Organizational Data on the User - Master Data

Similar Messages

• Create the user master records using the Enterprise Portal

  Hello gurus!!
  I'm configuring SRM 7.0 with EP.
  I'm configuring the organizational structure, and steps guide (pdf and Solution Manager ) are:
  1. Go to transaction SU01 and create an ABAP User. (SRMADMIN)
  2. Assign this user the administrator role /SAPSRM/ADMINISTRATOR
  3. As the administrator, creater the organizational plan
  4. Create the remaining organizational unit
  5. Using the Enterprise Portal application, Business Parter:Employee, create the user master records for the departmental managers.
  How I must create the user in Enterprise Portal? What user I have to use to log on in the Enterprise Portal application? Has the user to be integrated in the organzational structure??
  Thanks in advance!!!!
  Best regards.
  Maria.

  Hi,
  You can create users in WebDynpro application. You can also create users in USERS_GEN transaction.
  Regards,
  Masa

• How to send User Master Data through XI

  Dear SAP gurus,
  We are currently configuring the e-recruiting module on a separate server than HR (following the SAP standard). 
  As our CUA is not connected to the E-REC systems, we are looking for a way to send properly the User Master Data from HR systems.  We have seen that the report RSCUSND enable us to send iDoc with message type USERCLONE, but this repport can be only run from the CUA then we can t use it.
  Another solution is to make a client copy with the profile SAP_USER, but we can t use this solution because in order to get the User Master Data in a real time we should make the copy each 15 minutes.
  We can t figure out with the question, what is the standard way to send User Master Data to our E-Recruiting module
  Regards
  Hadrien

  HR side:
  1-Below t-code is what you should go through:
  SM59
  BD64
  WE20
  WE21
  2-The key interface object is as below(I used it in LSMW, XI should be the same):
  Business Object      HRMASTER    
  Method               SAVEREPLICAMULTIPLE        
  Message Type         HRMASTER                   
  Basic Type           HRMASTER02                 
  XI side:
  1- The XI has the HR interface package in IR. You just need to select those you need.
  2-Goto ID and do interface mapping between IDOC interface & XI outbound interface
  All above is the skeleton processes. U can consult with XI consultant in details.
  Hope helpful..

• How to determine Organizational Data based on User Login

  Dear all,
  How to determine organizational data based on user login in Activity transaction, currently org determination is happening after entering customer number in the transaction.
  We have used 'Responsibility' determination rule for this configuration. Now the requirement is to determine org data based on user login.
  In Org model we have assigned user to org data through a business partner. But still org data is not getting determined in the transaction.
  Please help me to trace out the problem.. your suggestions will be highly appreciated.
  Best regards
  Raghu ram

  You just have to use other organization determination rule. In your case this would be rule 10000194 (ORGMAN_12). This determination rule delivers the responsible organizational unit of the user
  User is defined as a business partner in the container attribute 'PARTNER'. If not, the system user (sy-uname) is used.
  So you have to do the following:
  - use this determination rule
  - in BP link username with employee
  - assign in PPOMA_CRM employee or user to organizational unit
  This should solve your problem.

• Export and import change document for user master data

  Dear Gurus,
  I have two queries on change document for user master data:
  1. Are there any approaches to export and import change document for user master data?
  We often do system copy from PRD to QAS for UAT and troubleshooting. Before system copy we export the user master data from QAS and then import after the copy process. We would like to keep the change document for user master data on QAS from being refreshed from PRD for security reason.
  2. Change document for Role change in QAS
  When the role is created or modified in DEV and then transported to QAS, the role change document doen't include this change log. The role change document in QAS only records those role changes directly made in QAS.
  Could you advise this is by SAP design or are there any approaches to record this transported role change  in the role change document in QAS?
  Thanks
  YBY

  1. Perhaps you want to consider a system copy to a "virtual system" for UAT?
  2. Changes in QAS (as with PROD as well) will give you the delta. They should ideally be clean... You need to check the source system.
  Another option is to generate the profiles in the target system. But for that your config has to be sqeaky clean and in sync, including very well maintained and sync'ed Su24 data.
  Cheers,
  Julius

• Deleted User Master Data with SQL Server Management Studio

  Hi All
  I've, recently restored an ECC 6.0 backup onto a test system. In an attempt to quickly delete most of the User Master Data from the source system, I deleted the User ID's from the USR02 table using SQL Management Studio.
  But within Transaction su01, the User ID's that were deleted that way, still show up in the "F4" search. I can select one of those deleted ID's, but get an informational pop up stating that the user does not exist, if I go to display.
  Does anyone know of a quick way to delete these User ID's from the "F4" search pop up?
  The only way I've found so far is to select the User ID, recreate it and then delete it from the su01 transaction. This is going to take me hours.
  Tried to save time, but caused more of a head ache.
  Ken

  Thanks Brian
  Yes, I have done this in the past as well. Although for this instance, I needed to keep about 20 of the 100 + User ID's that were in the system, and was hoping for an easy way to do it.
  In Table USR02, it was easy to pick all, but the 20 and delete. (Sometimes we think we're smarter than we really are I've since spoken to a Security team member and found out about there's a way to do "Mass" changes in transaction su01.
  tcode us01 -> Environment -> Mass changes.
  Ken
  Live - Learn - Laugh

• How to download (export) user master data from java code

  Hi,
        I've an requirment. I need to export the user master through java code from a dual stack system
  The requirment is like an autmated of what we do in indentity management export.
  Thanks in advance
  Regards,
  mcsekar_21

  Solved it..
  Wrote a bean using UME factory, to download, upload and modify.

• How to find out the user list that created by someone?

  Hi all:
  Now I want to develop a program that can find out the user list created by someone.
  such as :
  John create 3 user in SAP ,they are u1,u2,u3.
  Susan create 2 user in SAP , they are s1,s2.
  I input the the parameter such as John , the program can give me the list :u1,u2,u3.
  Could you tell me which table should I use in this program?
  Thanks .
  Elisa.

  Hi Ling,
  As per my understanding, you are looking for listing down the number of Users created by a particular users of the System. Like a System Administrator has created some 30 users. If this is correct, then you can use the table
  USR02 - Logon Data (Kernel-Side Use). This table has 2 fields which are of importance - BNAME - User Name in User Master Record & ANAME - Creator of the User Master Record. You can query the ANAME with the username of the system and you will get the resultant users.
  But I would reccomend to search the Table for a standard class, function module or RFC or BAPI so that you can reuse the same and need not to develop from the scratch.
  Hope this will help.
  Thanks,
  Samantak.

• How to check if the user has only the display authority of a message

  hi,
  How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
  Best regards,

  hi blake
  though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
  Basically Authorization Management 
  Use
  You can use the following authorization objects to control the authorizations for maintaining business partner data:
  •        Authorization objects for the Business Partner:
  •             B_BUPA_GRP
  •             B_BUPA_ATT
  •             B_BUPA_FDG
  •             B_BUPA_RLT•       
  Authorization objects for relationships:
  •             B_BUPR_BZT
  •             B_BUPR_FDG
  In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
  You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
  In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
  For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
  IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
  Prerequisites
  You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
  Moving over
  AS ABAP Authorization Concept 
  The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
  To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
  Authorization Checks 
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  •        Starting SAP transactions (authorization object S_TCODE)
  •        Starting reports (authorization object S_PROGRAM)
  •        Calling RFC function modules (authorization object S_RFC)
  •        Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  Starting SAP Transactions
  When a user starts a transaction, the system performs the following checks:
  •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
  •        The system then checks whether the user has authorization to start the transaction.
  The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
  •             The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
  •             If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
  If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
  •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
  The check is not performed in the following cases:
  You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
  This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
  •             You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
  •             So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
  All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
  Starting Report Classes
  You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
  We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
  You must consider the following:
  •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
  •     •         There are certain system reports that you cannot assign to any authorization class. These include:
  •     •         RSRZLLG0
  •     •         STARTMEN (as of SAP R/3 4.0)
  •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
  •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
  Calling RFC Function Modules
  When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
  Checking Assignment of Authorization Groups to Tables
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  please See also:
  •        SAP Notes 7642, 20534, 23342, 33154, and 67766
  guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
  but if u sit with ur BASIS guy then u can learn lot of things in PFCG
  i guess u r a basis guy,then its not a problem
  best regards
  ashish

• User Master Record and IT105

  Is there a BADi or User Exit that can be implemented that updates the Telephone Field in IT105 if you change the Telephone Field in the User Master Record via SU01
  or
  If you change the Telephone Field in the User Master Record via SU01 that it updates the Telephone Field in IT105.
  Also, can this be somehow linked into IT0032 - Internal Data - Telephone fields
  Thanks
  WB

  HI Will,
  Use the below mathod to find out whether an relevant BADI are there.
  1. Go to the TCode SE24 and enter CL_EXITHANDLER as object type.
  2. In 'Display' mode, go to 'Methods' tab.
  3. Double click the method 'Get Instance' to display it source code.
  4. Set a breakpoint on 'CALL METHOD cl_exithandler=>get_class_name_by_interface'.
  5. Then run the transaction SU01 in change mode and change the phone no.
  6. The screen will stop at this method.
  7. Check the value of parameter 'EXIT_NAME'. It will show you the BADI for that transaction. Check whether its relevant or not.
  Br/Manas

• Why does he search in the user settings for the printer?

  Hi, I created a smartform and added output and control options when the form is called.
  I read that if I assign tddest and tdprinter, and leave user_settings blank, that SAP would not go to the user settings to see if a standard printer was declared.
  But apparently, the program still goes to the user settings, as I keep getting the error: "Please maintain an output device in the user master data."
  Now I know that I can go to SU01 and create a standard printer, but that is not what I want. I want to pass the printer in the program, so that there is no need to have a standard printer defined.
  What am I missing?
  I have these options:
        output_options-tdimmed = 'X'.
        output_options-tddest = v_printer_name.
        output_options-tdprinter = v_printer_name.
        output_options-tdcopies = 1. "Just print one copy
        control_parameters-no_dialog = 'X'.
  and in the call function
    call function FM_NAME
    EXPORTING
      control_parameters = control_parameters
      output_options     = output_options
      user_settings      = ' '
  THX!

  hi,
  try this.
  output_options-tdimmed = 'X'.
  output_options-tddest = v_printer_name. <---- pass output device(4 char)
  output_options-tdprinter = v_printer_name.<------remove this
  output_options-tdcopies = 1. "Just print one copy
  control_parameters-no_dialog = 'X'.
  Regards
  Madhu

• User Master Replication thru ALE IDoc

  Hi,
  I have a scenario where i have to replicate the user master data from one server to another using ALE IDoc.
  Can anybody explain the procedure to do so emphasising on
  - Which message type to use?
  - Is there a need to create port?
  - Extending any Basic type?
  etc.
  Thanx in advance...

  Hi Aarti,
             First you do the ale configuration. After creation of logical system go for following steps.
  1. Rfc destination(sm59).
  2. Port creation(WE21).
  3.Partner profile creation(WE20).
  4.Distribution Model(BD64)- After creation disribute it.
  5.Check the availability of intended user in SU01D.
  6. From CUA in se38 execute RSCCUSND, make entry of Receiving system and User again execute, you will get Userclone idocs in 03 status then in 12 status, then monitor these idocs at receiving systems.
  Thanks,
  Asit Purbey

• De activating the users upon user Termination in GRC CUP.

  Dear Experts,
  I have a requirement to de-activate users(should not delete physically) in SAP after the users are terminated. we are planning to use HR triggers for HR terminate event in GRC CUP
  Q) I understand there is a De-provision functionality in GRC CUP.  Will this delete users in SU01 physically ? Is  there any way to use this functionality to deactivate the users ?
  Thanks
  Kumar

  Kumar,
     Delete request type will delete users in CUP. What do you mean by deactiving users? Do you mean to change the validity date of the users? You will have to use change request type if you want to change any other information in the user master record other than delete/locking/unlocking of the user.
  Alpesh

• "You cannot respond to a meeting without an organizer. You must add an organizer field to the item."

  I'm working on resolving an issue for a user that needs to reschedule appointments in 3 Conference Rooms when needed.
  The user will open the meeting request and hit 'decline' and then attempt to edit the response before sending it back but then the appointment closes and the following message appears:
  "You cannot respond to a meeting without an organizer. You must add an organizer field to the item. "
  -End User has Full Mailbox Access
  -Listed as a 'Owner' of the Calendar
  -Delegate Rights granted to the Calendar as well
  -Not in Cached Mode
  Check Office updates and Office is up to date on patches.
  User does not have a blackberry device.
  Not sure of what else to do...I have researched this topic and all the items I have tried have not worked.
  The Test Meeting I created to reproduce the errors was done through Outlook and adding the conference room as a resource and the user getting the errors as someone required.
  I changed the calendar view to "Active Appointments". Right click on the column headings to add a field. In the field choser, pick All appt fields. Scroll down and drag n drop the Organizer field on the fieldbar.
  The Organizer (From Field) is showing the end users who scheduled the meetings.
  My Test Meeting Request that I had scheduled for last week that re-produced the error message was moved to today.
  It is showing me as the Organizer.
  Had the user who manages the Resource try again to cancel or edit the meeting and again receive the same message.

  Hi,
  I suggest you check related meeting in Calendar folder by using MFCMapi:
  Note: The meeting should be added to Calendar folder as tentatively accepted if you open the meeting request (but takes no action) or sniffer processes the meeting request.
  1. Download MFCMapi tool from here:
  http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=55fdffd7-1878-4637-9808-1e21abb3ae37
  2. Configure Outlook Profile (Online Mode) for the Conference Rooms
  3. Logon the Mailbox of the Conference Room by using credential of the End User.
  4. Open the Calendar Folder, locate the problem Meeting
  5. Right click the meeting entry and click Disable Recipient Table
  6. You should be able to get both the organizer and the attendees
  7. In addition, the PR_Recipient_Flags of the organizer should be 3 while the attendees are 1
  Mike

• CUA user master table updates from child system

  Hi Experts,
  In my system although there are roles assigned to users in child system they are not showing up in CUA for few user.
  Is there any program in CUA which i can use to  update the user master tables for only a limited set of users from child systems.
  Regards,
  Sandeep

  Hi Sandeep,
  Just want to check below queries....if this solves your problem..
  Is these are the new systems assigned to CUA or moved from other CUA as you said that role assignment is available in child system but not in CUA ? Another  thing that  I want you to check the User Group  assigned to user in child system and in CUA.If user gorups assigned to users are different in CUA and child system or particular group is missing in any one of the system then idoc will not move. Also check the Output device type along with address data...Any mismatch of these will stop the idoc.
  After that run the SCUG for all users, in CUA as suggested by akshay, this you can run for all 10 child system from CUA, no need to go in every child system.....