Push SAP passwords to all child systems
Hi,
I use IDM 8.0 to connect a CUA.
Has anybody been able to push IDM password to CUA and all child systems (ECC, BI, SAP Portal, Solution Manager...) ?
I can only change password on the CUA but not on the child systems the users have access to.
When I change a user password in IDM, I can see in SAP logs that the password is changed in the CUA (if the user has access to the CUA, which is not the case for all the users) but instead of changing the user password in the child systems it only try to unlock it (which is useless).
Any help ?
Thanks,
Ben
For your information, looks like it was a bug corrected in IdM 8.0 patch 8.
I didn't try it so I can't confirm it works now.
Ben
Similar Messages
-
CUA and SU10: unexpected deletion in all child systems
Hi,
I am facing with a problem with SU10 and CUA.
I have updated a lot of users with SU10 in CUA. For 20 users in a child system, I first add a new role, everything is fine. Then I perform a remove of a old role (I know that the end date will be changed), everything is fine except for one user. All roles were removed from all systems where the user is defined ! However, when I look in each child systems, it is not the case, the roles are well present except in the child sytem for which I do the remove.
This problem occurs twice, for different users. It is a real problem because we have to adapt a lot of users.
I have reinstalled the 'missing' roles with SCUG and with the change document for users but it can be a workaround because I have discovered this by chance. I can imagine check all users after each run of SU10.
Hope someone can help me.
RegardsHi Olivier,
that sounds like you are facing the problem corrected with sap note #1117530......
The removal shows up only at the next change of a user, the actual deletion of role assignements because of the copy might have happend already some time ago.....
b.rgds, Bernhard -
SAP CUA connector changes password in master system AND child systems?
Please confirm if OIM can change the password in both SAP CUA master and child systems through SAP CUA connector. The connector guide mentions the following parameter can be defined in SAP CUA IT Resource.
Parameter: SAPChangePasswordSystem Flag that accepts the value X or ' '
If the value is X, then the password is changed
only in the master system. If the value is ' ', then
the password is changed in both master and child
systems.
This parameter is used by the Reset
Password function.
Thanks!Hi,
1) You can use report RSCCUSND to distribute users from CUA to child client. Check section "Sending User Master Data to a Child System" in [CUA cookbook|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/fe4f76cc-0601-0010-55a3-c4a1ab8397b1?quicklink=index&overridelayout=true].
2) if the user account has not been synced to CUA then you should be able to delete it in child system. The button should be displayed for unsynced users. You can use transaction SCUG to sync users between new child system and CUA. Check section "Transfering Users from New System" in [CUA cookbook|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/fe4f76cc-0601-0010-55a3-c4a1ab8397b1?quicklink=index&overridelayout=true].
Cheers -
Pushing password to all managed resources - OIM 11g R2
I have a multiple resources I'm managing in OIM. We have AD authentication enabled for user's to log into OIM. When a user changes the password, I would like to change it in all resources. I'm planning on having an event handler to push the password to all resources. Is there another way to do this?
When a user is changing his/her own password, they have an option to select the resource they want to change the password. Is there a way to hide those other resources from the drop-down? So the drop-down will only have Oracle Identity Manager.found an answer at OIM11gr2 change password
-
User roles un-assigned in CUA but acces in child system is ok
hi
i am have a really weird issue. a user who has access in roles in child clients, suddenly his roles disappeared from CUA. it did not effect access in child systems. any suggestions how to investigate this.
thanksDid you click the Naughty Button in SCUL? Check OSS Note 1074552...
Could also be a cause of failing idocs.
Regards,
Trond
PS: The above note is for cases where users loose their visible role assignments in CUA, although roles remain assigned in the child system(s), not for cases where role assignments from CUA never trickles through to the child systems. The mentioned OSS note is a direct result of a case worked on by yours truly in 2007. I include below a warning I posted on sapfans about the issue:
Word of warning: RSUSR_CUA_CLEANUP_USZBVSYS is faulty!!!
The program RSUSR_CUA_CLEANUP_USZBVSYS is available as a standard SAP program from at least version 6.20. It can be run from SE38/SA38 or launched from a pushbutton (far right) on the "results" screen of transaction SCUL.
The program is intended to delete "obsolete" entries from table USZBVSYS, which contains log entries for assigned child systems in a CUA environment. The program is run in the main CUA system, and supposedly deletes entries for systems where users no longer have access.
There is a serious problem with the program, as acknowledged and confirmed by SAP in an OSS note I opened a few days ago. Under certain circumstances (more than 500 entries for any child system in the CUA landscape), the program wipes clean the whole table, instead of just the obsolete entries.
The consequences are dire. Table USZBVSYS is used for several fundamental CUA functions, such as remote password reset from the CUA master system. After the wipe, executing SU01 and attempting to reset a users password in a child system will no longer work. The assigned child systems are no longer visible in the reset password pop-up (nor anywhere else in SU01, including the Roles tab). You'll have to edit the user via SU01, and click on the annoying pop-up showing "new system assigned to user" for each system where the user has access...
The only way to fix the issue is to re-run SCUG for all systems in the CUA landscape. We had to do this across 6 CUA's, each containing 30+ child systems/clients and 10000+ users, which was very time-consuming and annoying. Also, there seems to be cases where roles have been wiped out from users on the CUA master systems, possibly due to consequences of the empty USZBVSYS table.
SAP has conceeded the program is faulty, and have proposed a new version (note 1074551). Without applying this correction, the program should NOT be run.
Note that users can still log in to and work in the child systems, it's just the "visibility" from the CUA master system which is missing. Tables USLA04/USL04 are still intact.
Just wanted to warn the community; we've spent some considerable time discussing with SAP and rectifying the mess created by RSUSR_CUA_CLEANUP_USZBVSYS...
Edited by: Trond Stroemme on Aug 5, 2008 3:03 PM -
Hi,
I have configured CUA in System ABC as Central System
System XYZ is the child system
The user TEST exist in both Child and Central System. Hence i have done a transfer of User TEST from child to Central System
Please let me know the following
1. After the transfer, the user is also present in Child System , Please let me know whether this is usual
2. As per my understanding, i should use the same Password in CUA System to login to all child systems. Please confirmHi,
CUA is only for user administration of all the systems from one system. Yes once you change the password of the child system from a central system it is automatically distributed to the child system.
Please check with the link below for better understanding:
http://help.sap.com/saphelp_nw04s/helpdata/en/fa/0ec43b5d091b3de10000000a114084/frameset.htm
Regards,
Pavan -
Hi,
Is there any way that I can see the roles in all child systems from CUA ? I cant use USLA04 table as it is a new role and no users are assigned.
Thanks in advance.
Regards,
SubhaHi Colleen,
I have related same question like,
I want to get child-parent relationship for roles and profiles across the SAP CUA system.
there we like to get the list of assigned roles to user, type of role and the subsystem on which it is residing.
Same like we can get through BAPI_USER_ACTGROUPS_ASSIGN
From the table USRSYSPRF we can get similar information for profile but I also want same for roles. -
To get the logical system names of all the child systems in a CUA envirnmnt
Hi Gurus ,
Is there any table where we can find the logical system names of all the child sytems in a CUA environment .
This is for a requirement that i need to develop an automated process where we can reset the password of all the child system in a CUA environemt when requested by the user at once .
I found some tables such as V_TBDLS , but they do not contain the exact information what i need .
Thanks in advance ,
Harshit RungtaHi,
You are in the right track. BD54 will show you the logical system name for all the existed systems in CUA.
Else you can also go to your CUA system and execute t-code SALE --> Basic Setting --->Logical Systems ---> Assign logical system to client -
> Display details
here you can see logical system names for all the clients assigned to CUA.
Thanks,
Deb -
Password reset on all target systems + how to find mskeyvalue from store?
Hi All
As per the below link for password reset
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/00d69428-cc00-2c10-9ca5-b4f607bbbddf&overridelayout=true , I am able to reset the password of the user id in ume of IDM AS java server. However this document does not explain how the password reset functionality will change the password on all connected target system. For example, When I reset the password from IDM interface, the password of all my user ids in other target systems like ERP, Portal, Exchange, AD etc should change. But these information is not available on this document. Please advice how we can can configure these steps.
Also how we can find the mskeyvalue of a user in identity store exactly? . If we need to run the sql query, can you please give the exact SQL query you need to use ?
Thank you.Hi Sahad,
just for your question about the sql statement:
select attrname, aValue from mxiv_sentries where attrname = 'MSKEYVALUE' and aValue like '%<Search string>%' and IS_ID = <number of your IS_ID>.
This statement should display only one User if you have changed the placeholders.
I'm not sure, whether this helps or not. If not, please give me some more details.
Kind regards,
Achim Heinekamp -
SAP Password Reset for user opted system / client
Hello, we have a requirement where the user will log on using LDAP and go to the portal and from the web page opt to reset the system and client where he/she wants to reset to his specified password using CUA. This is similar to as specified in
www.microsoft-sap.com/pdf/Password_Reset.pdf
Problem is : Is there a way to reset the corresponding (non production) systems password as done in SU01 through abap. creating a bdc recording of su01 and running does not seem to work. Nor does SUSR_USER_CHANGE_PASSWORD_RFC as the user does not know his current password. Any solution / way out by BAPI calls (maybe) along with their sequence info would be appreciated.Surpreet,
I tried that. But this happens : The function executes successfully with status 0 and message as User xxxx has been changed but when that user tries to logon with that password then it fails meaning it really did not change . This happens for all destination systems other than current logon system.
Question: is there another process to synchronize the change or commit i have to run/ call. I thought SAP took care of it automatically. -
How to get the list of roles assigned to a user in all the child systems
how to get the list of roles assigned to a user in all the child systems from CUA SYSTEM
Try transaction SUIM in your CUA system. Go to user, cross-system information, users by roles. If you run it wide open, you'll get all users and all roles assigned for all systems managed in your CUA.
Krysta -
I ERASEd WINDOWS. I want to re-install it and before, i'd'like to re-install all the system (10.6.7). But that seems to be impossible. When i try to turn on with the softare and pushing "c", blind screen. When i turn on it normaly, and put the disc after, the process begins and stops 5 minutes after. The computer turns off. Has someone an idea to help me ? Thanks by advance.
ZachThank you for your answer.
And...Yes, i did : i inserted the install disc and started up holding the C key. Many time. But each time, the logo of install disc appeared during ten minutes and then, during the installation, he disappeared suddenly with no reason. And in the same time the computer turn off.
The beginning of the storry : my son made long time ago (a year) the partition between Mac and Windows. Everything was fine.
Recently, He decided to give more memory space to windows.
He could do that directly (perhaps, was there a way but he did'nt know it)
For this reason, he decided to desinstall Windows in a first step before reinstalling it.
But before doing this, he decided to re install all the system, like for cleaning his computer...and then, since, it's a big mess.
You know everythin now.
Could you help us ?
Thanks by advance. -
I set a restriction password to my child's iphone 3gs and have forgotten it. Is there any way to recover it? And if I do an update will that delete password? This is all new to me so thanks in advance!
raider1990 wrote:
I set a restriction password to my child's iphone 3gs and have forgotten it. Is there any way to recover it?
No.
And if I do an update will that delete password?
No. To remove a forgotten restrictions passcode requires restoring the device as "New" in iTunes, NOT from backup. -
New role in CUA user record not getting pushed to child system
I added a new child system to our CUA setup. I've confirmed that the RFC connections from both sides are working properly (test connection succeeds) and I've successfully completed the user transfer function in SCUG. All exisitng roles assigned to the users in the child system are now appearing in the CUA central system as expected. I added a new role to a user via SU01 in the central system to this child system, but when I go to the child system, it does not appear in the user's SU01 record. Any ideas why this would not be syncing properly?
Thanks,
MichaelHi,
Whenever you create a new role in child system, it has to be sync up with the central system.
To sync up with the central system, login to central system goto su01>enter any user name>go to roles tab- click on Text comparision from chiled system. Its navigate to another screen, there you have to mention the child system and click on execute. it syncs up with child sytem. Hope it will help you out to resolve the issue.
If still you are getting the same issue login to the central system.. goto SE38-- enter the program name as "RSCCUSND" and click on execute there mention the user name and the logical system id of the Child system name, select the parameters which you wanted to distribute to child system and execute it.
Best Regards
Mani -
How to delete users in the child systems with CUA?
Hi All,
We have:
1. My SAP ERP 2005 (ECC 6.0)+ Windows 64bit + Oracle 10
2. EP 7.0 + Windows 64bit + Oracle 10
3. BI 7.0 + Windows 64bit + Oracle 10
4. Solution Manager 4.0 (CUA)
We managed all our QA and DEV users in ECC, EP using CUA from the Solution Manager server (Productive servers and all the BI 7.0 System Landscape aren't in the CUA).
My problem is when i want to delete a user. Sometimes if you delete a user in the solution manager (where the CUA is defined) the user still exists in the Child Systems. In fact you can see it with the SU01 only in the child system. I guess the idea is that if you delete the user in the CUA them the user is delete in the child system.
I found this information in the SAP Help:
As well as the authorizations already mentioned, you also need another authorization in the central system for object S_USER_SYS. You can only assign new systems to a new user with this authorization. ( No Problem with this )
When a user is deleted in the central system, the system entry for the user is retained until the deletion is confirmed. If an error occurs, you can repeat the deletion by canceling the system (in the child system).
What does mean: deletion is confirmed?
Best Regards,
Erick IlarrazaHi, thanks a lot for your reply.
We used the SAP Transaction SCUG to solve CUA Problem.
It is something about the refresh of the user in the Parent / Child systems, you need to Re-Refresh users and delete it again.
Best Regrads,
Erick Ilarraza
Maybe you are looking for
-
I bought 3 iPhone 4s and each should have 5gb of cloud. I want to only use my one iTunes ID. How can I get this storage space increased to the 15 GB?
-
I'm running Snow Leopard 10.6.8. I have the latest version of Firefox 5.0. I'm over Apple's Safari, and I'd like to transfer my bookmarks into Firefox. I've gone through your help and support section and found an article that could help me. However,
-
My book mark bar constantly asks me to refresh
My mac book pro continually brings up the refresh icon in the bookmark bar no matter how many times I refresh, has any one any suggestions?
-
Is it possible to add VAT (TAX) in the order form and discount codes ?
Is it possible to add VAT (TAX) in the order form and discount codes ?
-
RV042G port/bandwidth configuration
Hi, I'm in the process of setting up my new router to help me managing internet connections for various devices, but I'm not sure I fully understand what to configure where. What I want is essentially this: all machines in the household (>10) should