Provisioning with roles

Question for everyone. We are switching over some of our code base to do resource assignment with roles. Previously this was done through our workflow. I have a few basic (I hope) questions about resource provisioning with roles.
1. I assume that the account doesn't get actually provisioned until a provisioning service is called right? Just the assignment of the role itself doesn't kick off a provisioning service?
2. Do you advise setting attributes within the role itself either through a rule or static variable. The reason I ask this is because we have several attributes that get set only when we are going to provision that resource. They are globals for the most part. A perfect example of this would be the domain account ID. We are still trying to set the attributes in the workflow and it seems that this is giving us some headaches.
Thanks!

Hi,
Once a role is assigned to a user the provisioning workflow is not commenced until those changes are saved. If you use the administrator interface you must first edit the user, then assign a role, save the changes and commit those changes either via the 'Save' or 'Save in backgound' buttons. On the changes are committed then the workflow will provision the user in the resources as defined in the role.
It is advisable to use the attribute setting within the role rather than the workflow. You can however call rules from within the role to provide a greater level of flexability if that is required. See [Understanding and Managing Roles|http://docs.sun.com/source/820-2954/IDM_admin_roles-and-resources.html#wp1081754] for more information
Hope this helps

Similar Messages

It's posible the OID role Provisioning With OIM?

Hi experts,
I'm installing and configuring the OIM connector for OID. However I've found on the installation guide the next 'warnings':
- Reconciliation of roles is supported only for ODSEE and Novell eDirecotory target systems.
- Provisioning of roles is supported only for ODSEE and Novell eDirecotory target systems.
then my question is: how can I provision OID roles to any user using OIM??? If I can't do role provisioning to OID, I cant see so much utility for this connector.
My request its to provisioning roles that I've created on OID, using OIM interface.
Has anyone done this?
Thanks for you time.
regards.
Edited by: Daniel Cermeño on Sep 10, 2012 4:39 PM

Hi Leoncio and Gyanprakash,
Tanks for your response, thats make me feel more quiet.
I have still one question about this. In the installation and configuration guide says:
- If you are using the default connector configuration, for every group in the target system, create a corresponding organizational unit (with the same group name) in Oracle Identity Manager. This ensures that all groups from the target system are reconciled into their newly created organizational units, respectively.
- You can also configure the connector to reconcile the groups under one organization.
Then, when I run the reconciliation of OID groups in OIM. I obtain one organization with one resource representing my OID group. Or, if I prefer, I obtaion one organization with many resource that represents all my OID groups. However, I dont find how to provision this resources to my OIM users, cause I need that one user be part of one o more groups. If I put the user in the organization that represent my OID group, how I can provision more groups?
Furthermore, the reconciliations of OID groups creates resources/organizations, but in my understending this no create OIM roles isn't?
I'm sorry for my ignorance. This maybe is a trivial question, but I hope you can clarify this concepts to me.
Thanks for your time.
regards.
Edited by: Daniel Cermeño on Sep 11, 2012 8:08 AM

Use GRAC_USER_ACCES_WS to provision Business Role

I have situation where I need to provision several hundred users across 90 business roles. I have been experimenting with FM GRAC_IDM_USR_ACCS_REQ_SERVICES (underlying FM for enterprice service GRAC_USER_ACCES_WS) to automate mass provisioning using GRC access requests. I figured out how to use the FM to provision technical roles to users but cannot get it to work for GRC Business Roles.
If the service cannot provision business roles, that would imply that an IdM would also not be able to do so. We are currently looking at IdM (non-SAP) solutions. Now I wonder if the value of business roles we are building will be diminished if an IdM is used.
Is it possible to provision business roles using the service and/or FM? If so, any details on the input values required would be much appreciated.

Hi Harinam,
Thanks for the details. I have already raised a OSS message to SAP.
I have implemented SAP note 1930923 in GRC sandbox system and can see that the mail issue I am reporting was no longer appearing. But I have seen new one this time
After note implementation: (Change Account Request Type with Business Role Assignment)
Hi GRC User Demo 1 (Z_GRAC_USER1),
The Request number : 592 , has been processed and the Request is Closed. The details are as follows:
XX Business role assigned to Z_GRAC_USER1
Kind regards,
Access Control Administrator
Before and After note implementation: (Change Account Request Type with Business Role removal)
Hi GRC User Demo 1 (Z_GRAC_USER9),
The Request number : 593 , has been processed and the Request is Closed. The details are as follows:
YY Role removed from Z_GRAC_USER9 ( )
Kind regards,
Access Control Administrator
Now the issue during role assignment is resolved, but during role removal mail notification says role has been removed from user and ends with empty brackets ().
For single roles in this brackets it usually fills the system name. May be for business roles since there will not be any specific system it is coming empty, but I think SAP should fix this.
Let me know if you are also facing the same
Since you confirmed that you are using business roles, let me know any critical issues which you came across as part of SP13 as we are also on SP13 and could be helpful.
Thanks once again for taking your time in replying for my issue.
Regards,
Sai.

Provisioning Allowed and Allow Auto-provisioning YES Role exists No

Hello,
I am unable to select the roles while submitting the user provisioning request.
The role additional details are set Yes for Provisioning Allowed and Allow Auto-provisioning
But Role exists is showing No; i have tried updating the roles in many ways, everything is getting updated except this paricular field.
Could you pls help me ...
Regards,
Sumanth

Hello Sumanth,
Can you successfully generate roles using the role generation option?
I have the same issue but I presently have issues with generating single roles ONLY as posted on this thread - "Illegal tcodes" error during the role generation phase of ERM in AC10
...so I am thinking it is becuase I can't generate single roles that is why the roles are not displaying. However, I can view the roles in other environments like risk analysis but not at the point of access request provisioning. It tells me no roles are available.
I sure hope someone will be able to help us out.
Thanks

IDM70: SAP Provision Framework & Role-Approvals

Hi all
How can I use the SAP Provisiong Framework (PF) with Role Approvals?
User-Provisioning works fine without any Approval Tasks. I can create a user in the Workflow and assign a role which triggers the SAP PF Provisioning-Tasks for Exchange/ADS and SAP ABAP.
Then I tried to assign a Role where I defined an Approver and an Approval task. I expected that after the Role assignment is approved the respective Provisioning Tasks (ProvisionADS, ProvisionABAP) are started automatically, but they aren't.
The Approval is raised in the Workflow, I approve it and nothing happens. If I look at the User-Details the role is not assigned to the user.
Do I have to link the SAP PF-Provisioning Tasks to the Approvals Approve-Node?
If yes, do I have to define an approval task for every system-type and possible combination of systems???
Or what else should I include in the Approve-Node?
Any help appreciated.
Regards
Michael

OK, I solved the question:
I followed the "Implementing pending approvals" Tutorial step by step and "wrapped" my ApprovalTask with an PreprocessApprovers and a CommitApproval task. But I'm quite sure the CommitApproval Task would be sufficient.
This leads to another question in the same area:
If I use an Approval Task with a defined Approver and Sub-Tasks in its Approve/Decline-Nodes (as I use for e.g. Workflow public "Create User" Task) I see the Approval in the Monitoring Approval Queue.
The MX_PENDING_VALUE created during the Role-Approval is not listed there.
What is the difference, technically speaking, between a Role-Approval (MX_PENDING_VALUE) and a "normal" Approval (Task + Subtasks)?
Why do I have to commit the one and not the other?
What other usage has the MX_PENDING_VALUE / Where else is it used (since it is more complex than simply creating an "interrupting" Approval Task)?
Points still available
Regards
Michael
Edited by: Michael on Jul 20, 2009 5:06 PM

Provisioning LDAP roles from SIM

SIM Experts:
I am trying to provision LDAP roles from SIM into our local IPlanet/Sun DS LDAP instance.
When I created the resource in SIM, I noticed it didnt rope in the built in roles from our LDAP instance, just as it did LDAP groups.
I tried to circumvent this by :
1. Creating individual Role_<> attribute entries in the LDAP resource schema which in turn get mapped to 'nsRoleDN' from LDAP.
2. Create 'Roles' in SIM mapped to the LDAP resource and set attribute values for the 'Role_<>' attributes (added earlier to the schema mapping) like -
Role_auditor : cn=Auditor,dc=example,dc=com
The hitch with this approach is if I add multiple roles to the account (during creation), only the last role gets added .. in other words, I see only 1 'nsroleDN'' entry.
I do not know if this the right approach, but could someone suggest a better alternative, if there is one.
Thanks in advance,
apn.

Answered here: http://forum.java.sun.com/thread.jspa?threadID=5247269&tstart=30
... although, as indicated getRoles should return a list of Role names as well... If you create a variable in the workflow and populate it with this call... it should be a List. [item1,item2,item3] may just be the trace representation of a list.

Problem with Roles and Triggers

I'm having a strange problem with Roles and Triggers in Oracle. It's a little difficult to describe, so bear with me...
I'm trying to create a trigger that inserts records into a table belonging to a different user/owner. Of course, the owner of this trigger needs rights to insert records into this other table. I find that if I add these rights directly to the owner of the trigger, everything works okay and the trigger compiles successfully.
However, if I first create a Role and grant the "insert" rights to it, and then assign this role to the owner of the trigger, the trigger does not compile successfully.
To illustrate this, here's an example script. I'm using Oracle 10g Release 2...
-- Clean up...
DROP TABLE TestUser.TrigTable;
DROP TABLE TestUser2.TestTable;
DROP ROLE TestRole;
DROP TRIGGER TestUser.TestTrigger;
DROP USER TestUser CASCADE;
DROP USER TestUser2 CASCADE;
-- Create Users...
CREATE USER TestUser IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
CREATE USER TestUser2 IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
CREATE TABLE TestUser.TrigTable (TestColumn VARCHAR2(40));
CREATE TABLE TestUser2.TestTable (TestColumn VARCHAR2(40));
-- Grant Insert rights on TestTable to TestRole...
CREATE ROLE TestRole NOT IDENTIFIED;
GRANT INSERT ON TestUser2.TestTable TO TestRole;
-- Add TestRole to TestUser. TestUser should now have rights to INSERT on TestTable
GRANT TestRole TO TestUser;
ALTER USER TestUser DEFAULT ROLE ALL;
-- Now, create the trigger. This compiles unsuccessfully...
CREATE TRIGGER TestUser.TestTrigger AFTER INSERT ON TestUser.TrigTable
BEGIN
INSERT INTO TestUser2.TestTable (TestColumn) VALUES ('Test');
END;
When I do a "SHOW ERRORS;" after this, I get:
SQL> show errors;
Errors for TRIGGER TESTUSER.TESTTRIGGER:
LINE/COL ERROR
2/3 PL/SQL: SQL Statement ignored
2/25 PL/SQL: ORA-00942: table or view does not exist
SQL>
As I said above, if I just add the Insert rights directly to TestUser, the trigger compiles perfectly. Does anyone know why this is happening?
Thanks!
Adrian

Hi Raghu,
If the insert rights exist only on TestRole, and TestRole is assigned to TestUser, I can do the INSERT statement you suggest with no problems if I just execute it from SQLPlus (logged in as TestUser).
The question is, why does the same INSERT fail when it's inside the trigger?

[OIM] Error in Direct Provisioning (with auto save form) - GTC DB App Table

Hi,
I am getting an error when setting up direct provision of a GTC DB App Conn using OIM access policy (and group membership) or through manual provisioning with prepopulate and auto save form.
Manual provisioning with prepopulate ONLY (not with auto save form) WORKS!!!
Some information about my OIM config:
- Prepopulate adapters are set up on both forms (parent and child)
- "Auto prepopulate" and "Auto save form" are set up at Process Definition
- For direct provisioning, I have created an access policy with an associated group which has a membership rule
What it is working:
- Provisioning manually, using prepopulate adapters only, not auto save form. Both tables are updated properly
- All *3 tasks are called and finished with status=Completed*: "System Validation", "Create User" and "Child Table UD_<connector child table name>_US row Inserted"
Testing direct provisioning:
- I have tested adding the resource manually with prepopulate and autosave form configured, and also through access policy/group membership. The error is the same on both tests
- The resource is displayed as provisioned and it is created an entry in the parent table of the resource, but not on child table
- I also observed that only: "System Validation" and "Create User" tasks were executed (status=Completed). But it is missing the task "Child Table UD_<connector child table name>_US row Inserted"
- The error log info displays only an error regarding to UGP table (Groups info) but I am not sure if that is the cause of entry creation on child table.
It seems the SQL stmt tries to get ugp_name (group name) using ugp_key but that has null value.
"SELECT ugp_name FROM ugp WHERE ugp_key=java.sql.SQLSyntaxErrorException: ORA-00936: missing expression"
Note: When testing manually (without auto save form), I got "SELECT ugp_name FROM ugp WHERE ugp_key=1" which it is the same SQL stmt but the value is provided.
My guess:
- It seems that error is aborting the whole execution process so "Child Table UD_<connector child table name>_US row Inserted" task does not run, even though previous tasks are finished with the status=Completed. Consequently, the entry is not created on child table.
Please, any guess or help would be very helpful. In case nothing works, I guess I will have to create and customize a "Update child Form" task as an workaround which would be called after "Create User" task.
Regards,
Hugo
My environment:
- Windows 2003, WebLogic 10.3.0.0, OIM 9.1.0.2 BL4, Oracle 10g, Java 1.6, DB App Table Connector 9.1.0.2 (from October 2009)
- Target Resource: Parent and Child Table (Oracle 10g - the same OIM DB)

An update:
I solved that error about "ORA-00936: missing expression" applying OIM 9.1.0.2 BP05. That was not impacting my issue regarding direct provisioning with auto save form and child form.
So please if anyone can confirm:
- Can I set up prepopulate adapters on child forms AND also use "auto save form" on GTC DB App Table connector?
If not, any suggestion?
Regards
Hugo

What is the mean of using Portal with Role Based security as entry point

Hi Experts we have requirement of integration of Portal and MDM
I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from SAP 4.6c
Please give me the clarity of what is the meanin of second point
Regards
Vijay

Hi
It requires the entire land scape like EP server and MDM server both should be configured in SLD.
Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
Please go through this link
http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
The estimation involves as per your requirement clearly
Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
Regards
Kalyan

How to create business partner with Role : "Loyalty Partner"

Hello,
During the creation of Loyalty Program, we can add loyalty partners which are Business Partners created with Role --> "Loyalty Partner". In standard package I could not see the the Role "Loyalty Partner"
For this role to be available during the creation of Business Partner, does any business functionality needs to be activated or should we create new role "Loyalty Partner" through BDT
Thanks
Ram

Hi Vishal
Thanks for your explanation but I think it has not answered my question fully.
Yes, I do agree that only Loyalty Partners can be added in a Loyalty Program and those are Business Partners.
If you read through my question, I have asked how the system differentiates between Business Partners for example a sold to party and Loyalty Partner. In other words, which part of data in the Business Partner is the one which actually differentiates a Loyal Partner with other Business Partners. I think, just creating a Business Partner with Role --> Loyaly Partner will not serve our purpose.
The BP view is the same and the BP Role category does not contain my customization to differentiate this
Hope you understand what I am trying to say. Please let me know if you have any questions !!
Regards
Ram

Unable to create Business System with role Integration Server

hi Experts,
we are unable to create a BS with role of integration server, its throwing error with internal server 500.
please advise. we do not have any issues while creating TS with role of WEBASABAP.
thanks and regards,
Kesava
Edited by: Prateek Raj Srivastava on Jan 23, 2012 12:13 AM

Hi Kesava,
what is the purpose of creating a business system of type IS? This is automatically done in the post installation by CTC templates. So if the post installation is successfully executed, this should already be there. And if not you should check if the post installation was properly executed and if there where problems analyse why they occured.
The creation of the BS is just one part of the game, so I would highly recommend to execute the hole post configuration via template or follow the help.sap.com and execute it step by step manually in the described order. Otherwise i guess this will not work.
If there where just problems with SLD - please also have a look at SA Note 1117249 - Incomplete Registration of PI components in SLD
best regards,
Markus

OIM 11gR2 provisioning with GTC

Hello,
We are curently implementing Oracle Identity Manager 11gR2, and we are having difficulties with the implementation of the provisioning from OIM to the Target Systems exposed through a webservice on Oracle Service Bus.
We are using the Generic Technology Connectors as a basis of working. And initially we have created a GTC with only reconciliation Transport & Format Providers:
Connector Name TargetSystem1
Transport Provider (Provisioning):
Format Provider (Provisioning):
Transport Provider (Reconciliation): Database Application Tables Reconciliation
Format Provider (Reconciliation): Database Application Tables Reconciliation
We have configured the Process Definition of TargetSystem1 with all the operations (Create User, Update User, Enable User, Disable User, Delete User, etc.) connected with custom Java implementations, that are working just fine is we trigger them form Eclipse. The “Create User” task has only “Required for Completion”, “Allow Cancelation while Pending” and “Allow multiple instances” check boxes set to CHECKED; it also has all the fields in Integration TAB mapped, Responses mapped, but when we create a User in OIM and provision it with an account on the TargetSystem1_GTC Application Instance, the provisioning process in not accessing the “Create User” task to make the provisioning in the target system. The user that we are trying to provision has the account Status set to “Provisioning” and the Account Type set to “Unknown”. We have also checked the logs of OSB, but there is no activity there, because no request from OIM is being received.
After we investigated more closely the Oracle documentation for the Generic Technology Connectors we discovered that if we do not select Transport & Format Providers during the GTC creation, then the corresponding steps are not performed and they are not initialized, thus the provisioning cannot be done. The documentation also states that if we need to create custom providers in order to make the Provisioning with the GTC, but unfortunately we have no knowledge or any examples on how to do such custom providers for the provisioning of Users from OIM on the target systems via the Oracle Service Bus.
We have installed a second GTC with both provisioning and reconciliation Transport & Format Providers:
Connector Name: TargetSystem2
Transport Provider (Provisioning): Web Services
Format Provider (Provisioning): SPML
Transport Provider (Reconciliation): Database Application Tables Reconciliation
Format Provider (Reconciliation): Database Application Tables Reconciliation
The Web Services and SPML options were the only options that we could select from the out of the box connectors that are installed, and we did not find any other connectors in the download section of Oracle for this product, that can accommodate such communication. So, we configured the provisioning accordingly, and modified the “Create User” task from the TargetSystem2_GTC Process Definition, in order to use our custom adaptor instead of the adpTargetSystem2_GTC adapter that was preset when the TargetSystem2_GTC is created. But this does not help us, because the provisioning is not done, and the “Create User” task is not used. The user that we are trying to provision has the account Status set to “Provisioning” and the Account Type set to “Unknown”.
Next we tried to see if the GTC can be used to communicate directly with the OSB, using the Web Services Transport Provider and SPML Format Provider, and we did not make any modifications to the after the normal installation of the TargetSystem2 GTC. In this case the we can see that the OSB is being accessed by OIM, but unfortunately this case does not help us also, because the operations implemented on the OSB webservice have a different structure then the one SPML expects as default:
Caused by: com.thortech.xl.gc.exception.XSDValidationException: The SOAP response does not contain a valid SPML response type. Should be one of these -->addResponse modifyResponse deleteResponse resumeResponse suspendResponse setPasswordResponse
Do you have any suggestion on how to make the provisioning process work?
Edited by: user1717356 on 22.10.2012 03:22

Hi,
I think you need to put this check only for few attributes?
If Yes, then lets suppose you want to have a check for Country Field in Database which once modified by target Admin, then OIM should know.
1) Create one dummy field CountryDummy (Hidden) in OIM TargetProcess form and dont map it to any target attributes. This dummy field will only store values populated from OIM user profile to -> DB Connector Process Form.
2) On success of "Reconcilation Update Recievced", Put a custom process task which does a comparison with "CountryDummy" & "Country" and inform Admin using email notifications that this mismatch has been found.
HTH,
~J

Include Phase for Phase with role task assignment in cProjects

Hi,
When I include a Phase with different tasks and the tasks with Role assignment in to a project, the task-role assignment is not gettting copied.
But when I use a Project template with the same Phase-task-Role task assignments, every thing is getting copied. But for Include phase the task-role assignments are not getting copied.
Can anybody help me how to achieve this functionality?
Thanks and regards,
Jashua

Hi Matthias,
Thank you very much for your reply.
Here I have a question. Because the method ''SET_DEFAULTS_UPON_COPYING' of the class 'CL_DPR_TASK' is being called in the both cases Create project from template and include a phase in to an existing project. So, if I implement the BAdI method I think it would effect both the times. wouldn't it create the role task assignments twice at the time of project creation.
Also please give me some more details about creating the role-task assignments in this BAdI.
Thanks and regards,
Jashua
Edited by: Jashua Andra on Jan 4, 2012 12:42 PM

How to stop ERP Quotation for BP with role Prospect

Hi,
We have implemented cross system transactions from CRM opportunity to ERP Quotation. We create prospects with sales area data in CRM UI. Though in GUI unless the role sold- to party is selected the sales area data tab is not activated, however not in the case of UI. We can assign the sales area even for the prospects. At the same time for prospects we select the R3 account grouping.
The problem is when the account with role prospect with R3 account group and sales area is created I can still create ERP Quotation. How to stop creating the ERP Quotation unless the role Sold-to party is extended to the prospect?
Please help.
Rgds,
Shridhar

Hi Iswari,
If you open the Bdoc "classic" data from tcode SMW01 (that's the yellow button next to the "show error" button) you should see a segment named "CRM_DOC_HEADER". Within this segment I would expect the OBJECT_ID field to be empty when you're attaching a document on a business activity (if that's what you mean by "contact").
If so: you can try to create a simple intelligent publication object with a filter set on OBJECT_ID = ''. Then no Bdoc will be sent when adding an attachment on any business transaction (I suppose), so the Bdoc will probably still be there, but always with a green status and going nowhere.
Regards,
Nicolas Busson

Provisioning EP roles and user groups through CUP

Hello experts,
I am configuring EP provisioning through CUP.
I created the EP connector as per the instructions in the config guide. But I have not added any parameter values or did any field mapping. I have imported necessary Portal roles.
My EP connector is tested successful. But when I try to provision a role through CUP, I get this error:
Error processing your request, Request no: 4 in stage : NEW_AS11.
In the log it shows, Field Mapping is not set for Application (EP)
But when I go to field mapping, I get this error for EP.
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
I could not find much documentation on fieldmapping.
Are there any steps that I am missing for EP provisioning?
Thanks in advance..
Kee

Thanks for your response.
I have set up the parameters while setting up the EP connector in CUP.
My role search URI is correct but I am not sure about the last three parameters...
ASSIGN_GROUPS:OC sapgroup
ASSIGN_ROLES:OC saprole
CHANGE_USER:OC sapuser
CREATE_USER:OC sapuser
CREATE_USER:password password
DELETE_USER:OC sapuser
LOCK_USER:OC sapuser
LOCK_USER:islocked true
RESET_PASSWORD:OC sapuser
RESET_PASSWORD:password password
ROLESEARCH_URI - http://portalserver name:port number/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
ROLESEARCH_URI_USERNAME - same user Id I provided for the connector
ROLESEARCH_URI_PASSWORD See your system administrator for the value.
UNLOCK_USER:OC Sapuser
UNLOCK_USER:islocked false
ROLE_DATA_SOURCE -- ROLE.UME_ROLE_PERSISTENCE.un:   ??? What is the role data source?? Is the value that is provided is correct for the UME roles
SCHEMA_ID SAPprincipals   ?? What does this Schema Id mean???
USER_DATA_SOURCE ???? Should we mention the user data source on the Portal system. In our case, it is the LDAP. But what would be the corresponding parameter value for LDAP.
So when I go to field mapping to create one for EP, I get the following error:
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
Log Details:
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR Error in gettting Field Def
com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
     at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
     at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
     at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
     at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
     ... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
     ... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
     at com.sap.engine.lib.xml.parser.XMLParser.scanAttValue(XMLParser.java:1403)
     at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1577)
     at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1712)
     at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
     at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
     at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
     at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
     at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
     at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
     at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2845)
     at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:231)
     at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
     at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:160)
     at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:261)
     at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
     at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
     ... 31 more
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
com.virsa.ae.core.BOException: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:134)
     at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
     at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
     at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
     ... 22 more
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
     at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
     ... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
     ... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
Appreciate your response.
Thanks
Kee

Provisioning with roles

Similar Messages

Maybe you are looking for