Role/User creation in MDM

Hi All
To create a role/user in MDM the repository shuould be in Unload condiion?
is it true? please let me know ASAP.

Hi,
To create a role/user in MDM the repository shuould be in Unload condiion?
is it true? please let me know ASAP
        Yes!, you can create a Role/User in MDM even when the repository is loaded
Hi Ravi,
Add role is inactive in my system . I have tried with same log on id and PW in different system there i can able to create Role .What might be the problem? please let me know ASAP.
         There is no problem. In the system1 where you were able to create a role, your user role was given permission to read/write acess to create the role. you can check by selecting roles -> selecting <your userid> -> under Tables and Fields Tab you can see that radio button towards roles is read/write
         Now coming to system2 where you were NOT able to create a role, your user role (SAME but on other system) given permission to JUST read only acess. You can check by selecting roles -> selecting <your userid> -> under Tables and Fields Tab you can see that radio button towards roles is read only.
Thanks
Kolusu

Similar Messages

Automatically assign user roles on user creation

Hi,
I have a scenario where i am creating database users in Oracle database and we need that no matter from where the database users are created they have a couple of roles automatically assigned to them.
How can this be done?
Quick response will be very helpful.
UZ

post and wait for a valid answer more than 20 minutes, search by yourself at oracle documentation less than 5 minutes. worth it?
http://docs.oracle.com/cd/B28359_01/server.111/b28286/statements_8003.htm
a trick --> group of roles = profile
another trick --> profile can be add in the user creation
Edited by: Fran on 26-feb-2013 2:17

No active writeable datasource found for user creation, check your Persiste

HI SAP Guru's
Suddenly when I am login in Portal with J2EE_ADMIN or any user , I am getting error
You are not authorized to access this application; contact your system administrator
and when I am going to create user in identity management I am getting below error
Current user has user creation permissions in the UME, but cannot create users in the back-end system (data source). The original and possibly untranslated message was: "No active writeable datasource found for user creation, check your Persistence Configuration.".
I have searched all related treads in SDN but no success
Please help.
Thanks & Regards
Vinay Patel

Dear all,
I was searching the community because I had this same error and there was no answer of how it was fixed. So I'm sending how I fixed today in a customer environment.
1. Go to portal http://<portal>/webdynpro/dispatcher/sap.com/tcsecumewdumeadmin/UmeAdminApp
- select configuration
- folder "sap system based in abap"
- do the conection test
If the test fails, log on in client 001 and change user SAPJSF:
- assign role SAP_BC_JSF_COMMUNICATION (only this one) and one profile that has permission to RFC logon
- you can change the password too
STOP/START ABAP+JAVA
Go again to the portal above and test connection again. The tests should now be OK.
2. Go to portal http://<portal>/irj
- Log on with administrator user
Now you should be able to create an user.

New sap user creation

Hi All SAP experts,
My company has implemented 2 Systems SAP Landscape with one development and one production server which are running on R/3 Enterprise 4.7 (Kernel Release 6.20) with Microsoft SQL 2000 as database server.
I have the following questions regarding new sap user creation by using user copy function.
1.When I request to create new SAP User by using user copy function ,should I just create the user acct in DEV and transport it to PROD System? If yes, how could I do that?
2.When I request to create new SAP User by using user copy function, can I just create it on PROD System only? If yes, what is the impact?
3.When using User copy function to create new user acct, should I select all parts (like adress ,defaults,reference user, user groups.....) of the existing user to be cloned to new user acct?
Thanks.
Leon

Hi Leon,
Answer to your questions in their respective order:
1. You can create user in DEV and then make remote client copy to PRD system using scc9 t-code. Here you can choose user accounts and authorizations for the copy. ( Rem: Data will be overwritten in target system when copied).
You can also use client export/import(scc8/scc7)
But, When you do the client import from the exported files using STMS,you will have to select only one of the transport requests and then STMS automatically selects the other requests for you.
Then it will show you the different transport requests that you have created during your export, the client copy profile and the target system and client. The customizing and application data is deleted in the target client before copying for all profiles except SAP_USER. This is technically unavoidable (and hence the data will be overwritten).
So if you can afford overwritting of user data in target client , you can go with the above procedure.
2. Using user copy in su01, you can copy one user to another user only in that client and is confined to that system only. So yes, If you want 2 or more users to have same authorizations, profiles ,etc etc.. you can choose this in PROD system.
3. It depends.. If you want user to be in same group, then you can choose user groups. If you want them to have same authorizations , you can choose roles and profiles... If you want them to have same company address and others,... you can select address.. and so on.
Also below link provides required steps in case you choose local/ remote client copy:
http://www.sap-basis-abap.com/bc/client-copy-by-using-scc8-and-scc7.htm
Hope this helps...
Thanks,
Ajith
Edited by: Ajith Kamath on Oct 20, 2009 8:28 AM

Can we Automate User Creation in SAP IDES?

Hey Guys,
I found this piece of information on Internet somewhere.
"SAP provides a simple user creation mechanism for IDES system. An enhancement is already active by the name USRADMIN this contains code that executes just after the user logon. If somebody logs on as 'MUSTER' with password 'IDES' it prompts to create a user. and after the creation MUSTER is logged off. If the password of MUSTER is changed the program also reset the password to IDES always. the password is hard coded in the code
For this to be active an entry has to be maintained in the table zides_user_procc . In this table we maintain the SAP system SID, client where this functionality is to be active and also maintain the reference user which will be copied to the new user ."
*bol

It was a while back, but the logic was like this:
User logs into webpage on intranet. Lets just say that authentication to that resource is dealt with separately here.
User is presented with a form and fills in info like
UserID required
FirstName
LastName
email address
Password
This info is used by some backend VB code which initialises an RFC connection with SAP.
Once RFC is established, a function module to copy an existing template user is executed (template user contains roles to copy etc). The new user is created as required and you can then log on & use it.
To be honest, most self service sandbox systems tend to be the log in using existing user & create yourself a user or run a prog which will do it for you.
Hope that helps,
Cheers
Alex

GRC 10: Initial password for multiple users creation in a ARQ request???

Hi All,
I was trying to create a request in ARQ for multiple users. I noticed that, I could add all the necessary required information for multiple users using the template. I added the roles as well. However, I could not set the initial password for multiple users as the tab "User System Details" (where the initial password is provided for a single user) is disabled!!!
The users were successfully created in the R/3 system. However, due to non-availability of initial password, these users could not log into the R/3 system.
May I know how to set the initial password for multiple users?
Regards,
faisal

Vit,
I was trying to test this multiple user creation scenario. But I am surprise to get a template where in I have only below mentioned fields:
1. User Name
2. User Id
3. Email
I filled these details and uploaded. Then filled the "User Access" details. While submitting the request, I got the error:
"Last name is not mentioned for user id XXX"
But there is not such column in provided template by GRC!
I added 2 columns: First Name and Last Name and saved it and uploaded again. These details are not picked up!
Following are the only columns shown:
1. User Name
2. User Id
3. Email
4. Manager
Out of above, only "Manager" field is editable and others are disabled.
Last time I remember, I has got complete template with all the columns. Unfortunately, I have deleted it and not available with me now.
Any idea you have why am I getting such incomplete template?
Regards,
faisal

Please advice process change in Solution Manger user creation

Hello All,
We have like 5 systems linked to Solution manager now.
We are trying to make some improvements in our daily activities by reducing / eliminating few steps. In our current scenario, users are LDAP authenticated, so we run a query (RSLDAPSYNC_USER) and create a user. Then assign the roles in SU01.
So, is it possible to have user creation (by LDAP authentication - RSLDAPSYNC_USER) and role assignment in a single step?
Or
Can you create a user group for each type of user and have any automated jobs for automatically assigning roles to the users of that user group?
We can use su10 for assigning roles in case of more users, but i am looking for some more options.
Thanks in advance.
Muzammil

Hello Miguel,
We are using solution manager for user maintenance.
If any internal user requests for SAP application access we give it via solution manage. Solution manager is again connected to our LDAP server and pick the details from LDAP by running a query.
During this user creation process we have some default roles which are supposed to be given to all the users related to one particular system. Lets say SRM users, if we are creating any SRM users then we have to give the default roles to all the users we created.
So, is it possible to have these default roles assigned automatically when i create?
Thanks in advance.

Role of ABAP in MDM

Hello MDM Guru's,
Could you please help me to understand the role of ABAP in MDM. i underestand ABAP API's role (interfaces) can be used, However i want know what kind of requirements do we get to use ABAP based coding & what kind of customization could be done, could i use Business Workflow from ABAP in MDM.
Any documents or links please.
Thanks in advace
Cheers
Srihari

Hi Srihari,
The role of MDM with ABAP is basically the utilization of the MDM functionalities and features from an ABAP server.
It is a way to connect to the MDM system from another system which does not understand MDM language.
As MDM is a C++ based system and ABAP is an ABAP language based ERP system.If you want to talk to the MDM system from an ABAP system you need to inteface them through the ABAP API's.
Doing this you can then Search,create ,update Run matching strategies etc from teh ABAP system just by using the Preconfigured classes and methods.Whereever a n enhancemendt is needed which is more than the standard delivered functionlaity of MDM you can utilize the coding ability of ABAP to achieve it.
Few Real time requirement that I came across of using ABAP interfcae to MDM are
- Creating ABAP design ALV reports that is a result of MDM Master data stored within the MDM repositories.
- The logs that are available with MDM are the standard delivered ones which are not easily understandable.We can use ABAP is an effective way to develope a user friendly report explaining the MDM logs
- Something similar to the above can bo done with the change tracking feature of MDM.
- Also ABAP api can be used with effective coding and customization to make available the Master data from MDM as an F4 help in abap.
Regarding using ABAP business workflow in MDM or viceversa,I guess is not a feasible thing to do.
You can however use the Consistent MDM outputted data in ECC and run a separate governance on it through an ECC workflow using ABAP.
To know more on what standard features as well as customized features that can be delivered through the MDM-ABAP interface .Kindly refer the MDM ABAP API series how to guides
Hope It Helped
Thanks & Regards
Simona Pinto

'Standard Role' 'User' 'Business Partner' and 'Internet User'

hii
Currently I m working on E-Recruitment 6.0 BSP's..
Can somebody explain me....
1)
'Role' 'User' 'Business Partner' and 'Internet User'
Kindly help me undertand the relation between the above mentioned IDs and there creation
2)
I have created Business Partner(External Person) ID using BP(txn)...Kindly let me know how to create the 'Internet ID' and 'PW'
So that I can use it for HRRCF_StART_EXT (BSP)
kindly explian...or mail me any documention related to
E-recruitment to my id [email protected]
Looking for a immediate reply
Regards,
Raghav

Role - is the same as the concept of role in R3. SAP Delivers some pre confogured authorisation profiles for some standard roles.
Roles are assigned to user depending on the client's requirement.
Business Partner is the same as BP in CRM. basically, the following will be BPs in ur system:
Each independent user of the recruitment process - as BP Branch.
All third party recruitment vendors as BP Type Agency.
All employees will also be BP in the system.
All external applicants.
You can create internet user using the t code SU05. You can also use the R3 sytem user credentials to log on to the url application by configuring the system to use the SAP login. (this is done thru t code SICF)
Hope this helps.

New user creation in AE- user group not getting assigned

Hi All,
Here is a typical case, wherein when we create a new user with AE for the production system, the user gets created and the roles are also assigned but the user group is not getting assigned. The user group is being fetched from a table from the backend and all that is working fine. Infact in order to test the configurations we even created a new user in the production instance of AE giving the development system as the target system for user creation and in this case the user was successfully created and the user group is also assigned. The problem is arising only when the target system is production system.
Connectors are all working fine, but we are unable to think of a reason. Can somebody help us on this?

Hi Vani,
If you are provisioning the user group using user defaults, check that production system is selected in the user defaults configured. Configuration -> user defaults. You can define any user default system, but for perticuticular user defaults that is applicable define all the systems, in which you want user defaults to be provisioned.
Kind Regards,
Srinivasan

Automate User Creation Process in EP7 through ECC6.

Hi
I have a ECC6 Backend and EP7 installed on two Different Hosts.
My Requirement is whenever a User is Created in ECC6 , the same user is to be
Created in EP7 automatically. Role assignment can be done later.
Has any one done this ?
Regards
Rajendra

Hi Michael
Currently we would like to keep the UME Datasource as AS Java only.
In this case is it possible to have a solution like say
1. Create a portal webservice which has a function to accept parameters required for User Creation.
2. This webservice will be called by ABAP whenever a new user is Created in Backend.
if yes then can u guide me in the Second Step mentioned above ?
Regards
Rajendra

Mass role & authorization creation

Hi all,
I have been assigned a task to create some 400+ authorizations. Using PFCG and creating one by one would take much time, so I wonder if there is a different approach.
Every role has a different number of transactions, but most of them have the same values for authorization objects (company code, purchasing group etc).
Anyone have an idea on how to do this?
Thank you,
Igor

What about ECATT or even BAPI usage? There are ECATT procedures for mass users creation. Can that be used for roles as well?
Not as far as I know.
In any case, I will never relay in mass creation of roles as this will represent a security issue, and In my personal opinion is why SAP does not offer mass creation of roles as a standard
Regards
Juan

User creation in SRM-SUS

Hi
I am trying to use FM BBP_SUS_UM_API in SRM7.0 SUS for SUS user creation.
I wrote below code, but User is not created.
instead,it gives error "E:BBP_SUS_BUPA:120". I could not see any message text displayed.
Any problem in code?
But when i test in FM at SE37 its works fine. how to trace this.
data: lstab type zbapistruc occurs 0 with header line.
data: lsmessages type BAPIRET2 occurs 0 with header line.
data: lsbapiagr type bapiagr occurs 0 with header line.
* data: ET_MESSAGES STRUCTURE BAPIRET2.
refresh : lstab,lsmessages,lsbapiagr.
clear : lstab,lsmessages,lsbapiagr.
lstab-TV_USERNAME = 'TESTUSER1'.
lstab-TV_ACTION = 'CREATE'.
lstab-TV_PASSWORD = 'usrpwd'.
lstab-TV_TITLE = 'TEST'.
lstab-TV_FIRSTNAME = 'CUsertxt'.
lstab-TV_LASTNAME = 'CKtxt'.
lstab-TV_EMAIL = 'xxxxxxxxxxxx.com'.
lstab-TV_COUNTRY = 'JP'.
lstab-TV_LANGUAGE = 'JA'.
lstab-TV_COMPANY = '27'.
lstab-TV_TELEPHONE = '03-34444444'.
lstab-TV_FAX = '03-34442444'.
lstab-TV_FUNCTION = 'TEST'.
lstab-TV_DEPARTMENT = 'TEST'.
lstab-TV_DATEFORMAT = '1'.
lstab-TV_DECIMALFORMAT = ' '.
lstab-TV_TIMEZONE = ' '.
lstab-TV_SAVEPERS = ' '.
append lstab.
CALL FUNCTION 'BBP_SUS_UM_API'
EXPORTING
    IV_USERNAME                = lstab-TV_USERNAME
    IV_ACTION                  = lstab-TV_ACTION
    IV_PASSWORD                = lstab-TV_PASSWORD
    IV_TITLE                   = lstab-TV_TITLE
   IV_FIRSTNAME               = lstab-TV_FIRSTNAME
   IV_LASTNAME                = lstab-TV_LASTNAME
   IV_EMAIL                   = lstab-TV_EMAIL
   IV_COUNTRY                 = lstab-TV_COUNTRY
   IV_LANGUAGE                = lstab-TV_LANGUAGE
   IV_COMPANY                 = lstab-TV_COMPANY
   IV_TELEPHONE               = lstab-TV_TELEPHONE
   IV_FAX                     = lstab-TV_FAX
   IV_FUNCTION                = lstab-TV_FUNCTION
   IV_DEPARTMENT              = lstab-TV_DEPARTMENT
* IV_DATEFORMAT              = lstab-TV_DATEFORMAT
* IV_DECIMALFORMAT           = lstab-TV_DECIMALFORMAT
* IV_TIMEZONE                = lstab-TV_TIMEZONE
* IV_SAVEPERS                = lstab-TV_SAVEPERS
TABLES
    ET_MESSAGES                = lsmessages
    IT_ACTIVITYGROUPS          = lsbapiagr
EXCEPTIONS
    ERROR_MESSAGE_PASSED       = 1
    OTHERS                     = 2.
IF SY-SUBRC <> 0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
*         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Regards
Chandra

Hi
I am trying to use FM BBP_SUS_UM_API in SRM7.0 SUS for SUS user creation.
I am able to create user in both SUS portal and SU01 side without role selection.
If i want to assign role to user, this function module does not have input parameters to assign roles.
How to do this?
Seems like inside FM some role assigment code is done. but not from input side.
how to manage this.?
Regards
Chandra

User creation in ISW ADS- DS

Hi
I have setup ISW6 with DS6.1. Password sync is working fine both ways. I have enable user creation also. I can create users from DS to ADS but when i try to create user from ADS its does not create user in DS. i see this error
"LDAP operation on entry uid=ds62,ou=idsync,o=aus.edu,o=ausedu failed at ldap://pwsynch:389, error(19): Constraint violation (Password already hashed. Cannot check quality.)
WARNING 68 CNN100 pwsynch.aus.edu "Cannot create user 'uid=ds62,ou=idsync,o=aus.edu,o=ausedu' at ldap://pwsynch:389, ldap error code = 19." (Action ID=CNN101-11463C138E7-11, SN=8)
I have match password policy both side. my password encryption method at DS is SSHA in global policy.
in DS if i disable password syntax check then it create the object with
{PSWSYNC}*INVALID*PASSWORD*. It seem from ADS password is coming as blank. But i am providing valid password while creating user in ADS.
I am using schema 2.
Please help
Thanks

HI,
Where are you creating the users & roles? In ABAP or in portal? Give me more details, like at which step you get this error
Regards
Jaya Ganesh

Issue with User Creation in AS ABAP

Hi Experts,
We are implementing IDM 7.2 SP8. We have successfully performed initial load from CRM systems and also created Business Roles in CRM containing privelleges from CRM system. We can successfully assign roles from IDM to users in CRM for users loaded in IDM after initial load.
However, we are not able to create users in CRM backend system. Please find below details on the same:
Creating user from IDM UI and also assigning role:
1) We try to create user using the standard SAP Provisioning Task - "Display Identity". We maintain the user details like - first name, last name, validity etc and also the
2) We select the Business Role to be assigned to user and click on save. Workflow is triggered for the same and after approval from role owner, the correspodning tasks get executed.
3) The user gets created in IDM UI and also the desired role is assigned to user. However, no changes occur in backend CRM system.
4) Job logs and found that the job "SETABAPROLES&PROFILESFORUSER"(from standard sap framework) fails with error -
putNextEntry failed storing
Exception from Modify operation:com.sap.idm.ic.ToPassException: User 1 does not exist
Creating User from IDM UI without assigning any role:
1) We create a user using "Create Identity Task", maintain the attribute "ACCOUNT<repository name>" for the user, maintain the validity dates and click on save.
2) User is created in IDM UI but nothing happens in backend CRM system.
I followed thread 3331868 and understand that "Account Privilege PRIV:<Repository>:ONLY" should be assigned to user for creation in backend system. However, i am not able to find the privellege in IDM UI for assignment while user creation.
Kindly help me with steps on how to assign this privelege while creation of new user in IDM UI so that user can be created in backend system.
Thanks and regards,
Nitin

The repository:ONLY privilege should be created when you do the initial load if you use one of the SAP templates. If not, you can manually create it.
On the repository, set the master privilege to be SAP:repository:ONLY (note, it can be anything but changing it would make life hard for anyone following you).
Create a task called 'Assign Master Privilege' which has:
MSKEYVALUE %mskeyvalue%
MXREF_MX_PRIVILEGE PRIV:$rep.$Name:ONLY
Ensure that the repository is set to 'inherited'
Assign your new task as the 'No Master Task' on all repositories.
When a user gets a privilege in a back end system, it will check to see if they have an 'ONLY' priv for that repository. If not, it triggers the 'No Master Task' which assigns it and then it will assign the backend privilege.
Peter

Role/User creation in MDM

Similar Messages

Maybe you are looking for