetails methods.
    I would recommend this approach until you are every much familier with struts development because if you messed up attestation won't work and more over oracle dosn't support any action class customizations.
    Regards
    Nitesh

  • Attestation Process - 90_dml_insert_attestation_mil_sch.sql

    hello, now i stuck on Attestation process. Please help.
    I'm new to OIM and using version 9.0.3.1.
    Now i'm doing the lab exercise for Attestation Process(howevr this lab exercise is apply to version 9.0.3.1), in 1 of the steps its instructed me to execute the 90_dml_insert_attestation_mil_sch.sql but i can't find in the folder that it specify.
    However i managed find the similar files name as Oracle_Create_Attestation.sql, so i wonder is Oracle_Create_Attestation.sql is equally as 90_dml_insert_attestation_mil_sch.sql ??
    Thanks a million
    John

    Rajiv ,
    BY changing the process owner group to what you suggested it worked , the attestation process is created but for some fields it showing junk values .
    Hw can i attach a snapshot here ?? I wud like to show you the snapshot of the attestation process which is created .
    Thanks
    Suren

  • Accounts being created with administrative group rights

    Hello,
    The server is a Windows 2003 R2 Enterprise fully patched used for Shared Hosting purposes.  It runs Hsphere control panel.  I am trying to identify how the following hack is happening. 
    1) There are users being created with Administrative group rights.   Below is the EventViewer log for the user creation:
    User Account Created:
         New Account Name:    username
         New Domain:    PCNAME
         New Account ID:    PCNAME\username
         Caller User Name:    PCNAME$
         Caller Domain:    DOMAINNAME
         Caller Logon ID:    (0x0,0x3E7)
         Privileges        -
     Attributes:
         Sam Account Name:    username
         Display Name:    <value not set>
         User Principal Name:    -
         Home Directory:    <value not set>
         Home Drive:    <value not set>
         Script Path:    <value not set>
         Profile Path:    <value not set>
         User Workstations:    <value not set>
         Password Last Set:    <never>
         Account Expires:    <never>
         Primary Group ID:    513
         AllowedToDelegateTo:    -
         Old UAC Value:    0x2DAB2B0
         New UAC Value:    0x2DAB2B0
         User Account Control:    -
         User Parameters:    <value not set>
         Sid History:    -
         Logon Hours:    <value changed, but not displayed>
    There exists entries as well where the primary group ID is changed to the Administrative group, but I am omitting such.
    2) I tried to identify what Caller Logon ID:    (0x0,0x3E7) means.  I found out from here:
     http://blog.joeware.net/2013/01/14/2667/ that I can use LogonSessions.exe to identify it.
    Output from LogonSessions.exe is pasted below (snippet):
    [0] Logon session 00000000:000003e7:
        User name:    DOMAINNAME\PCNAME$
        Auth package: NTLM
        Logon type:   (none)
        Session:      0
        Sid:          S-1-5-18
        Logon time:   9/11/2014 12:41:53 PM
        Logon server:
        DNS Domain:   
        UPN:          
            4: System
          316: smss.exe
          364: csrss.exe
          392: winlogon.exe
          440: services.exe
          452: lsass.exe
          628: svchost.exe
          756: LMAgent.exe
          840: svchost.exe
         1000: spoolsv.exe
         1252: avagent.exe
         1268: camWMIAgent.exe
         1324: cissesrv.exe
         1380: cpqrcmc.exe
         1404: vcagent.exe
         1440: svchost.exe
         1480: HsQuotas.exe
         1740: inetinfo.exe
         1780: EmailAgent.exe
         1856: snmp.exe
         1884: sysdown.exe
         1920: smhstart.exe
         2192: svchost.exe
         2388: cmd.exe
         2396: hpsmhd.exe
         2444: cqmgserv.exe
         2464: cqmgstor.exe
         2484: HSphere.exe
         2596: wmiprvse.exe
         2676: cmd.exe
         2684: rotatelogs.exe
         2692: cmd.exe
         2700: rotatelogs.exe
         2732: searchindexer.exe
         2812: hpsmhd.exe
         2824: cqmghost.exe
         2852: svchost.exe
         3044: cmd.exe
         3052: rotatelogs.exe
         3080: cmd.exe
         3088: rotatelogs.exe
         5452: svchost.exe
         5596: GravitixService.exe
         7392: csrss.exe
         7232: winlogon.exe
         6888: csrss.exe
         9832: winlogon.exe
        10388: wawrapper.exe
        10352: cpqnimgt.exe
         9496: msiexec.exe
         6068: w3wp.exe
         4748: webalizer.exe
    3) I also learned from http://support.microsoft.com/kb/243330/en-us that   Sid:          S-1-5-18 means:
    SID: S-1-5-18
    Name: Local System
    Description: A service account that is used by the operating system
    That is all great info, but I am not sure I can put together what I have learned to attempt and get closer towards identifying how in the world users are being created and then being assigned administrative group rights.
    I am a Linux person mostly, but I am comfortable following a properly explained thread regarding windows 2003 R2 Enterprise issues.
    The server is fully patched and it is running Lumension security product.  What's more, Norman Malware tracker, tdskiller.exe (Kaspersky) and McAfee rootkitremover.exe have been run without any apparent Malware/Virus infection
    Hope someone with advanced admin skills can advise.
    Thank you

    Hi,
    You mentioned that, “I am trying to identify how the following hack is happening”, would you please tell us that why did you think the event represent a hacking behavior?
    In a Shared Server Hosting environment, the underlying hosting control panel tool (Hsphere in this case) should be creating only virtual FTP users with a specific group.  So no users with Administrative group should be ever created.  If this happens,
    it constitutes a breach of server security=positive hacking attempt.
    >how in the world users are being created and then being assigned administrative group rights.
    In addition, would you please be more specific about this question? Did you find the event message on a domain joined machine?
    I want to be able to understand in full how/what process is allowing users to be created with Admin rights.  In other words, I want to know what IP was used to issue the command, if ASP.net was used (abused in this case), or anything else related to
    it so that we can patch this particular hole.
    Best Regards,
    Amy

  • Defaulting material group in Purchase requisition

    Hi experts,
    I need to default material group of a purchase requisition as '6HA' if the asset assignment category is 'A' . Doing this by the personal settings option in ME51n is not what I require. Could you please suggest me of an appropriate BADI or exit to achieve the same where in I can perform my required validations as well.
    Thanks and Regards,
    Puja

    Hi,
    Did you copy the class manually?
    How did you implement this badi?
    This BADI should be called while creating the PR/before saving the PR.
    Enahncements are not assigned in SPRO.
    The link between the transaction and badi would exists already, and when you write some code in any interface of this badi, and activate the implementation.....it should be called automatically during the transaction processing, provided it meets the criteria.
    You can check whether your PR is reaching this implementation or not by putting breakpoint in the badi implementation.

  • Is there a default administrator

    Hi can any one tell me if there is a default administrator somehow it seems I have only "standard" users.

    Hi
    This has been an occasional and random problem since 10.5 and usually affects the Client OS although I have seen it on the odd server.
    Reboot the server and hold down the alt key. Select the RecoveryHD partition. Once booted select Terminal from the Utilities Menu and key "resetpassword". The Reset Password Utility should now launch. Select the root (System Administrator) account and assign a password. Now reboot the server again.
    At the login window enter root's name which is root and the password you defined earlier. Access the Users & Groups Preferences Pane, select the local admin account and make it an administrator again.
    There are a number of other ways to do this depending on how you initially configured the server but assuming this was an "out-of-the-box" install the above may be the easiest for you?
    HTH?
    Tony

  • Creating Administration Groups using custom Target Properties?

    I've added a Target Property "Usage" to my 'host' Target type.  I would like to use this property when creating my Administration Groups.  When I try to create my Administration Group hierarchy, the only Target Property's available to use are the default ones (Lifecycle, Location, etc).  Usage does not show up.
    Is there a way to make this work or is this just a limitation of OEM?

    Hi Timothy
    Typically you want to create user groups for functional areas or grouped reports/queries. You can enter as many users as needed into a user group and only those who have the checkbox next to their name in the user group screen will have authorization to create/modify queries in the infosets where the usergroup is assigned. If you are creating 2 usergroups with the same users and authorizations then that is redundant but if the list of users is different or the authorizations may change then it would make sense to have 2 usergroups. You should have some naming convention to follow when creating the queries but the Z prefix is not required.
    Andy

  • How to add default associated groups when creating new site

    Hi All,
    I am trying to create a new subsite in sharepoint 2013 using CSOM (code is mentioned below). But no default groups (MEMBER, VISITOR, OWNER) are getting created in that site. When we try through UI we will got through a page "Set Up Groups
    for this Site" where we can specify these details.. Is it possible to do the same (creating default groups together with the site creation) through CSOM or powershell.
    CSOM code:
    WebCreationInformation creation = new WebCreationInformation();
                creation.Url = "NewSubSite6";
                creation.Title = "NewSubSite6";
                creation.UseSamePermissionsAsParentSite = false;
                Web newWeb = clientContext.Web.Webs.Add(creation);
                //clientContext.Load(newWeb);
                clientContext.ExecuteQuery();
    Regards,
    Shahabas

    Shahbas, here is the code:
    private static void SetSecurityOnSubSite(ClientContext clientContext, ListItem item, bool confidential, Web newWeb)
                try
                    if (confidential)
                        newWeb.BreakRoleInheritance(false, false);
                        clientContext.ExecuteQuery();
                        Group ownerGroup = default(Group); Group memberGroup = default(Group); Group visitorGroup = default(Group);
                        // web has unique permissions, so create default assosiated groups (owners, members, visitors)
                        if (!newWeb.GroupExists(newWeb.Title + " Owners"))
                            ownerGroup = newWeb.AddGroup(newWeb.Title + " Owners", "", true);
                            clientContext.Load(ownerGroup);
                        if (!newWeb.GroupExists(newWeb.Title + " Members"))
                            memberGroup = newWeb.AddGroup(newWeb.Title + " Members", "", false);
                            clientContext.Load(memberGroup);
                        if (!newWeb.GroupExists(newWeb.Title + " Visitors"))
                            visitorGroup = newWeb.AddGroup(newWeb.Title + " Visitors", "", false);
                            clientContext.Load(visitorGroup);
                        // executequery in order to load the groups if not null
                        clientContext.ExecuteQuery();
                        newWeb.AssociateDefaultGroups(ownerGroup, memberGroup, visitorGroup);
                        newWeb.AddPermissionLevelToGroup(newWeb.Title + " Owners", RoleType.Administrator);
                        newWeb.AddPermissionLevelToGroup(newWeb.Title + " Members", RoleType.Contributor);
                        newWeb.AddPermissionLevelToGroup(newWeb.Title + " Visitors", RoleType.Reader);
                        FieldUserValue userValueCreatedBy = item[Constants.Projects.CreatedBy] as FieldUserValue;
                        User createdByUser = clientContext.Web.EnsureUser(userValueCreatedBy.LookupValue);
                        clientContext.Load(createdByUser);
                        clientContext.ExecuteQuery();
                        UserCreationInformation createdByUserCI = new UserCreationInformation();
                        createdByUserCI.LoginName = createdByUser.LoginName;
                        ownerGroup.Users.Add(createdByUserCI);
                        clientContext.ExecuteQuery();
                        foreach (FieldUserValue userValue in item[Constants.Projects.ProjectTeam] as FieldUserValue[])
                            User user = clientContext.Web.EnsureUser(userValue.LookupValue);
                            clientContext.Load(user);
                            clientContext.ExecuteQuery();
                            UserCreationInformation userCI = new UserCreationInformation();
                            userCI.LoginName = user.LoginName;
                            memberGroup.Users.Add(userCI);
                        clientContext.ExecuteQuery();
                catch (Exception)
                    throw;
    Reference link: 
    http://sharepoint.stackexchange.com/questions/116682/how-to-create-a-group-in-a-subweb-using-csom
    Thanks, Pratik Shah

  • Default Administrative Mode in VTP?

    A simple question.
    I read that 2960 switches default to an administrative mode of "dynamic auto", meaning that (if two switches are interconnected) neither switch initiates the trunk negotiation process.
    What is the default Administrative Mode for other switches in VTP?

    3560 and 3750 are dynamic auto
    Command Reference:
    http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/command/reference/cli3.html#wp1948171
    The 6500 and 4500 are dynamic desirable
    Command Reference:
    http://www.cisco.com/en/US/docs/ios/interface/command/reference/ir_s7.html#wp1013606
    and good note as well on this reference:
    Cisco Catalyst 6500/6000 Switches
    The default mode is dependent on the platform; it should be either dynamic auto for platforms that are intended as wiring closets or dynamic desirable for platforms that are intended as backbone switches. The default for PVLAN ports is that no mode is set.
    HTH,
    Edison.

Maybe you are looking for

  • CONTROL_FLUSH_ERROR with GUI_DOWNLOAD

    Dear All   My report throws "CONTROL_FLUSH_ERROR with GUI_DOWNLOAD "   even though i am using it in foreground . Any help will be rewarded . Regards Jaman

  • After 10.5 most sites display only vertical I know these sites were both

    Most sites are forced to be viewed vertical. 3/4 of my apps will not rotate to the horizontal position. When you fire off an app. It comes up horizontal but quickly forces to verticle.

  • Touch Screen for L305-S5919

    I would to upgrade this laptop to a touch screen and to windows 8.1. Will this laptop support a touch screen display and if it does get a part number for it.

  • List of all modules in FI and HR

    Hello All,          Could someone please give me the list of all MODULES in HR and FI? I did reserach and got too much information and not able to filter which one's are exactly the correct modules. Thanks in advance. Mithun

  • WD ALV Variant Creation.

    Hi All,             I have a ALV View with 'Standard View' Variant. When the end user executes the application from portal, by default it will get executed with 'sap-config-mode=X'(Administrative mode ) to allow them to create Global variants in ALV