RBAC with OIM/OIA - Best practice

Similar Messages

• SOLMAN with India Baseline Best Practice solution

  Hello,
  With India Baseline best practice solutin route, you need to go-thru the activation process which creates the configuration objects for the selected scenarios. How can i integrate this process with SOLMAN in place as I understand in SOLMAN base project implementation we need to create a project & do the configuration via SOLMAN for individual nodes.
  Regards,
  Manish.

  Hi,
  Our current solution is to have to NICs and have both connect to the server. They then have 2 different IPs and we have the DHCP give out the IP as the gateway. The only problem with that is that we cannot control the automated change of gateway IP if the
  main connection fails. 
  We are also willing to look into other hardware solutions that could control this.
  Regards,
  Rudi

• Working with many sequences- best practice

  Hi.
  I´ve just started using Adobe Premiere CS6. My goal is to create a 2 hour long movie, based on 30 hours of raw gopro footage recorded on a recent vacation.
  Now my question is, what is the best practice for working with so many sequences/movie clips?
  Do you have one heavy project file, with all the clips?
  Or do you make small chapters that contains x number of sequences/is x minutes long, and in the end combine all these?
  Or how would you do it the best way, so its easiest to work with?
  Thanks alot for your help.
  Kind regards,
  Lars

  I'll answer your second question first, as it's more relevant to the topic.
  You should export in the very highest quality you can based on what you started with.
  The exception to this is if you have some end medium in mind. For example, it would be best to export 30 FPS if you are going to upload it to YouTube.
  On the other hand, if you just want it as a video file on your computer, you should export it as 50 FPS because that retains the smooth, higher framerate.
  Also, if you are making slow-motion scenes with that higher framerate, then export at the lowest framerate (for example, if you slow down a scene to 50% speed, your export should be at 25 FPS).
  About my computer:
  It was for both, but I built it more with gaming in mind as I wasn't as heavily into editing then as I am now.
  Now, I am upgrading components based on the editing performance gains I could get rather than gaming performance gains.

• SD EDI with many partners / best practice

  I need some input on how best to approach a large EDI project.
  We will be accepting orders from about 80 customers.  Each one will be drop-shipping products from our warehouse to their customers.  I've set up the config for one location to take advatange of the EDPAR ext/int customer conversion table.  The IDOC uses the sold-to party as the KU type partner profile name (ex. 237661) which allows me to use the EDPAR conversion.  I'm able to get the IDOC processed now through to the finished order.
  Question:  How do I scale this?  Is this the best way to handle 80 partners?  If so, I will have to have one EDI translation per sold-to.  Should we really be hard-coding a sold-to account# as the partner profile name at the EDI translation level or is there a more generic way to handle this?
  It seems like there should be a way to say the partner profile for this customer group is EDIGRP01 and then use the incoming sold-to (ext. customer#) to determine which IDOC partner profile to use OR use user-exits to make that logic happen.  I want to use the configurable best practices here but it sure seems like a lot of work with hard-coded account#'s to boot.
  Thank you for your thoughts.

  Reynolds, the partner profiles are to identify the message type and process code and then function module to post the idocs. These partner numbers will not be used anywhere else. for creating sales orders you need sales area ,sold to and shipto numbers,and material numbers.
     These three values will be converted using the EDPAR and customer material info records.
      Could you please explain why the validation for customer number is required?
  If you really need the customer validation sales order creation automatically do when determining the sales area or material number.
  I question for you. what configuration you did for automatic conversion of external partner numbers into internal customer numbers? does this is used for outbound
  idocs as well? i am doing some outbound messages for orderacknowledgment.
  where i need the external partner numbers to be passed in idoc and edu message.
  but the automatic translation is not taking place? this is also not happening for inbound also for me? Could you please tell what i am missing?
  Please mail me at [email protected]
  Thanks for the help.
  Regards,
  Praveen

• OIM 11g - Best Practices

  Hello,
  a customer of us, want to use one OIM as production and quality environment. From my point of view a big mistake. I recommened to build a separate environment.
  Are there any best practices documentation from oracle, where is described to seperate the environments (development, test, quality, production,...)?
  Thanks

  An enterprise deployment guide discusses Oracle best practices blueprint based on proven Oracle high-availability technologies and recommendations for Oracle Fusion Middleware.
  Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 2 (11.1.2.1) - …

• Dealing with complex rules - best practice?

  hello,
  I am currently involved in a project to develop BRFplus rules for a new social security benefit.
  some ofd the legislation is complex. for example:
  if ( A = true) AND ( (B = true) OR (C = true) OR (D = true) OR ( (E = true) AND (F= true)) ) then
     Result = true
  Else
     Result = false
  Endif
  My question is, what is the best/most efficient way of developing this rule?
  is it to develop one rule with a very complex condition?
  what are the alternative/preffered approaches?
  Thanx in advance.

  You can create "named" rules for each sub-rule (the condition A, B, C,...) and then use them in a master rule. This would improve the readability and hence maintenance by breaking the complexity down into simpler modules and would also let you re-use the sub-rules at other places.

• OIM 10g: Best practice for updating OIM user status from target recon?

  We have a requirement, where we need to trigger one or more updates to the OIM user record (including status) based on values pulled in from a target resource recon from an LDAP. For example, if an LDAP attribute "disable-flag=123456" then we want to disable the OIM user. Other LDAP attributes may trigger other OIM user attribute changes.
  I think I need to write a custom adapter to handle "recon insert received" and "recon update received" events from the target recon, but wanted to check with the community to see if this was the right approach. Would post-insert/post-update event handlers be a better choice?

  Thanks Nishith. That's along the lines of what I was thinking. The only issue in my case is that I might need to update additional custom attributes on the OIM User in addition to enable/disable. Because of that requirement, my thought was to call the API directly from my task adapter to do the attribute updates in addition to the enable/disable. Does this seem like a sound approach?

• Use both iPhoto and Aperture with one library-best practice?

  I'd like to use both iPhoto and Aperture, but have both programs use/update just one photo library.  I have the latest versions of both programs, but was wondering if the optimum approach would be to:
  a)point Aperture to the existing iPhoto library and use that as the library for both programs
  or
  b)import the entire iPhoto library into a new Aperture library, delete the iPhoto library, and point iPhoto to use the Aperture library.
  I should point out that up to now I've been using iPhoto exclusively, and have close to 20K photos in the iPhoto library, tagged with Faces, organized into various albums, etc; if that makes a difference...
  Appreciate any advice!
  Thanks,
  Dave

  Thanks Frank!  I'll try it that way.
  Appreciate the help!

• Best practice in gallerys

  we are making a gallery that will have thumbnails and larger
  images....simple click the thumb, and the focus goes to it's larger
  counterpart. When the large image loads, the thumbs follow. The
  question is, should we load thumbnails from another image(ie , much
  smaller images, scaled less than 75px) or duplicate the large image
  to a thumbnail size....what are the pros/cons? Makes sense that
  scaling down the big one would be pretty fast as it is already
  loaded...but would it not be heavy resource user?
  we are using cs3

  Hi,
  Others will have different ideas that are probably more useful, but I personally like "green field" opportunities like you're describing.
  One thing you have to figure out is what technology you want to develop and maintain your components in. Once built, they can be exposed as web services, Java POJOs, EJBs, .NET assemblies and databases which Oracle BPM can consume. Pick a technology that your team is most comfortable with.
  A best practice preference would be to use a Service Bus as the intermediary layer between Oracle BPM and the components consumed if you own one. If you don't, Oracle BPM will need to consume the components directly.
  I'd use Oracle BPM for what it was intended for. Sometimes I see the architecture "flipped" where the customer wants a third party UI to drive instances through the process via the API. While this will work, it's a lot of extra work to rebuild what Oracle BPM does a good job of OOTB.
  Dan

• Best practice for application help for a custom screen?

  Hi,
  The system is Netweaver 7.0 SP 15 with e-recruiting .
  We have some custom SAP GUI transactions and have written Word documents with screen prints and explanations. I would like to make the procedure document accessible from the custom transaction or at least provide custom help text that includes a link to the full documents.
  Can anyone help me out with options and best practices for providing customized application help for custom SAP GUI transactions?
  Thanks,
  Margaret

  Hello Margaret,
  sorry I though you might be still in a design or proof of concept phase where the decision for the technology is still adjustable.
  If the implementation is already done things change of course. The standard in-system documentation is surely not fitting your needs as including screenshots won't work well.
  I would solve the task the following way:
  I'd make a web or pdf document out of the word document and put it on a web ressource - as you run e-recruiting you have probably the possibility for that.
  I would then just put a button into the transaction an open a web container to show the document.
  I am not sure if this solution really qualifies as "best practise" but SAP does the same if you call the Help for application in the help menue. This is implemented in function module SAPGUIHC_OPEN_HELP_CENTER. I'd just copy it, throw out what I do not need and hard code the url to call.
  Perhaps someone could offer a better solution but I think this works a t least without exxagerated costs.
  Kind Regards
  Roman

• SAP BI4 SP2 Patch 7 Webi Connection to BW Best Practice

  We are working with the version 4.0 SP 2 patch 7 of  BI4 and developing some reports with WEBI and we are wondering about wich is the best method to access to BW Data.
  At the moment we are using BICS because read in no few places that this is the best method to consume BW DATA cause have improvements is perforance, hierarchies, etc, but i don't know if this is really true.
  Are BICS the best method to access to BW Data, this is the way recomended by SAP?
  In the fillter panel of a webi document, we cant use "OR" clause, is not possible use this clause????
  When we working with hierarchies and change the hierarchy for the dimension value or viceversa the report throw an error of AnwserPromts API (30270)
  When we working with BEX queries containning variables and try to merge that variable with a Report Prompt(From another query) , and execute the queries shows an error indicating that one prompt has no value.
  (fAnyone experienced this problems too? anyone find out a solutions to this issues?
  Best Regards
  Martin.

  Hi Martin
  In BI 4.0 BICS is the method to access BW not universes.  .UNV based on BW are there for legacy.
  Please look at this forum ticket with links on Best practices BI 4.0 - BW and if you do a search in SDN you can find many tickets on this topic.
  How to access BEx directly in WEBI 4.0
  Regards
  Federica

• Best practice in database

  Dan
  I would appreciate help with the following query:
  The best practice in the development and deployment in the use of database is:
  1. Creating a resource external SQL database. If positive, indicates that when the DataSource is created in the WebLogic Server.
  2. Create a remote JDBC.
  Thanks and Best Regards,

  Hi,
  Others will have different ideas that are probably more useful, but I personally like "green field" opportunities like you're describing.
  One thing you have to figure out is what technology you want to develop and maintain your components in. Once built, they can be exposed as web services, Java POJOs, EJBs, .NET assemblies and databases which Oracle BPM can consume. Pick a technology that your team is most comfortable with.
  A best practice preference would be to use a Service Bus as the intermediary layer between Oracle BPM and the components consumed if you own one. If you don't, Oracle BPM will need to consume the components directly.
  I'd use Oracle BPM for what it was intended for. Sometimes I see the architecture "flipped" where the customer wants a third party UI to drive instances through the process via the API. While this will work, it's a lot of extra work to rebuild what Oracle BPM does a good job of OOTB.
  Dan

• Webaccess Domain Best Practice

  With GroupWise 8, best practice was to put the Webaccess domain on the same server as Webaccess. While designing our GW 2014 system security is much more important. In efforts to make GroupWise more secure, I don't think I like the idea any longer putting a secondary domain on a host that has direct internet access.
  What are other people doing?

  Thanks
  >>> On 2/2/2015 at 3:56 PM, magic31<[email protected]> wrote:
  kwhite;2345909 Wrote:
  > With GroupWise 8, best practice was to put the Webaccess domain on the
  > same server as Webaccess. While designing our GW 2014 system security
  > is much more important. In efforts to make GroupWise more secure, I
  > don't think I like the idea any longer putting a secondary domain on a
  > host that has direct internet access.
  >
  > What are other people doing?
  In short, no need for a secondary domain on the WebAccess server. I
  haven't done so since GroupWise 2012. As a note, it was not a necessity
  with GroupWise 8 and lower, as you could install the WebAccess agent on
  a server that was running on the LAN, and only install the
  WebApplication on the server in the DMZ.
  One main thing that has changed with WebAccess, as of GroupWise 2012, is
  that the WebAccess application doesn't make use of gwinter anymore
  (meaning there's no more Web Access agent component in 2012 and 2014).
  It's now a standalone (client) component that talks directly to the
  POA(s).
  So all you need is a SLES or Windows server in the DMZ and install and
  configure the WebAccess component on that.
  There are also no more eDir counterparts for WebAccess. All that is
  needed is a port opened to the POA's (for SOAP, which defaults to 7191)
  and since 2014 also port 8500 needs to be opened from POA(s) to the
  server running WebAccess. 8500 is needed for the auto refresh
  functionality that's new in WebAccess 2014.
  Cheers,
  Willem
  Knowledge Partner (voluntary sysop)
  magic31's Profile: https://forums.novell.com/member.php?userid=2303
  View this thread: https://forums.novell.com/showthread.php?t=481627

• Best Practices - VMware ESX 4.0 in a Cisco Environment?

  Hello,
  I'm presently designing a VMware ESX 4.0 deployment and integrating it with our Cisco environment.  I've found the following document:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/vmware/VMware.html "VMware Infrastructure 3 in a Cisco Network Environment" and I was just wondering if there was a newer document applicable to ESX 4.x or if these best practices still applied?
  I'm particularly interested in proper vlan design for the various port-groups with in ESX and etherchannel configuration between ESX hosts and Cisco switches.
  Thanks,
  Rob

  Well, in that this is a Storage group, I'll answer froma storage noetworking point of view.
  ESX hosts are no different to any other host,  Just stick with the standard best practice of single initiator zoning and you'll be fine.
  As a slight aside, from an array point of view, I've tended to configure all the pWWN's of the whole cluster into one "host" definition, as this makes LUN mapping easier.
  Steven

• SAP Best Practices for Poultry & Agriculture Business

  Hi All,
  Hope you all are doing fine. This is to update you that I am presently handling an SAP end-end ECC 6.0 implementation project for Poultry & Agriculture business. Would appreciate sharing with me if there are any best practices for Poultry & Agriculture businesses. If not, please share with me the best practice which can be applied suitably to our industry. BTW, this implementation project is getting executed in Saudi Arabia.
  Thanks in advance for your valuable attention and immediate response.
  Regards,
  Ashfaq

  Hi,
  Welcome to SDN!
  SAP Best Practice Guide for Dairy:
  http://help.sap.com/bp_bblibrary/500/html/G90_EN_UK.htm
  http://help.sap.com/bp_bblibrary/500/html/G91_EN_UK.htm
  http://help.sap.com/bp_bblibrary/500/html/G95_EN_UK.htm
  http://help.sap.com/bp_bblibrary/500/html/G97_EN_UK.htm
  http://help.sap.com/bp_bblibrary/500/html/GF1_EN_UK.htm
  Could not find one for Saudi Arabia. Hence, sending you UK links.
  Regards,
  Naveen.