Problem with roles in CRM 5.0 PC-UI
Hi everybody!
I have a problem with CRM 5.0 PC-UI.
When I have user profile SAP_ALL, BSP's are showed correctly.
When I'm using restricted profile (for example role 'Account manager'), for some BSP's I'm receiving this error:
Exception Class CX_CRM_BSP_NOAUTH
Error name
Program name CL_CRM_BSP_FRAME_MAIN=========CP
Include CL_CRM_BSP_FRAME_MAIN=========CM003
ABAP Class CL_CRM_BSP_FRAME_MAIN
Method DO_INIT
Row 170
Long Text --
I've explored the role SAP_PCC_ACCOUNT_MANAGER in pfcg transaction, and realized:
on tab 'Menu' in section 'Portal Roles'
when I click on service: HS PC-UI PC-UI_CRMD_MKTSEG
In section 'External Service'
There are only '?????????' in the field 'Type of Ext. Service' instead of 'PC-UI'
and strange chars in the field 'Service'.
But for example service: HS PC-UI PC-UI_CRMM_CONTACT is OK, and I'm receiving BSP.
I think, that something important is missing.
Do you have any idea how to solve this problem?
Thanks
Radka
I am not sure whether you resolveed this issue already..
Under Portal Roles you find PCUI external services which refers to auth objects in order to access PCUI application.
Read thru the section "Tracing Authority Objects of Blueprint Applications" under PCUI cook book .
Thanks,
Thirumala.
Similar Messages
-
Problem with Roles and Triggers
I'm having a strange problem with Roles and Triggers in Oracle. It's a little difficult to describe, so bear with me...
I'm trying to create a trigger that inserts records into a table belonging to a different user/owner. Of course, the owner of this trigger needs rights to insert records into this other table. I find that if I add these rights directly to the owner of the trigger, everything works okay and the trigger compiles successfully.
However, if I first create a Role and grant the "insert" rights to it, and then assign this role to the owner of the trigger, the trigger does not compile successfully.
To illustrate this, here's an example script. I'm using Oracle 10g Release 2...
-- Clean up...
DROP TABLE TestUser.TrigTable;
DROP TABLE TestUser2.TestTable;
DROP ROLE TestRole;
DROP TRIGGER TestUser.TestTrigger;
DROP USER TestUser CASCADE;
DROP USER TestUser2 CASCADE;
-- Create Users...
CREATE USER TestUser IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
CREATE USER TestUser2 IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
CREATE TABLE TestUser.TrigTable (TestColumn VARCHAR2(40));
CREATE TABLE TestUser2.TestTable (TestColumn VARCHAR2(40));
-- Grant Insert rights on TestTable to TestRole...
CREATE ROLE TestRole NOT IDENTIFIED;
GRANT INSERT ON TestUser2.TestTable TO TestRole;
-- Add TestRole to TestUser. TestUser should now have rights to INSERT on TestTable
GRANT TestRole TO TestUser;
ALTER USER TestUser DEFAULT ROLE ALL;
-- Now, create the trigger. This compiles unsuccessfully...
CREATE TRIGGER TestUser.TestTrigger AFTER INSERT ON TestUser.TrigTable
BEGIN
INSERT INTO TestUser2.TestTable (TestColumn) VALUES ('Test');
END;
When I do a "SHOW ERRORS;" after this, I get:
SQL> show errors;
Errors for TRIGGER TESTUSER.TESTTRIGGER:
LINE/COL ERROR
2/3 PL/SQL: SQL Statement ignored
2/25 PL/SQL: ORA-00942: table or view does not exist
SQL>
As I said above, if I just add the Insert rights directly to TestUser, the trigger compiles perfectly. Does anyone know why this is happening?
Thanks!
AdrianHi Raghu,
If the insert rights exist only on TestRole, and TestRole is assigned to TestUser, I can do the INSERT statement you suggest with no problems if I just execute it from SQLPlus (logged in as TestUser).
The question is, why does the same INSERT fail when it's inside the trigger? -
Weird problem with role assignment in Portal
Hi,
In our newly installed Portal for eRecruitment Production System we encounter a weird problem with assigning roles to users.
When I open User Administration and search for roles, it displays the Portal roles perfectly.
However, when I search for a user in User Administration and click on it when found, I am unable to find any roles to assign! So I am unable to find any roles, when I want to modify the assigned roles for a particular user, while the roles do exist and can be found on its own. How is this possible? Am I missing something here?
We have installed SPS 15 and use ABAP as user store. We have used reverse proxy and web dispatchers in this case.
Thanks in advance and best regards,
Jan LarosFound some entries in the default trace from this morning:
#1.#005056A15F78006A000004F400006D310004520B11DB3CE8#1216107404407#com.sap.security.core.jmx.impl.CompanyPrincipalFactory#sap.com/tc~wd~dispwda#com.sap.security.core.jmx.impl.CompanyPrincipalFactory.static Set evaluateDatasourcesToSearchFor(String[] requestDatasourceIds, String privateType, Locale locale)#JALAROS#58762##nun.efteling.nl_POP_9750151#JALAROS#581700b0524011ddc029005056a15f78#SAPEngine_Application_Thread[impl:3]_36##0#0#Error##Java###Error while connecting to remote producer {0}
[EXCEPTION]
{1}#2#PRODUCER_0KTHQ3YTJV#com.sap.security.core.persistence.remote.CommunicationException: Cannot display remote roles of selected producer. The producer has removed your consumer instance from their portal.
at com.sap.portal.ivs.global.roles.RemoteProducerAccessImpl.sendToRemote(RemoteProducerAccessImpl.java:497)
at com.sap.portal.ivs.global.roles.RemoteProducerAccessImpl.checkConnectivity(RemoteProducerAccessImpl.java:220)
at com.sap.security.core.jmx.impl.CompanyPrincipalFactory.evaluateDatasourcesToSearchFor(CompanyPrincipalFactory.java:656)
at com.sap.security.core.jmx.impl.CompanyPrincipalFactory.simplePrincipalSearchByDatasources(CompanyPrincipalFactory.java:3172)
at com.sap.security.core.jmx.impl.JmxSearchHelper.getSimpleEntitySearchResult(JmxSearchHelper.java:74)
at com.sap.security.core.jmx.impl.JmxSearchHelper.calculateSimpleEntityTable(JmxSearchHelper.java:1182)
at com.sap.security.core.jmx.impl.JmxServer.calculateSimpleEntityTableByDatasources(JmxServer.java:1061)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58)
at javax.management.StandardMBean.invoke(StandardMBean.java:286)
at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944)
at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)
at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409)
at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)
at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258)
at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)
at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287)
at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:776)
at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
at com.sap.security.core.jmx._gen.IJmxServer$Impl.calculateSimpleEntityTableByDatasources(IJmxServer.java:717)
at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.calculateSimpleEntityTable(JmxModelCompInterface.java:396)
at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.calculateSimpleEntityTable(InternalJmxModelCompInterface.java:443)
at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface$External.calculateSimpleEntityTable(InternalJmxModelCompInterface.java:746)
at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.getSimpleEntityTable(UmeUiFactoryCompInterface.java:471)
at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.getSimpleEntityTable(InternalUmeUiFactoryCompInterface.java:517)
at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface$External.getSimpleEntityTable(InternalUmeUiFactoryCompInterface.java:894)
at com.sap.security.core.wd.relaterole.RelateRoleComp.searchNewRoles(RelateRoleComp.java:259)
at com.sap.security.core.wd.relaterole.wdp.InternalRelateRoleComp.searchNewRoles(InternalRelateRoleComp.java:282)
at com.sap.security.core.wd.relaterole.AssignParentRolesView.onActionSearchNewRoles(AssignParentRolesView.java:215)
at com.sap.security.core.wd.relaterole.wdp.InternalAssignParentRolesView.wdInvokeEventHandler(InternalAssignParentRolesView.java:261)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:313)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
at com.sap.tc.webdynpro.portal.pb.impl.localwd.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java:77)
at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1257)
at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:325)
at com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:826)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:313)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:180)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
#1.#005056A15F780060000004FD00006D310004520C6A35F87C#1216113181849#com.sap.engine.services.security.roles.SecurityRoleReference##com.sap.engine.services.security.roles.SecurityRoleReference#J2EE_GUEST#0####399cb180524e11dd9849005056a15f78#SAPEngine_Application_Thread[impl:3]_37##0#0#Error#1#/System/Security/Audit/J2EE#Java###{0}: Authorization check for caller assignment to J2EE security role [{1} : {2}] referencing J2EE security role [{3} : {4}].#5#ACCESS.ERROR#service.naming#jndi_all_operations#SAP-J2EE-Engine#administrators#
#1.#005056A15F78005C00000C0500006D310004520C6A394185#1216113181992#com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl##com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl#J2EE_GUEST#0####39aa6d20524e11ddaee2005056a15f78#SAPEngine_Application_Thread[impl:3]_29##0#0#Error#1#/System/Server#Java###Runtime exception occurred while processing external JMX request [ JMX request (java) v1.0 len: 150 | src: 2 target-node: 9750150 req: getAttribute params-number: 2 params-bytes: 0 | ]
[EXCEPTION]
{0}#1#com.sap.engine.services.jmx.exception.JmxSecurityException: Caller J2EE_GUEST not authorized, only role administrators is allowed to access JMX
at com.sap.engine.services.jmx.EngineAuthorization.checkMBeanPermission(EngineAuthorization.java:88)
at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:77)
at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:98)
at com.sap.engine.services.jmx.MessageClientSecurityWrapper.checkPermissions(MessageClientSecurityWrapper.java:76)
at com.sap.engine.services.jmx.MessageClientSecurityWrapper.invokeMbs(MessageClientSecurityWrapper.java:38)
at com.sap.engine.services.jmx.ClusterInterceptor.invokeMbs(ClusterInterceptor.java:196)
at com.sap.engine.services.jmx.ClusterInterceptor.getAttribute(ClusterInterceptor.java:512)
at com.sap.engine.services.jmx.MBeanServerInterceptorInvoker.invokeMbs(MBeanServerInterceptorInvoker.java:84)
at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl.invokeMbs(P4ConnectorServerImpl.java:61)
at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImplp4_Skel.dispatch(P4ConnectorServerImplp4_Skel.java:64)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:313)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:199)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:136)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:180)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170) -
Hi all
i m face a problem with pfcg i m ask u i have 100 role and i want to add one T-code all 100 role.can any idea to add T-code with out used manually one by one.
Thanks&Regards
Pankajdear pankaj,
you can use the CATT utility(tcode SCAT) for altering the 100 roles.
i presume that you have not used the catt utility before
thats why i have detailed the procedure below.
all you would need to do is execute the tcode scat record all the transaction steps of editing the role by adding the new t-code. now creat a microsoft excel file consisting the list of all the remaining 99 roles that have to be changed and give that excel file as input when prompted for input and all the roles will be updated with the new tcode.
i hope you will find the my suggetion helpful.
regards,
sri srirangam -
Problem with Role and User Distribution to the SAP System
Hi to all.
I've a problem when i try to transfer roles from portal to SAP CRM. (System Administration --> Permissions --> SAP Authorizations).
If I select from the drop down list the SAP Alias corresponding to the connector to the target system an error is displayed:
class com.sapportals.connector.connection.ConnectionFailedExceptionConnection Failed: Nested Exception. Failed to get connection. Please contact your admin.
I think the problem is in the connector configuration since the connector test fails too (due to User attribution problems I think)
Thank you for any help!Hello Mario,
I have the same problem.
Did you find a solution for this?
Please let me know.
Thanks in advance, Michael -
Problem with role mapping in custom login module
Hi all,
I have developed custom login modules. They don't use the default user store but own data tables holding the necessary user information.
Login works fine. But there is one big problem: Only those users that exist with the same user-id in the default user store get roles assigned to it. Whicht leads to 403-errors in my web application.
Now, this is weired because a user with id 'Susi' has completely different passwords in my custom tables and in the user store, therefore it shouldn't be possible to authenticate 'Susi' against the default user management.
Next thing is, I don't use the default login modules at all. So why does the application validates against the user store?
I thought a source of the problem might be that I don't set the roles correctly. I set the roles as a principal to the subject. I have chosen the role based mapping in the web-engine.xml and mapped all my custom roles to the server role 'guests'.
Could anybody think of a solution to this problem ?
Thanks, AstridAstrid,
Sorry to go off-topic on your post...but I have a question in relation to how you deploy your login module. Do you deploy the login module with your application ? I've developed a login module that I would like to deploy by itself, I currently deploy it with the calculator example and it works fine like this, but I need to deploy it by itself. Any tips you can give would be greatly appreciated.
I've tried to use the deploytool and deploy the module as a library...but I get a "cannot load a login module" in the logs when authenticating a user. -
I'm running a brand new install of IDM 8 on JBoss 4.2.2 GA, all steps are performed as configurator.
I create a new user.
I create a Business Role with a Required IT Role.
I assign the business Role to the user, both the Business Role and the IT Role stands as Pending Save.
I click Save. Both roles are in the Changes list.
But when I select the user and select roles, Only the Business role is assigned - The IT Role is still Pending Save. And the business role is listed as an IT Role.
Clicking Save again shows that roleInfos only contains the Business role. Save again shows the same changes as when first assigning the role. But the user still doesn't have the IT Role.
Has anyone seen this behavior?
Or even better: Can anyone give me a hint how to fix this problem?
Best regards
StefanVersion 8.0 Patch 1 -- http://sunsolve.sun.com/show.do?target=patches/zp-NetworkInternet#identitymanager
Fixed a problem that caused Identity Manager running on JDK 1.6 to fail to assign roles assigned to a Business Role. A symptom of the problem included Identity Manager identifying a Business Role as an IT Role after the Business Role was assigned. This problem was limited to JDK 1.6. (ID-19086) -
Problems with roles and ldapgroups in IDM 8
Hello Guys,
I'm facing a problem. I have to put users in ldap groups and i using roles. I have create an IT role and a Business role.
I use the IT Role to add users in ldap groups through a rule and the business role to assign groups to a user. The business contains the IT Role.
Normally, when i put a list of two groups in the rule, i must have user put in the two groups and if i remove one of this group in the rule, user must be removed from the choosen group. Unfortunatly, the second scenario doesn't work. I always have the two. And i can't removed the users from all groups.
Is there something that i'm missing?
I'm using IDM 8.A patch 2 and Sun Directory Server 6.3.
The definition of my IT Role is :
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Role PUBLIC 'waveset.dtd' 'waveset.dtd'>
<Role authType='ITRole' name='My Groups'>
<ResetLimit count='0'>
</ResetLimit>
<Services>
<ObjectRef type='Resource' name='RESSOURCE LDAP'/>
</Services>
<ContainedRoles>
</ContainedRoles>
<RoleAttributes>
<RoleAttribute name='My Groups:#ID#RESSOURCE LDAP:groups'>
<Comment>Auto generated by Role Mes Groupes</Comment>
<AttributeName>groups</AttributeName>
<AttributeValueRef>
<ObjectRef type='Rule' id='#ID#RuleListeUserGroups' name='Rule Liste User Groups'/>
</AttributeValueRef>
<Requirement>Authoritative merge with value, clear existing</Requirement>
<ResourceRef>
<ObjectRef type='Resource' id='#ID#RESSOURCE LDAP' name='RESSOURCE LDAP'/>
</ResourceRef>
</RoleAttribute>
</RoleAttributes>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
</MemberObjectGroups>
</Role>Thanks All!i have it role mapped to ldap groups implemented successfully with the following...
1. Instead of a rule adding to groups, you should have a resource attribute mapping ... this is described in the ldap resource adapter references....
<AccountAttributeType id='101' name='ldapGroups' syntax='string' mapName='ldapGroups' mapType='string' multi='true' />2. Now have your IT ROLE to have the group population like the following
<RoleAttribute name='MYROLE:RESOURCE-NAME:ldapGroups'>
<AttributeName>ldapGroups</AttributeName>
<AttributeValueString>
<List>
<String>cn=Wirelessaccess,ou=Groups,dc=example,dc=com</String>
</List>
</AttributeValueString>
<Requirement>Authoritative merge with value</Requirement>
<ResourceRef>
<ObjectRef type='Resource' name='RESOURCE-NAME'/>
</ResourceRef>
</RoleAttribute> -
Problem with Role while Deprovisioning !
I have assigned AD resource to a role and I have hard coded this role in waveset.roles field in my create form. I am able to create, update accounts in IDM and AD automatically from flatfileactivesync.
Now I need to delete & deprovision an account in IDM and AD respectively. I have created a rule that catches the activesync.diffaction eq = delete. I have placed this rule in Delete Rule (optional) so that whenever an account is deleted from the flat file and diffaction=delete & feedop=delete, this rule should delete & deprovision this account.
From the flatfile logs even i m seeing that both diffaction and feedop equals to delete and it seems the account is deprovisioned from the logs (without any errors in the logs). But in IDM the account still exists and also on AD.
My problem is the account is not getting deprovisioned and deleted from IDM because it is attached with a role (AD resource assigned to that role) and i am having AD resource as "Excluded resource" column in the user account assignment tab [due to the role]
What I am doing wrong ?? Can anybody through some light !!
Thanks.dear pankaj,
you can use the CATT utility(tcode SCAT) for altering the 100 roles.
i presume that you have not used the catt utility before
thats why i have detailed the procedure below.
all you would need to do is execute the tcode scat record all the transaction steps of editing the role by adding the new t-code. now creat a microsoft excel file consisting the list of all the remaining 99 roles that have to be changed and give that excel file as input when prompted for input and all the roles will be updated with the new tcode.
i hope you will find the my suggetion helpful.
regards,
sri srirangam -
Problem with role and user; user can't see the table
Hello forum,
I've created a role:
CREATE ROLE enr_service;
GRANT CONNECT TO enr_service;
GRANT ALL ON Locataires TO enr_service;
GRANT ALL ON Batiments TO enr_service;
GRANT ALL ON Sportifs TO enr_service;
GRANT SELECT ON Epreuves TO enr_service;
and also a user:
CREATE USER ENR1 IDENTIFIED BY password QUOTA UNLIMITED ON USERS;
GRANT enr_service TO ENR1;
ALTER USER ENR1 DEFAULT ROLE enr_service;
ALTER USER ENR1 DEFAULT TABLESPACE USERS;
I can connect to the database with this user but when I try to query a table he's been granted access to I get an error message:
SELECT * FROM Sportifs;
ORA-00942: table or view does not exists
I can't see what I've done wrong. Any help is appreciated.
Sebastianuser2019788 wrote:
Hello forum,
I've created a role:
CREATE ROLE enr_service;
GRANT CONNECT TO enr_service;
GRANT ALL ON Locataires TO enr_service;
GRANT ALL ON Batiments TO enr_service;
GRANT ALL ON Sportifs TO enr_service;
GRANT SELECT ON Epreuves TO enr_service;
and also a user:
CREATE USER ENR1 IDENTIFIED BY password QUOTA UNLIMITED ON USERS;
GRANT enr_service TO ENR1;
ALTER USER ENR1 DEFAULT ROLE enr_service;
ALTER USER ENR1 DEFAULT TABLESPACE USERS;
I can connect to the database with this user but when I try to query a table he's been granted access to I get an error message:
SELECT * FROM Sportifs;
ORA-00942: table or view does not exists
I can't see what I've done wrong. Any help is appreciated.
SebastianThat's probably because ENR1 doesn't have any table named SPORTIFS and he didn't qualify the table name with the schema name ... -
Hello,
using the NetWeaver CE 7.1 EhP1 SP 2, I have modeled a Guided Procedure approval workflow. The processor of the approval step is determined at runtime and provided as an input parameter.
If the approver rejects, the customer may then modify their requests. In particular, the customer can choose a different approver.
Now, I have the following problem:
If the customer chooses a different approver, the new approver is notified as well as the old approver. Now, both are entitled to process the approval step.
This is not what I intended. If the customer chooses a diffrent approver, the new approver should be the only one who is notified and entitled to process the approval step.
What am I doing wrong or is it bug?
Thanks and best regards
AlexanderHi!
It is neither wrong nor bug it depends on your requirement.
As I said: I want to replace the old processor with a new processor. Moreover, I have to solve it with Guided Procedures.
Best regards
Alexander -
Problems with an own crm-function-component
Hi!
We've (sometimes) problems after initial load from "R/3 standard" to "CRM online". Few datas are deleted and so on...
We've detected that an own written function component is the reason for it. We've deactivate it in se37 and the initial load runs okay (it seems so).
We've some fears to deactivate the function in this case 'cause the connections between the R/3-CRM-Mobile Sales are sensitive and complicated and we don't want to get another (the next) problem
So we want to find out where the function component is called. We've used the old abap rsrscan1 to search in sources. We've used "utilities-find in sources", too but we couldn't find the call to our "problem function"... but it will be called. ...But from where?
Can i find it anywhere in the customizing at crm - initial load?
Have i another possibility searching for a function call in this case?
Thanks in advance for your help!
Best regards,
IngoThe advice would be to do the basics.
Restart, reset, restore.
Try a reset.
If that does not solve, then try a restore. -
Problem with Creation of CRM Order via Function Module Test
I am trying to check the order creation process from external systems by using the test function in Tcode SE37 with Function Module BAPI_BUSPROCESSND_CREATEMULTI.
I have created a Test Sequence of the following FMs:
BAPI_BUSPROCESSND_PROCSETTINGS
BAPI_BUSPROCESSND_CREATEMULTI
BAPI_PROCESS_SAVE
BAPI_TRANSACTION_COMMIT
All that I have been able to create so far is an order header without a Sold-to or Ship-to and no items. I am able to populate the Organization data, Header text and Appointments. The only partner function that is being populated is the one that is being automatically picked up from my user master.
For the BAPI_BUSPROCESSND_CREATEMULTI I am populating the following tables:
HEADER 1 entry
ITEM 2 entries
PARTNER 2 entries
ORGANISATION 1 entry
APPOINTMENT 2 entries
INPUT_FIELDS 41 entries
SCHEDULELINE 2 entries
I have created the entries based upon information gained through debugging function module CRM_ORDER_MAINTAIN during the creation of a service order.
It would be interesting to know if anybody has successfully created an order via the SE37 test function and if so, it would be useful to see the data in the relevant tables.HEllo ,
Write a wrapper to the function module CRM_ORDER_MAINTAIN.
To populate the Text use below code
ls_input_field_names-fieldname = 'REF_GUID'.
INSERT ls_input_field_names INTO TABLE lt_input_field_names.
ls_input_field_names-fieldname = 'REF_KIND'.
INSERT ls_input_field_names INTO TABLE lt_input_field_names.
ls_input_field_names-fieldname = 'TDID'.
INSERT ls_input_field_names INTO TABLE lt_input_field_names.
ls_input_field_names-fieldname = 'TDSPRAS'.
INSERT ls_input_field_names INTO TABLE lt_input_field_names.
ls_input_field_names-fieldname = 'TDSTYLE'.
INSERT ls_input_field_names INTO TABLE lt_input_field_names.
ls_input_field_names-fieldname = 'TDFORM'.
INSERT ls_input_field_names INTO TABLE lt_input_field_names.
ls_input_field_names-fieldname = 'LINES'.
INSERT ls_input_field_names INTO TABLE lt_input_field_names.
ls_input_field_names-fieldname = 'MODE'.
INSERT ls_input_field_names INTO TABLE lt_input_field_names.
CLEAR ls_input_fields.
ls_input_fields-ref_guid = attr_guid.
ls_input_fields-ref_kind = 'A'.
ls_input_fields-objectname = 'TEXTS'.
CONCATENATE 'CRM_ORDERH' order_guid INTO ls_input_fields-logical_key.
ls_input_fields-field_names = lt_input_field_names.
INSERT ls_input_fields INTO TABLE attr_t_inputfields.
Call Order maintain FM to create any order
CALL FUNCTION 'CRM_ORDER_MAINTAIN'
EXPORTING
it_text = lp_order->attr_t_text
it_partner = lp_order->attr_t_partner
IMPORTING
et_exception = et_exception
CHANGING
ct_orderadm_h = lp_order->attr_t_orderadm_h
ct_input_fields = lp_order->attr_t_inputfields
EXCEPTIONS
error_occurred = 1
document_locked = 2
no_change_allowed = 3
no_authority = 4
OTHERS = 5.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Regards
Satish -
Problem with Role import in GRC 10.0
Dear GRC Gurus,
I want to import roles from backend to GRC 10.0 system. for this I am using NWBC.
In NWBC --> Access Management --> Mass Role Maintenance --> Role Import --> in this age below OPtions are selected:
Role Selection --> Technical Role
Import Source: Role Attribute Source: User Input, Role Authorization Source: Backend System
Definition Criteria:Application Type: SAP, Landscape: nothing is shown in the dropdown, Source System: nothing is shown in the dropdown
Without Defining Landscape and Source system I cannot proceed further
Please advise why the system is not showing up the values in the dropdown.
I have maintained role status as production in SPRO.
I appreciate your help.
Thanks,
SwathiHi,
Sabita is correct.
Here is the link to the documentation
SAP Access Control 10.0
Simon -
Hi, I have a CRM 4.0 system, when I try to create a SLA service contract, I get an error "No connection could be made to IPC", I guess this is normal because I didn't install an IPC server, my question is
Is possible to disable the IPC on the CRM ?
Or the IPC must be installed ?
ThanksHi,
You need IPC in CRM for prices. Please install the same.
Regards TVS
Maybe you are looking for
-
Calculations across multiple columns
I am a virgin to iOS Numbers on the iPad and need to prove it's worth in work. I have a spreadsheet where I have to calculate the number of entries matching 3 criteria in a row: by Date (Month),type of job (e.g. bathroom or kitchen) and against a sco
-
Help Please my Keychain Login keeps popping up and refusing my password.
I don't normally have a login password on boot up but I have not used the login for so long I've forgotten my password. OK so I used the MacBook 13 Install Disk and reset the password to something more memorable. Then it advised me to synchronize thi
-
Hi Everyone, i have a crash every now and then. Looks like it has something to do with Networking or Bonjour. Nov 10 23:55:34.018358 Chriss-iMac.local discoveryd_helper[147]: Basic RemoteControl com.apple.discoveryd_helper Starting XPC Server Nov 10
-
Dock problem: Apps won't open, they bounce once and don't open.
hi, my ex-girlfriend has had problems with opening up some of her programs (Mail, Safari, iChat, iTunes, Msn-Messenger, Skype) on the dock. They bounce on the dock once and then don't open at all. She said that it just happened after a recent update
-
I tunes will not download. Says not win32 applicattion
Cannot download itunes to new computer says it is not WIN32 App