Role Assignment Product Functionality
I am looking for any out of the box functionality to auto assign roles to users in IdM. We could create roles using bulk upload, however I am not sure how we can assign the roles to the existing users in IdM and push that information out to the resources.
Thanks
HI
Does the Ipanel and the import Iview work
Theo
Similar Messages
-
Function module to Delimit the roles assigned to the user
Hi All,
I am working on security role automation process abap report.My requirement is to delimit the roles assigned to the user on account of employee termination or retirement. I have used the function module "BAPI_USER_ACTGROUPS_ASSIGN" to delimit the role assigned to the user.
Passing the importing parameter "username" and in the Tables parameter"ACTIVITYGROUPS" passing the respective parameters AGR_NAME(Role), FROM_DAT(Start Date),TO_DAT(termination date - 1). When I passing the parameters as mentioned above,the role assigned to the user is getting deleted,instead of delimitation of the role assigned to the user.
Is there any other function module we can use to delmit the roles assigned to the user? Please help.
Regards,
Krishnanhai,
please try this.
/VIRSA/RE_BAPI_CREATE_ROLE- Create Roles
/VIRSA/ROLE_ASSIGN_CUA_NH
/VIRSA/RE_BAPI_ROLE_TO_USERS
ASSIGN_USERS_HIERARCHY - User Assignment to Role - this is a Normal FM
try this bapis this may work
BAPI_USER_LOCK
- BAPI_USER_PROFILES_ASSIGN
- BAPI_USER_LOCPROFILES_ASSIGN
- BAPI_USER_LOCACTGROUPS_ASSIGN
- BAPI_USER_CHANGE
- BAPI_USER_UNLOCK -
How do assign the user of Consumer Portal to the role of Product Portal?
Hello All:
Use FPN, now I want to assignment the role of Consumber Product Portal the user of Consumer Portal to the user of Consumer Portal(RRA) .But because There are too many user that needed be configured.It is arduous work.
So Pls help me and tell me how to import the role of Product portal to the user of Consumter Portal,
Thanks In addvance.
jideliangThank all:
Because I want assign the Remote Role of Produce to user of Consumer with FPN.Use:
[Role]
rid=Role1
rdesc=Role description
user=MarcPeters;JackSmith;Alan_Fox;
group=HappyBuyersOf2003;HappyBuyersOf2002
Can not import.
I have find the document "How to Automate Content Creation via XML Content and Actions (NW7[1].0).pdf", it help me to use XML to import the role,the following format:
<Action id="com.sap.portal.roleassignment">
<Roles>
<Role name="pcd:portal_content/myFolder/myRole" producer.alias = "myProducer">
<Principal type="user" id="test"/>
But when I import the XML file.There is a error.
Have someone used it ?
jideliang
</Role>
</Roles>
</Action>
How -
Function module to get the roles assigned to user
Hi to all experts,
I need a fm to retrieve the roles assigned to user .
if a pass sy-uname as importing parameter i should to get all the roles assigned to that particular userhai,
please try this.
/VIRSA/RE_BAPI_CREATE_ROLE- Create Roles
/VIRSA/ROLE_ASSIGN_CUA_NH
/VIRSA/RE_BAPI_ROLE_TO_USERS
ASSIGN_USERS_HIERARCHY - User Assignment to Role - this is a Normal FM
try this bapis this may work
BAPI_USER_LOCK
- BAPI_USER_PROFILES_ASSIGN
- BAPI_USER_LOCPROFILES_ASSIGN
- BAPI_USER_LOCACTGROUPS_ASSIGN
- BAPI_USER_CHANGE
- BAPI_USER_UNLOCK -
Function Module to assign product into Campaign
Hi All,
Could you please tell me which FM can be used to assign product to campaign?
I have already created Campaign programmatically using FM MKT_ELEMENT_CREATE.
Regards,
SagarSolved!
-
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
FPN - error trying to lookup object - remote role assignment not working
Hello everyone,
We have implemented a Federated Portal Network connection in our landscape between our portals.
We use only remote role assignment functionality.
Everything was working fine, but since 2 days we encounter the following error in the Default trace.
Error trying to lookup object: alias: <role name>
It is possible to open the producer portal in the Portal Content Administration and also searching for the Producer portal roles is possible in User administration. But when we assign the remote role the tab is not displayed in the portal only the above mentioned error is shown in the default trace. Our portals run SP 12 and BI Java SP14.
Is there a solution or workaround for this issue ?
MartinHi,
I have the same issue as you, I cannot see role tabs in Consumer portal and I get the same error in the defaulttrace as you.
What did you do to resolve this issue?
Many thanks
Gordon -
OBPM 10gR3 Dynamic Role Assignment at user login
Hi,
For all the great integration with LDAP in 10gR3, unfortunately, the system is unable to deal with dynamically-defined LDAP groups.
Our goal is to apply a BPM Role to ALL humans defined in our LDAP.
All humans happen to already be defined by a dynamically-defined LDAP group called 'AllPeople'.
It would have been perfect if we could simply assign our BPM Role, 'Employee', to the LDAP group, 'AllPeople'. Sadly you can't (one for the next release pls).
So as a workaround, what we want to do instead is assign the BPM Role 'Employee' to each individual user dynamically when they first login.
Since the FDI library is useless outside of a BPM context (you'll find that some of the familiar methods of RoleAssignment are missing), We opted to create an actual BPM process to conduct role assignments, and we would then trigger it via PAPI.
The question then was, where/when do we invoke the process such that it does the role assignment quickly and soon enough for the appropriate views and applications to appear in their workspace straight after login?
We opted for a customised implementation of the SSOWorkspaceLoginInterface class.
However, we tried making the invocation in the setupAuthenticatedSession() and the processRequest() methods but, although the role assignment was successfully done in either case, sadly the user's session was loaded without the new changes - perhaps loaded quicker than the role assignment could be fed back through the directory.
Therefore, we dumped the invocation in the actual constuctor - and this seems to work for the most part. Yet on the odd ocassion, the role assignment is not quick enough to be realised in the user's workspace session - the user has to logout and back in before the changes are realised.
We've even tried to get the execution to sleep for a second or two, while the PAPI thread goes about doing the role assignment - again not much success.
So I really have 2 questions:
1. Where during login can we make a PAPI call to do a role assignment so that it should be picked up by the time the session is created? perhaps we already are doing it in the right place.
2. How could we refresh/request a new session cookie without explicitly logging out and back in again? Note, page refresh is not enough.
Thanks for reading.Sorry for the belated response - I don't get notified of replies.
The code for my custom SSOLoginModule class is:-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Properties;
import fuego.workspace.security.SSOWorkspaceLoginInterface;
import fuego.papi.Arguments;
import fuego.papi.CommunicationException;
import fuego.papi.InstanceInfo;
import fuego.papi.OperationException;
import fuego.papi.ProcessService;
import fuego.papi.ProcessServiceSession;
import fuego.sso.SSOLoginException;
import fuego.sso.SSOUserLogin;
import fuego.jsfcomponents.Util;
import fuego.workspace.model.common.WorkspaceApplicationBean;
public class CustomSSOWorkspaceLogin extends SSOUserLogin implements SSOWorkspaceLoginInterface {
private ProcessService pService;
private ProcessServiceSession pServiceSession;
private Properties properties;
public SSOWorkspaceDBLogin() {
//Do the role assignment here because it works, and does not work in the ideal location of setupAuthenticatedSession method
pService = createProcessService();
pServiceSession = createProcessServiceSession();
assignDefaultRole(Util.getHttpServletRequest().getRemoteUser());
private ProcessService createProcessService() {
return WorkspaceApplicationBean.getCurrent().getProcessService();
private ProcessServiceSession createProcessServiceSession() {
return pService.createSession("yourdirectoryusername","yourdirectorypassword",null);
//This method is used to remotely invoke a BPM process to do the role assignment - no external API to do this directly!
private void assignDefaultRole(String email) {
try {
String processId = "myRoleAssignmentProcessId";
String argumentName = "argumentName"; //the name of the input argument to feed in the participant
String argumentValue = email;
Arguments arguments = Arguments.create();
arguments.putArgument(argumentName, argumentValue);
InstanceInfo instance = pServiceSession.processCreateInstance(processId, arguments);
Long waitTime = new Long(1000);
Long timeLimit = new Long(5000);
boolean roleAssigned = false;
boolean timeLimitExceeded = false;
Long startTime = System.currentTimeMillis();
//Allow role assignment thread to complete
while (!roleAssigned && !timeLimitExceeded) {
try {
Thread.sleep(waitTime);
if (pServiceSession.processGetInstance(instance.getId()).isCompleted()) {
roleAssigned = true;
if (System.currentTimeMillis() - startTime > timeLimit) {
timeLimitExceeded = true;
} catch (InterruptedException e) {
e.printStackTrace();
//close process service session
pServiceSession.close();
//Do not close the service itself as it is shared with the Workspace itself!
//pService.close();
} catch (Exception e) {
e.printStackTrace();
public void setupAuthenticatedSession(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws SSOLoginException {
//Unfortunately, the below does not work here because the role assignment is not fast enough
//The result is that the user logs in but cannot see any applications because the role assignment has not been made in time.
//Therefore, we run the below statements from the constructor - ugly but functions.
//pService = createProcessService();
//pServiceSession = createProcessServiceSession();
//assignDefaultRole(httpservletrequest.getRemoteUser());
public void processRequest(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws SSOLoginException {
} -
Another FPN Thread: Remote role assignment not working
Hi all,
We have successfully implemented FPN for use in our ESS and BW environment and we are experiencing very little problems with it. We now want to start implementing it for our eRecruitment and SRM systems (as producers). For some reason we are not able to use the Remote Role Assignement functionality.
We have set up trust for the systems and use SSO.
Connection test for the producer is successfull.
We can see the Producer content in the pcd on the consumer.
Server times are the same.
As far as I know I have correctly set permissions on producer and consumer.
Possible cause: We are in the process of upgrading our consumer Portal to NW 7.0 SPS15 and have encountered some problems. The system is partially upgraded, so some components are SP15 and some others are still SP13. This is currently under investigation by SAP. Can this be an issue as our producer portals all are still on SP13?
I hope to hear from you soon. Please ask if you need any screenshots. Thanks in advance.
Best regards,
Jan LarosHi Jan,
if remote role assignment not works, you can also use remote delta links. I only work with remote delta links because i have more options and a better performance.
If your connection works you can go to Content Administration ->Portal Content-> NetWeaver-Content-Producer. Hier you can see your remote system. Now you can copy the role and add it to your portal-content.
If you can not see the content make sure that you have the same user on both sides also check the premissions on the portal-content of your remote system. To test the connection it is easier to add Everyone group to the content of your remote system.
regards,
Sharam -
I am adding roles to positions using indirect role assignment, when adding the role to the position I am prompted to carry out a reconcilliation of indirect user assignments, receive message 'Indirect user assignments ok' so then I've run PFUD. When I check both the role and the user I cannot see the role attached to the user, but the role is listed in the 'Relationships' in PP01.
A new organisation structure has been created, when I click on the drop down at the 'change agent assignment' the old organisation structure is displayed. Any suggestions please how I can select the new organisation structure?
ThanksHello Anthea,
to pass on a role from a position to a SAP user id I would suggest the following.
Go to transaction SA38 and run report RHPROFL0.
Some notes on the report and report selections.
The report can be used to eveluate and assign roles from HR objects to SAP users. The report starts reading at a given HR object along an evaluation path. It then updates the SAP user found with authorisation roles.
Selections:
You have assigned the roles to a position therefore you should select object type S.
Then put the position number in the Object ID.
The key date is hopefully self explaining.
The evaluation path might have defaulted to PROFL0. That would be the correct one.
The program has a test mode. I suggest you run the test mode first. It will tell you what the program would change in an actual run.
In the next selection box - "Generate authorization profiles"
You might leave the ticks in the boxes:
- Standard authorizations
- PD authorizations
That will generate profiles if they aren't generated yet.
Next selection box - "Delete manually maintained authorisation profiles"
Leave the tick boxes blank if you have any direct assigned roles.
If you tick the boxes all roles and profiles directly assigned to SAP user ids will be deleted.
In section "New Users"
There is a tick box "Generate".
If that box is ticked the report will create new SAP user IDs for all occupied positions with roles but without SAP user ID on the Employee record.
You might leave that box unticked for the moment.
I suggest to create the application log --> Last tick box on the selection screen.
Some general comments at the end.
The report RHPROFL0 might be scheduled in production systems if indirect role assignments are used. Depending on your needs make sure that the deletion of manual assigned profiles is activated or deactivated.
If you do not enter an object id, the report will run for all object ids.
A further note on the indirect setup.
If roles should be passed on from a Position to a SAP user id, it is important, that the following conditions are fulfilled.
The Position is valid/active as of the report key date.
The position has a holder at key date.
The holder has an assignment of a valid SAP user ID at key date. Infotype 0105 subtype 0001 for object type P.
The Roles on the position are valid at the key date.
I hope that helps solving your issue.
Best regards
Karsten -
Indirect role assignment using HR org
Can we use the indirect rôle assignement with thousands of users ? I mean is there any way to make a mass users assignation using this method ?
Thanks!Hello,
The switch for ORGPD is activated.
Our organization's position and job categorization is be very generic, according to the functional requirements of HR department on OM. This department is new on SAP so they are unaware of the basis team's requirement/need for an "semi-automatic" role assignment. Moreover, the functional desing on OM is done beyond this need, and it's not considered to redo the design again.
We would like to use the task object type to link the roles, any other "unused" HR ORG object, or if possible, a custom HR ORG object with custom relations with standard OM objects. This last choice would be the best from the point of view of the basis team, because this way we would not interfere in a future use of HR ORG standard objects.
The idea is to distribute the role assignment between basis people and HR people. Basis people would link the roles with the selected object and HR people would link the selected object with positions, functions, employees,...according to their needs.
Is it possible to use a custom HR ORG object for indirect role assignment? If not, is it possible to use task for this purpose? How it's done?
Yours,
jmiturbe -
Indirect role assignment using HR-ORG, any concern
May someone share their view or experience on indirect role assignment using HR-ORG, i.e. assign role to HR position or org unit instead of user.
Here are some of my concerns:
1. HR data is maintain by HR staff and their task should be separate from authorization/user assignment.
2. When using with CUA, distribute HR structure to CUA parent system is not acceptable because HR data is sensitive.Well I think the Position and User are created by the functional consultant, but the authorization you are talking about is taken care by the BASIS consultant.
-
Indirect role assignment- PO Release strategy roles
Hello,
I am in the midst of creating PO release strategy roles for implementation and trying to figure out if indirect role assignment / position based assignment would be a good idea for these roles. The reason- there are 35 release codes.
I am pretty new at using indirect role assignment but do understand a bit about the evaluation paths. We are not implementing SAP HR so there will be no usage of infotype 105. The role will be assigned to the position and then the position to the user ID. The HR Org structure is in place (atleast for the PO release workflow).
Is this a good idea?
There is one other think that stumped me. One of the functional consultants (who is also part of business) has asked me why we can't use indirect role assignment for all function (purchasing, sales, finance etc.). For one, i know with so many users assigned to positions and then indireclty to roles, the overhead would be too much and complex and then the problem with the evaluation paths.
But i am not convinced myself that this is the best explanation to give...
Any ideas on how to put it through correctly?
Regards,
PrashantHi Prasanth,
I also had a similar requirement, but since there are multiple release codes, and limits, we ended up with a custom solution, since it is a bit tough when it is required to manually assign the authorization to a person who is in a seperate job role.
We have used a custom user exit, and all the values were stored in a custom table which contains Sales Organization, User, Lower limit, Upper limit, Division, and Release codes information etc.,
We have further created a custom transaction code that reads information from the table and authorizes for the upper, and lower limit of approvals along with the company code/release code authorzation checks.
Hope this helps!!
Regards,
Raghu -
Fix Business Role / Technical Role assignment in Pending or Failed status
Hi,
We are facing issues with few users where Business role assignment or technical role assignment is going into Pending or failed status.
None of the jobs are failing or throwing any error related with the changes.
We are running IdM 7.2 version with SP8.
Is there a way to fix this issue other than removing and reassigning or recreating ID.
Regards,
ManishHi Manish,
If technical role (priv) in failed status, please check Tero's reply in the below post. You can set a periodic job to read users and privs in failed status and use uRetryPrivilegeAdd() function to retry the assignment.
Failed AD privileges
I was able to find a document on how to set up the periodic job.
Retry failed assignments (Privilege)
You should try searching the forum and wiki for answers. Most of the issues are addressed by our community experts already. Thanks.
Kind regards,
Jai
Message was edited by: Jai Suryan -
Business role assignment get lost
Hello *,
from time to time single users report logon problems due to missing business role assignment.
In these cases business role was assigned via user in tx su01 directly. Whenever it happened the affected user itself is shown for last modifier of user record. But the users of course are not authorized to edit this data.
We assume that maybe the personalization in web ui could be the reason but up to know the behaviour was not reproduceable.
Does anyone know this issue?
Kind regards
ThomasHi Thomas,
Sorry but maybe I've explained myself poorly. You said that business roles that were missing are normally assigned directly in SU01. Then, in order to try to understand how they are remove, in SU01 transaction there is a functionality that allows you to see the change history for every add/removal of a role. This will tell you the user that performed the action and which tcode he used.
Check this functionality that it's available as a menu option in SU01. Maybe it can give you some good clues about what's happening.
Kind regards,
Garcia
Maybe you are looking for
-
In "Edit View" when I pick DATA options nothing appears in the tabs!
I have a question guys: I'm using SOA 11g 10.3.3, IE 8.0 in windows 7 home. I tried to make a report in BAM, in "Active Studio" menu where you create or edit view, a single window appear and it shows in left side "Data" and "Properties" buttons if yo
-
How to portfoward with other ip then range?
Hi! Im having trouble portforwarding a ip from hamachi on my Aiport Extreme. I know you can change ip range from 10.0.1.xx to 192.169.xx etc, but its not really what im looking for. When I want to portforward a program or game, am I stuck to choosing
-
Which version of jwsdp is being used
How can I determine which version of jwsdp is being used? Is it by jar name?
-
Unable to save a copy of encrypted pdf with Acrobat Pro
I create an encrypted pdf using princexml a tool to convert HTML documents to pdf. I am unable to save a copy of the pdf file when i use Acrobat Pro 10.0. It displays the following error "The document could not be saved. There was a problem reading t
-
Getting photos to show properly in your iWeb Blog Summary?
Hi, I'm trying to create an iWeb photo blog, but am having some problems. This is what I have so far: www.nigelivy.com Basically my plan is to use the "blog home" as my site's actual home and to upload a daily photo. There are two problems that I hav