TEM - Security Roles / Profiles

Similar Messages

• Run a workflow with a low security role profile

  Hello,
  I created a workflow that is sending an email to the administrator when a certain action has to be done. To make sure this workflow has actually been running, I ended it with a step that update a two option field as 'Email sent'. 
  I would like to lock this field for users because I only want them to read it but not change its data. So I enabled security role. 
  The problem is that since I made that, the workflow cannot be run because users don't have the security role to change this field. 
  I found out while browsing thrgough the internet that I had to check 'Execute as the owner of the workflow', but this didn't help. 
  So does anyone has a response to my problem or another way to manage it? A solution that does not involve any code because I'm not working in IT at all, we're a small company and so I'm a salesman. 
  Thanks for your help.
  Sylvain

  Hi,
       Create these 2 fields as non-searchable fields so users cannot search them.  If the user does not need to change these fields, make the fields read-only on the form. There is no need to use security role profile and play with
  security roles for this.
  Hope this helps.
  Minal Dahiya
  blog : http://minaldahiya.blogspot.com.au/
  If this post answers your question, please click "Mark As Answer" on the post and "Vote as Helpful"

• Security roles and profiles

  Hello,
  Could you please provide information on "security roles and profiles "
  I would appreciate.
  Regards,
  Alex

  Roles give you authorization to specific area of the system. Use TC pfcg and you will see different setting for a role.
  In specific Role -> Authorization -> click on Display Authorization Data.
  Here all specific InfoArea, Cube, ODS, Reporting componets: display, execute and other security rules are defined.
  User Section: defines who has access to this role.
  Multiple authorization are combined to create an Authorization Profile. You defined a profile at TC su01 and under profile section.
  Hope that helps.
  thanks.
  Wond

• Developing security Roles and profiles

  Hi Team,
  Can you guys let me know how to develop security roles and profiles. We are rolling out for a company in Japan, and the congif is completed. We are in the process of developing test cases ans also security roles and profiles for users? Can somebody guide and help me on this?
  Regards,

  Hi,
  Use Tcode = PFCG -->then create any customized roles and profiles for any users on module based.
  user masters: USR01 to 09, UST04,
  profiles: USR10, USR11, UST10S, UST10C,
  authorisations: USR12, USR13, UST12.
  password exceptions USR40.
  History tables(may not be applicable but FYI): users: USH02, USH04,
  profiles: USH10, auths USH12.
  R/3 Security Tcodes
  End User Transaction Code  Menu Path   Purpose
  SU3  System > User Profile> Own Data  Set address/defaults/parameters
  SU53  System > Utilities > Display Authorization Check  Display last authority check that failed
  SU56  Tools --> Administration --> Monitor --> User Buffer  Display user buffer
  Role Administration Transaction Code  Menu Path   Purpose
  PFCG
  Tools --> Administration --> User Maintenance --> Roles  Maintain roles using the Profile Generator
  PFUD   Work on SAP check indicators and field values
  Select: Copy SAP check IDu2019s and field values
  Installation
  1. Initial Customer Tables Fill
  Upgrade
  2a. Preparation: Compare with SAP values
  2b. Reconcile affected transactions
  2c. Roles to be checked
  2d. Display changed transaction codes
  SU24
  Same as for SU25:
  Select: Change Check Indicators > Maintain Check Indicators>Maintain 
  Regards,
  Srini Nookala

• Projects Contract (R 12.1.3) Security Role Assignment

  In Projects Contract (R 12.1.3), is there any way we can have contingent worker(s) in the List of Values for “Employee” in Security Role Assignment window?

  Please check the Profile Option - OKE: Allow Contingent Workers
  This profile option determines whether contingent workers can be granted access to contracts or not.

• Receiving an error when trying to remove P00 Security role from the user

  Hi All,
  I am receiving an error when trying to remove P00 Security role from the user.
  After logging on to GRC CUP, clicking on u201CCreate requestu201D, and filling out required information,
  I click on Select Roles/Groups
  On the next screen,
  I click on Existing Roles/Groups
  ERROR MESSAGE appears X Action failed and no roles appear in the box to select for removal.
  Regards,
  Vineet

  Hi Vineet,
  My be your selection is incorrect
  Try this
  in Applicaiton Area -- Select ALL
  Functional Area  -
  Select ALL
  Company           -
  Select ALL
  Role/Profile/Group Names --- Give p00* and execute the report
  if you give only p00 it wont give any result
  Hope this helps
  Thank you,
  Kishore

• Roles/Profiles for ALEREMOTE

  hi all,
  can anyone let me know all the Roles/Profiles required for the User ALEREMOTE in a production system.
  I understad that the roles sap_all, sap_new , s_bi-wx_rfc and s_bi-whm_rfc can be used in the development and the Quality systems but am told that the roles SAP_ALL & SAP_NEW are not supposed to be used for ALEREMOTE in the Production systems as it would give all authorizations to all the users.
  so, could anyone kindly let me know the various roles/profiles that need to be assigned to the user ALEREMOTE keeping in mind that SAP_ALL & SAP_NEW are not allowed and at the same time all the transactions w.r.t BW3.5 should go through successfully.
  kindly revert back at the earliest as we are in the process of going to the BW Production.
  Thanks & Regards
  Manicks

  hi Manicks,
  check oss note 150315-BW-Authorizations for Remote-User in BW and OLTP. hope this helps.
  Symptom
  1) The ALE user fails security in the BW side
  2) Missing authorizations when executing Customizing of extractors
  3) No IDocs could be sent to the SAP-BW using RFC.
  4) Automatic source system connection failes with error R3220: No RFC-Parameters in source system defined
  5) When collecting content in BW, warning message RSAOLTP035 comes up
  Other terms
  Authorizations, SAP_ALL, S_BI-WX_RFC, S_BI-WHM_RFC, S_RS_ALL, ALEREMOTE, BWREMOTE, RSAOLTP 553, RSAOLTP553
  Reason and Prerequisites
  a) In the BW there exist two user:
     i)  a human administrator, using S_RS_ALL
     ii) a user called BWREMOTE (or similar), used to receive the data from the OLTP, using S_BI-WHM_RFC
  b) In the OLTP there exist also two user:
     i)  a human administrator, needing authorizations to create users and RFC-destinations.
     ii) a user called ALEREMOTE (or similar), used to ...
         1) ... connect the OLTP to the BW
         2) ... extract the data
         3) ... send the data to the BW
         4) ... show monitoring dialogs for tasks 1 to 4, the profile S_BI-WX_RFC is used (<i>however does
  not suffice on some points since some authorizations are
  missing in the delivered profile</i>)
         5) ... make customizing of OLTP extractors
         for this, additionally the authorizations to execute IMG-functionality, to execute Transaction SBIW and to maintain the applications, which shall be customized, must be given during the customizing functionality is used.
  Solution
  1) The profile S_RS_ALL resp. S_BI-WHM_RFC must contain (at least) the following authorizations:
  Profile
  2) The referred functionality is b) i) 5), thus
     the authorizations to execute IMG-functionality,
     to execute Transaction SBIW and to
     maintain the applications, which shall be customized,
     must be temporarily given to ALEREMOTE, if you want to execute the
     functionality from BW-side. The permissions for executing the
     customizing is not included in the profile S_BI-WX_RFC, since
     this is a critcal functionality.
     However there is the possibility to execute the customizing
     in the OLTP by a human administrator by hand, using Transaction
     SBIW.
  3), 4) For sending the Idocs and reading RFC-destinations
     the profile S_BI-WX_RFC is incomplete.
     Please check, if the following authorizations are included:
  Profile
    ---   S_BI-WX_RFC  <PRO> Business Information Warehouse, RFC User
  --   B_ALE_ALL    <PRO> All authorizations for ALE/EDI
  --   S_APPL_LOG_A <PRO> Application log: All
  --   S_BTCH_ADM   <PRO> BC: Batch - Processing authorization
  --   S_BW_RFC     <PRO> BW: Authorization Profile: Other
  --   See above, same sub-profile as in S_BI-WHM_RFC
        ---   S_IDOC_ALL   <PRO> All authorizations for IDoc functions
  - BW AddOn BW-BCT 1.2B:
  These authorizations have been delivered with BW AddOn Patch 2 (see 158489 for the AddOn Patch information), except release 45B. For 45B, the authorizations are delivered with BW AddOn Patch 1.
  - PI2000.1:
  For 4.6B and 4.6C due to delivery errors, this profile also is incorrect. Please transport it from the BW into the Oltp (it is the same in any system and release).
  - PI2000.2:
  For 4.6C due to delivery errors, this profile also is incorrect.
  Please transport it from the BW into the OLTP (it is the same
  in any system and release).
  - PI2001.2:
  For 4.6C due to delivery errors, this profile also is incorrect.
  Please transport it from the BW into the OLTP (it is the same in any system and release).
  Alternatively, import the sapserv* transport BRSK002208 under the directory
  general\R3server\abap\note.0150315 into your OLTP-System.
  For help on the sapserv* transport refer to Note 13719.
  5) If you have PI-Basis 2005.1 in your source system, you need to attach role SAP_RO_BCTRA to your user in the source system. Otherwise, the functionality mentioned in the message is not available. The system continues to function as before, you may ignore the warning.

• CUP - Customizing Security & Roles

  Hello,
  Using the GRC AC 5.3 Security Guide, we've been customizing our front-end CUP roles to fit our needs. We're having trouble customizing one particular area, however.
  Example:
  When an approver (AEApprover role) or administrator (AEAdmin role) logs into CUP to view a request, they see a screen several tabs across the middle of the screen - Roles/Profiles, PD Profiles, Risk Violations, Mitigation, Superuser Access, Comments, and Request Reason.
  We were hoping to get rid of the "PD Profiles" and "Superuser Access" tabs because we arn't using this functionality and feel it would be less confusing for the approvers if they didn't have to see it.
  Looking through the security guide, however, we can't find any specific Actions that relate to these tabs. We've removed "ViewSelectPDProfiles" and "ViewSuperAccess" from the approver role but these seem to only relate to the buttons.
  Am I missing something? Are there any other ways we can customize what middle tabs approvers see in CUP?
  Thanks!!
  Jes Behrens

  Hello jes,
  Yes you are right that these pemissions are for buttons and not for tabs. You can not remove any of these tabs.
  Regards
  Harleen
  SAP GRC RIG

• How to add profiles to critical roles & profiles table in GRC RAR

  Hello,
  As per Note# 1034117, it says Add "SAP_ALL" type security roles and the SAP profiles, see list below for profiles, to the Critical Roles and Critical Profiles table.
  SAP_ALL All Authorizations For The SAP System
  SAP_NEW All Authorizations For Newly Created Objects
  S_A.ADMIN Basis Operator
  How do we add the profiles, to the Critical Roles and Critical Profiles table in RAR.
  Thanks,

  Hi,
  I configured the critical roles & profiles in rule architect.
  But when I schedule the background job for batch risk analysis, it is taking all the users, roles & profiles.
  Is there a way to exclude users, roles & profiles? (I have already configured the excluded users, roles and profiles in exclude option), but still when I schedule the background job and say show parameter, it shows the User Range as '*'. It is not showing the excluded users.
  Can you please update how to exclude the list of users, from the batch risk analysis?
  Thanks,

• How to get security roles in a JSF portlet

  I need to get the LDAP user-roles available in the Sun Portal Server 7 in my JSF-168 portlet.
  I've added the mapping file, updated the portlet.xml and web.xml, deployed the portlet (psconsole). But the portlet shows the "content not available" error with javax....title title.
  I've probably messed up the descriptors, but I don't see what is wrong. Here they are:
  roleMaps.properties
  cn\=VSM.Administrator,dc\=neco,dc\=cz=Administrator
  web.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app version="2.4">
    <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>server</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.CONFIG_FILES</param-name>
      <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
    </context-param>
    <context-param>
      <param-name>com.sun.faces.validateXml</param-name>
      <param-value>true</param-value>
    </context-param>
    <context-param>
      <param-name>com.sun.faces.verifyObjects</param-name>
      <param-value>false</param-value>
    </context-param>
    <filter>
      <filter-name>UploadFilter</filter-name>
      <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
      <init-param>
        <description>
            The maximum allowed upload size in bytes.  If this is set
            to a negative value, there is no maximum.  The default
            value is 1000000.
          </description>
        <param-name>maxSize</param-name>
        <param-value>1000000</param-value>
      </init-param>
      <init-param>
        <description>
            The size (in bytes) of an uploaded file which, if it is
            exceeded, will cause the file to be written directly to
            disk instead of stored in memory.  Files smaller than or
            equal to this size will be stored in memory.  The default
            value is 4096.
          </description>
        <param-name>sizeThreshold</param-name>
        <param-value>4096</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>UploadFilter</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
    <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
      <servlet-name>ExceptionHandlerServlet</servlet-name>
      <servlet-class>com.sun.errorhandler.ExceptionHandler</servlet-class>
      <init-param>
        <param-name>errorHost</param-name>
        <param-value>localhost</param-value>
      </init-param>
      <init-param>
        <param-name>errorPort</param-name>
        <param-value>25444</param-value>
      </init-param>
    </servlet>
    <servlet>
      <servlet-name>ThemeServlet</servlet-name>
      <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
    </servlet>
    <servlet>
      <description>Generated By Sun Java Studio Creator</description>
      <display-name>CreatorPortlet Wrapper</display-name>
      <servlet-name>VSMPortal</servlet-name>
      <servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
      <init-param>
        <param-name>portlet-class</param-name>
        <param-value>com.sun.faces.portlet.FacesPortlet</param-value>
      </init-param>
      <init-param>
        <param-name>portlet-guid</param-name>
        <param-value>VSMPortal.VSMPortal</param-value>
      </init-param>
    </servlet>
    <servlet-mapping>
      <servlet-name>ExceptionHandlerServlet</servlet-name>
      <url-pattern>/error/ExceptionHandler</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>ThemeServlet</servlet-name>
      <url-pattern>/theme/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>VSMPortal</servlet-name>
      <url-pattern>/VSMPortal/*</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
      <welcome-file>faces/null</welcome-file>
    </welcome-file-list>
    <error-page>
      <exception-type>javax.servlet.ServletException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>java.io.IOException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>javax.faces.FacesException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>com.sun.rave.web.ui.appbase.ApplicationException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <jsp-config>
      <jsp-property-group>
        <url-pattern>*.jspf</url-pattern>
        <is-xml>true</is-xml>
      </jsp-property-group>
    </jsp-config>
       <security-role>
            <role-name>Administrator</role-name>
       </security-role>          
  </web-app>
  portlet.xml
  <?xml version='1.0' encoding='UTF-8' ?>
  <portlet-app xmlns='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd                         http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' version='1.0'>
       <portlet>
            <description>Created By Java Studio Creator</description>
            <portlet-name>VSMPortal</portlet-name>
            <display-name>VSMPortal Portlet</display-name>
            <portlet-class>com.sun.faces.portlet.FacesPortlet</portlet-class>
            <init-param>
                 <name>com.sun.faces.portlet.INIT_VIEW</name>
                 <value>/Uctarna.jsp</value>
            </init-param>
            <expiration-cache>0</expiration-cache>
            <supports>
                 <mime-type>text/html</mime-type>
                 <portlet-mode>VIEW</portlet-mode>
            </supports>
            <supported-locale>en</supported-locale>
            <portlet-info>
                 <title>VSMPortal</title>
                 <short-title>VSMPortal</short-title>
                 <keywords>Creator</keywords>
            </portlet-info>
            <security-role-ref>
                 <role-name>Administrator</role-name>
                 <role-link>Administrator</role-link>
            </security-role-ref>          
       </portlet>
  </portlet-app>If I don't use the security-role and security-role-ref tags, the portlet works, and the isUserInRole method obviously doesn't.

  Nobody uses the LDAP roles in a portlet? Anybody knows other thread discussing similar issue (I can't find anything)?

• CRM 2011: Can you control which form is used based not security roles, but on a field value?

  I see that you can control which form is used based on security roles, but can you control it based on other field values?  I'd like a new record to use a different form until a given status is updated.  I have a status of draft and active. So
  it would be nice if I could use form1 for those in draft, form2 for those that are active.  But I only see where you can control that via the security roles.
  I can code all of this via JavaScript, but having the ability to use two separate forms would be nice.  Is that even possible.
  Best regards,
  Jon Gregory Rothlander

  Hello,
  Recheck following article - http://gonzaloruizcrm.blogspot.com/2014/11/avoiding-form-reload-when-switching-crm.html
  Dynamics CRM MVP/ Technical Evangelist at SlickData LLC
  My blog

• How to use security roles in Weblogic server?

  Hello Gurus,
  I am new to Weblogic server and I am trying to investigate how to make
  use of security roles in weblogic server (5.1.0). Can anyone point me
  to some documentation. Specifically, I am looking for instance level,
  and method level security and how to use it.
  Thanks for taking your time to read this e-mail.
  Thank You all in advance,
  Hari.

  You should read the security information in the Servlet 2.2 specification
  that WL 5.1 implements:
  http://java.sun.com/products/servlet/download.html
  Chapter 11 deals with declarative and programmatic security, and includes a
  section on roles:
  11.4 Roles
  A role is an abstract logical grouping of users that is defined by the
  Application Developer or
  Assembler. When the application is deployed, these roles are mapped by a
  Deployer to security
  identities, such as principals or groups, in the runtime environment.
  A servlet container enforces declarative or programmatic security for the
  principal associated with
  an incoming request based on the security attributes of that calling
  principal. For example,
  1. When a deployer has mapped a security role to a user group in the
  operational environment. The
  user group to which the calling principal belongs is retrieved from its
  security attributes. If the
  principal's user group matches the user group in the operational environment
  that the security
  role has been mapped to, the principal is in the security role.
  2. When a deployer has mapped a security role to a principal name in a
  security policy domain, the
  principal name of the calling principal is retrieved from its security
  attributes. If the principal is
  the same as the principal to which the security role was mapped, the calling
  principal is in the
  security role.
  Cameron Purdy
  http://www.tangosol.com
  "Hari" <[email protected]> wrote in message
  news:[email protected]..
  Hello Gurus,
  I am new to Weblogic server and I am trying to investigate how to make
  use of security roles in weblogic server (5.1.0). Can anyone point me
  to some documentation. Specifically, I am looking for instance level,
  and method level security and how to use it.
  Thanks for taking your time to read this e-mail.
  Thank You all in advance,
  Hari.

• How to get security roles

  Hi All,
  I want to know how to get the security roles which we configured in adfsecurity.
  Regards,
  Smaran

  Hi,
  to get all roles associated with the current user, try
  SecurityContext secCtx = ADFContext.getCurrent().getSecurityContext();
  String[] roles = secCtx.getUserRoles();
  To get access to the roles defined on the system (not user specific) then this requires OPSS access. The JavaDocs are here:
  http://download.oracle.com/docs/cd/E17904_01/apirefs.1111/e10686/toc.htm
  From the top of my head. this is how get access to the JPS context to query system resources.
  JpsContextFactory jpsfact = JpsContextFactory.getContextFactory();
  JpsContext jpxCtx = jpdfact.getContext();
  IdentityStoreService store = jpxCtx.getServiceInstance(IdentityStoreService.class);
  ... from here on I have no further hint without trying it myself. However, I hope I go you started
  Frank

• Map security roles to group within LDAP using external 3rd Party LDAP

  I'm haveing a problem mapping my logical role defined in my web.xml to a role within Active Directory. I'm currently authenticating using Active Directory succsfully, however after the user is authenticated I get a message from the OC4J container that my role can not be found. Can you map a logical role to group within Active Directory? Below are details about my configuration.
  Any help would be greatly appreciated.
  Log.xml log entry that confirms webtA is communicating successfully with AD.
  SG_TEXT>JAAS-LDAPLoginModule: authenticating user wmgraham</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  <MESSAGE>
  <HEADER>
  </CORRELATION_DATA>
  <PAYLOAD>
  <MSG_TEXT>JAAS-LDAPLoginModule: DN for user wmgraham is cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  <MESSAGE>
  <HEADER>
  Error reported in the log
  <MESSAGE>
  <HEADER>
  <TSTZ_ORIGINATING>2008-08-27T11:38:05.991-04:00</TSTZ_ORIGINATING>
  <COMPONENT_ID>j2ee</COMPONENT_ID>
  <MSG_TYPE TYPE="TRACE"></MSG_TYPE>
  <MSG_LEVEL>16</MSG_LEVEL>
  <HOST_ID>F2287032-W</HOST_ID>
  <HOST_NWADDR>30.30.16.14</HOST_NWADDR>
  <MODULE_ID>security</MODULE_ID>
  <THREAD_ID>14</THREAD_ID>
  <USER_ID>wmgraham</USER_ID>
  </HEADER>
  <CORRELATION_DATA>
  <EXEC_CONTEXT_ID><UNIQUE_ID>30.30.16.14:59560:1219851485804:6</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
  </CORRELATION_DATA>
  <PAYLOAD>
  <MSG_TEXT>for group=[JAZNGroupAdaptor: webta] there's no matching role found.</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  Web.xml Logical Role definition
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>allpages</web-resource-name>
  <url-pattern>/servlet/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>WEBTA_J2EE_USER</role-name>
  </auth-constraint>
  </security-constraint>
  <security-role>
  <role-name>WEBTA_J2EE_USER</role-name>
  </security-role>
  Orion-web.xml This file maps the logical role defined in webxml to a group within Active Directory.
  <security-role-mapping name="WEBTA_J2EE_USER">
  <group name="webta"/> <-- Group defined in AD -->
  </security-role-mapping>

  What is the name of the group in AD (provide the DN) that you want to map the j2ee logical role WEBTA_J2EE_USER? What are the group search base and group mapping attribute?
  When wmgraham logs into the app, the 3rd party ldap login module will attempt to query for the groups wmgraham is a member of - this is done using the group search base configuration for the provider.
  In this example, the DN is "cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and likely user search base is set to "ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi".
  Assuming group search base is (say) "ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and and group mapping attr is "cn", then the role mapping you mention should work for group DN "cn=webta,ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi"

• User, Role, Profile Synchronization Job Fails

  Hi Gurus,
  When I am scheduling a job the User, Role, and Profile Sync. job fails giving an error
  "Cannot assign a java.lang.String object of length 53 to host variable 5 which has JDBC type VARCHAR(40)."
  This happens when the synchronization happens with a portal system. We dont have a ruleset for the portal system, So if I put in a "*", it includes this system and results in the error, If I manually select all other system, it works fine. Is there any way to remove this error so that I can schedule the jobs without having to select every system manually.
  Regards,
  Chinmaya

  Hi,
  As per my knowledge, in the Portal system, you should perform only user sync. Roles/profile sync will not work since portal will have workset roles.
  Please refer SAP Note 1168120, which may help you to understand the limitations
  Hope this helps!!
  Rgds,
  Raghu
  Edited by: Raghu Boddu on Nov 4, 2010 7:39 PM