So tired of assigning default roles in each edit post activation......GP
Hi:
My dears, is there anyway of set up the default roles for a GP and keep them no matter activation/edition action is perform....
I set them up in:
- Guided procedures--> Administration --> Assign Default Roles
- Guided procedures --> Design time -->Process --> Default Roles
But in active/edit operation all the default roles are deleted....
Thanks a lot for your time on this thread.
Rocío.
Hi:
My dears, is there anyway of set up the default roles for a GP and keep them no matter activation/edition action is perform....
I set them up in:
- Guided procedures--> Administration --> Assign Default Roles
- Guided procedures --> Design time -->Process --> Default Roles
But in active/edit operation all the default roles are deleted....
Thanks a lot for your time on this thread.
Rocío.
Similar Messages
-
Assigning Default Role to New Users created
Hi
How can we assign a default Role to any new User created.
This Role should automatically get assigned whenever a new User is created.
RegardsHello,
for ABAP Stack users you can just create a reference user with the according roles and copy new users from it.
Regards
Christian -
ES HOME PAGE ERRORafter assigning default roles
hi all,
we are getting error in home page after assiging default ess mss roles with everyone user role also but its not getting the services on home page ...assigned backend in su01 roles also HAVNG SAP_ALL for themHi,
There is something wrong with the user id.
Check all these properties and make sure these all are in correct place
1) Check availability of user in R/3 system.
2) the validity period in both R/3 system and portal.
3) either the user is locked in R/3 system
4) there should be something wrong in roles of R/3 system.check all the roles and parameters
conform whether these all are in correct place or not and let me know -
Default Role configuration in CUP
Hi Experts,
We are on GRC 5.3 SP9 and I am trying to assign default roles based on the request type
I want default roles to be assigned only for certain request type
these are the parameters I have configured
Consider default roles: YES
Request Type: NEW Hire
Default roles level: request
user attributes: Company
So I am forced to choose default role user Attribute Company.
I was expecting that whenever a request is created for a new hire I wanted such and such role to be assigned by default!
but now whenever a company( for which i mapped the default roles) is selected its putting default roles in all the request types
I would expect its only puts default roles for my request type NEW HIRE
for the respective company !
Any thought? I am missing something?
Regards
MKHello Alpesh,
SAP has come back saying that the application is designed that way always works with the comibation of user attributes
to me its clearly user attributes are taking over the request type ( clearly ingorning ) i dont see a point why they have field in default role configuration for request type ( Request type might as well be simply CUP)
they have asked me try with user attribute as system instead of company , looks like it works !
I will give you more info
Best Regards
MK -
Error adding Default roles after transport
we are trying to transport our GP to another system.
the transport imported successfully.
but we are getting below error if we need to add the Default roles in the new portal system.
Administartion -> Assign default roles ->
Error/Message: The process template does not contain roles to which you can assign default values.
Could not retrieve process template
Design time:
Error/Message: 1.Cannot retrieve activity template: Development object does not exist in the database
2. Cannot retrieve object:
Please suggest me if you have faced simiilar issue.Already I have tried in both from Administartion -> Assign Default Roles -> Select the process, by selecting the process & when we click on Open, this error is populated.
Also in Design time -> select the process -> by clicking on the "Open" , I am getting this error.
Also, I have tried the option to do "Edit All" to change the version of all the objects and transport them to targeted system.
and , also implemented the SAP Note: 1321013.
But in all the above cases, I am getting the same error.
Then tried to remove the Default Roles and assigned all the roles to Initiator, then transported, still when I try to run the process and when I open the process getting the same error.
SAP Note: 1321013:
Terminate all process instances.
Unlock all objects.
Delete all process templates.
Empty trash.
Redeploy process templates.
Release objects after Import.
(http://wiki.sdn.sap.com/wiki/display/JSTSG/(GP)ICannotStartorOpenaProcess) -
I swich to Oracle11g express and create user
CREATE USER LEO
IDENTIFIED BY xy
DEFAULT TABLESPACE USERS
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK;
-- 3 Roles for LEO
GRANT AUTHENTICATEDUSER TO LEO;
GRANT CONNECT TO LEO;
GRANT FER_ADMIN TO LEO WITH ADMIN OPTION;
ALTER USER LEO DEFAULT ROLE FER_ADMIN;
-- 1 System Privilege for LEO
GRANT CREATE SESSION TO LEO;
-- 1 Tablespace Quota for LEO
ALTER USER LEO QUOTA UNLIMITED ON USERS;
and after login i check
select * from SESSION_ROLES
and i have none role
if I set role all works fine.
Why I doesn't have DEFAULT ROLE after login.
Pleas for help .here is the solution
default roles and grants
Edited by: Leo Lakota on 4.10.2012 5:52 -
ESS Guided procedure Default role assignment
We are implementing ESS in EP7 with ECC 6.0
After setting up Life and Work events it seems that there are default roles Administrator and Overseer that need to be assigned to portal roles, I am just not sure what portal roles to assign. Are these supposed to be assigned to Guided procedure type roles or to MSS type roles?
Any insight would be helpfulHi Gail,
These roles are for the GP processes.
The Default Roles should be configured for each process
This is an important step as this will ensure that the process is started without the user having to assign users who have will administer and oversee the execution of the process. Typically the users who are assigned to the processes as Administrators are the HR administrators and overseers could be managers. However this is not a hard-and-fast rule and this has to be decided at the time of implementation.
hope this helps!!
Regards,
Sharadha -
How to assign roles for each kind of users
Hello,
i am creating users for each kind of users, say abap developer or FI/MM/SD function users, in IDES ECC 6. it doesnt make me any sense how to assign which roles to which user( there are more than 2000 sap standard roles). can anyone give me some guideline how to create each kind of users.
any response will be awarded!
Thanks a lot!
SamsonI don't understand your question....
When sap is implemented usually part of the project is creating roles based on a blueprint designed to adjust to your company needs...
Basically Standard roles are there to be used as templates for your own roles.
Users as "dialog users" do not have classification... the special access attributes are given by the roles assigned to it based on the project plan desing pre-installation.
Hope that help
Juan -
To set a default role according to the user.
Hi,
I would like to set different default roles according to users. For example, we have the following prerequisites:
1) 3 roles: roleA | roleB | roleC (in this order).
2) 3 differents users: user1, user2, user3.
So, if I log-in with the user1, the default role should be the roleA; if I log-in with the user2, the default role should be the roleB; and so on.
But I don't want to change the order of the roles using "sort priority" property.
How can I do this?
Thanks,
Samantha.Hello Samantha,
Does each of the users need to have each of the roles? If not you could just not assign the other roles except the one you want to display as default role (a assume you mean the role that is displayed first after logon).
If each of your users need every role, I am afraid your requirement is not realizable unless you use the sort priority property. Why don't you want to use it in the first place?
On possible yet circuitous way to meet your requirements would be the following:
Create another role for each of your user(-group)s. Say in your case Role 1, Role 2 and Role 3 which are not defined as entry points.
Assign roleA, roleB and roleC to Role 1 where roleA has the lowest sort priority; and assign user1 to role 1.
Assign roleA, roleB, roleC to Role 2 where roleB has the lowest sort priority; and assign user 2 to Role 2
and so on.
Of course you need to use sort priority for that and I think thats hard to maintain. (probably not even what you are looking for)
Maybe you can get a litle more concrete what you are trying to achieve.
best regards
Stefan -
Hello,
I would like to configure CUP to add default roles for one specific system when Request Type is Create User but for another system when Request Type is Assign Role. Is that possible?
I am using GRC 5.3 SP 16.3.
Vanervcrilho,
I´ll give you an option. Maybe someone figures out a different one.
You can create two new request types under configuration->request configuration->request type:
Change_account_system1
Change_account_system2
You´ll be able to configure default roles independent for each one of this request types.
Regards,
Diego. -
Explanation of Process Default Roles: Administrator and Owner
HI experts,
I am having some trouble understanding the reason of the existence of the process default roles:
Administrator and Owner.
In the CAF-GP Security guide, it says that the Standard Process Role Administrator can "Maintain process instances using the GP administration tools"; what this means ?
My user has de GP Administration role and it DOESN`T have the Standard Process Role Administrator from ANY process, and I can maintain ALL the process instances from the Administration workset, I don´t need to have the Standard Process Role Administrator assigned to me.
The same happens with the Standard Process Role Owner ; the Security Guide says the person who is assigned that role can "Maintain process instances"; my question is: If i assign the "Owner" role to a user that doesn´t have the GP Administrator role and this user wants to "Maintain Process instances" where he has to go? because he won´t have the administration workset !.
Best regards,
Marco.Hi Marco,
First, check this link: http://help.sap.com/saphelp_nw2004s/helpdata/en/d9/273a4209a6ae04e10000000a1550b0/content.htm
That will explain better the role of each role.
Itu2019s important to you understand that each process may have a responsible person (admin or overseer) that will monitor the progress of the process.
And you will have a u201CBASISu201D person that will have the GP Administrator role. This role allow to maintain process (with other kind of operations like terminate, complete step, etc.), maintain background queues, archiving, transport of objects, configurations, schedule and other admin tasks for all GP infrastructure.
Regards,
Reward points if itu2019s helpful. -
Creation of BP with default role
Hi ,
I have a requiement where in I want a Business Partner to be created with a default role ,i.e CRM006. I can do this in GUI with the help of authorizations.
But the same does not work in PCUI.
My requirement is whenever a user creates a Business Partner, Role CRM006 automatically gets assigned to it.
please sugest something.
Help will be apreciated.
Regards
Sourabh VermaHi PREMKUMAR LNS,
you can easily implement BADI: BADI_CRM_BP_UIU_DEFAULTS
IF_UIU_BP_DEFAULTS~GET_DEFAULT_VALUES
and write something like this:
assign cr_me->('TYPED_CONTEXT') to <typed_context>.
if sy-subrc = 0.
lr_typed_context ?= <typed_context>.
if lr_typed_context is bound.
assign lr_typed_context->('HEADER') to <context_node>.
if sy-subrc = 0.
try.
lr_node ?= <context_node>.
catch cx_sy_move_cast_error. "EC_NOHANDLER
endtry.
if lr_node is bound.
lr_coll_wrapper ?= lr_node->collection_wrapper.
if lr_coll_wrapper is bound.
try.
lr_current ?= lr_coll_wrapper->get_current( ).
check lr_current is bound.
controllo la tipologia di account
zbp_category = lr_current->get_property_as_string( 'BP_CATEGORY' ).
zbp_group = lr_current->get_property_as_string( 'BP_GROUP' ).
if zbp_category = '1'.
elseif zbp_category = '2'.
Set default role at creation to "Relation"
break domino.
zobp_category = lr_current->get_property_as_string( 'BP_ROLE' ).
if zobp_category is initial.
Here you are setting the default role
lr_current->set_property( iv_attr_name = 'BP_ROLE'
iv_value = 'BUP002' ).
endif.
else.
endif.
catch cx_sy_move_cast_error.
endtry.
endif.
endif.
endif.
endif.
endif. -
GRC 10.0 - Auto Approve default roles
Hello All,
Could you please help out me in the below scenarios.
1) We have maintained default roles in NBWC- Access Management - Default roles.
Also set the parameter 2038 to Yes- Auto approve roles without approver.
In MSMP we have maintained Escape path if approver is not found at the role level.
As default roles have no approver maintained request is taking the Escape Path which should not happen.
We just want to auto approve the defualt roles and other than defualt roles request should take escape path if no approver found.
2) In other action its quite same as the above one.
When we are using provisioning type REMOVE for role removal. Request also takes the Escape path as Defualt roles has no approver.
Once the ,Manager at first stage is approved, request should close for the removal type access.
Please advise. Thanks in advance.In your custom initiator, you need to have mapped out all the scenarios of which path each line item in your request goes to.
The condition columns can be an array of attributes, i.e. Request Type, Role name, Role Connector (System the Role is in), Functional area etc.
In your case, if you want "default roles" auto approved, easiest thing to so is create an empty path (i.e. No stages) and have the initiator set so that if the "Role Name" is "X" (i.e. your default role), go to the path with no stages.
BRF plus Flate Rule - GRC Integration - Governance, Risk and Compliance - SCN Wiki -
ARQ: Default Role Provisioning Problem in Access Request???
Hi,
This Business Scenario is very common to have default role(s) assigned to a User at the back end system. So I have the same requirement. In achieving this, I followed below thread here:
MSMP Issue - GRC 10
I have also followed the note#1616092 for configuring the Default Roles.
I have performed below activities:
1. Param#2009 = YES
2. Param#2010 = 001
3. Param#2011 = REQUEST
4. Param#2013 = SYSTEM
5. Param#2038 = YES
6. Imported a test role and NO ROLE OWNER is maintained.
7.In NWBC->-AM->RM, I maintained a test role as a default.
Now when I raise a request, application is successfully adding the default role to the request. However, the problem I am facing is that, one Manager approves the request, it is getting failed.
The Audit Log says that, the STAGE is "Completed" but I could also see "No Agent Found, Cancelling path XYZ (in stage no. 002- GRAC_ROLEOWNER)
May I know what I am missing here? Why I am getting error and how can I resolve it?
Please advise.
Regards,
FaisalHi Faisal,
sorry for late resposne I was away traveling.
default roles are being added by default to access request
Yes, these roles are added to the access request.
FN: OK
and this roles are following your normal paths which I guess assumes manager and role owner.
How such roles (not having role owner) will follow the normal path Manager->Role Owner if we are enabling routing (Rule ID: GRAC_MSMP_ROUTE_NO_ROLEOWNER) at manager stage level? Can you please help me understand this?
FN: OK If you enable routing it will go to routing path. I have understood your post as you put in question the behavior of default roles and my point was - they act exacly the same like regular roles.
- request is going to detour path
Does it answer my question?
FN: My point was default roles like all other will go to detur path (assuming you setup it globaly)
Deafault roles can have separate path (in my case) where only supervisor is approving it.
Instead of "GRAC_MSMP_ROUTE_NO_ROLEOWNER" I believe we can have our own rule to have a separate path for such default roles based upon business requirement. Correct me, if required.
FN; correct
It was design in way that initiator rule based on role crtivality is sending this rule to separate path without role owner.
Again, I believe you have enabled your custom rule here to achieve your business requirement instead standard rule id.
correct
If you do not have separate path - this role like any other will follow standard path you have.
Here, I had used a stage called "ZNO_STAGE_PATH" for routing the system line item, which does not have any owner. I used the same path ID for "GRAC_MSMP_ROUTE_NO_ROLEOWNER"Rule ID and it is working fine as of now.
FN: good
My question is that, do you think if I don't use "ZNO_STAGE_PATH" as Path ID for "GRAC_MSMP_ROUTE_NO_ROLEOWNER" Rule ID, should it follow the standard Manager->Role Owner path and these default roles get approved and assigned automatically?
FN: You should use the path ZNO_STAGE_PATH as path ID for routing rule.
If the role does not have role owner it will not allow you the even get to Role Onwer stage - request will be detured.
My point from the begining was - instead of using the routing rule - in our case we used separate path for default roles without role owner:) only consisted with manager stage. Again your approach is different but also will work.
Then which Path ID should I use for "GRAC_MSMP_ROUTE_NO_ROLEOWNER" Rule ID, as it is mandatory?
Should I use my current path for New/Change Account where at Manager level this was routed due to non availability of role owner?
Are you asking for default roles?
Please advise.
Regards,
Faisal -
RE: Default role config in CUP
Dear Experts,
I got a problem with default role configuration. Please help me in resolving the issue.
I want to configure defaults for all request types like new account and change account as well. Also I what the option "Create if user does not exist" to YES.
This means when ever change account workflow is executed for the existing users, default roles are getting assigned redundantly. is there any way to fix this problem.
My solution is to schedule "PRGN_COMPRESS_TIMES" job so that system will delete all redundant roles. Please advise if there is any other alternative. Client is insisting to have the option "Create if user does not exist"in Auto provisioning enabled.
I appreciate your help.
Thanks,
RajHi
Set the below parameters it never assign the role for change request.
it is working in our system.
CUP---->Configuration->Roles>Default Roles-->Request type = New Hire
Maybe you are looking for
-
Greetings! After importing my 300 or so CDs into iTunes, I found I have tons of duplicate songs. Example: I have a song that came in a original album, then in again in a "Greatest Hits" album, then again in a "Hits of the 80's" album, and again in a
-
Hello Everyone, The application team has a request, they want to set up logical standby . But if they delete records from primary, those records should NOT get deleted from logical stdby. Is this possible ? They want to create a database which acts l
-
Screen Captures shrinking in Mail
I use the feature a lot, taking snap of a portion of the screen, and dropping it in an email to send to someone, but recently whilst the screen capture is fine, when its dropped in an email, it shrinks! To to point where its unreadable. Dropping the
-
Need to delete xp and load mac os x 10.5, please help.
Hi, i have a MB 13.3/2.0/2X512/80 with me. I currently run it on windows xp but want to delete that and load mac os x 10.5. I have the installation cd that came with it need help on installing. Awaiting on a reply. Thanks.
-
Skype crashes randomly Windows 8.1 Pro
I'm having an issue where my skype is crashing randomly on my computer at work. It's making it very frustrating to use. My guess is it's a video driver issue but I downloaded a new driver for that already. Here is the information from my event viewe