Roles/Profiles Deleted After Provisioning Bulk Request

Similar Messages

• Partner Profiles deleted after TDMS copyback

  Recently we had a copyback activity using TDMS 4.0 for ECC system. After the copyback, we noticed that partner profiles has been deleted. One of our pre-steps is to delete the largest tables then delete the client(SCC5) and recreate a shell client. Would like to ask if how we could prevent the deletion of partner profiles during copyback? Or atleast, is there a way we could automate the configuration and return to previous state before the copyback this partner profiles? We're not sure other configurations being deleted during copyback.
  Hope for your reply. Thanks in advance...

  Hi Philip,
  There are many based on your  landscape few examples below which i generally use
  As Mentioned By Anitha , you can very much do this using TDMS itself , exclude these tables from copying.
  #SCC4
  T000
  #OSS1
  EWOSS
  #RFCs
  RFCDES
  RFCDOC
  RFCSYSACL
  RFCATTRIB
  RFCCHECK
  RFCDESSECU
  RFCTRUST
  RFCCMC
  RFCGO
  #RSA1 Transport conversion
  RSLOGSYSMAP
  #Transport Number
  E070L
  #SAP License
  SAPLIKEY
  #Access Keys
  ADIRACCESS
  DEVACCESS
  #Logon Group
  RZLLITAB
  #Transport
  TMSCROUTE
  #BD54
  TBDLS
  TBDLST

• ERM Role con't be deleted Automatically after rejecting the request in CUP

  Hi Experts,
  I am involving the GRC implimentation project and ERM component is succefully configured with post-installation activites and also configure the workflow(1-stage) in CUP for role approval.
  After initiating request, the request was sent to appropriate approver for approval process and approved/ Rejected by the approver.For first case(Request approved) everything is looks fine.
  but whenever the request is rejected (second case) by the approver, the role is still present in ERM and ABAP backend as well as.
  please suggest me, if the role is deleted in ABAP/ERM system after rejecting the request by Role Approver in CUP. or still present the role in systems.
  Regards,
  Arjuna.

  Hi Jes,
  We so have a feature called Password Self Service which is used by users to reset their password using CUP. Also if the password is locked by multiple failed attempt, CUP even activate this user.
  However in your case administrator will be locking the user or deactivating the password, so CUP will not allow users to unlock their users as it has been locked by administrator.
  So CUP can only unlock those users which were locked due to failed attempts etc.
  Regards,
  Shweta

• ARQ: Manager/Role Owner can modify request details even after submitting the request???

  Hi All,
  I have noticed that after Submitting (Approving) a request, manager or role owner can still modify the user details (field are editable) like role validity date etc in a request. This is quite weird!
  Although, after submitting a request by a requester, all field are disabled.
  Has any one encountered with this problem? How can I control this?
  Please advise.
  Regards,
  Faisal

  Alessandro,
  Thanks for your reply.
  Yes, I got it and that is why I got confused.
  This EUP I have defined and the desired fields are visible and editable and seems to be working fine.
  However, the problem is, even after submitting a request, manager and role owner is able to edit the values in the fields which is incorrect!
  Actually, once a request is submitted, I believe request should be only display mode!
  You know what, this is working absolutely fine with requester. Meaning, once a requester submits a request, then all fields are disabled and values in them can not be modified any more.
  But I am not sure why this is not happening with managers/role owners.
  Please advise.
  Regards,
  Faisal

• Mail Profiles Being Deleted After Office 2010 to 2013 Deployment

  I am deploying Outlook 2013 to user in our environment that has Outlook 2010 presently. Many users have additional attached mailboxes to their Outlook profile. After the deployment the default profile for Outlook in the Mail control panel is removed. Is
  there a way to make sure the profile and the user settings do not go away on an upgrade? I'm using a .msp created in the OCT to do this.
  Thanks!
  B

  Did you retain the default settings in OCT for handling Outlook?
  By default, mail profile settings and data are migrated/preserved.
  http://technet.microsoft.com/en-us/library/ee620554(v=office.15).aspx#BKMK_Choosing
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Firefox cannot find profile, even after deleting and re-installing.

  I un-installed firefox when the problem first started, then re-installed it. Still cannot find profile. I went through the Profile Manager Wizard, but that didn't work. It couldn't find the program. I'm not on firefox now since it won't load.

  See:
  *https://support.mozilla.org/kb/how-run-firefox-when-your-profile-missing-or-inacc
  This is usually caused by a problem with the profiles.ini file and the profile marked as Default=1 in this file is no longer present on the hard drive.
  *Windows: %AppData%\Mozilla\Firefox\<br>C:\Users\&lt;user&gt;\AppData\Roaming\Mozilla\Firefox\Profiles\&lt;profile&gt;\
  *Linux: ~/.mozilla/firefox/
  *Mac: ~/Library/Application Support/Firefox/
  You can use one of these to make Firefox create/use a new default profile:
  *Delete the profiles.ini file to force Firefox to create a new default profile
  *Use the Profile Manager to create a new profile
  *Use "Choose Folder" when you create a new profile to select the location of a lost profile and recover this profile
  *http://kb.mozillazine.org/Profile_Manager
  *https://support.mozilla.org/kb/Managing+profiles
  *http://kb.mozillazine.org/Profile_folder_-_Firefox

• Approver step after provisioning

  Hello all,
  Is it possible to make in CUP additional approver step after provisioning new user (via CUA)?
  The goal is to have a manual step in SAP HR to assign structural authorization based on request comments after new user is created in HR system with approved roles. HR employee should do this step and close a CUP request only after that.
  Thanks,
  Anton.

  Hi,
  As Alpesh mentioned it is not possible in CUP/AE.
  Once the CUP workflow completed all the stages approvals, the userid is created in target systems and an email will be sent out to the corresponding user (if auto-user provisioning enabled in CUP configuration)(notifications to other people too depending on the CUP configuration).
  You could try forwarding the successful userid creation email notification to HRgroup email id, HR will assign structural profile and then forward the email to the corresponding user. ( I never tried this scenario - just a thought).
  Thanks
  Himadama

• RAR: Best strategy for users/roles/profiles synchronization

  Hi all,
  Assuming that:
  1) we will be never interested about profiles risk analysis (just users and roles)
  2) roles risk analysis will be run first and after sometime (threee weeks) we will run it for users.
  and we will run batch risks analysis:
  Question 1) Is it possible to synchronize just roles and do it for users just when we want to execute risk analysis for them? Or is a best practice to synchronize always for users/roles and profiles eventhough risk analysis will not be done for all three?
  Question 2) If we execute just full sync and full risk analysis, users/roles or profiles deleted in backend between executions are also deleted from DB? or removal takes place only when executing incremental sync?
  Many thanks in advance. Best regards,
    Imanol

  Hi Imanol,
  Answer Q1: Yes, you can just select user and roles for the snych and risk analysis. Go to configuration-background jobs - shedule job. If you don't run risk analysis for profiles, you shouldn't sync and select them.
  Answer Q2: Both, the Full risk analysis will alwaly update your DB. I will recommend you, to do this job in some periodic times. The incremental sync job will as well update your DB, if anything changed in the backend system. Normally your are going to run your daily or weekly jobs with this selection.
  Thanks,
  Martin

• How to identify what role was deleted in SUIM report ?

  Dear all,
  Whenever a role is deleted, in SUIM --> change document of a user, it only shows the profile name, based on the profile name we can't figure out what role was it.
  Any solution for this ?
  Your advice and comment will be appreciated.
  Thanks.
  Regards,
  Kent

  Hi,
  It is possible to see who and when the role is deleted...
  Here are the steps for the same.
  1. Start SUIM
  2. Go to Change Document --> For Roles
  3. Enter Role name (for example Z*), Enter Username (Changed by), Date, Time (From and To)
  4. Select "Create and Delete Roles" in Change Documents.
  5. Execute.
  You will see the report who and when the Role is deleted.
  Regards.
  Rajesh Narkhede

• Trying to understand "User/Role/Profile Synchronization" and Batch Analysis

  Hello,
  Im trying to understand what exactly and from which tables these jobs are copying to which tables in CC. I have a understanding that these jobs are moving also deleted roles from backend. This is causing unnecessary delay to long lasting job. 
  I would appreasite if some one could explain the logic behind these jobs. What the fullsync and incremental is reading ? What kind of changes are causing a role/user/profile  to be included to the full and incremental jobs?
  How the incremental analysis logic is built ?
  br Janne

  Janne,
  In my current implementation we are going for an offline risk analysis due to the heteregoneus system landscape of our client (several SAP and non SAP systems and several SAP systems under 4.6C). Eventhough within our approach we don't perfrom the backend synchronization (we use CC data extractor to pull data from backend into CC) hope the following info could hel you:
  The tables such jobs you mention access to, are all the SAP backend system tables related with users, roles, profiles, action and permissions. If you check the data mapping appendix of the "user and configuration guide for 5.2" you will see all the data that CC retrieves. For instance, in order to extract user info (UserID, FName, LName, Email, Phone, Email, Department) tables USR21, USR02, ADRP, ADR6 and ADCP must be accessed.
  In terms of CC tables:
  VIRSA_CC_SYSUSR >> UserIDs and Systems ID relationship
  VIRSA_CC_GENOBJ >> User, Role and Profile master data
  VIRSA_CC_GENACT >> User-action, role-action and profile-action data
  VIRSA_CC_GENPRM >> User-permission, role-permission and profile-permission
  VIRSA_CC_SAPOBJ >> Action-permission
  VIRSA_CC_OBJTEXT >> Objects descripcions (ACT, PRM, FLD, VAL, ORG)
  Hope this helps.
  Regards,
     Imanol

• Firefox bookmarks/toolbar deleted after software update for Microsoft

  Firefox bookmarks and toolbar were deleted after a software update from my mac computer - an update from Microsoft - affecting word & firefox. The restore function within the bookmark section does not work - it shows the back ups but then states "unable to process the backup file"

  You can check for problems with the <b>places.sqlite</b> database file in the Firefox profile folder.
  *http://kb.mozillazine.org/Bookmarks_history_and_toolbar_buttons_not_working_-_Firefox
  *https://support.mozilla.org/kb/Bookmarks+not+saved#w_fix-the-bookmarks-file
  *Places Maintenance: https://addons.mozilla.org/firefox/addon/places-maintenance/
  You can use this button to go to the currently used Firefox profile folder:
  *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)

• Shopping Cart Item deletable after approval

  Hello all,
  I have an issue regarding Shopping Carts: When a Shopping Cart is approved, gives a Purchase Order which is sent to Vendor, Requester can still delete Item of Shopping Cart, which has effect to delete Item in Purchase Order. I opened a message for SAP but they tell me this is the standard behavior which is for me a non sense!
  I would like to know if you already met the fact that Shopping Cart Item being deletable after approval and if you corrected it, how?
  Thanks,
  Patrick
  PS: I am working on SRM 5.0

  Hi,
  Yes this is a standard behaviour.
  The business case is a user who made a mistake and do not have access to PO due to lack of authorization.
  He should be able to delete his SC which trigger a delete status at PO item level.
  Then , if system is well configured, an update output is triggered to communicate to the vendor taht the line item has been deleted.
  If you do not want this behaviour, just modify the roel authorization in PFCG transaction.
  Kind regards,
  Yann

• Can I change the default for podcast deletion after listening?

  I have only just discovered that many of my cherished podcasts have been getting deleted after I listen to them. I originally set the option to NEVER delete after listening when I first installed iTunes years ago and I haven't change it since. However, I can only assume that it was changed by Apple during an upgrade at some point and I never noticed. The delete after listening option has been set to On for podcasts going back many years (2008 at least).
  Two questions:
  1. Is there some way to change the default setting to Off?
  2. Is there a way to bulk change the setting for multiple existing podcasts?
  Thanks.
  For what it;'s worth; I'm running iTunes 12.1.2.27 on Windows 7 64-bit on a Dell Latitude laptop.

  Choose the Podcast view you are using (either Podcasts/Podcasts or Podcasts/Episode List) from below:
  or
  and select Delete Played Episodes <Off> from the drop-down menu

• GRC AC10 RAR :"Ignore Critical Roles/Profile" option not available in

  Hello Gurus,
  I have configured RAR and the reports are working as usual , but i observed that i could not see two things
  1) Option to select "IGNORE CRITICAL ROLES/PROFILE" during Role/User ANALYSIS under "Reports & Analytic" tab.
  I checked in SPRO>GRC>AC-->Maintain Config Settings
  There is a parameter "Ignore Critical  Roles/ Profiles" which i first set to "Yes" and then checked in NWBC , i was unable to see the option under "Additional Option".
  Later i changed SPRO setting to "NO" , then again it did not show me .
  Where can i find this option , so that if i upload say 10 roles which are assigned to firefighter ID they should not be analyzed for RAR ??
  2) I also could not find any option to upload "DEFAULT roles" which need to be assigned to any "NEW USER" request coming through CUP ??
  Where can we make this setting, so that the basic roles can get assigned to the user when any new user request comes in.
  Will you please put some light on this area ?
  Thanks in advance.
  Regards,
  Victor

  Hi Johanna
  Have you run the synchronization job subsequent to the configuration of critical roles / profiles ? If not so try running the Synchronization job and then try risk analysis.
  Regards
  Swarna

• Function module to modify the user roles & profiles

  Hi All,
  I am working on user maintenance and i need a function module to modify the user roles & profiles.
  Thanks in Advance.
  Phani.

  i used the below fms
  BAPI_USER_ACTGROUPS_ASSIGN for assigning the roles.
  delete the profiles of the user qnd assign the profiles to the user:
  BAPI_USER_PROFILES_DELETE
  BAPI_USER_PROFILES_ASSIGN
  i used the above FMs for my requirement.
  Regards,
  Phani.