The Role Data in SOA Governance

Similar Messages

• 'Role Data' tab appearing twice in Business Partner master data

  Hello,
  The 'Role Data' tab is appearing in the master data of business partner for TWO times. The contents of both the tabs are identical. So I know that the only thing that I probably need to fix is the screen sequence. I have followed note 695714 and could not find anything wrong. Can someone please help me with the following queries:
  1. Identifying where we maintain the tab sequence for business partner master data, ie the transaction code or the path in BDT
  2. What is the name used in BP for the 'tabs'... I mean they are not called TABS but I suppose as Screens or Screen Sequence. So, what is the correct name for a Tab in BP master data.
  3. How I can hide the extra tab of Role Data from the BP master data screen
  4. How do we control the sequencing of the tabs, ie whether the address tab should be the first one or the third one or the last one.
  Regards
  Suvarghya Dutta

  Hi Kiran,
  Can you post the query here, which you used in fromatted search.
  I believe you mean to say that by this formatted search, user will have flexibility to choose the field and enter the search value.
  thanks in advance,
  Samir Gandhi

• In V_V2 the role of Sort Item by date of creation and Sort by delivery date of earliest schedule line for the Sales Orders when Material is out of Stock.

  Hi All,
  Good Morning,
  I am working on once Incident for Re-Scheduling Program V_V2 where the user has requested us to change the criteria for determining the priority of Sales Document based on Sort Item by date of creation. Currently they are using the Sort by delivery date of earliest schedule line in the Variant.
  I would like to know the role these both options play in the Re-Scheduling program V_V2. I would like to know the impact of both of them and the kind of testing I need to perform to study the behaviour of Sales Orders especially when the material is out of stock?
  Please explain with help of examples.
  Thanks
  Farhan.

  This is not that simple that an example would explain how this transaction works but I'll give you some examples.
  Material A has SO1 and SO2 of 10KG each, stock is 20KG so both quantities are confirmed at today. A stock recount determines a reduction to 5KG. This program would change confirmed quantity of SO1 to 5KG and SO2 to 0KG if:
  Creation date of SO1 is older then SO2 in strategy 1
  1st delivery date of SO1 is smaller then SO2 in strategy 2
  Material B has SO1 and SO2 with 10KG each but no quantity confirmed, stock is 0KG. A prodution adds 15KG to stock. The program would change confirmed quantities of SO1 to 10KG and SO2 to 5KG if:
  Creation date of SO1 is older then SO2 in strategy 1
  1st delivery date of SO1 is smaller then SO2 in strategy 2
  I'm assuming a specific configuration, there are many other scenarios possible.
  regards,
  Edgar

• How can we get the value of the key field in a custom data model using governance API?

  Dear Team,
  How can we get the value of the key field in a custom data model, to be used for manipulation of the change request fields using governance API?
  Any kind of help would be sincerely appreciated.
  Thanks & Regards,
  Tushar.

  Hi Michael,
  Thanks for direction. Let me give more context on this as I'm interested to get more details..One of the issue was to read cross entity field values on UI based on user action and set other entity field behaviour...It is similar to what is being posted here.
  For ex: Reading MTART from Basic Data UIBB in MM MDG UI and set the field properties in some other custom entities say ZZETEST. This cannot be done using UI BADI as it only supports single entity at a time and not cross entity. So alternatively we found a solution where we can enhance existing PLMB feederclass cl_mdg_bs_mat_feeder_form by reading the model and the entity as needed as it it proved that it supports cross entity UI field behaviours and so business requirements.
  This is a workaround for now.
  So the question is How do we achive it using governance API for cross entity field behiaviours.?or what is the right way doing this.
  Can we do that using governance API and its' methods?
  In the Governance API doc you provided below has referring to below external model as part of gevernance API.
  The active or inactive data (before or during the derivation or the check) can be read
  with the external data model interface IF_USMD_MODEL_EXT with the method READ_CHAR_VALUE and
  the corresponding READ_MODE parameter. To avoid unnecessary flushes (derivations), the NO_FLUSH
  parameter should b
  e set to ‘X’.
  Thanks
  Praveen

• The role "SAP_J2EE_ADMIN" has no profile date in PFCG.

  Hi friends,
  I use the T-code PFCG to check the role SAP_J2EE_ADMIN, I found, there is no profile date in the tab "Authorizations" which status is red. How to get "right" authorization profile to the role?
  I tried to use T-code "supc", It can re-gernerate roles which status are yellow. but for red status, I don't know how to do.
  Best Regards,GuoYu.

  Hi,
              You just goto PFCG and generate this role once and assign to J2EE_ADMIN user. I hope this will solve your problem.
  Regards,
  Hari.

• What is data base interface and the role it will play while retrieving data

  What is data base interface and the role it will play while retrieving data.

  Hi,
     check out the following link.
  http://help.sap.com/saphelp_nw04s/helpdata/en/97/68d64260752a78e10000000a155106/frameset.htm
  it says:
  Database Interface
  Interface to the database of the NetWeaver AS ABAP that is integrated in the ABAP-runtime environment. The statements of Open SQL and Native SQL access the database using the database interface. The database interface is responsible for data transport between business layer and persistence layer, automatic client handling, and SAP buffering.
  hope it helps.
  Regards,
  kinshuk

• Require information about the Role of Data Analyst

  Hi All,
  I know this might be irrelevent question in this forum, but after a long search, I could not find any suitable place where I can get the information about the role of Data Analyst ( DA ). What all activities the DA needs to perform? Can anyone suggest me anything related to this?
  Thanks in advance
  Himanshu

  As with just about any role, it really depends on the organization. There are dozens if not hundreds of jobs that different organizations might label "Data Analyst." A lot of what a statistician, an economist, or an actuary does would count as data analysis. So would a lot of what a business analyst does. So would a lot of what an software architect does.
  Justin

• R12.0.04 -Sync responsibility role data into the WF table -affurg02.sql

  Heloo my friend ;
  I try to run the following concurrent requests :
  Sync responsibility role data into the WF table and its gives me error and the erros is :
  Cannot find file /oracle/VIS12/apps/apps_st/appl/fnd/12.0.0/sql/affurg02.sql
  Cause: Application Object Library could not could not locate the file specified.
  Action: Contact your system administrator. Verify that the specified file and
  Concurrent Manager encountered an error while running SQL*Plus for your concurrent request 4585216.
  I didnt find anything in metalink,
  Anyone has idea?
  Helios

  Run "Workflow Directory Services User/Role Validation" concurrent program instead. <<I already did it... the link whihc u send me it doesnt say nothing.. The document say it only
  STEPS TO REPRODUCE THE PROBLEM:
  Navigate > System Administrator > Requests > Run . Select Sync responsibility role data into wf tables program.
  *** 02/19/08 01:59 am ***
  *** 02/19/08 02:00 am ***
  *** 02/19/08 04:09 am *** (CHG: Sta-&gt;30)
  *** 02/19/08 04:09 am ***
  *** 02/19/08 05:50 am *** (CHG: Sta-&gt;11)
  *** 02/19/08 05:50 am ***
  *** 02/19/08 08:44 am *** (CHG: Asg-&gt;NEW OWNER)
  *** 03/06/08 09:34 am *** (CHG: Sta-&gt;30)
  *** 03/06/08 09:34 am ***
  *** 03/16/08 12:31 pm *** (CHG: Sta-&gt;33)
  *** 03/16/08 12:31 pm ***
  *** 03/30/08 10:00 pm *** (CHG: Sta-&gt;92)
  *** 03/30/08 10:00 pm ***
  There is no solution, i found this documentation already but i cant see that
  *** 03/30/08 10:00 pm *** .... i hope u have other idea... i already try what u said me my friend ..
  Helios

• What is the Role of SAP PI in SAP SRM?

  Hello Gurus
  I'm from SAP-XI background.
  In my project I need to create a scenario from SRM ---> PI/XI ---> MDM.
  I'm having the below queries regarding this scenario.
  1) Do I need to download the "XI CONTENT for SRM SERVER and import it into PI server.
  2) If so what is the exact location in the service market place from which I can download
  3) What are the steps that need to be done between SRM and PI and also in SLD so that data will be sent from SRM to PI.
  Can anyone answer my queries.
  Thanks and Regards,
  Pruthvi

  Hi Pruthvi,
  Mentioned below are the list of output medium for SAP SRM.
  1. Email.
  2. Fax.
  3. Print.
  4. XML.
  Whenever SRM want to send data to another system in XML format and if you are not using SOA then PI is very much required to transfer the XML data to the target system. When you integrate  SRM with ECC 6 EHP 4 or higher version then many documents are transmitted in XML format only and XML document is sent out of SRM using ABAP Proxy.
  Since the XML data is sent out via ABAP proxy you have to import the integration objects for SAP SRM into SAP NetWeaver PI. you can find the same in the below location.
  https://websmp103.sap-ag.de/~form/handler?_APP=00200682500000001943&_EVENT=DISPHIER&HEADER=N&FUNCTIONBAR=Y&EVENT=TREE&TM…
  Steps involved :
  1. Deploy the integration objects of SAP SRM into SAP NetWeaver PI.
  2. Update the SLD with new business system data.
  3. Check Active Process Integration in the transaction SPRO in SRM .
  4. Go through the below steps :
       1) One RFC of type H to point to PI with all the details.
       2) Define the role of the business system in the server that you want to see(Sxmb_Adm)
       3)Connection between Business System and System Landscape Directory.
       3a)RFC destination LCRSAPRFC of type T for SLD connection.
       3b)RFC destination SAPSLDAPI of type T for SLD connection.
       4)Maintain the SAP J2EE Connection parameters for LCRSAPRFC and SAPSLDAPI in SAP J2EE      Engine
       5)Maintain SLD access details in Transaction SLDAPICUST.
       Please refer the section 1.3.1, 1.3.2, 1.3.3 and 1.3.4 in the document(as linked provided below)
  SLDAPICUST should point to the SLD host server. If you have a central SLD installed on the Dev server, then it is ok that it is using the host and port of the Dev server.
  PIAPPLUSER is the normal user that is used in trx SLDAPICUST (the user must have the role SAP_XI_APPL_SERV_USER).
  'Lastly, will the gateway Server of SAPSLDAPI and LCRSAPRFC will be the same for both DEV and QAs systems in XI?'
  5. Make the necessary confirmation in Integration directory for the relevant interfaces.
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/70066f78-7794-2c10-2e8c-cb967cef407b?quicklink=index&…
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e0ac1a33-debf-2c10-45bf-fb19f6e15649?QuickLink=index&…
  Checking XI Settings - mySAP SRM: Basic Settings - SAP Library
  Regards,
  Suresh

• What are the roles & responsibilities of SAP MDG Functional Consultant?

  Dear experts,
  Please explain What are the roles & responsibilities of SAP MDG Functional Consultant?
  Regards
  Adhi,

  Hello Adhi
  There is no limit to explore in MDG. As a functional consultant you are responsible for -
  1. Defining scope of MDG
  2. Set up governance process - Workflow
  3. Configuration - MDG (Activate services - functions / role set up / Data modelling / process modelling / replication set up ) - You have to involve in each of these activities with technical. You can also do it on your own.
  4. Testing - end to end testing and training
  5. Cut over activities - data load etc
  In these areas, you have to contribute 100% and work with entire team (tech) for set up.
  As mention, you can explore a lot in MDG.
  Kiran

• What is the role of a Policy CA

  Hello All
  Can someone please help me with the following question please (thanks in advance)
  I read the following (from another post on this forum regarding Policy CAs)
  The role of a policy CA is to describe the policies and procedures that an organization implements to secure its PKI, the processes that validate the identity of certificate holders, and the processes that enforce the procedures that manage certificates.
  A policy CA issues certificates only to other CAs. The CAs that receive these certificates must uphold and enforce the policies that the policy CA defined.
  It is not mandatory to use policy CAs unless different divisions, sectors, or locations of your organization require different issuance policies and procedures. However, if your organization requires different issuance policies and procedures, you must add
  policy CAs to the hierarchy to define each unique policy. For example, an organization can implement one policy CA for all certificates that it issues internally to employees and another policy CA for all certificates that it issues to non-employees.
  Now the statement above
  The role of a policy CA is to describe the policies and procedures that an organization implements to secure its PKI
  To me that sounds like the CPS?
  My understanding is the CPS is simply a  document (normally a text file) which can be access via a URL (e.g. HTTP) in the same manner as a CRL. If that is the case is the location of the CPS detailed in a known extension like the CPD extension?
  Also
  How do you 'enforce' the Policy as detailed by the Policy CA, for example
  Lets say we have three level PKI, Root > Policy CA (only issued cert to issuing CA) > Issuing CA
  Now as far as I am aware with an Enterprise AD joined CA (issuing CA) requesting and obtaining certificates is controlled by Templates and these Templates are controlled by Security ACL (AD security) detailing who can Read, Enroll, Auto-Enroll
  for a certificate (e.g. WEB Server) based on these templates.
  If the above is correct where does the Policy CA come in, in as much as 'enforcing a given policy' for example lets say the Policy CA states any certs issued by me to Issuing CA's these Issuing CA can only allow the WEB Server
  template. What is to stop an Admin giving Read, and Enroll permissions for the Code Signing template, and thereby issuing Code Signing certs from the Issuing CA.
   Are the Policies setup on the Policy CA (I assume you somehow setup Policies hence the name?) related to EKU, for example when the Policy CA issues a CA Cert  (basic constraints) to the Issuing CA, does the Policy CA set certain EKU (which
  I understand are known OIDs) in the CA cert it issues to the Issuing CA, some how preventing the Issuing CA from issuing a Code Signing Cert for example?
  Any advice most welcome as I would really like to understand the machanics of the above
  Thanks All in advance
  AAnotherUser__
  AAnotherUser__

  > To me that sounds like the CPS?
  exactly.
  > If that is the case is the location of the CPS detailed in a known extension like the CPD extension?
  yes, it is called Certificate Policies extension. Go to
  https://www.verisign.com or https://www.digicert.com, THOUSANDS OF THEM!!!111oneone and examine their certificates in the Details tab. There you will find a Certificate Policies extension, that will include policy
  OID (mandatory) and a combination of User Notice and/or CPS location url. Windows certificate GUI control fetches this extension and active Issuer Statement button in General tab. If the certificate contains only User Notice, a small dialog with User Notice
  will appear. If there is an URL, you will be redirected to the URL referenced in the Certificate Policies extension.
  > If the above is correct where does the Policy CA come in, in as much as 'enforcing a given policy' for example lets say the Policy CA states any certs issued by me to Issuing CA's these Issuing CA can only allow the
  WEB Server template.
  this assumption is incorrect. CPS does not restrict on certificate types allowed to you. CPS defines the procedure which is used to issue certificates to you. For example, authentication (user name and password combination, hardware tools, biometric or even
  face-to-face meetings) procedure, criteria list you should pass in order to get the certificate, your and CA (relying parties) liability, responsibility and certificate usage rules. Certificate is not your property, it is a property of the issuing CA
  Consider a certificate like a personal passport (ID card). Passport is not your property, it is a property of the issuing organization (state organization). Before getting the passport, you are submitting documents that prove your personality (entity). If
  you are supplying birth passport it is a sort of initial enrollment, if you submit existing passport -- it is re-enrollment (everything like in certificates). You are signing an agreement between you and state. This agreement is a CPS, it defines the passport
  issuance terms (validity, re-enrollment procedures, etc.) and usage policies. You shall not give your certitificate to 3rd parties (except the ones allowed by a government). You shall notify issuing organization if you lost the passport, or it was lost. You
  can continue these parallels (between your passport or person ID card with digital certificates).
  Regarding technical enforcement. Policy CA can define multiple policies. All of them are listed in the Policy CA certificate itself. All certificates issued below (unlimited levels down), all certificates must belong to any of the mentioned policy. RFC5280
  defines the certificate policy OID constraint validation. If constraint is violated, certificate chaining engine will report an error. If Policy CA defines policy with OId=1.1.1 and some certificate below is issued under policy 1.2.1 --
  the certificate will become invalid, because of constraint violation.
  Since it is bare measure, an owner of Policy CA should perform regular audits of its members to verify whether the policies are followed. Policy CA may stop relationships with child CA (by revoking child CA certificate) if policy violations are found during
  audit.
  > some how preventing the Issuing CA from issuing a Code Signing Cert for example
  it is possible, but not mandatory. Policy CA certificate may define only particular EKUs allowed below. It can be done via specific EKU in the policy CA certificate, application policy constraints, or extended properties.
  > I would really like to understand the machanics of the above
  you are going to be a PKI expert!
  Ok, I wrote a ton of words, but the reality is not that bright. Policies are violated, constraints are not followed. Eventually, who cares? Comodo has enough strict CPS, but constantly issues legitimate certificates to unknown persons, because someone calls
  to Comodo and says "Hello, I'm from Google, please, send me few certs" and they send. Many years ago, VeriSign failed in the same way. Who said that EKU extension is strictly followed? Examine the certificate at
  https://login.live.com. Intermediate CA is not eligigle to issue end entity certificates for other purposes (EKU) than the ones listed in its own certificate. REALLY? But who cares? IE doesn't care. Policy constraints are
  violated? Who cares if nobody will notice that (I didn't see the app that would complain so loud). But all this doesn't matter that you can do the same way. You still need to follow all rules, recomendations, best practices even if they are not mandatory.
  It is a part of your PKI's success.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• How to get the Role from a process

  Hi,
  I have a process where I have different role panes with human intervention activities. Each human intervention invokes a screenflow.
  Is there any method by which I can get the role pane from which an intance is generated
  For e.g. in process P1, I have 3 different role panes i.e. R1, R2, R3. Suppose there is an human intervention activity A3 in R3. It invokes a screenflow in which there are different methods. I want to get the roleId here i.e. R3.
  Through creation data I can know the instance creator i.e. participant ID, but a participant can have more than one role. I want to get the role from which the Human Intervention activity is invoked.
  Please suggest / help.
  Thanks
  Jayant

  Hey Thanks a tonn
  It works fine by the following code
  role = Activity.role
  logMessage "message"
  logMessage "Role: " + role.name
  role.id returns an int, so I used role.name
  Thanks and Regards
  Jayant

• Issue with the ROLES in Precalculation of WebTemplate in Reporting Agent.

  HI BWers,
  I am having trouble in understanding the functionality of ROLES and USERS in the Reporting Agent.
  My goal is to pre-calculate WebTemplate,so the users can get the data results based on their ROLES.
  -> When I select ROLES under Authorizations in Reporting Agent; my understanding was it will just pre-calculate the WebTemplate based on Roles. But, when I look at the job details its doing for the Users. I opted for   ROLES because I have 10-Roles and 100-Users, so the job runs for only Roles.
  -> I don't want to select the Users, as it will take longer time and uses lot of system resources.
  Can I just run for ROLES, for that under Authorizations in Reporting Agent do I need to select Precalculate User-Specifically and Select ROLES or just selecting ROLES will do. I tried both, just selecting ROLES is not working and selecting Precalculate User-Specifically & ROLES is not yielding the required results.
  Could you please throw some light on it, I am on BW 3.5 & SP15.
  Any help will be highly appreciated.
  Regards,
  swordfish.

  Hi,
  If you choose the Precalculate by User option, all the data and HTML pages for the Reporting Agent setting are precalculated for each of the selected users in a single job. This applies in both the cases: Roles or users. When you specify a role after selecting the option 'Precalculate by User', the precalculation will be done for all the users assigned to that role and not the role.
  Roles/Users is just 2 different ways of giving the user restriction. If you specify the roles, the system will precalculate for all the users assigned to the role. If you have few users for whom you want the precalculation to be done, then you can specify the user IDs. If you have many users assigned to a particular role for whom you want the precalculation to be done, then you can specify the role.
  Regards,
  Shilpa

• Authorization issue - need to know the Role providing this access

  Hi,
  User is facing an authorization issue below:
  "You donot have authorization to display DataSource 2LIS_06_INV, Component MM" and
  "You donot have authorization to display DataSource 2LIS_11_VAITM, Component SD"
  Kindly let me know what Role is missing from the user's profile?
  Thanks and Regards,
  Sachin
  SAP Security Consultant

  Hi Murali,
  It helped.
  I found out the BW Data Support role for the object S_RO_OSOA and when checked it was already in user's profile but the missing part was user Comparision for that role.
  I did user comparision and then user is able to view the below DataSources....
  Thanks for your help, it triggered to find the root cause.
  Thanks
  Sachin

• The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

  got event ID 4015 and source DNS-Server-Service. please suggest how to fix this issue
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Raj

  Hi
   first run "ipconfig /flushdns" and then "ipconfig /registerdns" finally restart dns service and check the situation,also you can check dns logs computer management ->Event viewer->Custom Views->Server roles->DNS.