Reg: Change date of Composite role

Similar Messages

• Reg : Change Data Capture

  Hi All ,
  Can anyone help me on this ,
  I have multiple tables in Source Data Store , now i want to capture change Data only , can i implement CDC on multiple tables in single interface.
  Or any other suggestion on this ?
  Regards,
  Karthik

  You can have 1 journalized datastore at the source side for each interface. You have to do your own customization.
  If you have relationship like pk-fk then go for cdc consistent
  Thanks.

• Profile for a composite role

  Hello Experts,
  We are having a problem dealing with a composite role.
  Whenever we add the composite role to a user master; a profile appears for each of the single roles (which is normal) BUT we also get a profile for the composite role.
  We verified in the table AGR_1016  and found that there is a profile asocited to the composite role.
  We tried the clean-up option of the transaction PFUD which did not work in our case.
  We were thinking that may be the role was firstly created as a single role with its profile; and then it mayhave been changed to a composite role without deleteing its profile. Is it possible ?
  Any answer is most welcome!
  Thanks & Reagards

  > We were thinking that may be the role was firstly created as a single role with its profile; and then it mayhave been changed to a composite role without deleteing its profile. Is it possible ?
  Sounds to me as if there has been an import of a composite role overwriting a single role with the same name. The pfcg import facility has very few checks in them so something unwantend could have happened. I think it is not possible to change a role from single to composite with the PFCG or other tools. What does table AGR_PROF say about this role?
  I would suggest to copy the composite to a new name (without copying the singles) and see how that looks. If it is OK you can delete the corrupted role, check wether it is completely gone and copy the new role back to it's original name.

• Reg :Composite role

  Hai..       how to create a composite role..and how to assign for perticular user..? am created composite role for ABAP.and assigned to user these roles.when i compare to user comparision the system shows these roles are does not exist for ABAP.
            I assained exist roles. ( sap providing single roles ).
       i could not find out where i do wrong..plz provides solutions for this one.and provide any documentation r step by step procedure.
  Thanks and Regards.
  MANNY

  Hi
  Create the role in PFCG, then assign the roles from the copymenus i.e from roles, assign the authorization data, mention the users to get effected and do comparision.
  So that composite role is assigned, before that check that whether the single roles are existing or not, and having right access or not.
  Check the ROLE_PFCG_DEPENDENCY is scheduled or not.
  Regards
  Bhaskar.
  Edited by: bhaskar1818 on Jun 5, 2008 3:03 PM

• Reg derived roles combination into composite role

  Dear All,
  We have a role called GR Clerk. This will be available across all stores and DC for our retail customer. We have devised a strategy wherein we will create one global role with * in org level for site. Then we will
  create derived roles for individual DC and stores (from global role) and maintain site for each derived role.
  Now our customer wants following:
  Example: Store 1's GR clerk shall have required authorizations on transaction for Store 1, plus, one
  additional authorization/transaction for Store2.
  What we initially though that we will create two individual global roles: One for all authorizations and
  second for additional authorization.
  Global GR Clerk role: GRC
  Transactions: t1, t2, t3          
  Global GR Clerk role: GRC_additional
  Transactions: t4
  Derived Roles
  for GRCStore1:     
  1. GRCStore1 with org level Site= Store1     
  2.GRCStore1_additional with org level Site= Store2
  Now I will assign both derived roles to user who is GR Clerk on Store1.
  Is this approach correct?
  Also, customer wants that only one role should be assigned to user. So shall I create a composite role out of 2 derived roles?
  Will the respective site org levels be maintained after combining derived roles into composite one?
  Thanks for your time in advance.
  regards, Sean.

  Hi,
  Regarding the transaction roles and authorization roles, it is also a good approach, however, you would still have to consider the above point in case the authorization objects overlaps and make sure that both are restricted to appropriate "stores".
  Whether it's a good approach or not, per me, depends on the overall scenario and the fact that how much maintenance would be required in long term.
  Like say, if it is a case that the transaction codes (t1,t2 and t3) are for specific stores and transaction t4 is like display activity of other store and not just store 2. Then creating a common role for transaction t4 and including it in the composite role apart with the store specific role with tcodes (t1,t2 and t4) would also be a good approach.
  ZZZ:STORE_CLERK_STORE1             (Composite Role)
  ZZS_STORE_CLERK_STORE1                      transaction code t1, t2 and t3
  ZZZ_STORE_CLERK_STANDARD                  transaction code t4 (Either no org level restriction or all store access)
  ZZZ_STORE_CLERK               (Parent Role)
  ZZS_STORE_CLERK_STORE1                  Org level Restricted to Store 1
  ZZS_STORE_CLERK_STORE2                  Org level restricted to Store 2
  and so on
  PS: Naming convention are for illustration only
  Cheers !!
  Zaheer

• ESS Composite Role Adjustment

  Hi Experts,
  I have been trying to modify the Composite role SAP_EMPLOYEE_ERP for some functionality on portal. In tx OOAC, P_PERNR switch is activated (changed to 1) before this. First of all, I do not know whether the switch should be activated for ESS. But activation worked for me, and was able to get rid of one error. I followed this document for activating <a href="http://help.sap.com/saphelp_erp2005/helpdata/en/94/b8b83b5b831f3be10000000a114084/frameset.htm">P-PERNR</a>.
  I followed the guide lines in the help link, and made some changes in the
  <b>HR Master Data – Personal number Check</b> in the role Z_SAP_ESSUSER_ERP. I added the following profile:
  <b>Authorization Level: W (write access)
  INFOTYPE: 167 (Health plans)
  Interpretation of Assigned Authorization: E (excludes the right access)
  Subtype: BMER</b>
  I feel that should do trick: the user should not edit the Health Plan BMER on portal. Is it the right approach? It should overwrite the standard profile
  <b>Authorization Level: *
  INFOTYPE: 0002, 0005, .............., <b><i>0167</i></b>, 0168, 0169, ......
  Interpretation of Assigned Authorization: I
  Subtype: *</b>
  Any suggestions will be greatly appreciated.
  Thanks!

  Christopher,
  Ok.
  I managed to achieve the requirement. I am keeping the thread here as I do not know how to move threads.
  This is what I did.
  1. Authorization Level: W (write access)
  INFOTYPE: 167 (Health plans)
  Interpretation of Assigned Authorization: E (excludes the right access)
  Subtype: BMER
  2. Authorization Level: *
  INFOTYPE: 0002, 0005, .............., 0167, 0168, 0169, ......
  Interpretation of Assigned Authorization: I
  Subtype: *
  Profile 2 is overwriting the profile 1. What i did was in profile 2
  I removed the 0167 under INFOTYPE. made the profile 1 as follows.
  <b>Final </b>
  <b>1. Authorization Level:R (read access)
  INFOTYPE: 167 (Health plans)
  Interpretation of Assigned Authorization: I (incldue )
  Subtype: BMER
  </b>
  I did the trick. The user is able to view the benefit plan not edit. the system throws a message "you are not authorized to do this" if he tries to edit. However it is one way of restricting the user. might be not elegant. but quick.<i></i>

• Identifying Duplicate Roles and Traching Composite Role Assigned to the Use

  Dear Friends,
  I am novice to this website even after browsing for past 3 months. This website is so useful and huge with so many forums. I am lost many times where to post this questions. there is not a single SAP Security Forum or Basis/Security related forum. Can anyone direct me to the right forum or if there is no Security Forums, can anyone  direct me how to start new Forum so that all security related discussions and knowledge sharing takes place. I am requesting the Moderators of this website to direct me to the right forums.
  we have around 2000 users in Production. We assign Composite roles and single roles to all users. Sometime we use SECATT or LSMW to update User Master Data to Assign some Roles that are ALREADY assigned to the users. I have 2 questions. If there any way to clean up this mess. I mean Identifying all users who have these Duplicate Roles with Different Validity Dates. I am sure SUIM can not help me as I research a lot on this. I appreciate if anyone can direct me with some solution in this cleanup process. I mean some SQL or SAP Query will help me i guess. Any suggestions are greatly appreciated.
  My Second Question is Tracking Composite Role/User Assignment Changes. We had assigned some Composite roles to the user 3 months ago and deleted last week. when i check SUIM change documents, It does not show Composite Role history. It is Displaying all single roles that are assigned and deleted later. BUT It never showed any information on Composite Role Additions or Deletions in User Change Documents. I hope SUIM is not going to help. I still need to go to many places or write any Good SQL and execute them.
  Is anyone had written this Utility SQL programs for cleanup of roles/users in the SAP. Is there any way to check or debug this issue, going to see any tables that monitor these changes. I appreciate if can one can share this knowledge to resolving this issues.
  any ideas and suggestions are welcome.
  Thanks
  Kumar

  Satish,
  Please post this in the SAP NetWeaver Administrator Forum and close this thread here.
  SAP NetWeaver Administrator
  Regards,
  Ravi

• Changing data types of  fields in structures

  Hello,
     Currently we are working for upgrade to ECC 6.0 .
     In some transactions we are using BAPI_MATERIAL_SAVEDATA to create material.
    We have some additional fields in MARA and MARC table , which we fill using BAPI_TE_MARA and BAPI_TE_MARC structures.
      In these structures we have different data types for fields earlier in 4.6C
  Now this function module is only working if we change  data types of  fields in these structures only to char type. It is going for dump , if we maintain any other data type.
    Could any body tell me why should we change for char data type ?
  Regards,
    SATYA

  Hi,
  Check enhancement category (Extras --> Enhancement Category) for structures before enhancement. For example, for BAPI_TE_MARA structure, enhancement category is given as character type or numeric type. That means you can add the fields of data type only C and N. No other data types are allowed. If you select as not classified then you can add any data type. This option plays important role while enhancement.
  Regards,
  Prasanth

• Srm User interface - change settings : Error in role assignment

  Hi Gurus,
  Users are facing issue when they are changing settings in the SRM user interface site .
  Go to SRM user interface SIte --> Change my settings --> change date format or decimal format .
  When they save it --> Gets an error - error in role assignment .
  What can be the issue. It's same in Dev and qa .
  Waiting for your reply.
  Points will be rewared .
  Thanks
  Munish Kumar

  Hello Munish,
  Laurent Burtaire wrote:
  If you do a where-used for message number i gave you, you will find two message calls in methods from /SAPSRM/CL_PDO_MO_USER_ACCOUNT class.
  Put a break-point to check if one of them is done. Problem cannot be due to missing authorization as there is no data in SU53 for concerned user.
  Regards.
  Laurent.

• Get child users of composite role

  Hello
  There is FM (ESS_USERS_OF_ROLE_GET ) which bring all user of roles but what i want it's more complicated
  IF there is composite role i want to get all the user that in the roles under the composite role .
  Let say i have composite role with two roles inside (in the role tree ) .
  Composite role
  user1"this is the users of the composite role
  user2
  user3
  Role number  1
  user4
  user7
  user9
  Role number 2
  user 8
  user 5
  user7
  user6
  What i want is to get all the users of the composite role  and the child  role (which is parent ) .
  which is .
  users 1 - 9.
  I read some previous post on this issue in the forum but what I need is to use just this FM without access  to the DB
  table such as T_AGR_AGRS and COLL_ACTGROUPS_GET_ACTGROUPS ,
  What i need to do is recursive call on  the FM ESS_USERS_OF_ROLE_GET  .
  Regards
  Joy
  Edited by: Joy Stpr on Aug 23, 2009 8:50 AM

  Hello Joy,
  How is it possible to use just function module ESS_USERS_OF_ROLE_GET to get data without DB access?
  I mean this function module takes input as Simple/Composite ROLE so you have to have some list maintained
  which will be input for this function module.
  I think you can load composite and simple role in table and loop at it to make calls to function module ESS_USERS_OF_ROLE_GET to get users for compsite/simple roles.
  Some input has to be there, That's what I feel.
  Check if this helps!
  Thanks,
  Augustin.

• Stopping user compare when saving composite roles in 4.6c basis pack 25?

  One of the environments I look after is a 4.6c system with basis pack 25 – they can’t upgrade as it breaks a great deal of very heavy customisation in that system.
  We have encountered an issue with the saving of composite roles in that system - when a role is saved we must sit through a very long period of “user distribution in role XXX” while the system performs a user compare of every singular role in that composite role.  This is very painful as it can take nearly half an hour simply to save the composite role – we then need to rebuild the menu and compress it (we use the composite role’s menu structure).  The odd thing is that this behaviour wasn’t apparent for many years – it suddenly started happening about 2-3 years ago to a previous administrator but he wasn’t aware of any changes going through, it just began to force these lengthy compares on him when saving composites.
  I’ve tried in vain to disable this forced compare on every save – I’ve tried the PRGN_CUST modifications including adding the lines “AUTO_USERCOMPARE” with a value of “NO” and “USRCOMPARE_PFUD” with a value of “YES” to try and stop the profile generator from doing this but to no avail.  Unless these settings need a restart of the system to take effect (do they?) I’m at a loss to find any other options.
  The menu setting in the profile generator of “automatic user master adjustment when saving role” is switched off – though setting “auto_usercompare” seems to have broken the ability to bring up the “settings: role maintenance” dialogue box anyway.
  We have a very large number of roles to modify and would be grateful if anyone could offer any advice here.
  Thanks
  DT

  the problem with your issue is that none of use can reproduce that phenomenon, since none of use has that combination of primal release/support package level at hand any longer (at least i think so). so there's only two options left to you:
  first: update this special application until the problem goes away - do so by adding note after note on the very subject, like the one i mentioned plus [905924|https://websmp130.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=905924&nlang=EN&smpsrv=https%3a%2f%2fwebsmp107%2esap-ag%2ede] plus [662484|https://websmp130.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=662484&nlang=EN&smpsrv=https%3a%2f%2fwebsmp107%2esap-ag%2ede] and stop only when you hit one that is not implementable using SNOTE but only by implementing a support-package -> this will obviously be the point where you're stuck then.
  (and yes - for the sake of rob burbank: there are several other ways to implement corrections aside from SNOTE).
  second: open a call with SAP. mind you, this might become a lenghty one since they will also give you note after note ...
  as i said, i'm pretty sure no one in here can help you doing a proper analysis anymore (but maybe i'm wrong).
  anyone - any other (better) suggestions?

• Indirect Role Assignment: Composite roles

  Can anyone shed some light regarding the following scenario:
  We have a user previously assigned to a managerial position and this position is attached to a MSS-composite role in PO13 (thorugh the AG relationship). Now this user has been delimited from that managerial position, and is now assigned to a new position as a normal staff, so he shouldn't have the MSS-composite role anymore. We updated the run in PFUD with HR Org-assignment reconcilation, but we still find the Composite role for Managers in his user master record in SU01.
  What might be wrong?

  > Items to check for before running RHPROFL0:
  > PA Records info for the User
  > ==================
  > 1.  Was the HR check pointer on when the position was delimited?
  > 2.  Is the position truly delimited
  > 3.  Does the IT105/ST0001 match the person's user ID
  > 4.  How many position does this person hold in the PA record
  > 5.  Check if the new position have the correct roles for this person, it might actually have the MSS composite role you are trying to remove access from the user.
  Hi John, thanks for your response to this thread.
  We have not scheduled RHPROFL0 to run. Correct me if I'm wrong, isn't this is only needed when PD-profile is used? We are not assigning structural profile though PD-profile in PO13, we do it manuall instead in OOSB. Besides, I am not able to run that program anyway, because we have the CUA set to Global, and no indirect role asssignment is possible. We can only do the comparison via the HR-org assignment reconciliation in PFUD. Can this be the main reason somehow?
  I also found out that our PRGN_CUST has no entries in it: HR_ORG_ACTIVE is not on. <<--- Does this only need to be switch-on if our CUA is set Local? Do I need this?
  Then, my answers below to your questions:
  1. Do you mean the "pink-arrow-up" icon from the old position? Then the answer is yes.
  2. Then position itself it not delimited, only the user assignment is. In PPOSE, it shows that the person is assigned to this old position from 01.04.2007 until 31.01.2008. So I guess in that sense, it tells that the position is truly delimited.
  3. Yes
  4. In PA records I can see many records under different validity dates, but they are all records of the new position. The earliest record (the one at the end of the list) was a record attached to a default position and without any organization assignment. Then, in PA > List Organizational Assignment screen, there is a system message that says "Employee has more than one position". --> Does this refer to the non-listed old position? or default position + new position in PA record?
  5. No. The new position is just an ordinary employee without any indirect role assigment.
  We also tried to remove the MSS-composite role from the old position in PO13, but it doesn't make any difference to the user master record in SU01.
  For your reference as well, this is how our US_ACTGR looks like:
  40 > AG > A > 007 >  S
  50 > AG > A > 007 > US
  60 > AG > A > 007 > P
  70 > P > B > 208 > US
  110 > S > A > 008 > *
  Hope this information tells something.
  I appreciate your time and many thanks in advance for your help!

• How to check the PR release Strategy change date?

  hi,
  how to check when the PR Release Strategy chagned by someone ...?
  Regs,
  S J Solanki

  Hi
  You can directly go into the Purcahse order & check for the Heder changes which will give the Changed Date
  If you need to use two table to find out the date when the Strategy was changed.
  Use Table CDHDR & CDPOS. Object key is the POurcahse order number
  Thanks & regards
  Kishore

• Adding transactions in a composite role menu

  Hello All,
  I want to add transactions in the menu for a composite role. but I do not see the option to add it. Please guide how would it be possible. Do I need to create single roles and merge the menus for them or can I create aa separate menu for the composite role?
  Thanks in advance.
  Regards,
  Anju

  Hi There,
  No first of all you cant add transactions to the menu of a composite role as a composite role is a collection of several single roles.
  What you can do is create a single role, make addition/ deletions of tcodes inside the single role which will automatically reflect in the menu tab of single role and then you can add this single role to the composite role.
  If you want to make changes to the tcodes from the menu tab you need to go to the single role and make changes which will reflect automatically, but thru composite role its not possible to make changes to the menu tab simply because the composite role takes all the tcodes from the single roles contained within it.
  Hope this answers your query
  Best ,
  Suchitra

• View Deleted Users Composite Role

  Dear Experts,
  Is there any way to view the composite roles that were assigned to a user that was deleted? 
  I am able to go to SUIM and view the single roles but I would like to get the composite roles that were deleted.  This is needed so that we can recreate the user and assign the old roles to the user.
  Please help.
  Thanks.

  If you select the "role change docs" in SUIM and use the selection criteria "overview of change docs" or "all change docs", then deleted composite roles will show up in this report. It would be handy if your composite roles had a different naming convention than the single roles.