SAP Cloud - Help Desk Security Roles

Hi SAP user community,
Can you please recomend which security profile we should use for our Help Desk support?
Help Desk support would only require access to Application and User Managment --> Busienss Users. Their task would need to be limited to Password Resests and User Locks.
Thank you,
Zhenya

Hi Zhenya,
I wouldn't use the pre-delivered roles for your use case.
You can create your own roles via "Application And User Management -> Business Roles" and assign them to your users.
It would probably be sufficient to create a business role that grants access only for the view "Application And User Management -> Business Users".
Best Regards,
Andreas

Similar Messages

  • Unity Connection 8.5 Help Desk Administrator Role

    I have a Unity Connection 8.5 Cluster and I have assigned agents on our helpdesk to the Help Desk Administrator Role.  When looking at the Roles page the Help Desk administrator has right to (as per the text on the page) "Resets user passwords and unlocks user accounts, views user settings" and I see that "Reset User Passwords" is selected in the check boxes.
    When logged in as an account with this role assigned, I can navigate around CUCM to view pages but when I try to reset a voicemail PIN I get the message "Not Authorized" when I press save.
    What am I doing wrong?
    Thanks in advance

    Hi Culittle,
    I have some similar but different issue. I have users with admin roles (Technician,Help Desk administrator & User administrator). We are getting Not Authorized error while resetting the password of fellow admin users. They are able to reset the passwords for the voicemail account holders and delete users, however unable to reset the passwords of admin users.
    Any assistance is greatly appriciated.
    Thank you

  • Ajuste tela Help Desk.

    Bom dia.
    Teria como ajustar, para que quando o usuário entre no painel dos chamados, apareça todas os ticket abertos e não somente os deles?
    This topic first appeared in the Spiceworks Community

    I had this problem also.  After contacting Cisco, they informed me that the Help Desk Administrator role doesn't have the authority to make chages to accounts that have higher privileges such as System Administrators and Help Desk administrators.
    Basically, the Help Desk role can only make changes to users.

  • Plugin Help Desk Queue

    We are using the Help Desk Queue to customize views for the Help Desk and have an issue. We have two admins for our Spiceworks site, myself and John. John set up the Help Desk Queue and has the ability to add/edit/delete views. I can view them, but do not have the ability to edit nor add new views. Is there somewhere else I need to be given permissions to modify plug-ins?
    This topic first appeared in the Spiceworks Community

    I had this problem also.  After contacting Cisco, they informed me that the Help Desk Administrator role doesn't have the authority to make chages to accounts that have higher privileges such as System Administrators and Help Desk administrators.
    Basically, the Help Desk role can only make changes to users.

  • Help Desk Segregation

    We currently use the Help Desk ticketing system in Spiceworks"which is awesome for our needs", but I would like to open this up to staff-non IT to have a ticketing and tracking amongst themselves for items outside of IT. Is it possible to has this segregation from IT tickets and general staff so they can collaborate on items without having access to IT data "tickets"? I would prefer to have only one instance of Spiceworks, but may need to have 2 different installs. Any info would be much appreciated!! Thanks
    This topic first appeared in the Spiceworks Community

    I had this problem also.  After contacting Cisco, they informed me that the Help Desk Administrator role doesn't have the authority to make chages to accounts that have higher privileges such as System Administrators and Help Desk administrators.
    Basically, the Help Desk role can only make changes to users.

  • Roles for Support help desk

    Hi Friends,
    We have created support help desk in Sol. Mgr. I wnat to create below roles :
    SAP_SUPPDESK_CREATE
    SAP_SUPPDESK_PROCESS
    These are std. sAP roles, but in our system we didn't found these. Shall I know where can I get details about these. I also want to know what are the other roles related to help desk.
    Regards,
    Sai Krishna

    Hi,
    These roles should exist in your system. Which client are you checking? If there is problem in your client copy you may miss out these roles. These roles will be present in 001 you can transport from there.
    This should solve your problem.
    Feel free to revert back.
    -=-Ragu

  • Grant access to help desk users to add members to distribution and security groups

    Hello,
    I am trying to create a set of help desk users that has full access to add or remove members from distribution and security groups as well as update users.  We want it to bypass owner approval and essentially allow this group to add or remove members
    in the FIM Portal and flow it down to ADS.
    This obviously works fine if one is a member of the Administrators set, but we want a second tier of power users with limitied rights compared to FIM Admins.  We have added the help desk team to the  Security Group Users and Group Users set as
    well as MPR "Security group management: Users can read selected attributes of group resources".
    The help desk users can update users in the Portal with no issue.  The can search groups with no issue but when they try to add members to a group they get the error "Access Denied".
    Any help is greatly appreciated.
    Thanks!

    I'm having very similar problem - I have users with delegated right to modify group membership only. User can add someone to group and it works fine, but when the same user is trying to remove and user from a group (even if this is the same user
    which was added a minute ago) he gets Access Denied:
    The
    request included members which the requestor is not authorized
    to add and/or remove from this group."
    It is caused by default MPR:
    Group management workflow: Validate requestor on remove member
    Question is how this activity validates this request - any insight?

  • Advice needed: what does your company log for SAP security role changes?

    My client has a situation where for many years, they never logged changes to SAP security roles.  By that I mean, they never logged even basic details, like who requested a change, tested it, approved it, and what changed!!  Sadly their ticketing system is terrible, completely free-form text and not even searchable. 
    Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details?   What details do you capture?  What about Projects, that involve dozens of changes and testing over several months?
    I plan to recommend, at least, they need to use a unique# (a ticket#, or whatever) for every change and update the same in PFCG role desc tab, plus in CTS description of transports... but what about other details, since they have a bad ticketing system?  I spoke with internal audit and change Mgmnt "manager" about it, and they are clueless and will not make recommendations.  It's really weird but they will get into big trouble eventually without any logs for security changes!

    Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details? What details do you capture? What about Projects, that involve dozens of changes and testing over several months?
    I have questions:
    a) Do you want to make things straight
    b) Do you want to implement a versioning mechanism
    c) You cannot implement anything technical, but you`re asking about best "paper" practise?
    The mentioned scenarios can be well maintained if you use SAP GRC Solutions 10 (Business Role Management)
    Task Based, Approvals, Risk Analysis, SOD and role generation and maintenance in a structured way (Business Role Management). Workflow based, staged process with approvals.
    PFCG transaction usage will be curtailed to minimum if implemented fully.
    Do we really want to do things "outside" PFCG?
    @all:
    a) do you guys use custom approval workflows for roles?
    b) how tight your processes are? how much paperwork, workflow, tickets, requests and incidents you have to go through to change a role?
    c) who is a friend of GRC here, raise your hand
    Cheers Otto
    p.s.: very interesting discussion, I would like to learn something here about how it works out there in the wild

  • Unable to send a security code. Please contact your help desk for assistance in FIM 2010 R2

    Hi,
    I have been Successfully registered with emailid in FIM 2010 R2 Password Registration Portal.but when go in FIM 2010 R2 Password Reset Portal and gives all right answers of questions after this gives fallowing
    error:Unable to send a security code. Please contact your help desk for assistance.
    Regards
    Anil kumar

    Hi,
    Thank's for response.
    I have been cheked mail server is UP and i am able to send mail through FIMService account.
    but this is not sending Securitycode notification to any users when i login through any user gives correct answering to the Question that i was set at registration time.this gives fallowing error:
    Unable to send a security code. Please contact your help desk for assistance
    and Eventviwer Error Below:
    The error page was displayed to the user.
    Details:
    Title: Unable to send security code
    Message: Unable to send a security code. Please contact your help desk for assistance.
    Source:
    Attributes:
    Details: Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.OneTimePasswordDeliveryException: ValidationError:UnableToSendSecurityCode ---> System.ServiceModel.FaultException: ValidationError:UnableToSendSecurityCode
       at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)
       at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)
       at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetChallenge(String domain, String userName, ChallengeContext gateChallengeResponse)
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
       --- End of inner exception stack trace ---
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetNextGate(IGateControl currentGate)
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.Next()
       at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
       at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
       at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    CorrelationId:
    RequestId:
    ErrorCode: 3013
    CaughtTime: 05/02/2014 08:43:26
    Web Portal: FIM Password Reset Portal
    Session Id: 21uppbuy3vutsm55sytd4b55
    Regards
    Anil Kumar

  • Help desk roles

    Hi guys,
    Sorry if I am posting this question in a wrong thread. I would like to know what are the frequent activities that SAP help desk(level 1) perfroms? and the company has for CRM for Utilities company. I know the basic funtionalities such as tracking ticket and resolving it ..but i am new to CRM modules, could anyone tell me what might be the frequent problems that helpdesk has to deal from their internal users for CRM (utilities)? Any help would be appreciated.
    Thanks
    DK

    Hi DK,
    If you want to know 'What function CRM Utilities offer', you should see the following SAP help.
    [http://help.sap.com/saphelp_crm70/helpdata/EN/45/8131cd665a40c0e10000000a1553f7/frameset.htm]
    If you want to know the business requirement for help desk user in Utility industly, Sorry I don't have information you want.
    Regards,
    Masayuki

  • Transport Mechanism in SAP Cloud for Customer

    Dear All,  Do we have a mechanism to move newly created roles in SAP Cloud for Customer, from D?? to Q?? to P?? !? If not, is there an alternative methodology to move security roles Or if nothing exits, do we have a timeline as to when we can expect an alternative solution ? Please share. Thanks raj

    Hello Raj,
    Instead of recreating the roles, you can use the Migration Templates available. These are excel templates which can be downloaded from the tenant . Under the Activity List in Implementation Projects, you could go to Integrate and Extend and choose Migration of Business Roles to upload this excel. This is a step by step mechanism which will allow you to migrate your business roles instead of recreating each role manually. Pre-requisite of this is that you need to make sure you have scoped the system properly allowing for this.
    Hope this helps.
    BR
    Nikhil

  • Invalid Security role-name error in Web Project

    Hi All,
    I have imported a J2EE application project built in JBOSS into NWDS 7.1.
    While building the project i get the following error
    <b>CHKJ3020E:Invalid Security role-name error: PEHNTAHO_ADMIN</b>
    This error directs me to the following code in web.xml
    <security-constraint>
              <display-name>Default JSP Security Constraints</display-name>
              <web-resource-collection>
                   <web-resource-name>Portlet Directory</web-resource-name>
                   <url-pattern>/jsp/*</url-pattern>
                   <http-method>GET</http-method>
                   <http-method>POST</http-method>
              </web-resource-collection>
              <auth-constraint>
                   <b><role-name>PEHNTAHO_ADMIN</role-name></b>
              </auth-constraint>
              <user-data-constraint>
                   <transport-guarantee>NONE</transport-guarantee>
              </user-data-constraint>
         </security-constraint>
    <b>I have tried out the following things to resolve this issue :</b>
    <b>1) Remove the role manually</b>(as suggested by various people in other J2EE forums), but then some other error came in to picture
    <b>2)Then I added the following code in web.xml</b>
    <security-role>
              <role-name>PEHNTAHO_ADMIN</role-name>
         </security-role>
    Then the above mentioned build error gets resolved, but then I get the following error while deploying the application.
    Dec 3, 2007 12:59:21 AM /userOut/daView_category (eclipse.UserOutLocation) [Thread[Deploy Thread,5,main]] ERROR: Deploy Exception.An error occurred while deploying the deployment item 'sap.com_AnalyticsApp2EAR'.; nested exception is:
         java.rmi.RemoteException:  class com.sap.engine.services.dc.gd.DeliveryException: An error occurred during deployment of sdu id: sap.com_AnalyticsApp2EAR
    sdu file path: D:\usr\sap\CE1\J01\j2ee\cluster\server0\temp\tcbldeploy_controller\archives\191\AnalyticsApp2EAR.ear
    version status: HIGHER
    deployment status: Admitted
    description:
              1. Error:
    Cannot update application sap.com/AnalyticsApp2EAR. Reason: The application sap.com/AnalyticsApp2EAR will not be update, because its validation failed. Reason:
    ERRORS:
    Web Model Builder: com.sap.engine.frame.core.configuration.NameNotFoundException: The parameter/s in String "<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
    <web-app>
         <!-- whole web.xml-->
    </web-app>
    " is/are not defined and could not be substituted., file: AnalyticsApp2.war#WEB-INF/web.xml, column 0, line 0, severity: error
    WARNINGS:
    Web Model Builder: Following tests could not be executed because of failed precondition test "Web Model Builder" : Implicit Constraints Test, JSF Application Test, Mapping Test, Web File Existence Test, Web Class Existence Test, Security Role Test, file: AnalyticsApp2.war, column -1, line -1, severity: warning
    <b>3) I had also added the following code in web-j2ee-engine.xml</b>
    <security-role-map>
              <role-name>PEHNTAHO_ADMIN</role-name>
              <server-role-name>all</server-role-name>
         </security-role-map>
    but still i get the same deployment error.
    Please help me in resolving this problem.
    Can anybody tell me the use of role "PEHNTAHO_ADMIN"?
    Thanks and Regards,
    Sruti

    Hi Malathy,
    Once the users are created in Authentication Provider, and once the roles are created in Weblogic Server, You just have to map users to roles in Jazn-data.xml.
    Could you please let us know you created a roles named users in WLS ?
    Thanks & Regards,
    Murali.
    ============

  • Getting BW and third party data source into SAP Cloud for customer

    Hi Experts.
    I have an architecture question and would like to know any guidance or pointers to help. We have a requirement to integrate 3rd party data sources to be brought into SAP cloud for sales so that reporting can be driven out of SAP cloud for sales. What is the best approach to do it.
    Client doesn't want users to go to another site to look for reporting data.
    Worst case scenario, is there a way to show BW or Third party reports in a separate tab where we can fetch the report data for user or may be a redirect link displays home page of reports under new tab without user leaving the cloud for sales application.
    Thanks
    Apoorva

    Hi Vivek/Mithun,
    I have brought in data from BW system to C4C using Webservice and stored it in C4C backend.
    I am building a custom datasource from these variables, but I want to restrict access of this data based on user roles.
    However, while creating the datasource "Enable Access Control" checkbox is  not enabled. The help text says "To enable access control your BO must contain an association marked as relevant for access control".
    Could you help me in understanding how can we enable this feature for our custom datasource?
    I have also raised a separate thread also for this query Require more details on "Enable Access Control" feature of Data source
    Thanks and Regards,
    Manasi

  • How do I map declared security role to an actual operational one?

    Hello,
    Suppose I have created few security roles at the ejb-jar.xml file of my J2EE application using:
    <security-role>
    <role-name> managers <role-name>
    </security-role>
    Our portal is connected to our LDAP server so the WAS contains all the groups it has over there.
    My question is: How do I actualy map the security role I declared at the deployment descriptor (manager) to an actual group in our organization?

    Hi Roy,
    Are you familiar with thishttp://help.sap.com/saphelp_nw04/helpdata/en/1a/733e401b21e801e10000000a155106/frameset.htm ?
    Best regards, Maksim Rashchynski.

  • NWA 7.3 : Looking for "security roles" (Policy Configuration) ...

    Hi guys,
    We deployed a simple application in our new SAP NW 7.3 JAVA instance; by calling the application, we receive "error 403 : Error: You are not authorized to view the requested resource."; this was fixed wihtin NW 7.x by adding a user/group within security roles of the selected component ( Visual Admin => Security Provider => Policy Configurations => select component and than security roles );
    where to do this within NWA 7.3 ?
    any ideas;
    Thanks
    Oliver

    Hi Oliver,
    Procedure
      Start SAP NetWeaver Administrator with the quick link /nwa/auth.
      Choose Components.
      Select a policy configuration.
      On the Authentication Stack tab, choose the Edit pushbutton.
      Determine if you want to use an existing template or if you want to change the policy configuration of the current component. 
    To use an existing template, select a template from the Used Template field.
    For authscheme references, select a template from Used Authscheme.
    The component uses the settings and authentication stack from the template. To edit these settings, edit the settings of the policy configuration template. To create a new template, see Creating Authentication Stack Templates for Policy Configurations.
      To change the policy configuration of the current component, do the following: 
    Add and remove login modules as required.
    The system applies the login modules in the order they appear in the list.
      Set a processing flag for each login module. 
    For more information about login module flags, see Policy Configurations and Authentication Stacks.
      Add and remove any options to the login modules.
      Set the authentication stack parameters according to the type of policy configuration. 
    Please,go through below help file
    http://help.sap.com/saphelp_nw73/helpdata/en/4a/734e26fa92731fe10000000a42189c/frameset.htm
    Cheers
    Revanth Pasupuleti

Maybe you are looking for

  • Cinema display resolution oddity

    My Cinema display is set at 1680 X 1050, and normally works as it should. However, when waking from sleep, the desktop background will shrink at the bottom and right, to show a gray background. Changing the resolution manually from and back to 1680 X

  • BPCNW 7.5 SP7 - Unable to connect to backend after installation

    Hi Experts, I have installed the BPC NW 7.5 SP7 with CMS authentication but when i launch the BPC server manager, it ask for user id and password. But when i enter the password for the bpc_sysadm, it gives the error "unable to connect to backend Abap

  • N8 Which bluetooth keyboard and mouse ?

    Hi Folks  I've had a n8 since last october and am ready for a keyboard with a mouse included or maybe a seperate mouse. I do like the idea of a small control I can use that could be the mouse for remote starting and stopping a movie I play via hdmi.

  • Connection Reset exception received in Windows only

    Hi, I have two instances of my java app, one on Windows, one on Linux, both connected to the same cpp app running on Linux, and the machine running the cpp app is very heavily loaded. After some time, only the windows java app gets a Socket Exception

  • RFC Cache Refresh

    Hi, I am working on JDBC to RFC scenario. As there were some new changes done on RFC i have re-imported the new structure into XI and activated. Now when i run the scenario it is still taking the old structure and it is failing in sxmb_moni. I tried