Structural role assignment in SRM
Hi all,
This is my first post, I hope I will find an answer to my question.
We are about to implement SRM and our security strategy is to use the structure to assign the roles to the position and to the org unit. We did this in our ECC system and it works as expected, however in SRM the relationship between the employees and the user ID via Infotype 0105 doesn't exist. In the SRM structure the relation is with the BP, does anyone know if there is a program like PFCG_TIME_DEPENDENCY in SRM to update the users roles base on their position assignment.
I tried many things like USER_GEN, BBP_BP_OM_INTEGRATE but it doesn't seem to do what I'm looking for. Also, does anyone know what is the purpose of attribut role. I tried to assign role to this attribut but it seems useless.
Thanks,
Hi regarding SRM indirect role assignment,
Are you using organizational management /structure from HR or you have built/configured the OM/sturcture in SRM?
are you taking a simple PFCG role and performing indirect role assignment to a position.
BP configuration needs to be done , I remember the configurator assigning roles when doing that, I dont remember how the position was linked from BP?
BP documentation for SRM
http://help.sap.com/saphelp_srm50/helpdata/en/5d/55b158638111d2b408006094b92d37/frameset.htm
I forgot to ask?
Did you check if an userid is mapped to the position ( Meaning the test user )
Please check the below link for related information
SRM - ppoma_bbp: how to link central person with the position
Edited by: Franklin Jayasim on Jul 28, 2010 10:23 PM
Similar Messages
-
Srm User interface - change settings : Error in role assignment
Hi Gurus,
Users are facing issue when they are changing settings in the SRM user interface site .
Go to SRM user interface SIte --> Change my settings --> change date format or decimal format .
When they save it --> Gets an error - error in role assignment .
What can be the issue. It's same in Dev and qa .
Waiting for your reply.
Points will be rewared .
Thanks
Munish KumarHello Munish,
Laurent Burtaire wrote:
If you do a where-used for message number i gave you, you will find two message calls in methods from /SAPSRM/CL_PDO_MO_USER_ACCOUNT class.
Put a break-point to check if one of them is done. Problem cannot be due to missing authorization as there is no data in SU53 for concerned user.
Regards.
Laurent. -
Indirect Role Assignment in My SAP SRM
Hello,
I am trying to do a Indirect Role Assignment in My SAP SRM.
In my ECC system we have done it through PFCGgotoOrg Mgmt---assign positions and then reconcilitaion
in HR master data the Sap USer ID is communication through infotype 105
but in My SAP SRM I need some help on how to do that...
as HR master data does'nt exist in my SAP SRM..
so can you please tell me how to do that.
-Thanks
SamHi Its done the same goto PFCG, user tab >org assign > select the position and reconcile, once done do a PFUD then goto PPOSW fine your position and you will see the role assigned to that position then goto su01 to make sure the role has been assigned there to.
-
Role Assignment Discovery Issue for Files and Folders through Sharepoint REST services
To preface, I am a decided Sharepoint newbie in every sense. I am trying to use the Sharepoint REST services (Sharepoint 2013) to walk the folder and file structure of my Sharepoint server and, determine as I go, the Role Assignments (and subsequently
Permissions) on those folders and files. I'm using an Administrator credentials and I'm actually able to successfully do it but I've run into some caveats. All the caveats begin with this; when I'm examining a folder, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/ListItemAllFields
I receive either an empty list or an error response doc when following the link supplied for ListItemAllFields. When following that kind of link for folders, I either get:
<d:ListItemAllFields
m:null="true"
/>
or an error response document that says "The object specified does not belong to a list." When I hit the /ListItemAllFields endpoint for files, I receive a response with a link for Role Assignments which subsequently also works and I get the
info I need. So, is this a bug? Why does the link returned from Sharepoint work for files and not folders? So, google, google, google, and I discover that there is another possible way to get at the Role Assignments (and that the object does, indeed, belong
to a list!).
If I know the Title (or the guid) of the folder in question, I can use the following endpoint:
/_api/Web/Lists/GetByTitle('Development')
If I use that endpoint, I get the information I would have expected to get from following /ListItemAllFields and the subsequent Role Assignments links all work and I get what I need. If there's a bug and this is how I have to work around it, that's fine
but I have yet to discover how to dynamically determine the Title of a given folder nor am I sure if all Titles are supposed to be unique within a given Sharepoint server. I'm assuming that the folder name as represented in the server relative URL and the
Title may be different and this is where my newbishness may start to shine if I'm misunderstanding what a "List" is supposed to be in Sharepoint. Anyway, I did find that I could use the Properties endpoint to perhaps get the Title, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/Properties
gives me:
<d:vti_x005f_listtitle>Development</d:vti_x005f_listtitle>
whose value I assume I could then supply to the /GetByTitle endpoint and be golden. However, "vti_x005f_listtitle" just sounds a little too deep to be something I should be relying on but maybe that's kosher. That's part of what I'm trying to
find out. Also, if there is a way to use the Sharepoint REST API to discover the guid of a given object, then I could look it up in that way.
So, in summary:
1. Am I going about getting folder Role Assignment information in the wrong way? Based on the CSOM examples I've seen, I believe I'm doing it correctly and that the answer to #2 below is a resounding "Yes!" :)
2. Is it a bug if I'm not able to use /ListItemAllFields on folders using the server relative url?
3. If I'm supposed to use GetByTitle as a workaround, am I discovering that Title correctly through /Properties? Seems quite circuitous and awkward. Are Titles required to be unique throughout a given Sharepoint server?
4. If I'm supposed to use the guid, how can I use the REST interface to discover an object's guid? Once we get down to the Role Assignments and other links, the guid appears in those links but I don't know how to discover it independently if that's the
path I should use to get the data I described above.Upon further research, I'll answer my own question for the benefit of some other potential future newbie. The answer to question number 1 above is "Not exactly.". The server relative URLs I was using corresponded to lists (which are
returned as a collection through /_api/web/lists). I was treating them mentally like regular folders. That, coupled with the fact that accessing their data as I showed above returns a ListItemAllFields link, made me think that was the way to get
the Role Assignments just as I would for files and, as it turns out, "real" folders and sub-folders created under these lists. That was the other problem with thinking of these lists as regular folders. So, ListItemAllFields works on
all files and folders in a list. However, if you want Role Assignments for the lists themselves, you can keep track of the Titles and\or Guids from the /_api/web/lists that you're interested in (in my case, all non-hidden "document library"
type lists) and then access those Role Assignments as I discussed in questions 3 and 4 above. For example, from the /_api/web/lists collection from my test server, the "Development" document library Role Assignments are accessable via /_api/Web/Lists(guid'cd242eeb-aafa-4efa-aecc-9bbdf8e3d459')/RoleAssignments
or /_api/Web/Lists/GetByTitle('Development')/RoleAssignments. -
Another FPN Thread: Remote role assignment not working
Hi all,
We have successfully implemented FPN for use in our ESS and BW environment and we are experiencing very little problems with it. We now want to start implementing it for our eRecruitment and SRM systems (as producers). For some reason we are not able to use the Remote Role Assignement functionality.
We have set up trust for the systems and use SSO.
Connection test for the producer is successfull.
We can see the Producer content in the pcd on the consumer.
Server times are the same.
As far as I know I have correctly set permissions on producer and consumer.
Possible cause: We are in the process of upgrading our consumer Portal to NW 7.0 SPS15 and have encountered some problems. The system is partially upgraded, so some components are SP15 and some others are still SP13. This is currently under investigation by SAP. Can this be an issue as our producer portals all are still on SP13?
I hope to hear from you soon. Please ask if you need any screenshots. Thanks in advance.
Best regards,
Jan LarosHi Jan,
if remote role assignment not works, you can also use remote delta links. I only work with remote delta links because i have more options and a better performance.
If your connection works you can go to Content Administration ->Portal Content-> NetWeaver-Content-Producer. Hier you can see your remote system. Now you can copy the role and add it to your portal-content.
If you can not see the content make sure that you have the same user on both sides also check the premissions on the portal-content of your remote system. To test the connection it is easier to add Everyone group to the content of your remote system.
regards,
Sharam -
I am adding roles to positions using indirect role assignment, when adding the role to the position I am prompted to carry out a reconcilliation of indirect user assignments, receive message 'Indirect user assignments ok' so then I've run PFUD. When I check both the role and the user I cannot see the role attached to the user, but the role is listed in the 'Relationships' in PP01.
A new organisation structure has been created, when I click on the drop down at the 'change agent assignment' the old organisation structure is displayed. Any suggestions please how I can select the new organisation structure?
ThanksHello Anthea,
to pass on a role from a position to a SAP user id I would suggest the following.
Go to transaction SA38 and run report RHPROFL0.
Some notes on the report and report selections.
The report can be used to eveluate and assign roles from HR objects to SAP users. The report starts reading at a given HR object along an evaluation path. It then updates the SAP user found with authorisation roles.
Selections:
You have assigned the roles to a position therefore you should select object type S.
Then put the position number in the Object ID.
The key date is hopefully self explaining.
The evaluation path might have defaulted to PROFL0. That would be the correct one.
The program has a test mode. I suggest you run the test mode first. It will tell you what the program would change in an actual run.
In the next selection box - "Generate authorization profiles"
You might leave the ticks in the boxes:
- Standard authorizations
- PD authorizations
That will generate profiles if they aren't generated yet.
Next selection box - "Delete manually maintained authorisation profiles"
Leave the tick boxes blank if you have any direct assigned roles.
If you tick the boxes all roles and profiles directly assigned to SAP user ids will be deleted.
In section "New Users"
There is a tick box "Generate".
If that box is ticked the report will create new SAP user IDs for all occupied positions with roles but without SAP user ID on the Employee record.
You might leave that box unticked for the moment.
I suggest to create the application log --> Last tick box on the selection screen.
Some general comments at the end.
The report RHPROFL0 might be scheduled in production systems if indirect role assignments are used. Depending on your needs make sure that the deletion of manual assigned profiles is activated or deactivated.
If you do not enter an object id, the report will run for all object ids.
A further note on the indirect setup.
If roles should be passed on from a Position to a SAP user id, it is important, that the following conditions are fulfilled.
The Position is valid/active as of the report key date.
The position has a holder at key date.
The holder has an assignment of a valid SAP user ID at key date. Infotype 0105 subtype 0001 for object type P.
The Roles on the position are valid at the key date.
I hope that helps solving your issue.
Best regards
Karsten -
Indirect Role Assignment Within CUA
Hi Experts,
Weu2019re implementing indirect role assignment in SAP HR and exploring the feasibility to include this client as part of CUA. Has anyone implemented this before? Appreciate if you could share.
I understand that CUA able to distribute DIRECT role assignment made from central client to the child client(s), but not so sure if it is possible for INDIRECT role assignment approach. My previous project exclude client with indirect role assignment from the CUA distribution landscape and I wonder why.
Appreciate your input in this matter and looking forward for further discussion.
Best regards and million thanks in advance.Hi,
So I worked on a CUA managed landscape that had systems that featured indirect org assignment hooked in. The association between the User ID and the HR org based position was still maintained locally as the local system contained the HR Org structure, but direct access was still blocked by CUA The roles assigned indirectly were visible from CUA in a different colour. You can still maintain users directly from CUA on top of this. This may be an alternative to consider.
If the local system does not contain the HR Org structure you are probably going to have to export the structure, so if that is the case you might as well import it to CUA if all org relevant users are maintained there and manage it centrally via the advised link anyway.
Cheers
Steve -
If personel no is not the same as infotype 0105 assigned user, How do you check your Indirect role assignment If you are using soultion manger. We dont have PA20, PA30, PA48 t-codes in soulution mangers.our CUA a in Soultion manger . Help is greately appericiated. Thanks
I created HR_ORG structure(HRMD_ABA) in dev (HR system-Sending system) and add filters according to help.sap document, generate partner profile using we20. After that I transfered org structure in CAU (SolMan-Non HR systems- Receving system) using ALE run (Run SA38 -RHALEINI) i think its working.
Composite roles are reside in Dev (HR-system), For indirect roles assignment (position level security) i created composit role just only roles name and description with out tcodes and auth object in CUA (SolMan -Non HR system).
For test position assigment, I run pfcg in CUA(SolMan) click on organization management select position and click indirect roles assignment after that i did user comparsion but i cant not see users id in user assignment. Please let me know any helpful Suggession. Thanks for ur quick response.. -
HR-ORG - Indirect Role Assignment
Hello
We are designing the role & security strategy in a new implementation project. The best security strategy seems to be an indirect role assignment via SAP organizational structure. We've looked for some information about that, but we have some doubts about it (we have downloaded "HR-ORG - Indirect Role Assignment" and "User & Roles" files from SAPNet).
The organizational structure will have a lot of leaves named "explotacion". Every leaf will have a different company code, sales organization, sector and so on... On the other hand, it's a requirement that a user obtains automatically its roles when its moved through organizational structure.
Our plan consists in create several primary roles (for example, sales manager). Then we will create a lot of derivate roles which will inherit all authorizations from the parent role. However, it shouldn't inherit organization field values... Then, when this role is assigned to a position, this role should obtain all organizational field values (company code, sector, ...) from our organizational structure.
Is it possible? How can we do that?
Best regards,As mentioned previously, the indirect role assignment may work in this case since it assigns complete roles to positions rather than inheriting the properties of that position.
Structural authorisations however, do have specific authorisation values assigned directly to the organisational positions.
I have not had much experience in implementing these but that maybe worth a look.
Simon -
Indirect role assignment using HR-ORG, any concern
May someone share their view or experience on indirect role assignment using HR-ORG, i.e. assign role to HR position or org unit instead of user.
Here are some of my concerns:
1. HR data is maintain by HR staff and their task should be separate from authorization/user assignment.
2. When using with CUA, distribute HR structure to CUA parent system is not acceptable because HR data is sensitive.Well I think the Position and User are created by the functional consultant, but the authorization you are talking about is taken care by the BASIS consultant.
-
HR Indirect Role Assignment through HR ORG Distribution Model with ALE
1) When i assigned indirect (position level security) roles in CUA(SolMan) using pfcg click on organization managment to position after that i did user comparsion but i can not see user id in user tab.
2) If personel no is not the same as infotype 0105 assigned user, How do you check your Indirect role assignment If you are using soultion manger. We dont have PA20, PA30, PA48 t-codes in soulution mangers.our CUA a in Soultion manger .
Help is greately appericiated. ThanksI created HR_ORG structure(HRMD_ABA) in dev (HR system-Sending system) and add filters according to help.sap document, generate partner profile using we20. After that I transfered org structure in CAU (SolMan-Non HR systems- Receving system) using ALE run (Run SA38 -RHALEINI) i think its working.
Composite roles are reside in Dev (HR-system), For indirect roles assignment (position level security) i created composit role just only roles name and description with out tcodes and auth object in CUA (SolMan -Non HR system).
For test position assigment, I run pfcg in CUA(SolMan) click on organization management select position and click indirect roles assignment after that i did user comparsion but i cant not see users id in user assignment. Please let me know any helpful Suggession. Thanks for ur quick response.. -
Indirect role assignment- PO Release strategy roles
Hello,
I am in the midst of creating PO release strategy roles for implementation and trying to figure out if indirect role assignment / position based assignment would be a good idea for these roles. The reason- there are 35 release codes.
I am pretty new at using indirect role assignment but do understand a bit about the evaluation paths. We are not implementing SAP HR so there will be no usage of infotype 105. The role will be assigned to the position and then the position to the user ID. The HR Org structure is in place (atleast for the PO release workflow).
Is this a good idea?
There is one other think that stumped me. One of the functional consultants (who is also part of business) has asked me why we can't use indirect role assignment for all function (purchasing, sales, finance etc.). For one, i know with so many users assigned to positions and then indireclty to roles, the overhead would be too much and complex and then the problem with the evaluation paths.
But i am not convinced myself that this is the best explanation to give...
Any ideas on how to put it through correctly?
Regards,
PrashantHi Prasanth,
I also had a similar requirement, but since there are multiple release codes, and limits, we ended up with a custom solution, since it is a bit tough when it is required to manually assign the authorization to a person who is in a seperate job role.
We have used a custom user exit, and all the values were stored in a custom table which contains Sales Organization, User, Lower limit, Upper limit, Division, and Release codes information etc.,
We have further created a custom transaction code that reads information from the table and authorizes for the upper, and lower limit of approvals along with the company code/release code authorzation checks.
Hope this helps!!
Regards,
Raghu -
Federation, remote role assignment based on ABAP roles on producer
Hi all,
We have implemented the federated portal solution for our ESS users. We use the ABAP stack of the producer portal as user store for consumer and have no problems in assigning portal roles on our consumer based on ABAP roles in the backend (displayed as groups in the portal).
Now we want to add some extra functionality (eg SRM and eRec) and we encounter some problems. These systems all have their own ABAP stack as user store. We have maintained the functional authorization model in the ABAP roles for instance in SRM. So an example:
System I: ABAP + JAVA --> ECC 6.0
Here we have the standard R/3 functionality and the producer portal (A) installed. Roles created on producer portal and assigned based on ABAP roles.
System II: JAVA --> NW 7.0 Portal
Our consumer portal (B) where we use roles created on the producer portal (A) on System I.
System III: ABAP + JAVA --> SRM
Our SRM system with SRM producer portal (C). In the ABAP stack of this sytem the functional SRM roles have been assigned to the users. We have created functional SRM Portal roles in order to use remote role assignment on consumer portal (B).
+PROBLEM+
We want to remotely assign portal roles created on the SRM Producer (C) to users on the consumer portal (B), based on the ABAP role assignment in the backend of system III. How can we achieve this in a fast and efficient way?
Looking forward to your ideas. Anything helpfull will be gladly awarded with SDN points.
Best regards,
Jan LarosJan,
Interesting question. Let me share my experience and hope that's of some use to you.
We started off federating corporate NetWeaver Portal (lets say B, parallel to your convention) as consumers to BI Portals (Lets say A).
- B's UME points to Active Directory
- A's UME points to BI ABAP user store
- User ids are identical in both systems
We ran into the problem of dual administration ((de)assigning portal role on both portals instead of just one) for a long time. The issue was because of different reasons at different times as we patched B's and A's. At one point we were on SP15 on both portals and we were told by SAP that RRA can be done on B for remote roles and the assignment propagates to A automatically if the following configuration is set up on both A and B.
- A's permissions are relaxed allowing "Everyone" group checked for "End User" access as per ([http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/content.htm|http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/content.htm]
However, we chose not to do the permission relaxation as enabling "Everyone" group with "End User" access can allow anyone to launch an iView (if the URL is known somehow) and the user would be able to see the layout of the iView, which can include text, etc. The user won't be able to access any data though, however, there is certain compromise on security which we decided that its not okay. So, we digressed in SAP's suggested practice because of security reasons.
Today we, manage security on B using Active Directory groups and on A using Java groups (ABAP roles).
In your case, I suggest investigating the option of relaxing the security on producer portal like in the above link. If you think its okay, all you have to do is, provision users on B by assigning remote roles from C and A.
Either my story is applicable or I must have got you totally wrong,
Kiran -
Need procedure for creation of BW Roles, Assigning Queries,Publishing Roles
Hi Experts,
Could you please let me know the procedure for creation of BW Roles, Assigning Queries,Publishing Roles in Business Explorer (BEx - BW 3.5)
Thanks in advance,
AndyHi,
Creating BW Roles
http://help.sap.com/saphelp_nw04/helpdata/en/52/6714b6439b11d1896f0000e8322d00/frameset.htm
Assigning Queries
After creating the query, save the query to a role from the query designer.
Publishing Roles in Business Explorer
https://websmp101.sap-ag.de/~sapdownload/011000358700002894802003E/HowToBIPortal1.pdf
Hope this helps you..!
-Pradnya -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan
Maybe you are looking for
-
Help required in understanding the flow of control in working with EJB 3.0
*1. Can anyone help me in understanding the flow after getting an object of InitialContext in using Stateless/Stateful in EJB 3.0 from client i.e. what we are getting in the step Object ref=jndiContext.lookup("CalculateBean/Remote) .* *2. What is the
-
Ad sites are popping up when I click on a link after a Google search in toolbar
When I do a search in the Google search window in the toolbar I get search results, but when I click on the links, instead of being taken to the site the link indicated, I get taken to a parasitical ad site like infomash.com or findstuff.com (there a
-
Error referencing locally installed JSTL
Using the JWSDP, I downloaded JSTL 1.0 from Jakarta. I am able to use my own custom tag libs, and indeed the JSTL when the directive is thus: <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> However, when I try to use JSTL installed l
-
How do I clear recent searches from Safari?
When I type www in the search bar of safari, a list of address that I visited before will disappear. How do I clear this recent searches from Safari? Thanks
-
Re-Download an BPP Publishing CIMA E-Book for reading in Adobe Digital Editions.
Dear Adobe Forum I have bought Ebooks from BPP Publishing. I have been cleaning my laptop and have deleted the ebooks from my system. Is it possible to re-download them again to read or BPP suggest signing in and they will be in my library does any