Requesting for Security Roles

hi,
can you just tell me the security roles.
our company is going to implement a project. we dont have any KT and procedure for creating roles
our company is starting to implement SAP. please suggest me for creating roles and  authorisation design.
thanks
Ramesh

Hi Ramesh,
If you don't have security training/experience I suggest that you book yourself on course ADM940 which covers auth basics (including info on creating a role matrix etc).
If you don't have this then make sure that you work with someone who has done this.  You would be very lucky to produce a reasonable design without either the training or using someone who knows what they are talking about.
Other resources are the following publications (you can find them via google):
Authorizations Made Easy (the 4.6 version is bit out of date but if you read & learn it you will be more than OK)
SAP Security and Authorizations
Risk Management and Compliance with Legal Regulations in the SAP Environment
SAP Authorization System
Design and Implementation of Authorization Concepts for SAP R/3 and SAP Enterprise Portals
For a wide overview of security I would recommend the SAP Security and Authorizations book, as a design aid I personally feel that SAP Authorization System would be more appropriate for a newbie

Similar Messages

  • NWA 7.3 : Looking for "security roles" (Policy Configuration) ...

    Hi guys,
    We deployed a simple application in our new SAP NW 7.3 JAVA instance; by calling the application, we receive "error 403 : Error: You are not authorized to view the requested resource."; this was fixed wihtin NW 7.x by adding a user/group within security roles of the selected component ( Visual Admin => Security Provider => Policy Configurations => select component and than security roles );
    where to do this within NWA 7.3 ?
    any ideas;
    Thanks
    Oliver

    Hi Oliver,
    Procedure
      Start SAP NetWeaver Administrator with the quick link /nwa/auth.
      Choose Components.
      Select a policy configuration.
      On the Authentication Stack tab, choose the Edit pushbutton.
      Determine if you want to use an existing template or if you want to change the policy configuration of the current component. 
    To use an existing template, select a template from the Used Template field.
    For authscheme references, select a template from Used Authscheme.
    The component uses the settings and authentication stack from the template. To edit these settings, edit the settings of the policy configuration template. To create a new template, see Creating Authentication Stack Templates for Policy Configurations.
      To change the policy configuration of the current component, do the following: 
    Add and remove login modules as required.
    The system applies the login modules in the order they appear in the list.
      Set a processing flag for each login module. 
    For more information about login module flags, see Policy Configurations and Authentication Stacks.
      Add and remove any options to the login modules.
      Set the authentication stack parameters according to the type of policy configuration. 
    Please,go through below help file
    http://help.sap.com/saphelp_nw73/helpdata/en/4a/734e26fa92731fe10000000a42189c/frameset.htm
    Cheers
    Revanth Pasupuleti

  • One CUP request for assigning role to multiple users

    Hi,
    We assign roles to users in production only through CUP requests.. We use GRC 5.3
    Here we have a case where we need to assign one role to  60 users in production(each user may have different  roles assigned in the back end) . I can raise one CUP request for all users using " multi-user" option in Copy request . But when we want to make a risk analysis , it will not show risks at user level as each user had different roles and may get different risks by adding new role.
    Instead it will give risks if any for only that new role which want to assign. Our manager is not accepting as this is not giving complete picture of risks for each user when we add new role.
    Please suggest me if there is any other way where I can make a risk analysis for each user when I created a CUP request for multiple users.
    Or the only solution is to create 60 CUP requests ?? this would be too manual
    Regards ,
    jaags

    Raghu,
    thanks for the reply, you are right as per the audit .But suppose if it is for 200 users ,creating 200 CUP requests will be impractical right.
    there should be some solution for this , because there will be many situations practically where we have to assign roles to N number of users.
    Is this possible in GRC 10 ? any idea ?
    Regards,
    Jaags

  • How to specify the security policy "Allow access to everyone" for security role in Deployment descriptor

    Hi,
    I am migrating a web application from Websphere to Weblogic. The web application has a security role defined in web.xml (Use LDAP for authentication).
    security-role>
            <description>Authenticated</description>
            <role-name>Authenticated</role-name>
        </security-role>
    This role is mapped to a special subject "All authenticated user in appliation realm" in WAS.
    In weblogic, I have the following setting in weblogic.xml
    <wls:security-role-assignment>
            <wls:role-name>Authenticated</wls:role-name>
            <wls:externally-defined />
        </wls:security-role-assignment>
    And after deploy the application, have to manually add a security role and add the security policy "Allow access to everyone" to this role.
    I am wondering if this setting can be specified in  for example weblogic.xml so just deploy web applicaiton using deployment descriptor, and I don't need write script to do that .
    Thanks

    Hi,
    You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
    And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
    Hope this will solve your problem.
    Regards
    MuRam

  • Use one store account for two I pads. Get request for security code

    Trying to use one store account for two I pads. One works fine, the other is unable to download a free app, window asks for security code.?.......
    What security code?

    Probably the security code on your credit card

  • Unable to assign all security roles to a user with a new custom security role

    Dear All,
    Happy New Year.!
    I have a query regarding the assignment of Security Roles to new users in CRM. Normally we assign the security roles to new users via an Admin user who has 'System Administrator' security role assigned to him/her. This works perfectly fine, and we can assign
    any desired security role to the new user.
    However, in our case, we need to delegate the user creation rights to some of the client partners. We do not want to give them access to all the Administration functions; hence we created a new Security Role, lets say 'Support User Role'. We have provided
    'Create', 'Append', 'Append To', and 'Assign' rights on 'User' entity for this new security role. With this security role, we are able to create new users now, but we are only able to assign 'Agent' security role, not any other security roles.
    For example, if user 'x' has Security Role defined as 'Support User Role'. If 'x' tries to add a new user 'y', then 'x' is only able to assign 'Agent' security role to 'y', but not any other security role. As per business requirement, 'x' should be able
    to assign some other security roles, including 'Support User Role', to new user 'y'.
    I believe that there is something missing in Security Role configuration, which is causing the above problem. We compared both 'Support User Role' and 'System Administrator' security roles, but not able to figure out which minimum rights we can provide to
    'Support User Role' so that users with this security role can only add new users (with any security role), and that they are not having access on any other Administration features as well.
    Appreciate any help that you can provide on the above issue.
    Thanks in anticipation.

    Hi,
    Can you check if you have organization level Read access for Securitity Role and Organization level Assign access for Security role.
    Refer:-
    http://www.magnetismsolutions.com/blog/paulnieuwelaar/2013/04/22/permissions-required-to-manage-roles-in-dynamics-crm-2011
    Hope this helps!!!
    Thanks,
    Prasad
    Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question

  • Unable to securely request for a page

    Question:
    a) I'm unable to securely request for my webpage : https://127.0.0.1:8443/Blah , instead I get the following Error:
    Firefox can't establish a connection to the server at localhost:8443.
    The site could be temporarily unavailable or too busy. Try again in a few
    moments.
    If you are unable to load any pages, check your computer's network
    connection.
    If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web.
    On Internet Explorer I simply get:
    Internet Explorer cannot display the webpage
    b) How do I know which SSL Implementation my tomcat is making use of: JSSE/APR
    Details:
    web.xml
    <?xml version="1.0"?>
    <!DOCTYPE web-app PUBLIC
    "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">
    <web-app
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="Your_WebApp_ID"
    version="2.5">
    <description>The standard web descriptor for the email client</description>
    <servlet>
    <servlet-name>AuthenticateUser</servlet-name>
    <servlet-class>MailBoxController</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>AuthenticateUser</servlet-name>
    <url-pattern>/ControlPanel</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
    <welcome-file>login.jsp</welcome-file>
    </welcome-file-list>
    <error-page>
    <error-code>401</error-code>
    <location>/authenticationFailed.jsp</location>
    </error-page>
    <context-param>
    <param-name>serverName</param-name>
    <param-value>Gmail</param-value>
    </context-param>
    <context-param>
    <param-name>port</param-name>
    <param-value>993</param-value>
    </context-param>
    <context-param>
    <param-name>ip</param-name>
    <param-value>imap.gmail.com</param-value>
    </context-param>
    <session-config>
    <session-timeout>30</session-timeout>
    </session-config>
    <listener>
    <listener-class>Logger</listener-class>
    </listener>
    <security-constraint>
    <web-resource-collection>
    <url-pattern>/*</url-pattern>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>administrator</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    </login-config>
    <security-role>
    <role-name>administrator</role-name>
    </security-role>
    </web-app>
    tomcat-users.xml :
    <tomcat-users>
    <role rolename="administrator"/>
    <user username="admin" password="system123#" roles="administrator"/>
    </tomcat-users>
    Following tag was added in web.xml in conf of tomcat :
    <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="C:/Users/.keystore" keystorePass="changeit"
    clientAuth="false" sslProtocol="TLS"/>
    Can anybody please help me with my problem. Am I going wrong with configuring SSL?
    Thanks
    Krutika

    I did add these lines:
    <Connector
         protocol="org.apache.coyote.http11.Http11NioProtocol"
         port="8443" maxThreads="200"
         scheme="https" secure="true" SSLEnabled="true"
         keystoreFile="C:/Users/Krutika Ravi/.keystore" keystorePass="changeit"
         clientAuth="false" sslProtocol="TLS"/>
    to the web.xml contained in conf folder of tomcat.
    But didn't fiddle with server.xml -
    After un-commenting
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" />
    in server.xml contained in conf folder I get the following exceptions
    Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
    INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR version 1.4
    .6.
    Jul 25, 2012 11:11:41 PM org.apache.catalina.core.AprLifecycleListener init
    INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra
    ndom [true].
    Jul 25, 2012 11:11:43 PM org.apache.catalina.core.AprLifecycleListener initializ
    eSSL
    INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012)
    Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["http-apr-8080"]
    Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["http-apr-8443"]
    Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
    SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-ap
    r-8443"]
    java.lang.Exception: Connector attribute SSLCertificateFile must be defined when
    using SSL with APR
    at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
    a:610)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
    81)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardService.initInternal(StandardService
    .java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
    ava:814)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
    java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
    sorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
    Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService initInternal
    SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
    org.apache.catalina.LifecycleException: Failed to initialize component [Connecto
    r[HTTP/1.1-8443]]
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
    at org.apache.catalina.core.StandardService.initInternal(StandardService
    .java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
    ava:814)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
    java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
    sorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
    Caused by: org.apache.catalina.LifecycleException: Protocol handler initializati
    on failed
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
    83)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    ... 12 more
    Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be d
    efined when using SSL with APR
    at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
    a:610)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
    81)
    ... 13 more
    Jul 25, 2012 11:11:43 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
    Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.Catalina load
    INFO: Initialization processed in 2945 ms
    Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardService startInternal
    INFO: Starting service Catalina
    Jul 25, 2012 11:11:43 PM org.apache.catalina.core.StandardEngine startInternal
    INFO: Starting Servlet Engine: Apache Tomcat/7.0.29
    Jul 25, 2012 11:11:43 PM org.apache.catalina.startup.HostConfig deployWAR
    INFO: Deploying web application archive C:\Junkyard\apache-tomcat-7.0.29\webapps
    \Blah.war
    Jul 25, 2012 11:11:44 PM org.apache.catalina.loader.WebappClassLoader validateJa
    rFile
    INFO: validateJarFile(C:\Junkyard\apache-tomcat-7.0.29\webapps\Blah\WEB-INF\lib\
    javax.servlet-5.1.12.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2.
    Offending class: javax/servlet/Servlet.class
    Logger Contructor
    Servlet Context has been initialized
    Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\docs
    Jul 25, 2012 11:11:45 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\examples
    Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\host-manager
    Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\manager
    Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.HostConfig deployDirectory
    INFO: Deploying web application directory C:\Junkyard\apache-tomcat-7.0.29\webap
    ps\ROOT
    Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
    INFO: Starting ProtocolHandler ["http-apr-8080"]
    Jul 25, 2012 11:11:46 PM org.apache.coyote.AbstractProtocol start
    INFO: Starting ProtocolHandler ["ajp-apr-8009"]
    Jul 25, 2012 11:11:46 PM org.apache.catalina.startup.Catalina start
    INFO: Server startup in 2728 ms
    Edited by: 948555 on Jul 25, 2012 10:42 AM

  • Advice needed: what does your company log for SAP security role changes?

    My client has a situation where for many years, they never logged changes to SAP security roles.  By that I mean, they never logged even basic details, like who requested a change, tested it, approved it, and what changed!!  Sadly their ticketing system is terrible, completely free-form text and not even searchable. 
    Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details?   What details do you capture?  What about Projects, that involve dozens of changes and testing over several months?
    I plan to recommend, at least, they need to use a unique# (a ticket#, or whatever) for every change and update the same in PFCG role desc tab, plus in CTS description of transports... but what about other details, since they have a bad ticketing system?  I spoke with internal audit and change Mgmnt "manager" about it, and they are clueless and will not make recommendations.  It's really weird but they will get into big trouble eventually without any logs for security changes!

    Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details? What details do you capture? What about Projects, that involve dozens of changes and testing over several months?
    I have questions:
    a) Do you want to make things straight
    b) Do you want to implement a versioning mechanism
    c) You cannot implement anything technical, but you`re asking about best "paper" practise?
    The mentioned scenarios can be well maintained if you use SAP GRC Solutions 10 (Business Role Management)
    Task Based, Approvals, Risk Analysis, SOD and role generation and maintenance in a structured way (Business Role Management). Workflow based, staged process with approvals.
    PFCG transaction usage will be curtailed to minimum if implemented fully.
    Do we really want to do things "outside" PFCG?
    @all:
    a) do you guys use custom approval workflows for roles?
    b) how tight your processes are? how much paperwork, workflow, tickets, requests and incidents you have to go through to change a role?
    c) who is a friend of GRC here, raise your hand
    Cheers Otto
    p.s.: very interesting discussion, I would like to learn something here about how it works out there in the wild

  • Transport request for BW queries and roles.

    Hi All,
    we need to craete 20 bw queries on 4 multiproviders. We need to save 18 queries as workbooks in one role and the other 2 queries in other role.  Both the roles and queries does not exist and will be created in Developement environment.
    We just want to know how we can transport them in the quality environment. What is the right method to transport them.
    Can we transport all the object queries, workbooks and roles in number of transport requests so that if few queries or workbooks needs any changes then we do not have to transport all objects just the request which includes the changed objects.
    Thanks & Kind Regards,
    Hardeep

    Thanks a lot for all of you for your quick response. But i still have questions.
    If we create one transport for roles and one transport for each query then we will be having 21 transport requests. But the transport request on same multiprovider can lock the clacuated key figures and restricted key figures, if they are present in more than one query, it means they will be present in more than one transport requests, so they can be locked and trasport request will be failed.
    If i just create one transport request for all the objects roles, quaries & workbooks it will not loack any object, and transport request will not fail. But i have to transport all the objects again if i need to change one of the queries.
    Please let me know if there is a method that i can divide my queries as per multiprovider and can create transport requests as per multiprovider so that we can not lock calculated keyfigures and restricted key figures. Is workbooks can be published in the role in the same transport request. If it is and if in more than one transport request we are publishing the different workbooks to the same role, will it lock the role.

  • How to track the transport request number for the Role/Composit Role

    Hi,
    How to track the transport request number for the Role/Composit Role.
    Thanks,
    Ravi

    Use transaction SE03 Transport Organizer Tools
    Execute "Search for Objects in Requests/Tasks" with objects of types:
    R3TR     ACGR     Role
    R3TR     ACGT     Role - User assignment
    Regards

  • SCCM 2012 R2 - Setting security Role for SCEP reporting shows nothing.

    Have an issue.
    I've created a new security role for a user so he can view reports about Endpoint Protection(Just copied Endpoint Manager role and set all permissions to Read) .
    But when user runs reports, he gets nothing:

    Try setting the "Audit Security" permission to Yes on "Collection" within your custom security role.

  • Configure security-role and method permission for EJB 3.0 using Jdev 11g

    The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
    For example,
    <assembly-descriptor>
    <security-role>
    <role-name>managers</role-name>
    </security-role>
    <method-permission>
    <role-name>managers</role-name>
    <method>
    <ejb-name>Employees</ejb-name>
    <method-name>setSalary</method-name>
    <method-params>
    <method-param>java.lang.Long</method-param>
    </method-params>
    </method>
    </method-permission>
    </assembly-descriptor>

    user516954,
    By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
    --Ric                                                                                                                                                                                                                                                                                                                               

  • EA2 - request support for database roles

    Would like to see database roles supported in the Connection Navigator for a schema, just like tables, views, etc. Need to be able to create/drop/copy/view roles, see what users or roles have been granted to a particular role, view or update what roles/object privs/system privs this role has been granted.

    Feature requests should be made according to the instructions in the "Feature Requests" sticky on the forum (http://forums.oracle.com/forums/ann.jspa?annID=444). If you go there and search on Roles, you will find an Accepted feature request for Roles Node. How soon this will be built into SQL Developer is another matter - we will have to wait and see.
    theFurryOne

  • Security Role for RZ70

    Hi Guys,
    Which security role provides access to RZ70. Also when I added all the SLD roles I am told I do not have authority to change SLD administration, instead of not being authorized for the transaction.
    Regards,
    Chris

    Hi,
    It seems your SLD hasnt been registered onto the SAP gateway.
    Have you setup your Data Supplier Bridge properly Access information in T-code SLDAPICUST
    check this post
    Re: No Message Server defined
    tcode rz70 ( program RSLDADM ) is part of SAPKB62019. In this report you could check if any special Security roles have added
    Refer,
    Re: RZ70
    Re: Accesing multiple R/3 systems from WD application
    Thanks
    swarup
    Edited by: Swarup Sawant on Feb 23, 2008 4:43 AM

  • ....OIM and SOA tables for new Request for Roles

    Hello OIM experts, please help me. I need the list of database tables that get updated when we submit new request for Roles. I need the tables that get updated by both SOA and OIM during request submission and approval.
    Appreciate your great help.
    thanks
    Edited by: Jyothi on Oct 23, 2012 3:52 AM

    REQUEST table stored request template related information. IN OIM 11G, you can see three level of approval, template level, request level and operation level. OIM has certain pre-defined template, that information is stored in Request table. To get information on any table:Execute below query
    select COMMENTS FROM USER_TAB_COMMENTS WHERE TABLE_NAME=<Tabel name for e.g.'REQUEST'>;
    It'll give info on all tables.
    To know more about request in 11g:
    http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/request.htm
    regards,
    GP

Maybe you are looking for

  • How do i transfer all my data from one itouch to another?

    how do i transfer all my data from one itouch to another?

  • Dynamicly creating an internal table with header line

    Hi experts, I am trying to do a read on an internal table using field symbols of type any table. To be able to read more than one row at once, I'd like to read it into another internal table (instead of just one line and instead of looping through th

  • Table for new GL

    Hi, in NEW GL which table is used as data source.?? regards

  • Two MappedSuperClass in a hiierarchy

    @MappedSuperClass public class A{ @Id @GeneratedValue(strategy=GenerationType.AUTO) public int getMyId(...) @MappedSuperClass public class B extends A{ @Entity @Inheritance(strategy=InheritanceType.SINGLE_TABLE) public class C extend B{ I have the ab

  • Folio Builder with InDesign 5.5 trial

    OK so apologies if this is stupid but here's a question: We're trying to create a demo version of a DPS document to show our publisher to approve purchasing DPS. We currently have InDesign 5.5 installed and are working on a file with interactive elem