Role assignment into EP7
hello,
could you tell me the reasons why when we try to assign a role to a user and then save it ... the action is never complete ! whereas when we assign the same user to the same role and save it ...it works fine !!
our portal is bound to a ldap ! users are stored only into the ldap !
best regards,
and thank you !
Olivier.
As per SAP NOTE 881440, the names of physical attributes should always
be written with small letters even if they are written differently in
the LDAP schema definition. So please change the attribute to
small letters -> upload the modified XML file to server -> restart the
server and check if this could resolve your issue.
If the issue persist, please provide the following information.
1. Please upload the modified UME config file again.
2. Please reproduce the issue, and provide the exact time, user and the
latest default trace file under
/sapmnt/<SID>/<instance>/j2ee/cluster/server<n>/log folder.
3. I'm not very clear about what the "whereas when we assign the same
user to the same role and save it .it works fine" mean. Could you
please provide the step by step screen shot with some description?
Similar Messages
-
Hello All,
I have integrated the Corporate LDAP with EP 7.0 ,and then assigned portal roles to the LDAP users. The users still exist in the LDAP and we are not importing them , but then how's the role assignment done on the portal and where is the information for each user's assigned roles stored int he UME Database, is there any specific table for that ,some profile or what?
Any help would be really appreciated
ThanksHi,
I have not tried this, but there are logical attributes with which you can also store
User-->Role assignment into LDAP.
PRINCIPAL_RELATION_MEMBER_ATTRIBUTE
PRINCIPAL_RELATION_PARENT_ATTRIBUTE
Check this:
http://help.sap.com/saphelp_nw2004s/helpdata/en/e6/d75d3760735b41be930f2dddae3126/frameset.htm
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
</attributes>
</nameSpace>
So it depends on your UME datasource configuration, where this assignment information is saved.
Greetings,
Praveen Gudapati -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
Role Assignment Discovery Issue for Files and Folders through Sharepoint REST services
To preface, I am a decided Sharepoint newbie in every sense. I am trying to use the Sharepoint REST services (Sharepoint 2013) to walk the folder and file structure of my Sharepoint server and, determine as I go, the Role Assignments (and subsequently
Permissions) on those folders and files. I'm using an Administrator credentials and I'm actually able to successfully do it but I've run into some caveats. All the caveats begin with this; when I'm examining a folder, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/ListItemAllFields
I receive either an empty list or an error response doc when following the link supplied for ListItemAllFields. When following that kind of link for folders, I either get:
<d:ListItemAllFields
m:null="true"
/>
or an error response document that says "The object specified does not belong to a list." When I hit the /ListItemAllFields endpoint for files, I receive a response with a link for Role Assignments which subsequently also works and I get the
info I need. So, is this a bug? Why does the link returned from Sharepoint work for files and not folders? So, google, google, google, and I discover that there is another possible way to get at the Role Assignments (and that the object does, indeed, belong
to a list!).
If I know the Title (or the guid) of the folder in question, I can use the following endpoint:
/_api/Web/Lists/GetByTitle('Development')
If I use that endpoint, I get the information I would have expected to get from following /ListItemAllFields and the subsequent Role Assignments links all work and I get what I need. If there's a bug and this is how I have to work around it, that's fine
but I have yet to discover how to dynamically determine the Title of a given folder nor am I sure if all Titles are supposed to be unique within a given Sharepoint server. I'm assuming that the folder name as represented in the server relative URL and the
Title may be different and this is where my newbishness may start to shine if I'm misunderstanding what a "List" is supposed to be in Sharepoint. Anyway, I did find that I could use the Properties endpoint to perhaps get the Title, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/Properties
gives me:
<d:vti_x005f_listtitle>Development</d:vti_x005f_listtitle>
whose value I assume I could then supply to the /GetByTitle endpoint and be golden. However, "vti_x005f_listtitle" just sounds a little too deep to be something I should be relying on but maybe that's kosher. That's part of what I'm trying to
find out. Also, if there is a way to use the Sharepoint REST API to discover the guid of a given object, then I could look it up in that way.
So, in summary:
1. Am I going about getting folder Role Assignment information in the wrong way? Based on the CSOM examples I've seen, I believe I'm doing it correctly and that the answer to #2 below is a resounding "Yes!" :)
2. Is it a bug if I'm not able to use /ListItemAllFields on folders using the server relative url?
3. If I'm supposed to use GetByTitle as a workaround, am I discovering that Title correctly through /Properties? Seems quite circuitous and awkward. Are Titles required to be unique throughout a given Sharepoint server?
4. If I'm supposed to use the guid, how can I use the REST interface to discover an object's guid? Once we get down to the Role Assignments and other links, the guid appears in those links but I don't know how to discover it independently if that's the
path I should use to get the data I described above.Upon further research, I'll answer my own question for the benefit of some other potential future newbie. The answer to question number 1 above is "Not exactly.". The server relative URLs I was using corresponded to lists (which are
returned as a collection through /_api/web/lists). I was treating them mentally like regular folders. That, coupled with the fact that accessing their data as I showed above returns a ListItemAllFields link, made me think that was the way to get
the Role Assignments just as I would for files and, as it turns out, "real" folders and sub-folders created under these lists. That was the other problem with thinking of these lists as regular folders. So, ListItemAllFields works on
all files and folders in a list. However, if you want Role Assignments for the lists themselves, you can keep track of the Titles and\or Guids from the /_api/web/lists that you're interested in (in my case, all non-hidden "document library"
type lists) and then access those Role Assignments as I discussed in questions 3 and 4 above. For example, from the /_api/web/lists collection from my test server, the "Development" document library Role Assignments are accessable via /_api/Web/Lists(guid'cd242eeb-aafa-4efa-aecc-9bbdf8e3d459')/RoleAssignments
or /_api/Web/Lists/GetByTitle('Development')/RoleAssignments. -
CUA sync with child client issue for indirect role assignment.
Hello Security experts,
we have a indirect role assignment set up in our ECC environment. there is a syncronization issue from the parent CUA to the chlild client. The role assignments have been made to role although they are not always reaching target system without having to sync up either the role or the IDu2019s position # manually. This has been an ongoing issue CUA has on any role or user from time to time. any hint on fixing this issue. please help..Whole idea of CUA is to manage your roles and users centrally, on the contrary you can manage the roles/profiles by setting up the attributes for the CUA thorugh Central user Management console - SCUM Transaction.
CUA has its own pros -
Central rep,Users Sync,Role Provisioning statergy - Global composites(consists of individual child roles) Distibuted model -Provisioing at individual child systems for roles, etc.Central user store,easy maintenance.
on the contrary - change documents is always a concern ( because cua uses - interface Ids or the RFC ids to push the idocs from cua to child system), CUA maintenance while system refresh - Copied distribution models have to be deleted and re-created, system backups has to be defined per you distribution model, password maintenance if defined global then Child systems act as inactive nodes, reading the roles into cua which are created in childs so as to establish a pointer to that system.
It also depends on the number of systems you have in your landscape so that you can calculate the overhead and then have a Go -no-Go decison on CUA.
Overall, I consider CUA as a good approach provided we streamline the process of provisioning, de-provisioning per the cua standards.
Rakesh -
Automating Portal Role Assignment
Hi Everyone,
At my project we are looking to automate the process of Portal Role assignment.
With our current design, a user initially logs into the ISA and ICSS Portal as an anonymous Portal user. To view all content the user will be required to register himself on the portal. Once the user registers himself, a user record is created on the backend CRM system. Now when he tries to log into the portal with his new username and password he gets a blank screen because he has no Portal Roles assigned to him.
We need need to create Portal Roles for each CRM user. The new Portal Role will be based on user type in the CRM system. Since we have several users logging in and creating new accounts, we need to automate this process of mapping a CRM user to an appropriate Portal Role and then actually creating the Portal Role on the Portal.
Has some one does this before or has an idea how to do this?
Any help will be really appreciated...
Thanks!
Muhammad Osman YousufHi Michael,
Thanks for the help so far. Do you think the following mappings would work with the solution you recommended?
On the CRM side we have CRM_ROLE_A, CRM_ROLE_B, and CRM_ROLE_C and on the Portal sider we have PORTAL_ROLE_A and PORTAL_ROLE_B.
All mappings given are possible...
CRM_ROLE_A = PORTAL_ROLE_A
CRM_ROLE_B = PORTAL_ROLE_A and PORTAL_ROLE_B
CRM_ROLE_C = PORTAL_ROLE_B
Thanks!
Muhammad Osman Yousuf -
Role Assignment does not get distributed from CUA
Hi all.
I create user and role in CUA client.
There is no error in role generation.
When I try to find my role in SU01 by pressing F4 of my role (Y*), system give me message role not found. But that's not my biggest problem.
I can assign my role by typing manually.
My biggest problem is only SAP ID get distributed into target system, not the role assignment.
So in the target system I can see my user id without role assign to it.
I checked my user id from SCUL. User and profile does not contain any error message in target client.
I tried with transaction RSCCUSND, still my user id does not contain role.
I checked my SCUM transaction, profiles and roles has Global settings.
Does someone can give me a clue why this happens and how to solve this issue.
Many thanksLets try to simplify the thing in layman language.
CUA is to manage user ids of different SAP systems (client level) centrally from one system without logging into each of those child systems. To do so, the Central system stores the information of the Roles (and their Text and Generated Profile Name ONLY) and Profiles (standard or non-generated profiles) in few of it's tables like: USLA04, USRSYSACT, USRSYSACTT, USRSYSPRF, USRSYSPRFT etc.
It doesn't mean that the Roles for the corresponding child system is present in the central system and no need of creating (or making available) such roles in the Child systems. The physical existence of the Role for each system doesn't get transferred in the Central system when you do the Text comparison rather the identity only against the corresponding system.
So the Roles has to be there in the corresponding Child systems and the Assignment (not physical assignment - only linking the name for that child system) of them to the user ids can be done from Central system.
Also you have got the idea of Text comparison and requirement of keeping or creating roles in each system based on it's nature from the other posts.
Let us know any more questions you have.
regards,
Dipanjan -
Fix Business Role / Technical Role assignment in Pending or Failed status
Hi,
We are facing issues with few users where Business role assignment or technical role assignment is going into Pending or failed status.
None of the jobs are failing or throwing any error related with the changes.
We are running IdM 7.2 version with SP8.
Is there a way to fix this issue other than removing and reassigning or recreating ID.
Regards,
ManishHi Manish,
If technical role (priv) in failed status, please check Tero's reply in the below post. You can set a periodic job to read users and privs in failed status and use uRetryPrivilegeAdd() function to retry the assignment.
Failed AD privileges
I was able to find a document on how to set up the periodic job.
Retry failed assignments (Privilege)
You should try searching the forum and wiki for answers. Most of the issues are addressed by our community experts already. Thanks.
Kind regards,
Jai
Message was edited by: Jai Suryan -
Organizational Model - WebUI business role assignment
We have created the organizational model in our system where we have the levels that are tied to a specific business role. We have been manually assigning all of our users to these organizational model levels in order to have the business role assignment. I am curious if there is a program or easier way to do this than to have to create the assignment to the employee record manually in the org model.
Any help would be greatly appreciated.
Thanks,
DarcieHi Robert,
maintaining the user profile directly may be easier with only a few employees but for large companies this method will end up being more maintenance intensive.
for Org you only have to maintain it on the Org unit or position and all employees underneath will inherit the role; whether it's 2 individuals or 2000. and if the person is moved into a different position laterally or through promotion there would be no maintenance required as the information would replicate from HR (if you use/have the system) and the person would inherit the new position and role automatically.
for User parameter if you only have 2 individuals it is easier but 2000 is too much to maintain. there is some automation but would require you to create them and run them yourself.
pfcg at most companies do not fall under general master data maintenance and would require involvement from the security group and they often do not want to generate empty or unnecessary security/authorization profiles - the maintenance workload is shifted to them also in this case.
regards. -
Federation, remote role assignment based on ABAP roles on producer
Hi all,
We have implemented the federated portal solution for our ESS users. We use the ABAP stack of the producer portal as user store for consumer and have no problems in assigning portal roles on our consumer based on ABAP roles in the backend (displayed as groups in the portal).
Now we want to add some extra functionality (eg SRM and eRec) and we encounter some problems. These systems all have their own ABAP stack as user store. We have maintained the functional authorization model in the ABAP roles for instance in SRM. So an example:
System I: ABAP + JAVA --> ECC 6.0
Here we have the standard R/3 functionality and the producer portal (A) installed. Roles created on producer portal and assigned based on ABAP roles.
System II: JAVA --> NW 7.0 Portal
Our consumer portal (B) where we use roles created on the producer portal (A) on System I.
System III: ABAP + JAVA --> SRM
Our SRM system with SRM producer portal (C). In the ABAP stack of this sytem the functional SRM roles have been assigned to the users. We have created functional SRM Portal roles in order to use remote role assignment on consumer portal (B).
+PROBLEM+
We want to remotely assign portal roles created on the SRM Producer (C) to users on the consumer portal (B), based on the ABAP role assignment in the backend of system III. How can we achieve this in a fast and efficient way?
Looking forward to your ideas. Anything helpfull will be gladly awarded with SDN points.
Best regards,
Jan LarosJan,
Interesting question. Let me share my experience and hope that's of some use to you.
We started off federating corporate NetWeaver Portal (lets say B, parallel to your convention) as consumers to BI Portals (Lets say A).
- B's UME points to Active Directory
- A's UME points to BI ABAP user store
- User ids are identical in both systems
We ran into the problem of dual administration ((de)assigning portal role on both portals instead of just one) for a long time. The issue was because of different reasons at different times as we patched B's and A's. At one point we were on SP15 on both portals and we were told by SAP that RRA can be done on B for remote roles and the assignment propagates to A automatically if the following configuration is set up on both A and B.
- A's permissions are relaxed allowing "Everyone" group checked for "End User" access as per ([http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/content.htm|http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/content.htm]
However, we chose not to do the permission relaxation as enabling "Everyone" group with "End User" access can allow anyone to launch an iView (if the URL is known somehow) and the user would be able to see the layout of the iView, which can include text, etc. The user won't be able to access any data though, however, there is certain compromise on security which we decided that its not okay. So, we digressed in SAP's suggested practice because of security reasons.
Today we, manage security on B using Active Directory groups and on A using Java groups (ABAP roles).
In your case, I suggest investigating the option of relaxing the security on producer portal like in the above link. If you think its okay, all you have to do is, provision users on B by assigning remote roles from C and A.
Either my story is applicable or I must have got you totally wrong,
Kiran -
Role assignment did not work during migration
We just finished a QA migration from EP60 to NW04 SPS14.
Everything went OK with the exception of the following:
Users who had customer defined roles assigned in the source system (EP60) did not get the roles assigned in the target system.(NW04) For example, if I had a few out of the box SAP roles assigned to a user in the source system, they were assigned to that user in the migrated NW04 system. The customer assinged roles did not get attached to the same users users.
Has anybody run into similar findings ???Some more info.
We may have figured out that during the migration the NW portal inititaed a connection to our LDAP server and failed. We have MSADS with a multi LDAP configuration and have configured SSL for the connection to LDAP.
Any Ideas ???
I pulled this out of the trace file:
#1.5#005056B171CC00560000000C00000FE8000405C779F98BF4#1132254209877#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_28##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
#1.5#005056B171CC00610000000600000FE8000405C779FA37A6#1132254209924#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_32##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
#1.5#005056B171CC001D00000001000011D0000405C7DA2B657E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###No connection to the ldap server, recheck configuration or availability of directory server##
#1.5#005056B171CC001D00000004000011D0000405C7DA2B6F70#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Server not available,recheck configuration or availability of directory server##
#1.5#005056B171CC001D00000007000011D0000405C7DA2B7443#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Initialisation of a connection pool failed for UACC please check the configuration or availability of the directory server##
#1.5#005056B171CC001D00000009000011D0000405C7DA2B78C2#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Please recheck the LDAP configuration Initialisation of connection pool failed for UACC
poolname qadc2.app.csa-group.qa:636_UACC
java.naming.factory.initial= com.sun.jndi.ldap.LdapCtxFactory
java.naming.security.principal= cn=epqadm2,ou=PortalUsers,dc=app,dc=csa-group,dc=qa
java.naming.ldap.version= 3
connection_pool_name= qadc2.app.csa-group.qa:636_UACC
java.naming.provider.url= ldap://qadc2.app.csa-group.qa:636/ou%3DPortalUsers%2Cdc%3Dapp%2Cdc%3Dcsa-group%2Cdc%3Dqa
java.naming.security.protocol= ssl
java.naming.ldap.factory.socket= com.sap.security.ssl.SSLSocketFactory
java.naming.security.authentication= simple
java.naming.security.credentials= ******
[EXCEPTION: no connection to the ldap server:null]##
#1.5#005056B171CC001D0000000D000011D0000405C7DA2B8C9E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Error#1#com.sap.security.core.persistence#Java###DataSource : Initialisation of connection manager failed, due to SSL configuration lazy initialisation#1#CORP_LDAP2# -
Business Role Assignment to User by Organizational Model
We have created the organizational model in our system where we have the levels that are tied to a specific business role. We have been manually assigning all of our users to these organizational model levels in order to have the business role assignment. I am curious if there is a program or easier way to do this than to have to create the assignment to the employee record manually in the org model.
Any help would be greatly appreciated.
Thanks,
DarcieHi Robert,
maintaining the user profile directly may be easier with only a few employees but for large companies this method will end up being more maintenance intensive.
for Org you only have to maintain it on the Org unit or position and all employees underneath will inherit the role; whether it's 2 individuals or 2000. and if the person is moved into a different position laterally or through promotion there would be no maintenance required as the information would replicate from HR (if you use/have the system) and the person would inherit the new position and role automatically.
for User parameter if you only have 2 individuals it is easier but 2000 is too much to maintain. there is some automation but would require you to create them and run them yourself.
pfcg at most companies do not fall under general master data maintenance and would require involvement from the security group and they often do not want to generate empty or unnecessary security/authorization profiles - the maintenance workload is shifted to them also in this case.
regards. -
Can portal role assignment be transported to another portal?
Hi, Gurus:
i need to transport portent, role, uses, etc from one portal (EP6 on NW04 )to another (EP7 on NW04s).
can you tell me that if portal role assignment can also be transported?
same question to ume role.
very confused at this area.
hope i can get your advice
Thank you
Br,
NikkoStrictly speaking the user/group/role assignment is not part of the normal transport process in that it will not make those mappings when you transport the content to the next system in your architecture.
However - you can export users / groups which includes the mappings details. This can be used in your downstream systems.
Subsequent transports of objects do not "break" existing mappings.
Haydn -
Reg FPN Role assignment in consumer portal
Hi Team
We are trying to implement FPN between two portals both are EP7 SP20
i followed the basic steps like
1 establishing the trust between portals
2 regestration of producer portal in consumer portal
I am able to see the roles created in producer portal in consumer portal with the help of User administration--Identity management tool
the probelm we are facing is when i assign the role in consumer portal to a user it is not getting assigned but it is getting assigned in the producer portal
pls let what i need to do inorder for the producer role to be assigned to consumer portal user
thanks in advanceHi,
already saw this several times. Unfortuantely, it never was a FPN error. It always was human error:
Confused by the Consumer / Producer concept the Admin created the role assignment in the producer and not in the consumer.
Just check that you are really using the consumer.
If so, consider opening up an OSS message.
br,
Tobias -
Need procedure for creation of BW Roles, Assigning Queries,Publishing Roles
Hi Experts,
Could you please let me know the procedure for creation of BW Roles, Assigning Queries,Publishing Roles in Business Explorer (BEx - BW 3.5)
Thanks in advance,
AndyHi,
Creating BW Roles
http://help.sap.com/saphelp_nw04/helpdata/en/52/6714b6439b11d1896f0000e8322d00/frameset.htm
Assigning Queries
After creating the query, save the query to a role from the query designer.
Publishing Roles in Business Explorer
https://websmp101.sap-ag.de/~sapdownload/011000358700002894802003E/HowToBIPortal1.pdf
Hope this helps you..!
-Pradnya
Maybe you are looking for
-
Using Session Variable in the Column Level Security
My Question - 1. I created an initialization block with initialization string by calling a new session variable CTP_ID_LIST in the sql command, given appropriate database connections and when I exit out of Block, and chosen Row-wise initialization. I
-
Has anyone else noticed some movies will no longer be on the iCloud?
This must have happened in the last day or so. I was planning on buying some movie, but now I'm not sure. What happened?
-
Show information for BPM process instances to possible future assignees
Hi all, My environment is 11.1.1.4. I want to develop an ADF application that shows users information for BPM process instances which will possibly produce a user task assigned to them in the future. What I have done is 1. Get BPMAppRole from the use
-
Is it possible to execute "execute_query" command when you are using some non data base block in your form. Thanks Rajat
-
Activation key mismatch - Professional vs Ultimate G550 XP upgrade to Win 7
i have a problem with pages dropping off when writing text. i can bring the page back moving the mouse. big pain... i got as far as the "activation key mismatch" notice and a cold boot was done. it also ref. download newest drivers. i went to that l