Role Creation using SCAT-Urgent.....

Hi All,
I got a spread sheet with roles and transactions to be included in each role.Can anyone let me know how to Map this transactions to roles using SCATT?Please explain in a procedure which would be helpfull to me.Points will be rewarded to the answers.
Regards
Krishna

Hi Krishna,
If yor are just asking about running a script, than follow the steps below:
-Open the file, with excel and edit the data as per the requirement, and save the text file
-To execute the test case using the external variant from file, from the initial CATT screen, enter the test case name and choose Execute.
In the field Variants, select External from file and choose Choose. Select the file created above, and choose Open. Under Processing mode, select Errors, and choose Execute.
Note: When you use this method, the file must be imported each time the test case is executed (file remains only on PC).
If you are very new to CATT script, than use browse the link below:
http://www.*********************/tutorials/scat.htm
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh

Similar Messages

Role Creation using CAT Scripts

Hi,
Step by step procedure needed.
I need role creation using scripts(SECATT),org values that needs to maintain
is full authorization.
pls help me.
ram

Hi Ram,
There is a SECATT tutorial here: http://www.*********************/tutorials/secatt_user_create.html
If you learn that & the principles associated with SECATT then you can apply that to creating and populating roles.
In my opinion SCAT is much easier to use, though less flexible,

How to automate User creation using SCAT ?

Hi,
Can any body help me out in generating a script for automating User creation by SCAT ?
I recorded the steps,but failed to upload the values from the excel sheet to SAP.How to enter the values in the excel sheet - Is it row-wise or columnwise ?
Thanks,
sAmik.

Hi,
SCAT includes the following main steps
1)Recording the Steps
(Go through the screens you want to make entries to be careful not to forget to fill in Lastname and password as they are the mandatory fields and rest are optional depends on whether u want them to be involved in the script or not. Once done save the script
2) Now declare the values u entered in the script to variables for this go to test case created in change mode and double click TCD then select the "Field List" in the upper left corner of the screen. Now here you can see the values u entered replace any which you feel need to entered with a & . Fields which you donot declare as variables get the values u entered as default values .
after filling fields you wanted backout from screens and save it
3) Download the script to your computer.
for this Select Goto > Variants> Export and save the file with .TXT
4) open the file with excel and fill in the values donot change any entries obtained in the excel otherwise the uploading script will be corrupted.
5)Select Execute Button in the subsequent screen choose the file with filled in entries make sure that the file is not open.
Select the procesing mode as background to be on the safer side
and press execute
it will work if you have performed the above steps correctly.
Regards,
Manohar

Error in oim Role creation using Role Manager Service API from Standalone Java client

Hi,
Facing the following error when trying to create Role using Role Manager Service API from a standalone java client .
Tried with the solution of changing ,
Login into the Web Logic Admin Console --> Servers --> OIM Server --> Protocols --> Modify the Maximum Message from 100000000 to 1000000000, but still the problem persists.
Exception in thread "main" org.omg.CORBA.BAD_PARAM: vmcid: 0x0 minor code: 0 completed: No
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
at com.sun.org.omg.SendingContext._CodeBaseStub.meta(Unknown Source)
at com.sun.corba.se.impl.encoding.CachedCodeBase.meta(Unknown Source)
at com.sun.corba.se.impl.io.IIOPInputStream.getOrderedDescriptions(Unknown Source)
at com.sun.corba.se.impl.io.IIOPInputStream.inputObjectUsingFVD(Unknown Source)
at com.sun.corba.se.impl.io.IIOPInputStream.simpleReadObject(Unknown Source)
at com.sun.corba.se.impl.io.ValueHandlerImpl.readValueInternal(Unknown Source)
at com.sun.corba.se.impl.io.ValueHandlerImpl.readValue(Unknown Source)
at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_value(Unknown Source)
at com.sun.corba.se.impl.encoding.CDRInputStream.read_value(Unknown Source)
at oracle.iam.identity.rolemgmt.api._RoleManager_ogut7n_RoleManagerRemoteRIntf_Stub.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy2.createx(Unknown Source)
at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.subject.SubjectProxy.doAs(SubjectProxy.java:64)
at weblogic.security.subject.SubjectManager.runAs(SubjectManager.java:262)
at weblogic.security.Security.runAs(Security.java:48)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
at $Proxy3.create(Unknown Source)
at com.idm.role.CreateRole.createRole(CreateRole.java:113)
at com.idm.role.CreateRole.main(CreateRole.java:167)
Thanks In Advance

Hi , I have used OIM 11g R2.
Please find below the code we have used,
package com.idm.role;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.login.LoginException;
import oracle.iam.identity.exception.NoSuchRoleException;
import oracle.iam.identity.exception.RoleAlreadyExistsException;
import oracle.iam.identity.exception.RoleCreateException;
import oracle.iam.identity.exception.RoleLookupException;
import oracle.iam.identity.exception.RoleModifyException;
import oracle.iam.identity.exception.SearchKeyNotUniqueException;
import oracle.iam.identity.exception.ValidationFailedException;
import oracle.iam.identity.rolemgmt.api.RoleManager;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
import oracle.iam.identity.rolemgmt.vo.Role;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.authz.exception.AccessDeniedException;
public class CreateRole {
private final static Logger LOGGER = Logger.getLogger(CreateRole.class .getName());
OIMClient oimClient = null;
public OIMClient connectToOIM() {
LOGGER.info("In connectToOIM ");
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
 "weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
 "t3://V-hydidm1.itig.co.in:14000");
System.setProperty("java.security.auth.login.config",
 "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\authwl.conf");
System.setProperty("java.security.policy",
 "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\xl.policy");
System.setProperty("OIM.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
System.setProperty("weblogic.Name", "oim_server1");
oimClient = new OIMClient(env);
try {
 oimClient.login("xelsysadm", "Passw0rd".toCharArray());
} catch (LoginException e) {
 e.printStackTrace();
System.out.println("Connected");
return oimClient;
public void readRoleMetadata() {
LOGGER.info("in readRoleMetadata ");
RoleManager roleManagerService = oimClient
 .getService(RoleManager.class);
try {
 Role roleVo = roleManagerService.getDetails(
 RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
 Set attributeNameSet = roleVo.getAttributeNames();
 Iterator it = attributeNameSet.iterator();
 while (it.hasNext()) {
 System.out.println("Attribute Name :: " + it.next());
 // roleVo.setAttribute("ADentitlements", "Security Admin access");
 String adEntitlements = "" + roleVo.getAttribute("ADentitlements");
 System.out.println("AD Entitlements :: " + adEntitlements);
 System.out.println("DB Entitlements :: " + ""
 + roleVo.getAttribute("DBEntitlements"));
 System.out.println("Unix Entitlements :: " + ""
 + roleVo.getAttribute("UnixWindows"));
 System.out.println("VPN :: " + "" + roleVo.getAttribute("VPN"));
} catch (SearchKeyNotUniqueException e) {
 e.printStackTrace();
} catch (NoSuchRoleException e) {
 e.printStackTrace();
} catch (RoleLookupException e) {
 e.printStackTrace();
} catch (AccessDeniedException e) {
 e.printStackTrace();
public void createRole() {
LOGGER.info(" in Create role ");
RoleManager roleManagerService = oimClient
 .getService(RoleManager.class);
HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
roleCreationAttrMap.put(RoleManagerConstants.ROLE_NAME, "API Role1");
roleCreationAttrMap.put(RoleManagerConstants.ROLE_DESCRIPTION,
 "This Role is created using API Role1");
roleCreationAttrMap.put(RoleManagerConstants.ROLE_DISPLAY_NAME,
 "API Role1");
roleCreationAttrMap.put("ADentitlements", "API Role1 AD Entitlements");
roleCreationAttrMap.put("DBEntitlements", "API Role1 DB Entitlements");
roleCreationAttrMap.put("VPN", "No");
roleCreationAttrMap.put("UnixWindows", "API Role1 Unix Entitlements");
Role roleVo = new Role(roleCreationAttrMap);
try {
 System.out.println(" Before Create role *********************************************");
 roleManagerService.create(roleVo);
 System.out.println("Role Created .. ");
} catch (ValidationFailedException e) {
 e.printStackTrace();
} catch (RoleAlreadyExistsException e) {
 e.printStackTrace();
} catch (RoleCreateException e) {
 e.printStackTrace();
} catch (AccessDeniedException e) {
 e.printStackTrace();
public void modifyRole() {
LOGGER.info(" in modifyRole ");
RoleManager roleManagerService = oimClient
 .getService(RoleManager.class);
Role roleVo;
try {
 roleVo = roleManagerService.getDetails(
 RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
 String roleKey = roleVo.getEntityId();
 HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
 roleCreationAttrMap.put("ADentitlements",
 "Updated API Role1 AD Entitlements");
 Set roleKeySet = new HashSet<String>();
 roleKeySet.add(roleKey);
 Role roleVoNew = new Role(roleCreationAttrMap);
 roleManagerService.modify(roleKeySet, roleVoNew);
 System.out.println("Role Modified ..");
} catch (SearchKeyNotUniqueException e) {
 e.printStackTrace();
} catch (NoSuchRoleException e) {
 e.printStackTrace();
} catch (RoleLookupException e) {
 e.printStackTrace();
} catch (AccessDeniedException e) {
 e.printStackTrace();
} catch (ValidationFailedException e) {
 e.printStackTrace();
} catch (RoleModifyException e) {
 e.printStackTrace();
public static void main(String args[]) {
CreateRole miscObj = new CreateRole();
miscObj.connectToOIM();
miscObj.createRole();
//miscObj.readRoleMetadata();
Thanks In Advance .

11g R2: Role creation using API

I am trying to create a role using OIM API RoleManager
            RoleManager roleService = oimClient.getService(RoleManager.class);
            Role roleObj = new oracle.iam.identity.rolemgmt.vo.Role("");
            roleObj.setAttribute("Role Name","SampleTestRole");
            roleObj.setAttribute("Role Display Name","Sample Test Role");
            roleObj.setAttribute("Role Description","Sample Test Role");
            System.out.print(roleService.create(roleObj));
            System.out.print("Role has been created.... ");
I am getting the following exception:
oracle.iam.identity.exception.RoleCreateException: Orchestration process with id 14915, failed with error message null.
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at oracle.iam.identity.rolemgmt.api.RoleManager_ogut7n_RoleManagerRemoteImpl_1036_WLStub.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy2.createx(Unknown Source)
at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)

Tried as suggested in the link posted but still getting the same exception.
        Role managerRole=new Role("powerUser");
        managerRole.setName("powerUser");
        managerRole.setDisplayName("powerUser");
oracle.iam.identity.exception.RoleCreateException: Orchestration process with id 14930, failed with error message null.
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at oracle.iam.identity.rolemgmt.api.RoleManager_ogut7n_RoleManagerRemoteImpl_1036_WLStub.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy4.createx(Unknown Source)
at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
at $Proxy5.create(Unknown Source)

Custom role creation using secatt

hi sap peers!
can somebody tell me if it is possible to create custom roles using secatt or catt script.
if it is possible then how to do it.
thanks

Hi,
I hope This could help you.
http://help.sap.com/saphelp_nw2004s/helpdata/en/2a/121e3bd711bb04e10000000a114084/frameset.htm
You can find the eCATT Tutorial in the above link.
Cheers
Soma
Message was edited by:
soma pradeep

Disable the buttons for creation using PFCG roles

Hi SAP Experts,
 How to disable the buttons for creation using PFCG roles?
Regards,
Jaya

Hi,
u have to write the code in at selection-screen output event
AT SELECTION-SCREEN OUTPUT.
LOOP AT SCREEN.
 IF P_PRINT = 'X'. " this is radiobutton
 IF screen-name = 'P_RANGE'.
 SCREEN-INPUT = 0.
 ENDIF.
 modify screen.
 ELSE.
 IF screen-name = 'S_LFDAT-LOW'.
 SCREEN-INPUT = 0.
 ENDIF.
 IF screen-name = 'S_LFDAT-HIGH'.
 SCREEN-INPUT = 0.
 ENDIF.
 IF screen-name = 'S_WERKS-LOW'.
 SCREEN-INPUT = 0.
 ENDIF.
 IF screen-name = 'S_WERKS-HIGH'.
 SCREEN-INPUT = 0.
 ENDIF.
 IF screen-name = 'P_LIFNR'.
 SCREEN-INPUT = 0.
 ENDIF.
 IF screen-name = 'S_BUKRS'.
 SCREEN-INPUT = 0.
 ENDIF.
 modify screen.
 ENDIF.
ENDLOOP.
Hope it helps.
Regards,
Sonika

Upload data for Tcode LT06(Transfer order creation) using BDC -very urgent

hi experts,
I got stucked up in writing a BDC for the Tcode LT06(Transfer order creation using wearhouse number) in MM module,
the problem is like this, when i go to the tcode LT06 , it will ask for material doucument,mat. docu. year and wearhouse number, iam entering the inputs and then press enter, as soon as i press enter it takes me to the second screen where i will be selecting the item and then click on the button called 'Generate TO item'
here the problem arises, as soon as i click the button iam getting a standard SAP error message(No Destination Storage Bin found in storage type 'IMP'). Due to this errror iam not able populate the batch input data on the screen, suggest me a proper solution. rewards will given if solution found useful.
Kishore K

Hi ,
I have done the same in Background with BDC and TR Number for Multiple Materials ,
Can u please explain the scenario, so then I would be able to try for solution ?
Warm Regards.

Sales order creation using webdynpro in ABAP

Plz give the process how to create sales order creation using webdynpro in ABAP. if not possible plz let me know how to create in JAVA.
It is very urgent. I hope i will get it very soon.
Thanks all
Sai

In your WDA application, all you need to do is call the BAPI BAPI_SALESORDER_CREATEFROMDAT2 when the user clicks some button. Most likely, you can put the code for this BAPI call in the onAction method for your button.
Regards,
Rich Heilman

Request Number is not generated for BRM "new" role creation

Hello Gurus,
I have configured BRM in SAP GRC AC 10, along with the workflow .
I have selected the following methodology
Define Role --> Maintain Auth >Analyze & Access Risk>Request Approval>Generate Roles>Maintain Test Cases
Role name : Y_TEST_BRM_FUNCTIONALITY
So i do the following steps and assign
1) Role approver as Mr. ABC & Alternate approver as Mr. QRS
2) Assign the Required transactions and do the RAR i.e i am done till step 3 of methodology
When i click "Initiate Approval request"
The approval triggers , and goes to the 1st stage as configured in MSMP
1) Power User Approval .
Here the Power User : EFG , open his workflow and see the request as
Role approval required for role Y_TEST_BRM_FUNCTIONALITY
The approver approves the request and then the request all together vanishes.
Unfortunately i am not able to search the request for that role from NWBC -->Search request by
Process Id : Role Approver Workflow
It gives blank !!
Hence neither i am able to find the request no able to do any debugging of it using
GRFNMW_DBGMONITOR_WD
Please note that the Request Id is created for any request in CUP.
Is it that i have to create a number range for BRM request ??
If so will you please let me know the object

Hello All,
I was wrong in posting the cause of problem.
Please note no "Request number" is generated for Role creation Request.
The problem was i was unable to search the Role Request approval status from "Search Request" via Process Id
It got resolved via SAP note 1643539 : UAM: Search Request not returning result for some Process Id.
My Issues is Resolved.
Thank You.
Regards,
Victor

Role Creation in CUP 5.3

Hello,
I'm trying to understand the concept of what is called "role creation" in Compliant User Provisioning.
My understanding is that the "create role" option in CUP (configuration>Roles>Create Role) means simply adding the "attributes" such as a business process, functional area, system, or company, to the SAP roles that you imported into CUP.
It seems that, with CUP, once you have imported SAP roles and "adjusted" them (adding attributes), you are no longer operating PFCG and SU01 in the SAP backend system. From this point on, everything is done in CUP (provisioning) and ERM (creating additional roles).
Please tell me if I'm wrong.
HM

HM,
The create role option in CUP is mainly for legacy/non-cup supported systems. This way you can follow the standard workflow process for LDAP/Windows/legacy system. In this user provisioning and role assignment will not be done through CUP and will be manual. This is very important for some companies as they want user to go through same process if they want to get access to any system and not only ERP system.
The below statement is wrong.
It seems that, with CUP, once you have imported SAP roles and "adjusted" them (adding attributes), you are no longer operating PFCG and SU01 in the SAP backend system. From this point on, everything is done in CUP (provisioning) and ERM (creating additional roles).
If you don't have ERM then you will have to use PFCG. Once you have CUP, you don't have to use SU01.
Regards,
Alpesh

How to raise role creation/modification request in AC 10

We are implementing AC10. I have issue more related to the process followed than technical. Please suggest from your experience.
We found that we can raise the request for new user account, role assignment to user, etc in Acess Request(formerly CUP), but we cannot raise the request for role creation, role modification. This is directly done in Role management. My question is, how the security admin will recieve the requests for creating or maintaining the roles. Is it necessary to use ticketing tool for users to raise the request for role creation and modification.
Thanks everyone for your valuable solutions.

Dear Ashish,
Whatever you have mentioned is correct to have the common platform for every request, either for user creation or role creation.
But what we decided earlier, that the end users can raise the request in CUP directly, rather than involving security admin. But after realizing that there is no request type for role creation, I think we have to use our ticketing tool as a common platform.
Request will come to security admin from the ticketing tool and than he will create the request in CUP, thereafter it will follow the approval workflow. Only problem I see in this, it goes to the manager twice, once in ticketing tool and than through CUP workflow. i think we need to take out the manager stage from the workflow.

Idm-Vaau Rbac role creations and mapping

Hi All,
I'm working on the integration between Idm and Vaau's Rbacx (role based access control) tool for role creation and provisioning...I've imported the spml.xml and SPMLGetObjectsform.xml into Idm for the SPML calls between Rbacx and Idm.
The challenge I'm facing is mapping the attributes of Rbacx roles to enable the attributes to be populated in Idm...I'm able to export roles into Idm, but they are not populating with any attributes eg. resource type, resource attribute etc. I'm uncertain as to where I have to map these properties and do any customization for this to work. I would appreciate if anyone who has worked on this or know how to do this, to pls give me some pointers/share your experience. I don't have any documentation to refer to and am doing everything on trial and error basis.
Any help is greatly appreciated!
Thank you.

Hi newbie,
Were you able to solve this issue? I am facing the same problem while assigning resource attributes for a created role using a custom workflow.
This is where I set the resource attributes in my workflow:
<Action id='1'>
<expression>
 <block trace='true'>
 <set><ref>role</ref><s>assignedResources[AD].attributes[AD Groups].valueType</s><ref>ADGroupsValueType</ref></set>
 <set><ref>role</ref><s>assignedResources[AD].attributes[AD Groups].requirement</s><ref>ADGroupsRequirement</ref></set>
 <append><ref>role</ref><s>assignedResources[AD].attributes[AD Groups].value</s><ref>ADGroupsValue</ref></append>
 </block>
</expression>
</Action>
where <ref>ADGroupsValue</ref> contains the attribute value.
thanks,
Lokesh

Approval of role creation

Hi All
I need to create a WET for role creation, this is simple But I need to incorporate approval of the creation of the new MX_ROLE entry. I can only find documentation/guides on how to implement approval of role and privilege assignment. Does anyone know if it is possible to setup approval on creation on a new entry?
Kind regards,
Heidi

I have tried to implement the MX_INACTIVE solution. Now it is not possible to see the role on the "Adminstrate"-tab, and there is an approval task on the "To do"-tab. When I click this task, details on the role are displayed properly, but when I try to process the request by clicking the "Show request"-button (button name translated from Danish, it might be translated differently...) I get an error: "Access denied".
I have set correct approver on the approval task, and I was able to process approval requests, before I set the role to inactive.
On the approval task, I have checked the "Use inactive entries" checkbox.
Does anyone have an idea what could be wrong?
Kind regards,
Heidi Kronvold

Role and use of MDM for SD consultants

is there any use of mdm to learn for sap sd consultants. Please suggest experts. how far it will be helful to me if I learn MDM , what will be my role etc

Hi Ramesh,
Appreciate your interest in MDM.
I am sure you will be using master data like Customers/Business partners in SD for various transactions like Sales Order mgmnt,Invoicing,Forecasting,etc. And, on several occasions you might have noticed flaws in business transactions due to incorrect/duplicate/incomplete master data maintained in your system.
Complex and expensive ERP/CRM/SCM systems deliver value to business only with clean and consistent data.
You can leverage MDM to -
a.Enforce Data integrity of master data.
b.Maintain single version of truth (deduplicated data).
c.Enforce Data governance inform of validations for business critical parameters.
d.Streamline Master data creation using workflows.
Being an SD consultant, by learning MDM, you can provide better and stronger business solutions to your customers in terms of Data quality and governance.You can leverage your SD experience to closely study Data centric/data driven processes and identify pain points in SD business processes. Make full use of Data management options that MDM provides while you deliver your solution.
Hope my suggestion helps.
Regards,
Vinay M.S

Role Creation using SCAT-Urgent.....

Similar Messages

Maybe you are looking for