Re-assign a different role to a lot of users

Similar Messages

• Stopping of assignment of duplicate role in SU01 and same user in PFCG.

  Hello Experts,
  I have a requirement, wherein I have to restrict assignment of duplicate roles in the user master (SU01) also I should not be able to assign same users twice in the user tab in PFCG.
  Please advise...Thanks in advance.
  Best Regds,
  Suyog Chakot...

  Hi Suyog,
  There are two ways to do it:
  1 - PRGN_COMPRESS_TIMES
  2 - SSM_CUST .
  PRGN_COMPRESS_TIMES has its own limitation, it works perfect in Non-CUA landscape while have lot of issues in R/3 CUA landscape.
  SSM_CUST is universal and I guess it can be used in al landscape. CUA as well as NON CUA. Let us know if you need any more information on this.
  Just search with these two key words and I am sure you will get your reply.
  Edited by: sap.sec.akshay on Dec 30, 2009 6:55 PM

• Assigning a different inspection plan to an inspection lot

  Hi,
  I have a situation where the incorrect inspection plan is assigned to an inspection lot. Is there any mechanism to assign a different inspection plan to an inspection lot i.e. without having to reverse a goods receipt.
  Regards,

  >
  Shyamal Joshi wrote:
  > Hi Kaushal,
  >
  > There are more than one reason for this error. Check the followings.
  >
  > - The key date for inspection lot should be later than the key date for the inspection plan, later then the date when you assigned the material to the plan.
  > - The usage of lot and inspection plan should be same.
  > - The status of inspection plan must be released.
  >
  > Regards,
  > Shyamal
  Why are you not checking these things I am sure the reason would be there only. If dont wana check it is your wish. Any ways best of luck

• Assigning a different mask for the same role

  Hi All,
    I have two users user1 and user2 are created in MDM and each assigned to the same role say role1.
  My requirement is user1 should get data of catagory 1 where as user2 should get all the main data in MDM.This catagory 1 is part of the main data.
  For this scenario i have created a mask say for example  catagory1_mask for catagory1 data and assigned this mask to the role role1 where user1 and user2 are being assigned to this role.
    And i have one more mask all_mask for user2 where i have assigned all the records of the main table to this mask. So when user2 logs into the MDM he would get all the data in MDM.
  If i assign this all_mask to the role1 user1 cal also access the whole data including user2. But as per the rqmt user1 should not access the whole data but have to access only catgory1 data.
  Can anybody advice me how can i assign a different masks to a one role when 2 users have been assigned the same role?
  Regards
  Sireesha.

  Hi Jitesh,
    I am getting one issue after creating duplicate role in portal.
  As u know i have created 2 duplicate roles for user1 and user2. Before creating the duplicate role i was able to see the user1 and user2 in the SRM MDM UI page of general tab.
     After creating the duplicate roles for these users am not getting the user1 and user2 in the User dropdown field of MDM UI screen...
  Is this bcoz of creating duplicate role?
  How can i get the user1 and user2 here?
  Please advice me...
  Regards
  Sireesha.

• Urgent ! Assigning (or Linking ) the same workbook into two different roles

  Hi Gurus,
  Coul you tell how to link the same workbook to two different roles.
  I am assigning the same workbook to two different roles, but in the second role the workbook is displaying with different structure than in the first role. I want the workbook should be displayed with same structure in both the roles.
  This is Urgernt.
  Thanks in advance.
  Best regards
  Hari

  Hello hari,
  Both the roles should diplay the same layout for a single workbook.
  please ensure that both the users(with these 2 roles) have similar (all the other)authorisations.
  it's possible that one of the users may have further restrictions in authorisations. check out for z-authorisation objects if any.
  hope it helps..
  thanks,
  (*Don't forget to Assign points on SDN)

• Can not assign ONE PFCG ROLE TO DIFFERENT ROLES

  Hi
  First I created a new Conf Key then I created a new NAV BAR by coying the standard Makrting and Sales PRO Nav Bar.
  Then I am trying to create a new buiness role( lets say ZMARKETING PRO) by copying the standard Marketing role and assigned my own created NAV BAR and Con KEY.
  I am facing an error
  " YOU CAN NOT ASSIGN ONE PFCG ROLE TO DIFFERENT ROLES"
  Just want to know the background of this error. Any help would be appreciated and points would be rewarded

  Hello Sajjid,
  Sorry we are not aware of the terminology used in your organization.
  Can you be more specific:
  are you doing Role Release,
  Org Filter changes or creating CHILD (derived) role
  Please generalise your problem.
  Regards,
  Surpreet

• Different role types. Was: "Hi sap gurus"

  define and differentiate the following types of roles
  1.single role
  2.composite role
  3.derived role
  4.child role
  5.parent role
  Message was edited by: Moderator
  Please use meaningfull thread subject titles.

  Hi
  There are 5 types of Roles:
  1)     Single Role.
  2)     Composite Role. (Max 164 Single Roles can be attached to one Composite Role)
  3)     Derived Roles.
  4)     Orphans Role.
  5)     Reference Roles.
  <b>Composite roles </b>
  A composite role is a container with several different roles. For reasons of clarity, it does not make sense and is therefore not allowed to add composite roles to composite roles. Composite roles are also called roles.
  Composite roles do not contain authorization data. If you want to change the authorizations (that are represented by a composite role), you must maintain the data for each role of the composite role. Creating composite roles makes sense if some of your employees need authorizations from several roles. Instead of adding each user separately to each role required, you can set up a composite role and assign the users to that group. The users assigned to a composite role are automatically assigned to the corresponding (elementary) roles during comparison.
  The menu tree of a composite role is, in the simplest case, a combination of the menus of the roles contained. When you create a new composite role, the initial menu tree is empty at first. You can set up the menu tree by choosing Read menu to add the menus of all roles included. This merging may lead to certain menu items being listed more than once. For example, a transaction or path contained in role 1 and role 2 would appear twice. If the set of roles contained in a composite role changes, the menu tree is also affected. In such a case, you can completely rebuild the menu tree or process only the changes. If you choose the latter option, the Profile Generator removes all items from the menu, which are not contained in any of the roles referenced. It is possible (and often necessary) to change the menu of a composite role at any time. You adjust these menus in the same way as the menus for roles.
  <b>Derived roles </b>
  Derived roles refer to roles that already exist.  The derived roles inherit the menu structure and the functions included (transactions, reports, Web links, and so on) from the role referenced.  A role can only inherit menus and functions if no transaction codes have been assigned to it before.
  The higher-level role passes on its authorizations to the derived role as default values, which can be changed afterwards.  Organizational level definitions are not passed on. They must be created anew in the inheriting role. User assignments are not passed on either. Derived roles are an elegant way of maintaining roles that do not differ in their functionality (identical menus and identical transactions) but have different characteristics with regard to the organizational level.
  The menus passed on cannot be changed in the derived roles.  Menu maintenance takes place exclusively in the role that passes on its values. Any changes immediately affect all inheriting roles. You can remove the inheritance relationship, but afterwards the inheriting role is treated like any other normal role. Once a relationship is removed, it cannot be established again.
  In real time scenario Roles and Authorizations are primarily based on Company codes in many cases and in some scenarios are also based on Cost centers or divisions etc. IN such scenario, a Master role is created and many child roles are created with relevant Organizational levels added to the same. So any change to the master role would be drilled down to Child roles and hence it would avoid a lot of Maintenance overhead.
  E.g.: Master Role -- Z_SAP_FI_BUYER_000
  Child Role1 -- Z_SAP_FI_BUYER_CC1
  Child Role 2 -- Z_SAP_FI_BUYER_CC2
  Child Role 3 -- Z_SAP_FI_BUYER_CC3
  <b>Orphans Role</b>
  Orphans Roles are Stand-alone roles and are many a times required for IS uses/. So a System Admin role, a Security Auditor role and many other special roles mainly not used in Business side are created as ORPHANS. This role limits the user to a particular organization.
  <b>Reference Role</b>
  They are SAP standard Roles.
  Reward points if helpful

• No authorization" if several authorizations assigned through differen roles

  Dear all,
  I have a strange issue within BI auth analysis (SAP NW 2004's).
  Context: I have a cube with 3 characteristics auth relevant:
  Country
  Report Unit
  Business area
  Let's take the example I had this week with my end-user:
  - I built a set of BI analysis in RSECADMIN
  - Each BI analysis was assigned to a single PFCG role through S_RS_AUTH auth Object.
  - Roles are assigned to end-users via SU01.
  My End-user has 3 roles, so 3 BI analysis assigned with the following values:
  The 3 BI analysis contain
  0TCAACTVT ==> CP    *
  0TCAIPROV ==> CP   H5*
  0TCAVALID ==>  CP     *
  Role1 provides BI analys 1:
  Country           = LB
  Report Unit      = 00556LB0001
  Business area  = 0001
  Role2 provides BI analys 2:
  Country           = JO
  Report Unit      = 39835JO0001
  Business area  = 0001
  Role3 provides BI analys 3:
  Country           = SY
  Report Unit      = 39835SY0001
  Business area  = 0001
  The 3 auth variables were correctly set within the query as follows:
     ==> Variable represents = "Multiple single value"
     ==> Variable is "Optional"
     ==> Ready for input
  After having ran his query, my end-user has a "you do not have sufficient authorization" message
  This is a sample of what is checked by the system (just for JO country as an example)
  SQL Format:
  /BIC/H5COUNTRY = 'JO'
  AND /BIC/H5GESBER = '0001'
  AND /BIC/H5REPUNIT IN ('00556LB0001','39835SY0001')
  AND TCAACTVT = '03'
  OR /BIC/H5COUNTRY IN ('LB','SY')
  AND /BIC/H5GESBER = '0001'
  AND /BIC/H5REPUNIT IN ('00556LB0001','39835JO0001','39835SY0001')
  AND TCAACTVT = '03'
  I have the impression that the system does not read globally what the user has in his auth buffer but only roles separately.
  I found the following OSS note 1244127 ("No authorization" when a user has several authorizations).
  This note is valid from October 1st 2008 !!!!
  I applied it but infortunately the pb remains. Last thing, we don't want to use "variable Exit"
  I cannot bielive that with BI 7.0 you cannot manage auth combinations trough different roles...Amazing.
  Had you faced this kind of issue ?
  Hope I was enough clear on my explanations.
  Any Help will be very appreciated.
  Many thanks in advance.
  Bader
  Edited by: Bader KEROUI on Nov 27, 2008 5:46 PM

  Hi Tripple k, Chandu and Andreas
  First, thanks to all for your prompt answers.
  Ok that's clear. I could not believe it that's why I though about a system bug.
  That means that with such a release, we are not able to set more than 2 chars variations through separated BI analysis ...
  It's very difficult on HR perimeter restrictions. So the way is to developp auth user by users and not perimeter by perimeter. (Meaning 1 role per user) Lot of maintenance, as lot of staff movements in the company.
  Anyway ...
  No enhancement expected from SAP on that ?
  Sending an OSS message will be useless. Isn't it ?
  Once again, thank you very much.
  Bader

• Assigning iViews to Roles without Pages

  I have created several "SAP Transaction" iViews that rely on HTML GUI and would like to add these to my Portal.  When I assign them to a page, and then add that page to a role, the iView height does not display automatically.  The iView is only about 80 pixels high. 
  I have also tried assigning the iView directly to the role, and in this case it displays correctly. 
  Is there any purpose to using "Portal Pages" if an iView is the only content being displayed for that Top Level or Second Level navigation choice?
  Are there any problems with assigning iViews directly to roles?
  Thanks for any answers you provide.
  Best regards,
  Bryan

  Bryan
  You are correct, this concept didn't exist in EP5. In EP6 a Page and an iView are basically the same object, which is why it doesn't matter which one you assign to a role. The other thing is that if you do use a page, then the pagebuilder tends to include a lot more resources into the output, which increases the size (and potentially time) of the page downloaded to the client. If you only have transactional iviews, then I would forget about the page. If you decided to try and use the pages, then the things that can cause this problem are: -
  1) Domain of the iView is different to the domain of the portal and when the portal tries to re-size the page it can't access the size of the content and therefore can't resize it
  2) I would check things like the maximum and minimum page size attributes on the page. They may have default values in an iView but not a page
  I hope this helps
  D

• User Valid to changed while assigning role to a set of users in SU10

  Hi All
  I had a task of assigning a role to a set of users in various systems across landscape. I find that some of the users had their valid to date (logon data tab) changed to their last login date. Moreover, in every system; the list of user ids who had this issue of valid to date changed to their last logon date is different. It seems it occurs randomly in various system but out of every 10-11 users 3-4 get affected with this issue. Has anyone faced such an issue before and how could we resolve this issue.
  Many thanks for your help and time !!
  Best Regards
  Prashant

  Have you checked OSS notes? Maybe note 1325775 may be relevant for you.
  Cheers

• Is it possible to assign same partner role more than once in PO?

  I am trying to assign same partner role (GS) more than once in a PO, as we have several different suppliers for the different items in the PO. A different option would be tab "confirmations" in PO but I need to be able to check validity of suppliers....
  any ideas?

  Hi Laurent,
  As standard SAP it is not possible to define default BP type for specific roles. But you can use some Badi or Function Modules to do the same.
  Regards
  Arun Kumar

• GP Action Assignment to a role

  I have a create <> approve request process
  Need to understand following scenario
  1. I have assigned approval step to the a Role/Group rather than an individual user. The whole group has a common inbox that they would be able to open from their respective machines. One of the member of the group logs in and start working on Request 1.
  Now, if another user with approval role comes in and tries to open the same request (Request 1). How does GP handles such a scenario??
  Regards,
  Nitin

  hi nitin,
  I also implemented the same scenario in my project but in different way.
  i will send the approval request to a group of users.
  The following is the flow of my process.
  1.action1 creation
  2.the created action will send to the multiple users.
  3.action 2 (the whole users which is assigned for approval role can see the created request's detail in  a read only format).
  4.And they have to press the button accept ,then i will assign following action to this user.
  5.The user who accepted the request will get the chance to give approval for the request.
  And when the user press the accept button at the same time the action will go away frm the other users inbox
  i thin this will help you..... if u have any doubt please let me know
  With Regards
  Shanto Aloor

• Test Package - Assignment to different tester

  hi to everybody,
  I'm using STWB_2 and STWB_WORK during test in an implementation project. I have created a test case with different process steps. Some of these steps are to be executed by a key user, other by another key user. How can I assign the different tester inside the test package. I would like to show this information when the testers display the package. Any idea????
  Thanks a lot
  lelio

  Hi Lelio,
  Ok. So, you have already considered the Package creation at Transaction Code Level.
  One suggestion is, to let the first tester finish his/her transaction, have a test step called 'Create a message', let him/her create a message alerting the next tester to commence the next step. All such messages are with respect to a given 'Test' within a Test package - at Test document/ Transaction level, so they'll have the right 'context' when someone opens the message.
  I know this isn't a great solution, but using a standard functionality for a different use.
  Best regards,
  Srini-
  Hi Lelio,
  I was going through [this|https://websmp107.sap-ag.de/~sapidb/011000358700000193922008E] presentation today - from SolMan Enterprise Edition and it seems like your query is answered by this version of SolMan. Please go to slides 8 to 11 of 25.
  There is also a [SAP Tutor |https://websmp107.sap-ag.de/~sapidb/011000358700000183912008E.sim]file which explains how the new functionality works. It's great to see this - and I wish this was part of normal SolMan pack itself !
  Of course, this would come at some extra cost. Perhaps, a case for you to consider at a later stage, or if your project/support organisation can spare that rightaway
  Warm regards,
  Srini
  Edited by: Srinivasan Radhakrishnan on May 26, 2008 3:08 PM

• Need to Assign read-only roles to a user in EP

  Hello,
  I am currently facing a situation wherin I need to assign read-only roles to a user. I need to assign the user admin, system admin and content admin roles to him, but all with read only permissions. Could someone kindly direct me as to how this can be done in EP7.0?
  Thanks in advance and best regards,
  Karthik.

  Hi Karthik,
  first, welcome on SDN!
  About your question:
  Ganesh already showed the way for the PCD. Anyhow, the content admin also can accedd the KM content (if installed); so for KM the settings have to be done, too, i.e. defining only read-permissions for this user on all repositories.
  The same holds for System-Admin - Permissions - Portal Permissions, here under the different sections only read access permissions would have to be set.
  Anyhow, some areas cannot be restricted in this way, for example the User Management. This could be done only via http://yourserver/useradmin and there via ROLE actions (and not per user).
  Still, some areas certainly will stay problematic, so that one maybe would have to strip down the standard roles (create a delta link copy of the content and then remove the problematic areas).
  Hope it helps
  Detlev
  PS: Please consider rewarding points for helpful answers on SDN. Thanks in advance!

• Navigate to Different role(Group)

  Hi,
  I have two roles role1 and role2,role3.
  role1 is assigned to everyone and has iview1 .
  and role2 is assgined to everyone and has iview2.
  role3 is assigned to specific group and has iview3.
  if the "Testuser" has role1, role2 and role3.
  i have to navigate from role2 and role3 to role1, and its working from role2 to role1. but from role3 to role2 is not working.
  code:
  WDPortalNavigation.navigateAbsolute("ROLES://<PCD path>",WDPortalNavigationMode.SHOW_INPLACE,null,null,WDPortalNavigationHistoryMode.ALLOW_DUPLICATIONS,null,null,null);
  is this b'cos of role3 and role1 are assigned to different groups, but testuser is assigned to both groups and he can see all three role tabs.
  any suggestions?
  Thanks,
  Murali.

  You'll want to set the OnSelect property of the button to the
  Navigate function, as the function reference describes. If only two gallery items link to two screens, you might try:
  If(Gallery!Selected!ItemName="ItemWhite", Navigate(ScreenName, ScreenTransition!Fade), Navigate(ScreenName2, ScreenTransition!Fade))
  But how many items does the gallery show, and does each link to a different screen? Also, are they really different screens (different layouts, different kinds of information, etc.), or is it one screen that shows the same information for different
  items? For example, you could create 10 screens that show the same kinds of information about 10 items, or you could have one screen that shows the same kinds of information about whichever gallery item is selected.