SCCM 2012 R2 - Setting security Role for SCEP reporting shows nothing.

Similar Messages

• Extract the userID that set a role for a specific user

  Hi all @SAP Forums,
  I'm going to write a simple report to extract some information about users and role assignments in the system I'm working on.
  The requirements is quite simple; for every user in the USR02 table, I have to extract some info about the roles the user has.
  In order to do so, it's quite straightforward to find roles for a particular user looking into the AGR_USERS table, but ... I'd like to know if there's a way to find the user who set the role assignment for that specific user; the problem is that I cannot find that information in any AGR* tables, so I start to think it's not a stored information I can retrieve in any way.
  Any hints/suggests you can give me? Thanks in advance.

  Hello muthu,
  useful link to refer to when I'll need to extract a full username (first and surname) for a userId. But the question, forgive me if I've been not-so clear, was different.
  A (key) user, say A123456, sets a role for another user (A00000) in SRM... let's suppose now A00000 becomes a buyer. I'd like to know if there's a way, starting from the user A00000, to understand WHO had given him his role (in this case, A123456) and WHEN... I can see the CHANGE_DAT field in AGR_USERS about the "when"... where can I (if I can, obviously) find WHO set the role for A00000 ?
  Thanks again, sorry if I've been not that clear in explaining

• SCCM 2012 what setting can be enabled so that no system force users to restart

  SCCM 2012 what setting can be enabled in design rather then software distribution method and patching method which will help 
  to stop systems to restart even though not suppressed during in patching.

  That's not possible. When during installation the restart is not suppressed, the system will restart. There is nothing from a ConfigMgr perspective that will prevent that from happening.
  If there is a particular system that you want to stop from restarting you could try to prevent that by using the command shutdown -a.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• How to define roles for the reports that i have created using WAD?

  Hi all,
  Can anyone let me know how to define roles for the reports generated using WAD. And what is the procedure for creating and defining roles. Is this process take care of Bw consultant nor the basis guys.
  Can anyone let me know the entire procedure about the roles in bw 3.5
  thanxs
  haritha

  Following links might helps you
  create a role
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bi/authorizationinSAPNWBI&

• Roles for MSS Reports

  We are having some authorization issues with MSS reports. When we try to display the report from MSS , It says no authorization for transaction (name). When we give SAP_ALL to the manager at the backend, it works fine from MSS side. Please suggest if we are missing some thing. What are the standard MSS roles for the reports.
  Thanks

  Hi,
  The MSS reports must have some Program name, say REPORTX or it may be called by some transaction.
  Add the report name to the auth object P_ABAP for the MSS role or add the transaction name to the authorisation object S_TCODE and P_TCODE.
  Either way, the problem will be resolved.
  Or you can remove the SAP_ALL from the manager profile; Login with the userid of the manager. Try to run anyone of the reports and then after it throws the missing authorisation error, type in /nsu53 in the transaction bar and trace the missing authorisation. Accordingly add the same to the managers role.
  Thanks and Regards,
  Pinki

• SCCM 2012 R2 Cu1: Can I reinstall the Reporting Services Point role without delete or change the SSRS-DB?

  Hi, I have some issue with the reports,
  Can I reinstall the SCCM Reporting Services Point role without delete or change the SSRS-DB (just reset the SCCM SSRS function)?
  I have saved/backup the custom made reports.
  /SaiTech

  Yes you can remove and reinstall the Role.  I had to do this recently on our SCCM 2012 R2 due to an issue with the reports not loading.   Found out that the problem with reports was from the upgrade to R2 from 2012 SP1 and was able to run
  a command to re-register the reports with WMI.  I actually removed the role, uninstalled reporting services feature from SQL, deleted the report databases, reinstalled the SQL feature, configured the reporting databases again, added the role back, and
  ran the following command.
  mofcomp "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof"
  This allowed all my reports to register as they should have and run without errors.  If you are having similar problems, you may be able to just run that command to get reports running without all the extra work I did.  For us we were getting an
  invalid Class error in the srsrp.log.
  Brian

• How to set new role for new custom entity only

  I created a new custom entity, I want to create new role for it only.  So I created new role and set custom entity User role. But When I login the user with created role, it show now right to access CRM.
  Awen

  Are you trying to grant access so that users can use this custom entity but no other data at all?
  You will still have to include access to all sorts of bits of CRM just to make the user interface work - especially the things on the Business Management and Customization tabs of your security role. You also need to check these 6 settings:
  Special privileges in CRM Security Roles
  If this is the only security role you plan to give to your users, I would suggest you start from a standard role and remove access to other entities, rather than start from blank and work upwards.
  Hope this helps.
  Adam Vero, Microsoft Certified Trainer | Microsoft Community Contributor 2011
  UK CRM Guru Blog

• SCCM 2012: enable powershell execution policy for SCCM 2012 console

  Hi,
  I always get stuck settings up the remote sccm 2012 powershell (cd psdrive sitecode:). Maybe not a real sccm 2012 question but Powershell but wonder what steps you take to make it work (it works on our production environment, setting up in a lab always gives
  me headaches, will defintely write the solution down this time :-)).
  Please advise what the steps are in configuring remote powershell for SCCM 2012.
  1.my personal account "Myuser" has admin-rights in sccm 2012
  2.I can open Powershell logged on to the sccm 2012 server then opening sccm 2012 console, connect via powershell
  3.however, when I connect remote to the sccm server, I get the error:
  . : File C:\Users\Myuser\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 cannot be loaded. The file C:\Use
  rs\MyUser\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 is not digitally signed. You cannot run this scr
  ipt on the current system. For more information about running scripts and setting execution policy, see about_Execution
  _Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
  4.So I connect to the sccm-server and ask for the execution policy to unrestricted, I get this:
  set-executionpolicy unrestricted
  [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
  Set-ExecutionPolicy : Windows PowerShell updated your execution policy successf
  ully, but the setting is overridden by a policy defined at a more specific scope
  There is no policy which sets any powershell configs.
  Please advise.
  J.
  Jan Hoedt

  Those client settings are only for the actions performed by the ConfigMgr client. Normal PowerShell actions are restricted to the configured execution policy on the machine.
  Have a look at this post:
  http://blogs.msdn.com/b/pasen/archive/2011/12/07/set-executionpolicy-windows-powershell-updated-your-execution-policy-successfully-but-the-setting-is-overridden-by-a-policy-defined-at-a-more-specific-scope.aspx
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• SCCM 2012 Secondary site Client Communication for SUP

   Hi,
  We have an SCCM 2012 Setup and here is the design CAS-->Primary-->Secondary site servers.
  SUP is configured for Secondary site too. Boundaries are defined with IP Address Range and is proper.
  Some clients are comminicating to Secondary site for updates. Downloading successfully and installing the software.
  But some of the clients are communicating to primary site for updates and retain with the status "Downloading update"
  I have checked the locationservices.log and it is fluctuating between Primary and secondary MP.
  2 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:35:59 AM 768 (0x0300)
  Executing Task LSSiteRoleCycleTask LocationServices 4/5/2013 11:51:59 AM 4200 (0x1068)
  1 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:51:59 AM 4200 (0x1068)
  Executing Task LSSiteRoleCycleTask LocationServices 4/5/2013 11:51:59 AM 5648 (0x1610)
  2 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:51:59 AM 5648 (0x1610)
  I have also checed "DataTransferService.log" and found more errors.
  Error retrieving manifest (0x800704cf).  Will attempt retry 7 in 1920 seconds. DataTransferService 4/5/2013 11:51:59 AM 5576 (0x15C8)
  DTSJob {141CB5AE-8EF2-464D-8D8C-68B868EE7F7B} in state 'DownloadingManifest'. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Failed to send request to /SMS_DP_SMSPKG$/1fd86ee1-ece0-41ae-a2b8-5a2b305746d4 at host xxxxxxxx.xxxxxxx.com, error 0x2efe DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  [CCMHTTP] ERROR: URL=https://xxxxxxxx.xxxxxxx.com:443/SMS_DP_SMSPKG$/1fd86ee1-ece0-41ae-a2b8-5a2b305746d4, Port=443, Options=192, Code=12030, Text=ERROR_WINHTTP_CONNECTION_ERROR DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Raising event:
  instance of CCM_CcmHttp_Status
   ClientID = "GUID:0DA907D5-1709-4B10-B627-61E289FD7149";
   DateTime = "20130405062159.643000+000";
   HostName = "xxxxxxxx.xxxxxxx.com";
   HRESULT = "0x80072efe";
   ProcessID = 4260;
   StatusCode = 600;
   ThreadID = 4200;
   DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Successfully sent location services HTTPS failure message. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Error sending DAV request. HTTP code 600, status '' DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  GetDirectoryList_HTTP mapping original error 0x80072efe to 0x800704cf. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  GetDirectoryList_HTTP('https://xxxxxxxx.xxxxxxx.com:443/SMS_DP_SMSPKG$/1fd86ee1-ece0-41ae-a2b8-5a2b305746d4') failed with code 0x800704cf. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  Error retrieving manifest (0x800704cf).  Will attempt retry 7 in 1920 seconds. DataTransferService 4/5/2013 11:51:59 AM 4200 (0x1068)
  my query is how some of the clients are communicating primary site server for updates even though the boundary details are properly configured and Secondary site is configured with sup. Also need to know (as per the log "DataTransferService.log")how
  come the clients are communicating SSL port for updates. Plz help in resolving the issue.

  Hi Kent,
  Thanks for the reply.
  Primary and secondary sites are connected over WAN and we have around 2000 clients which are reporting to Secondary site.
  Considering the WAN bandwidth utiliztaion and number of clients on secondary site we have configured the SUP role.
  Not all the clients are with the above error message around 40%-50% of the clients are with above stated error message.
  Plz let me know what is the error message indicates and do we need to reffer any other logs for indepth analysis.
  Locationservices.log is with fluctuating connectivity
  2 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:35:59 AM 768 (0x0300)
  Executing Task LSSiteRoleCycleTask LocationServices 4/5/2013 11:51:59 AM 4200 (0x1068)
  1 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:51:59 AM 4200 (0x1068)
  Executing Task LSSiteRoleCycleTask LocationServices 4/5/2013 11:51:59 AM 5648 (0x1610)
  2 proxy MP errors in the last 10 minutes, threshold is 5. LocationServices 4/5/2013 11:51:59 AM 5648 (0x1610)
  how come the clients are communicating SSL port for updates. Plz help in resolving the issue.

• Setting security constraint for web App

  Hai all!
  I am new to bea and i am trying to set up security constraints for my webaplication..
  I want user to be authenticated before he access any of the pages in browser..
  All i did was adding following entries to web.xml
  <security-constraint>
            <web-resource-collection>
                 <web-resource-name>
                      webresources
                 </web-resource-name>
                 <url-pattern>
                 </url-pattern>
            </web-resource-collection>           
            <login-config>          
                 <auth-method>
                 BASIC
                 </auth-method>          
            </login-config>
       </security-constraint>
  But no such thing is happening,,
  I know i am doing wrong but donno where exactly i am wrong..
  Pls guide me in sequnece of steps regarding what to do to accomplish what i want..
  Thanks and Regards
  Manohar

  I guess you need to set the role that is allowed to log into your application.
  try this in web.xml:
       <security-constraint>
            <display-name>Whatever</display-name>
            <web-resource-collection>
                 <web-resource-name>resource</web-resource-name>
                 <description>Desc</description>
                 <url-pattern>/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <description>desc</description>
                 <role-name>MyRole</role-name>
            </auth-constraint>
                 <user-data-constraint>
                 <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
       </login-config>
       <security-role>
            <description>desc</description>
            <role-name>MyRole</role-name>
       </security-role>
  and map the role with a group/user in weblogic.xml:
       <security-role-assignment>
            <role-name>MyRole</role-name>
            <principal-name>MyGroupOfUsers</principal-name>
       </security-role-assignment>
  Hope this helps.
  Xavi
  "Manohar" <[email protected]> wrote:
  >
  Hai all!
  I am new to bea and i am trying to set up security constraints for my
  webaplication..
  I want user to be authenticated before he access any of the pages in
  browser..
  All i did was adding following entries to web.xml
  <security-constraint>
            <web-resource-collection>
                 <web-resource-name>
                      webresources
                 </web-resource-name>
                 <url-pattern>
                 </url-pattern>
            </web-resource-collection>           
            <login-config>          
                 <auth-method>
                 BASIC
                 </auth-method>          
            </login-config>
       </security-constraint>
  But no such thing is happening,,
  I know i am doing wrong but donno where exactly i am wrong..
  Pls guide me in sequnece of steps regarding what to do to accomplish
  what i want..
  Thanks and Regards
  Manohar

• SCCM 2012 creates 4732 event logs for 3 of Servers

  Hi,
  My problem is SCCM 2012 R2 which I have installed recently is creating 4732 security logs in 3 of our servers for every 5hrs interval which is an audit exposure. When I investigated which gives me local administrator ID is getting added to the NT Authority
  Group, which I'm not able to explain. Can some one help me in understanding it or Is there anyway I can stop that?
  Regards,
  Vighnesh
  Vighnesh Kumar. S

  Hi,
  Please provide more information as Torsten said.
  Are there Event ID: 4733 messages existed in event log if it creates 4732 logs every 5 hours? Is it the same account being added to the same Group?
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Set default role for Account in SAP CRM 7.0

  We are using SAP CRM 7.0
  When an end user creates a new account there is a section called
  "Role" sub assignment block with entries like "Competitor", "Account", Contact Person, etc.
  I want by default when you create an account that the role Account is specified in there.
  I want it done automatically and do not want to rely on the end user to seelct this.
  I was able to do this with contacts by using an SAP note to set this for cotnact person.
  But does anyone know how to do it for an Account ?
  All I want to do is that when an account is created the system automatically sets the role as "Account".
  Thanks,
  Jon

  Hi Jon,
  For any code changes in bsp components we need it's z-instance and that we get after enhancing the respective entity for eg views, context nodes etc..
  In case you are not familiar with the enhancement, please refer to some thread which explain about the component enhancement concept.
  Coming to this requirement..
  You need to enhance bp_roles component, then enhance rolelist view and roles context node.. redefine the GET_V_PARTNERROLE method.. copy the parent class code and do the necessary changes to manipulate the entries in gt_ddlb_add
  Check the statement at line no 107..
  gr_ddlb_roles->set_selection_table( it_selection_table = gt_ddlb_add ).
  Just before above statment call, manipulate gt_ddlb_add to keep the required role value at index 1..
  Another thing in my test system i can't see any role as "Account" under SPRO customizing "Business Partner Roles" instead "Business Partner (Gen.)" is available, don't know if you are able to see Account Role in the Roles DDLB..
  i would suggest debug the get_v_partnerrole method once at line no 107 see the entries in gt table you will get an idea what you need to change.
  Hope this helps..
  Cheers,
  Sumit Mittal

• How to set security type for lenovo working with hotspot?

  How to set wireless security type for lenovo laptop working with hotspot?
  Since I can connect with the other laptops except this brand.

  //add related mutip-part to combine parts
  MimeMultipart multipart = new MimeMultipart("related");
  //attach a pdf
  messageBodyPart = new MimeBodyPart();
  fds = new FileDataSource("h:/something.pdf");
  messageBodyPart.setDataHandler(new DataHandler(fds));
  messageBodyPart.setFileName(fds.getName());
  multipart.addBodyPart(messageBodyPart);
  //add multipart to the message
  message.setContent(multipart);
  //send message
  Transport.send(message);

• Recommended SCCM 2012 R2 Minimum Hardware Requirements For Small Environment?

  We plan to deploy SCCM 2012 R2  CU1 and SQL 2012 SP2 for the following purposes and want to use the minimum hardware to do the job reliably:
  Keep reports on hardware and software inventory and monitor performance and events on clients and servers. 
  Deploy operating systems with MDT integration.
  Install and uninstall applications on clients on the local LAN (as replacement for GPO software installation during reboots) as well remote laptops on the Internet (we do not have Direct Access do not have Direct Access and do not want to depend on remote
  laptops needing to being logged into VPN to reach them).
  Install Windows Updates and third party patches and updates (Adobe/Java updates etc.) on local LAN as well as to remote laptops on the Internet.
  We only have about 500 clients.  80 percent are on the local LAN all in one building and the rest are laptops for people working on the road and at home who only sporadically connect to VPN.
  Can we do it all on one server or will we need a separate server for LAN clients and a different server in the DMZ to reach remote clients?
  Will we need separate disks for OS, SCCM and SQL with such a small environment or can it be all on a single physical disk or VM VHD?
  Is 8GB RAM, 1 CPU and 500GB disk space enough for this (assuming 50 GB WSUS database and similar amount is OS deployment space for MDT)?

  It will work, no doubt. My point was that if you want fast and responsive system, focus on the disk speed. You're good to go with single server, all in the same box.
  I understand that it will "work" because I just installed SCCM 2012R2 and SQL 2012 CU10 in a lab in a VM using a single VHD and it is working fine with zero clients.
  Should it still work with reasonable performance on a fast hard drive (10-15K drive or SSD) with 500 clients without having to break it out into separate dedicated disks for OS, page file, SCCM, SQL and logs?

• Security Role for RZ70

  Hi Guys,
  Which security role provides access to RZ70. Also when I added all the SLD roles I am told I do not have authority to change SLD administration, instead of not being authorized for the transaction.
  Regards,
  Chris

  Hi,
  It seems your SLD hasnt been registered onto the SAP gateway.
  Have you setup your Data Supplier Bridge properly Access information in T-code SLDAPICUST
  check this post
  Re: No Message Server defined
  tcode rz70 ( program RSLDADM ) is part of SAPKB62019. In this report you could check if any special Security roles have added
  Refer,
  Re: RZ70
  Re: Accesing multiple R/3 systems from WD application
  Thanks
  swarup
  Edited by: Swarup Sawant on Feb 23, 2008 4:43 AM