Organizational Data on the User - Master Data
Folks,
I want to extract and load data from the datasources:
0CRM_HR_UNAME_ORG
- Organizational Data on the User
0CRM_POSITION_ATTR
- CRM Position Master Data.
But I unable to locate the required infosources.
The datasources are present but do not have any standard transformation to infoobjects.
Can anyone pls help on the required infosources and infoobjects.
Thanks & Regards,
Raj Jain
Hi,
pls check if authorization problem ?
Note 397208 - BW: Authorizations for HR data extraction
*other note Note 872506 - 0HR_PA_PD_2: Only data in status '1' extracted **
Organizational Management (PA-OS):
For example, DataSource 0HR_PA_OS_1, 0ORGUNIT_ATTR, 0ORGUNIT_HR01_HIER, 0HRPOSITION_ATTR, 0CRM_HR_PA_OS_1, 0CRM_ORGUNIT_HR01_HIER, 0CRM_POSITION_ATTR
P_PLAN_ALL and P_BAS_ALL
hope this helps.
regards
CSM Reddy
Similar Messages
-
Create the user master records using the Enterprise Portal
Hello gurus!!
I'm configuring SRM 7.0 with EP.
I'm configuring the organizational structure, and steps guide (pdf and Solution Manager ) are:
1. Go to transaction SU01 and create an ABAP User. (SRMADMIN)
2. Assign this user the administrator role /SAPSRM/ADMINISTRATOR
3. As the administrator, creater the organizational plan
4. Create the remaining organizational unit
5. Using the Enterprise Portal application, Business Parter:Employee, create the user master records for the departmental managers.
How I must create the user in Enterprise Portal? What user I have to use to log on in the Enterprise Portal application? Has the user to be integrated in the organzational structure??
Thanks in advance!!!!
Best regards.
Maria.Hi,
You can create users in WebDynpro application. You can also create users in USERS_GEN transaction.
Regards,
Masa -
How to send User Master Data through XI
Dear SAP gurus,
We are currently configuring the e-recruiting module on a separate server than HR (following the SAP standard).
As our CUA is not connected to the E-REC systems, we are looking for a way to send properly the User Master Data from HR systems. We have seen that the report RSCUSND enable us to send iDoc with message type USERCLONE, but this repport can be only run from the CUA then we can t use it.
Another solution is to make a client copy with the profile SAP_USER, but we can t use this solution because in order to get the User Master Data in a real time we should make the copy each 15 minutes.
We can t figure out with the question, what is the standard way to send User Master Data to our E-Recruiting module
Regards
HadrienHR side:
1-Below t-code is what you should go through:
SM59
BD64
WE20
WE21
2-The key interface object is as below(I used it in LSMW, XI should be the same):
Business Object HRMASTER
Method SAVEREPLICAMULTIPLE
Message Type HRMASTER
Basic Type HRMASTER02
XI side:
1- The XI has the HR interface package in IR. You just need to select those you need.
2-Goto ID and do interface mapping between IDOC interface & XI outbound interface
All above is the skeleton processes. U can consult with XI consultant in details.
Hope helpful.. -
How to determine Organizational Data based on User Login
Dear all,
How to determine organizational data based on user login in Activity transaction, currently org determination is happening after entering customer number in the transaction.
We have used 'Responsibility' determination rule for this configuration. Now the requirement is to determine org data based on user login.
In Org model we have assigned user to org data through a business partner. But still org data is not getting determined in the transaction.
Please help me to trace out the problem.. your suggestions will be highly appreciated.
Best regards
Raghu ramYou just have to use other organization determination rule. In your case this would be rule 10000194 (ORGMAN_12). This determination rule delivers the responsible organizational unit of the user
User is defined as a business partner in the container attribute 'PARTNER'. If not, the system user (sy-uname) is used.
So you have to do the following:
- use this determination rule
- in BP link username with employee
- assign in PPOMA_CRM employee or user to organizational unit
This should solve your problem. -
Export and import change document for user master data
Dear Gurus,
I have two queries on change document for user master data:
1. Are there any approaches to export and import change document for user master data?
We often do system copy from PRD to QAS for UAT and troubleshooting. Before system copy we export the user master data from QAS and then import after the copy process. We would like to keep the change document for user master data on QAS from being refreshed from PRD for security reason.
2. Change document for Role change in QAS
When the role is created or modified in DEV and then transported to QAS, the role change document doen't include this change log. The role change document in QAS only records those role changes directly made in QAS.
Could you advise this is by SAP design or are there any approaches to record this transported role change in the role change document in QAS?
Thanks
YBY1. Perhaps you want to consider a system copy to a "virtual system" for UAT?
2. Changes in QAS (as with PROD as well) will give you the delta. They should ideally be clean... You need to check the source system.
Another option is to generate the profiles in the target system. But for that your config has to be sqeaky clean and in sync, including very well maintained and sync'ed Su24 data.
Cheers,
Julius -
Deleted User Master Data with SQL Server Management Studio
Hi All
I've, recently restored an ECC 6.0 backup onto a test system. In an attempt to quickly delete most of the User Master Data from the source system, I deleted the User ID's from the USR02 table using SQL Management Studio.
But within Transaction su01, the User ID's that were deleted that way, still show up in the "F4" search. I can select one of those deleted ID's, but get an informational pop up stating that the user does not exist, if I go to display.
Does anyone know of a quick way to delete these User ID's from the "F4" search pop up?
The only way I've found so far is to select the User ID, recreate it and then delete it from the su01 transaction. This is going to take me hours.
Tried to save time, but caused more of a head ache.
KenThanks Brian
Yes, I have done this in the past as well. Although for this instance, I needed to keep about 20 of the 100 + User ID's that were in the system, and was hoping for an easy way to do it.
In Table USR02, it was easy to pick all, but the 20 and delete. (Sometimes we think we're smarter than we really are I've since spoken to a Security team member and found out about there's a way to do "Mass" changes in transaction su01.
tcode us01 -> Environment -> Mass changes.
Ken
Live - Learn - Laugh -
How to download (export) user master data from java code
Hi,
I've an requirment. I need to export the user master through java code from a dual stack system
The requirment is like an autmated of what we do in indentity management export.
Thanks in advance
Regards,
mcsekar_21Solved it..
Wrote a bean using UME factory, to download, upload and modify. -
How to find out the user list that created by someone?
Hi all:
Now I want to develop a program that can find out the user list created by someone.
such as :
John create 3 user in SAP ,they are u1,u2,u3.
Susan create 2 user in SAP , they are s1,s2.
I input the the parameter such as John , the program can give me the list :u1,u2,u3.
Could you tell me which table should I use in this program?
Thanks .
Elisa.Hi Ling,
As per my understanding, you are looking for listing down the number of Users created by a particular users of the System. Like a System Administrator has created some 30 users. If this is correct, then you can use the table
USR02 - Logon Data (Kernel-Side Use). This table has 2 fields which are of importance - BNAME - User Name in User Master Record & ANAME - Creator of the User Master Record. You can query the ANAME with the username of the system and you will get the resultant users.
But I would reccomend to search the Table for a standard class, function module or RFC or BAPI so that you can reuse the same and need not to develop from the scratch.
Hope this will help.
Thanks,
Samantak. -
How to check if the user has only the display authority of a message
hi,
How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
Best regards,hi blake
though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
Basically Authorization Management
Use
You can use the following authorization objects to control the authorizations for maintaining business partner data:
Authorization objects for the Business Partner:
 B_BUPA_GRP
 B_BUPA_ATT
 B_BUPA_FDG
 B_BUPA_RLT
Authorization objects for relationships:
 B_BUPR_BZT
 B_BUPR_FDG
In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developers Handbook for the BDT under Authorizations.
IntegrationAuthorization management for the Business Partner forms part of the SAP authorization concept.
Prerequisites
You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
Moving over
AS ABAP Authorization Concept
The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
Authorization Checks
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
Starting SAP transactions (authorization object S_TCODE)
Starting reports (authorization object S_PROGRAM)
Calling RFC function modules (authorization object S_RFC)
Table maintenance with generic tools (S_TABU_DIS)
Checking at Program Level with AUTHORITY-CHECK
Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
Starting SAP Transactions
When a user starts a transaction, the system performs the following checks:
The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
The system then checks whether the user has authorization to start the transaction.
The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
 The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
 If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
The check is not performed in the following cases:
You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
 You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
 So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to Y (using transaction RZ10).
All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
Starting Report Classes
You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
You must consider the following:
After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
There are certain system reports that you cannot assign to any authorization class. These include:
RSRZLLG0
STARTMEN (as of SAP R/3 4.0)
Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
Calling RFC Function Modules
When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
Checking Assignment of Authorization Groups to Tables
You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
please See also:
SAP Notes 7642, 20534, 23342, 33154, and 67766
guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
but if u sit with ur BASIS guy then u can learn lot of things in PFCG
i guess u r a basis guy,then its not a problem
best regards
ashish -
Is there a BADi or User Exit that can be implemented that updates the Telephone Field in IT105 if you change the Telephone Field in the User Master Record via SU01
or
If you change the Telephone Field in the User Master Record via SU01 that it updates the Telephone Field in IT105.
Also, can this be somehow linked into IT0032 - Internal Data - Telephone fields
Thanks
WBHI Will,
Use the below mathod to find out whether an relevant BADI are there.
1. Go to the TCode SE24 and enter CL_EXITHANDLER as object type.
2. In 'Display' mode, go to 'Methods' tab.
3. Double click the method 'Get Instance' to display it source code.
4. Set a breakpoint on 'CALL METHOD cl_exithandler=>get_class_name_by_interface'.
5. Then run the transaction SU01 in change mode and change the phone no.
6. The screen will stop at this method.
7. Check the value of parameter 'EXIT_NAME'. It will show you the BADI for that transaction. Check whether its relevant or not.
Br/Manas -
Why does he search in the user settings for the printer?
Hi, I created a smartform and added output and control options when the form is called.
I read that if I assign tddest and tdprinter, and leave user_settings blank, that SAP would not go to the user settings to see if a standard printer was declared.
But apparently, the program still goes to the user settings, as I keep getting the error: "Please maintain an output device in the user master data."
Now I know that I can go to SU01 and create a standard printer, but that is not what I want. I want to pass the printer in the program, so that there is no need to have a standard printer defined.
What am I missing?
I have these options:
output_options-tdimmed = 'X'.
output_options-tddest = v_printer_name.
output_options-tdprinter = v_printer_name.
output_options-tdcopies = 1. "Just print one copy
control_parameters-no_dialog = 'X'.
and in the call function
call function FM_NAME
EXPORTING
control_parameters = control_parameters
output_options = output_options
user_settings = ' '
THX!hi,
try this.
output_options-tdimmed = 'X'.
output_options-tddest = v_printer_name. <---- pass output device(4 char)
output_options-tdprinter = v_printer_name.<------remove this
output_options-tdcopies = 1. "Just print one copy
control_parameters-no_dialog = 'X'.
Regards
Madhu -
User Master Replication thru ALE IDoc
Hi,
I have a scenario where i have to replicate the user master data from one server to another using ALE IDoc.
Can anybody explain the procedure to do so emphasising on
- Which message type to use?
- Is there a need to create port?
- Extending any Basic type?
etc.
Thanx in advance...Hi Aarti,
First you do the ale configuration. After creation of logical system go for following steps.
1. Rfc destination(sm59).
2. Port creation(WE21).
3.Partner profile creation(WE20).
4.Distribution Model(BD64)- After creation disribute it.
5.Check the availability of intended user in SU01D.
6. From CUA in se38 execute RSCCUSND, make entry of Receiving system and User again execute, you will get Userclone idocs in 03 status then in 12 status, then monitor these idocs at receiving systems.
Thanks,
Asit Purbey -
De activating the users upon user Termination in GRC CUP.
Dear Experts,
I have a requirement to de-activate users(should not delete physically) in SAP after the users are terminated. we are planning to use HR triggers for HR terminate event in GRC CUP
Q) I understand there is a De-provision functionality in GRC CUP. Will this delete users in SU01 physically ? Is there any way to use this functionality to deactivate the users ?
Thanks
KumarKumar,
Delete request type will delete users in CUP. What do you mean by deactiving users? Do you mean to change the validity date of the users? You will have to use change request type if you want to change any other information in the user master record other than delete/locking/unlocking of the user.
Alpesh -
I'm working on resolving an issue for a user that needs to reschedule appointments in 3 Conference Rooms when needed.
The user will open the meeting request and hit 'decline' and then attempt to edit the response before sending it back but then the appointment closes and the following message appears:
"You cannot respond to a meeting without an organizer. You must add an organizer field to the item. "
-End User has Full Mailbox Access
-Listed as a 'Owner' of the Calendar
-Delegate Rights granted to the Calendar as well
-Not in Cached Mode
Check Office updates and Office is up to date on patches.
User does not have a blackberry device.
Not sure of what else to do...I have researched this topic and all the items I have tried have not worked.
The Test Meeting I created to reproduce the errors was done through Outlook and adding the conference room as a resource and the user getting the errors as someone required.
I changed the calendar view to "Active Appointments". Right click on the column headings to add a field. In the field choser, pick All appt fields. Scroll down and drag n drop the Organizer field on the fieldbar.
The Organizer (From Field) is showing the end users who scheduled the meetings.
My Test Meeting Request that I had scheduled for last week that re-produced the error message was moved to today.
It is showing me as the Organizer.
Had the user who manages the Resource try again to cancel or edit the meeting and again receive the same message.Hi,
I suggest you check related meeting in Calendar folder by using MFCMapi:
Note: The meeting should be added to Calendar folder as tentatively accepted if you open the meeting request (but takes no action) or sniffer processes the meeting request.
1. Download MFCMapi tool from here:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=55fdffd7-1878-4637-9808-1e21abb3ae37
2. Configure Outlook Profile (Online Mode) for the Conference Rooms
3. Logon the Mailbox of the Conference Room by using credential of the End User.
4. Open the Calendar Folder, locate the problem Meeting
5. Right click the meeting entry and click Disable Recipient Table
6. You should be able to get both the organizer and the attendees
7. In addition, the PR_Recipient_Flags of the organizer should be 3 while the attendees are 1
Mike -
CUA user master table updates from child system
Hi Experts,
In my system although there are roles assigned to users in child system they are not showing up in CUA for few user.
Is there any program in CUA which i can use to update the user master tables for only a limited set of users from child systems.
Regards,
SandeepHi Sandeep,
Just want to check below queries....if this solves your problem..
Is these are the new systems assigned to CUA or moved from other CUA as you said that role assignment is available in child system but not in CUA ? Another thing that I want you to check the User Group assigned to user in child system and in CUA.If user gorups assigned to users are different in CUA and child system or particular group is missing in any one of the system then idoc will not move. Also check the Output device type along with address data...Any mismatch of these will stop the idoc.
After that run the SCUG for all users, in CUA as suggested by akshay, this you can run for all 10 child system from CUA, no need to go in every child system.....
Maybe you are looking for
-
Type anti-aliasing in Save For Web CS5
Hi, Has anyone found a way to get the type anti-aliasing settings to maintain their appearences in Save For Web. The type looks very different as if its lost the settings when I go to save it. Thanks!
-
Problem with saving TIFF from PDF in Photoshop and importing into Corel
I work at a publishing company, and some of our designers use CorelDraw X14. We receive most of our advertising material in PDF format, which I then have to convert to TIFF in Photoshop (I use CS4). Most of the time this works fine, but lately, the T
-
Problem with Cisco 1240AG Access Points
I have a Cisco 1240AG Access point (P/N ? AIR-LAP1242AG-A-K9). It has come in the lightweight mode. I just want to know whether I can put it to the autonomous mode.
-
Alternate Bom for a finished product has huge varience in cost estimate
Hi all I have created alternate BOMs for a finished material. One is local raw materials and another has imported raw materials. Goods are produced using both these boms but in one period i can release cost estimate of one BOM. Thats why there is a h
-
Combobox removing focus?
Why when I use the combobox component does it remove focus from other movieclips?? For instance...I have a button with onRollOver and onRollOut functions. These work fine, but once I click on a combobox, they break...and won't work. I've looked in ot