Rules for AD Groups mapping with ECC roles in GRC
Hi All,
I'm actually looking at an option to define the Rules in GRC where i can map AD (LDAP) groups to ECC roles. Is it possible? Could you please let me know if i can achieve this with Rule Architect in GRC 5.3 OR by any other mean.
Regards
- V
Gurus,
Any thoughts on this?
Regards
Vaib
Similar Messages
-
Nesting of Rules for Auto Group (Role) Membership Rules in OIM 11gR2
Does anyone know how to nest rules for auto group (role) membership in OIM 11gR2. The General rules in Design Console are no longer used for auto group membership and the rules that can be configured in the Role properties cannot be nested as far as I can see.
Any info is appreciated.
Thanks!My mistake... this is possible in the web ui.
-
Copa derivation rule for customer group
Hi All,
I am currently facing an issue with Derivation rule and hope someone can help me on resolving this.I have created a COPA derivation rule which has field as
Source Field
company code
Plant
Target field
Distribution channel
Condition
customer group 3 = 18.
so ideally with this conbination the distribtion channel gets updated
for the sales order.
However the issue we are facing is that the rule is working for only 1st line item and not for the others. I have also kept setting as" overwrite values only if new values found"
e.g if we see the accounting doc of billing then
line item 1 customer: x
line item 2 SaLes GL: rule works fine and dist channel is updated.
line item 3 discount GL: rule does not work.
Have checked the derivation rule and it looks correct.
Can you kindly suggest solution to this.Hi Ajay,
Thank you so much for your reply.Please note that the GL is a cost element but the category in system is 1 and not 12.However I would like understand as to why is this happening.why does the system picks up derviation rule for a Gross sales GL and not for Discount GL(Cost element).
The distribution channel gets updated for sales GL when i check the prof segment of the line item, however this is not the case with doscount GL.
I would like to understnad the implication before changing cost element category from 1 to 12 as it runs across system.
Kindly provide some more explaination.
thanks in advance. -
Automatic settlement rule for receiver 'Fixed asset' (with out IM)
Hi Experts
I am working with project settlement to a fixed asset.
I have defined a selttlement profile in which, FXA is the only valid receiver.
Please note that we do not use Investment managent and hence no automatic AUC.The predefined asset to be used for settlement.
In this situation i am unable to generate settlement rule automatically as like the case with CTR.
The below message is experienced.
"Enter a distribution rule for Asset without a validity limit"
However i have manually maintained the settlement rule with specification of appropriate asset as receiver and settled.
In this scenario, how to ensure that the settlement rule is automatically generated, any where can we refer the fixed asset?
warm regards
ramSivaHi,
Settlement rule cannot be automatically maintsined, you have to maintain manually, for example if you want to settle to fixed asset, how the system know to which fixed asset it should settle. You have to maintain settlement parameter manually.
Regards,
Sreekanth -
Personalization (Cross-Selling Rules for Target Group) in E-commerce
Hi,
Could any one suggest solution for the query...
Scenario: Personalized Cross-Selling for Target Group in a Webshop (E-Commerce-B2B Occasional User Scenario). The Cross Selling is to
appear only for Target Group, but the system is prompting the Cross Selling
Rule for both Target Group aswell Global. The Config details are below
mentioned.
1. In Method Schema (11) we maintained Cross Selling Methods for Global as well
as Target Group.
(CRM_MKTPR_PP_CS_GL_READ & CRM_MKTPR_PP_CS_TG_READ).
(I did remove Global Method for testing, but still it is appearing for Global
Target Group)
2. Created Cross Selling rules in CRM for Target Group Target Group & is
Activated.
3. Target Group Modeling done in Segment Builder.
4. Target Group Assignment done in the webshop.
5. Application Administration related tasks (clearing done).
6. Product Catalog Updated Replication is done aswell.
7. Simulation of Product Proposal is done using program
"CRM_MKTPR_PRODUCT_PROPOSAL"
Please suggest me if I miss anything to recommed Cross-Selling rules only to the Target Group.
Thanks in Advance,
D u r g a r a oCartweaver
http://www.cartweaver.com/
Web Assist Power Store
http://www.webassist.com/support/ecommerce-options.php
Nancy O.
Alt-Web Design & Publishing
Web | Graphics | Print | Media Specialists
http://alt-web.com/
http://twitter.com/altweb -
SSID To Group Mapping With ACS 5.1
Hi ;
I am trying to implement PEAP authentication with ACS 5.1 and PEAP is working fine. I have two SSID's with peap authentication and i have two groups in AD. I need to map one ssid with one group and another SSID with the other group.
I implemented the same with ACS 4.2 (Screenshot attached) . Now the requirement is to implement the same concept in ACS 5.1. Could you please help me on this.If you go under Access Policies and Service Selection Rules and check you hit count( you may need to refresh if you just tried connecting) see if the rule is incrementing.
If that rule has a condition tied to that SSID, it should only increment when that SSID sends traffic. If users credentials are working, thats a separate issue.
For the Access service you created, that your selection rule feeds, check the following
Identity will be set to internal users
Authorization you will need to have hit custom and selected "Identity Group" as a selector" Then when you make the rule, check that box and set it to your Staff Group. Set the default at the bottom of the page to Deny Access. -
Multiple UWL for the single user with different Role
Dear SAP Gurs,
We have one critical requirement on the Universal worklist, as a functional requirement like some Approvers will play different roles as approver, needs to track saperately the approver inboxes for the same person.
For Example :
Approver A - is an Purchase Exicutive(Role)
Approver B - Is an Purchase Manager(Role)
Every time Apporver A has to access his approval requests seperately ( Belongs to Approver A) and take action, as well Approver A has to see Approver B's actions items seperatly and take action.
currently we have 4 levels available and single person has to take action on based on the 4 different Approves(Role)
Is there any work around for the abobe requirement.
Thanks in advance,
Vinod
Edited by: Vinod Malagi on Jul 20, 2010 3:33 PMHi Karri,
The same requirement i want to tweak in by adding one more column in the UWL by enhancing the BOR.
i have try with below , can you please suggenst can be done by Virtual attributes.
Once data is comming in the UWL i will put 3 custome filters
We need to add a new column in UWL, which is present as a Table SWWORGTASK, in this we have to pass WI_ID and get ORG_OBJ populate it as a column in UWL.
Please suggent how can we impliment this ? do we needs to create virtual ttribute in the BOR from the same.
as we have reffered the below link, we are not able to implimant the same. Kindly suggest.
http://www.erpgenie.com/sap/abap/bor.htm
Thanks in advance
Vinod -
Complex expression rules for customizable groups not working
Hello Community,
we have recently installed Cisco Prime 4.1 (running on Windows server 2008 R2 Standard - 64bit Operating System).
Our main buildings are connected via Gigabit Interfaces, so I wanted to change the threshold in Fault Monitor only for those devices and those interfaces, to be something different than the default value (40%).
My regular expression is this:
(Interfaces.SystemName contains "Sw-AM-C6509" AND
Interfaces.Description contains "GigabitEthernet9/23") OR
(Interfaces.SystemName contains "Sw-KK-C6509" AND
Interfaces.Description contains "GigabitEthernet1/23") OR
(Interfaces.SystemName contains "Sw-MK-C6509" AND
Interfaces.Description contains "GigabitEthernet1/23")
When I try to "Check Syntax" I get an error message:
You have entered an invalid rule. Enter a valid rule. See the
Help
for examples of valid rules
I also found the following thread "https://supportforums.cisco.com/message/646043#646043" that provided an example, but I got the same error message, when I tried to run the example.
In my regular expression if I only type:
Interfaces.SystemName contains "Sw-AM-C6509" AND Interfaces.Description contains "GigabitEthernet9/23"
without any brackets and the like it seems to pass the syntax check.
Any help will be highly appreciated!
Thanks in advance,
KaterinaHello Community,
https://supportforums.cisco.com/message/646043#646043 mentions a bug that should have been removed on LMS2.6 but was still persistent. It states that:
when defining complex rules you have to use the complete Object ID (this info is available in the User Guide but wasn't described in DFM On-line help), which is different for each application.
:Campus:OGS:Device
:DFM:VASA:DFMObject
:CMF:DCR:Device
:RME:INVENTORY:Device
I would have thought that if this was actually a bug it should have been removed in the newest version of LMS4.1, but from what I understand it must still be there. I couldn't find anything relevent in the Administration of Cisco Prime LMS 4.1 document.
In order to fix my problem I used the following syntax, which seems to pass the syntax check.
:DFM:VASA:DFMObject:Interfaces.SystemName contains "6509" AND
(:DFM:VASA:DFMObject:Interfaces.Description contains "1/23" OR
:DFM:VASA:DFMObject:Interfaces.Description contains "9/23")
It does get the job done, but this isn't exactly what I wanted.
I hope that someone can update this post and verify that this is the correct way to go.
Katerina -
Help for writing a Map with out JDeveloper
Hi all,
Where can I find help documents or sample files so that I can write a custom mapping between an Oracle Object and Java Object. Yeh, this might be a simple task when we use JDeveloper , but just for writing this small piece of code I am not in a position to download JDeveloper of size 230MB and learn how to use it...
Plese give suggestions...
Thanks in advance...
Sateesh
nullTake a look at the JPublisher user's guide. You can also download JDeveloper in 20MB chunks if you can't download all 230MB at once.
Blaise -
Counting Rule for employee Group
Dear Experts,
I want to make new counting rule like If Employee takes Casual Leave on Friday and on Monday he do Sick Leave that Saturday and Sunday Should be treated as Earned Leaves. Saturday and sunday should be deducted from earned leaves.
REgards
Jazib TariqDear Jazib,
Please look into this
http://help.sap.com/saphelp_46c/helpdata/EN/c1/d32fe48435d111950d0060b03c6b76/content.htm
Regards
Qazi Raheel -
Setup vacation rules for group in workflow.
hi,
somebody please guide me to setup vacation rules for a group.And reassign a user's role to a group when the user is on vacation in Workflow.
thanks
JamrasJob,
Put your issue with workflow forum or Apps forum http://forums.oracle.com/forums/forum.jspa?forumID=40
--Shiv -
RSA authentication with LDAP group mapping
Greetings,
I'm trying to set up RSA authentication with LDAP group mapping with ACS Release 4.2(1) Build 15 Patch 3.
The problem I'm having is that my users are in multiple OU's on our AD tree. When I only put our base DN in for User Directory Subtree on ACS, it fails with a "External DB reports about an error condition" error. If I add an OU in front of it, then it will work fine.
As far as I know, you can only use one LDAP configuration with RSA.
Any thoughts on this?@Tarik
I believe your suggestion is the only way i'm going to get this to work. I ran across a similar method just this week that I have been working on.
I was hoping for dynamic mapping with the original method, but I haven't found any way to make it happen. I have resorted to creating a Radius profile on the RSA appliance for each access group I need. Using the Class attribute, I then pass the desired Group name to the ACS, i.e. OU=Admins, and that seems to work.
Thankfully, I have a small group of users that I am attempting to map. I will only map those who need elevated priviliges to narrow down how many profiles I will have to manually create. Likewise, our Account Admin will have to determine who gets assigned a particular access group.
I would still prefer to do this dynamically.
Scott -
ACS 3.3 Windows group mapping problem
Hi,
I?m running Cisco Secure ACS v.3.3 at Win 2000 server(sp4). ACS server is member of AD domain X. Additional there are two AD forests, so: domains X and Y are in the same forest, but domain Z is member of the second one. Trust relationships between all domains are established (AD Domain Controllers are w2k3 srv). I need to add Windows AD group mapping and that's no problem in domains X & Y. But when I'm trying to map some groups from Z domain, the "Failed to enumerate Windows groups. If you are using Active Directory consult the installation guide for information." error appears. In ACS documentation I have found information "ACS can only perform group mapping by using the local and global groups to which a user belongs in the domain that authenticated the user. You cannot use group membership in domains that the authenticated domain trusts that is for ACS group mapping. This restriction is not removed by adding a remote group to a group that is local to the domain providing the authentication." As I understand it's impossible to add mapping from the second forest? Am I right? If problem is solved in newer versions of ACS (4.0, 4.1)? Are there any fixes that can help?
Thanks,
PeterYou need to set up proxy.
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
Look for "Cross-Forest Authentication" in above link. And you get the Idea of what I mean. Though in above link its depicted with IAS server, but same is possible with ACS, as both can act as Radius server.
There is a known bug, CSCsi04187
PEAP MS-CHAP machine authentication will fail with machine not found if host/ format is sent from client. This only happens if the machine is autenticating to a domain forest that the ACS is not a member of.
Conditions:
The Machine authenticating to ACS is in a different domain forest then the ACS and the supplicant is using host/ as the machine name format. You also have to be using PEAP MS-CHAPv2.
Workaround:
If the supplicant has the option you can send the macine name in hos/ format.
Many supplicants do not have this option.
It is to be fixed for ACS 4.2 release.
Regards,
~JG -
Business rule for Essbase cube calculations in 11.1.1.3?
Hi,
Can we use business rules to use @XREF from data transfer from one cube to other cube.Why I went for business rule is, I can put set of business rules in a Sequence and any new user can run this Sequence on demand and even we need prompt also in that.
So, I want to clarify whether I can use the business rules for Essbase calculations along with calc scripts??
Appreciate the response.
ThanksRight,
Actually, Business rules are running essbase cubes in every case.
Remember planning and BRs are adding extra layers like prompts, forms, security, processes...
Think Business rules are extended version of calc scripts with some more functionality. They are ultimately running on essbase cubes...
Regards,
Ahmet -
HI Apps Gurus,
Please find the below requirment on WMS Putaway rules for inbound
Allergens ( items with allerges eg. Milk, Egg etc attached to the item ) should be kept in locators on lower most shelves in the racks
Raw materials and Packaging items are stored in specific racks
Loose materials like flour are stored in Silos
Please suggest a solution to achieve
1.Using Item catergories to address different allergens
2. In Custom SQL - what logic needs to be checked
Thanks,
MahendraHI Everyone,
Can anyone help me out on this.
Regards,
Sravan.
Maybe you are looking for
-
BAPI_PO_CHANGE not updating internal order no. in account assignment
Hi, I am using 'BAPI_PO_CHANGE' to update the internal order no. I am first fetching the existing account assignment line items using 'BAPI_PO_GETDETAIL1' and then modifying the internal order no. as below. lt_poaccount-orderid = '31002100000
-
How do I change this access to one log in? My original log in purchased the majority of apps and access, yet requires me to change my password every time I log in? Certain apps default to the original I'd, but Apple recognizes only the second ID w
-
How to create a list from checkboxes using Numbers on iPad?
I am creating a guest list using Numbers foriPad. First sheet is a list of invited people with checkboxes (Yes/No/still to reply) in next column. In the next sheet i want create a list of everyone that has replied yes. I have tried using the if state
-
Error when launching Crystal XIR2 report ..."Table could not be found."
We have a customer that sees an error when launching any report in InfoView for Crystal Server XIR2: Description: Error in File E:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\Data\slvnsb41.pageserver\slvnsb41.pageserver\child.2\tem
-
GLPCT-GLPCA, GLPCA-BFOD_A/BFOK_A table relations
Hi, How are these tables related to one another? What are the fields that I can match? 1. GLPCT and GLPCA 2. GLPCA and BFOD_A or BFOK_A. Thanks.