The role of Management ID

Hi
i want understand the role of "Management ID"
I read that in the BI administration guide but I can not understand the purpose of this parameter
Note:
The Change Management ID is used for obtaining information related to logging, auditing, job history,
and so on. The promotion management tool enables you to map each instance of job creation to a
Change Management ID. The Change Management ID is an attribute that is set by the user in the
job definition while creating a new job. The tool automatically generates an ID for each job.
thanks

any sggestion

Similar Messages

Does the role Provision Manager must combine with Planner or Reviewer?

When I login the Planning application with only the 'Provision Manager' role, the system will display the error message below:
An error occurred while processing this page. Check the log for details.Please close the current tab and open application again
Failed to sync with user provisioning. Check Planning log for details
I tried to sychronize manually using the command UpdateUsers.cmd, it still showed like this:
Loaded Version of Essbase RTC: 0xb1221
Cannot login to application: XXXX
However, if adding a Planner or Reviewer role, it will go well without any error.
BTW: Where can we find the error code(like 0xb1221) annotation?
Thanks
Derek

It wont work, you cant use Provisioning Manager Role alone to login to Planning Application, Its a Shared Services Role to provision users.To identify the actual use to the role have a look at:
Provisioning Users and Groups with Planning Application Roles
Cheers..!!
Rahul S.

Role in bpm when the role is dynamic (manager of the user)

Hi,
Regarding the bpm I face a case as below:
I have a bpm which in one of its step a human task would be generated for the Manager of the user that initiate this process.
Assume that I kept the username of the initiator on one of my variable how can I set the user's manager role?
as in the bpm I just can set the role and in the mapping of bpm role to LDAP role I can not use the xpath or dynamic thin I can just can select the LDAP user or group.
Thanks

Try this:
Go to the "XXX.task" file of your user screen, you can find it in the structure tree on the left panel inside the "SOA Content" directory of your main project.
You will see a serie of tabs in the left side of the new window. Go to "Assignment".
There you will see a default.DefaultPerformer inside a box. Click on it and the on the pencil icon to edit it.
In the new window you can add the participants using the "by name" or the "by expression" option. If you have the username stored in a variable, you can use it here to dynamically assign the task.
Hope this helps.
Let me know if this doesnt work.

What's the role of jsessionids in ADF session management?

Hi all,
I'm fairly new to ADF and I've had a client ask me if ADF is using jsessionid consistently for sessionization.
From a quick google search it sounds like all J2EE applications will be using jsessionids as part of their session management, and it doesn't look too difficult to access this information programmatically. Can anyone elaborate for me on what exactly jessionids are and whether they are guaranteed to exist if a session of an ADF application has been instantiated? Basically I think I know the answer to my client's question is yes, but can anyone help me understand the role of jsessionids in ADF apps and other J2EE apps?

Hi.
This is a basic behavior in all Java application servers, as it is mandated by the Java Enterprise Edition specification. The ID is used to match the HTTP request to its session object. Basically, the web container will add jsessionid to the URL when the session id cannot be saved in a cookie. This behavior can also be enforced through settings in weblogic.xml, for example, if you are using WLS.
ADF is built on the top of JEE; consequently, it uses jsessionid in exactly the same way as any other Java application.
Best Regards,
Frédéric.

Geting the user's manager having the Role

Friends,
How can I use roles to get the user's manager ?
Thanks,
Glauco
Message was edited by: Glauco Kubrusly

Aaah, ok, nice to hear that. For a moment I was wondering how you were going to implement workflow if you didn't have an org. structure
One thing: when executing the function module SWX_GET_MANAGER, don't place your items in the ACTOR_TAB parameter: that's the table that the function uses for its return values. Place your values instead in the AC_CONTAINER table in the following format:
AC_CONTAINER-ELEMENT = ORG_OBJECT
AC_CONTAINER-ELEMLENGTH = 25 (or some other value larger than 15)
AC_CONTAINER-TYPE = C
AC_CONATINER-VALUE = (your parameter)
This should give you the correct return values in the ACTOR_TAB table once you run the function.
You can also test out the rule 168 in txn PFAC. When simulating the rule, enter your data in the "OrgManagement object" field in the following format:
For users, type US followed immediately by the username (ex. USJRAMOS)
For other values, write the object type followed by a space and then the parameter (ex. P 00014578 or S 52457800).
Check the rule documentation for other formatting considerations if the above suggestion doesn't work.
Hope this helps!
Juan Ramos

Adding a domain user to the admin role within the local user management breaks all metro apps for all users!!

Hi,
I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines.
First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
Here are my exact steps of what I did to reproduce our problem:
Complete format of HDD in preperation for a clean install
Clean install performed
Set up the machine initially with a local account
Test metro apps - all working fine
Open control panel from the desktop, click on System, change the system to join the domain, click reboot
Log into the system using my domain account
Test metro apps - all working fine
Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
I click add and then add my domain account - also giving it administrator access
Sign off or reboot to ensure the new security is applied
Sign back in to the domain account
Test metro - ALL BROKEN
Sign out
Sign in as local account
Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
could fathom was a full re install and not giving the domain user admin access to the local machine.
Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
Thanks

Hi Juke,
Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
in event viewer.
Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
Under "Applications And Services Logs" --> "Microsoft" --> "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
Windows.Launch contract failed with error: The app didn't start."
If you require any further information just let me know and I will provide as much as I can.
Thanks

What is the Roles Of Bridging Account

*What Are The Roles Of These Accounts Bridging, Non-Invoiced Sales Orders And Non-Invoiced Revenue in Periodic Account Assignments form? [ID 1335054.1]*
The Expense account is there to accommodate European accounting practices.
The Bridging account (as seen in WIP accounting classes) is used only in France.
The bridging account (and possibly others) was included at the request of the Global Accounting Engine team on behalf of France in the setup form at design time; but it has never been used as it was decided that transfer To GL would remain manual for the moment. In other words, today PAC only generates distributions based on GAAP/Brazil accounting.
In other words: In US accounting, when you put something in inventory it is accounted as an asset, in France it is accounted as an expense; so during a period you total all expenses and at the end of a period in order to do a fiscal Profit and Loss, you "convert" to assets by using a bridging account : you debit the inventory account and credit the bridging account. This is done by Product Nature: So you have a Bridging account for raw materials, for finished goods and semi-finished.
The fields 'Non-invoiced Sales Orders' and 'Non-invoiced Revenue' was set up with a view to replacing the functionality (used in Europe) that is currently provided by the Global Accounting engine (AX). However, this has not yet been implemented in the apps - which currently support only US GAAP & Brazilian accounting as methods of generating distributions from PAC.
User Guide
2 – 72 Oracle Cost Management User’s Guide
Bridging: This account is optional.
You can also optionally enter an Analytical Invoice Price Variance, Analytic a l Purchase Mirror, Non–Invoiced Sales Order, Non–Invoiced Revenue, Analytical Revenue Mirror, Analytical Margins of Goods Sold, and Average Cost Variance account.
Edited by: Deepkumar Sivanandan on Aug 25, 2012 11:56 PM

Hi Thaman,
Responsibility of functional consultant in ESS/MSS:- Functional configuration under SPRO > Employee self service and manager self service, then preparation of Functional specification design (FSD) if any deviation from standard SAP, Unit test plan preparation and all functionailty testing
Responsibility of Technical consultant:- Preparation of Technical specification design document (TSD), activation of work flow and creation of workflow if additional is required. Creatio of form like vacancy requisition form, new position creation form etc.
Also some kind of technical configuration is there in SPRO for workflow and form
Regards,
Purnima

What is the role of a Policy CA

Hello All
Can someone please help me with the following question please (thanks in advance)
I read the following (from another post on this forum regarding Policy CAs)
The role of a policy CA is to describe the policies and procedures that an organization implements to secure its PKI, the processes that validate the identity of certificate holders, and the processes that enforce the procedures that manage certificates.
A policy CA issues certificates only to other CAs. The CAs that receive these certificates must uphold and enforce the policies that the policy CA defined.
It is not mandatory to use policy CAs unless different divisions, sectors, or locations of your organization require different issuance policies and procedures. However, if your organization requires different issuance policies and procedures, you must add
policy CAs to the hierarchy to define each unique policy. For example, an organization can implement one policy CA for all certificates that it issues internally to employees and another policy CA for all certificates that it issues to non-employees.
Now the statement above
The role of a policy CA is to describe the policies and procedures that an organization implements to secure its PKI
To me that sounds like the CPS?
My understanding is the CPS is simply a document (normally a text file) which can be access via a URL (e.g. HTTP) in the same manner as a CRL. If that is the case is the location of the CPS detailed in a known extension like the CPD extension?
Also
How do you 'enforce' the Policy as detailed by the Policy CA, for example
Lets say we have three level PKI, Root > Policy CA (only issued cert to issuing CA) > Issuing CA
Now as far as I am aware with an Enterprise AD joined CA (issuing CA) requesting and obtaining certificates is controlled by Templates and these Templates are controlled by Security ACL (AD security) detailing who can Read, Enroll, Auto-Enroll
for a certificate (e.g. WEB Server) based on these templates.
If the above is correct where does the Policy CA come in, in as much as 'enforcing a given policy' for example lets say the Policy CA states any certs issued by me to Issuing CA's these Issuing CA can only allow the WEB Server
template. What is to stop an Admin giving Read, and Enroll permissions for the Code Signing template, and thereby issuing Code Signing certs from the Issuing CA.
Are the Policies setup on the Policy CA (I assume you somehow setup Policies hence the name?) related to EKU, for example when the Policy CA issues a CA Cert (basic constraints) to the Issuing CA, does the Policy CA set certain EKU (which
I understand are known OIDs) in the CA cert it issues to the Issuing CA, some how preventing the Issuing CA from issuing a Code Signing Cert for example?
Any advice most welcome as I would really like to understand the machanics of the above
Thanks All in advance
AAnotherUser__
AAnotherUser__

> To me that sounds like the CPS?
exactly.
> If that is the case is the location of the CPS detailed in a known extension like the CPD extension?
yes, it is called Certificate Policies extension. Go to
https://www.verisign.com or https://www.digicert.com, THOUSANDS OF THEM!!!111oneone and examine their certificates in the Details tab. There you will find a Certificate Policies extension, that will include policy
OID (mandatory) and a combination of User Notice and/or CPS location url. Windows certificate GUI control fetches this extension and active Issuer Statement button in General tab. If the certificate contains only User Notice, a small dialog with User Notice
will appear. If there is an URL, you will be redirected to the URL referenced in the Certificate Policies extension.
> If the above is correct where does the Policy CA come in, in as much as 'enforcing a given policy' for example lets say the Policy CA states any certs issued by me to Issuing CA's these Issuing CA can only allow the
WEB Server template.
this assumption is incorrect. CPS does not restrict on certificate types allowed to you. CPS defines the procedure which is used to issue certificates to you. For example, authentication (user name and password combination, hardware tools, biometric or even
face-to-face meetings) procedure, criteria list you should pass in order to get the certificate, your and CA (relying parties) liability, responsibility and certificate usage rules. Certificate is not your property, it is a property of the issuing CA
Consider a certificate like a personal passport (ID card). Passport is not your property, it is a property of the issuing organization (state organization). Before getting the passport, you are submitting documents that prove your personality (entity). If
you are supplying birth passport it is a sort of initial enrollment, if you submit existing passport -- it is re-enrollment (everything like in certificates). You are signing an agreement between you and state. This agreement is a CPS, it defines the passport
issuance terms (validity, re-enrollment procedures, etc.) and usage policies. You shall not give your certitificate to 3rd parties (except the ones allowed by a government). You shall notify issuing organization if you lost the passport, or it was lost. You
can continue these parallels (between your passport or person ID card with digital certificates).
Regarding technical enforcement. Policy CA can define multiple policies. All of them are listed in the Policy CA certificate itself. All certificates issued below (unlimited levels down), all certificates must belong to any of the mentioned policy. RFC5280
defines the certificate policy OID constraint validation. If constraint is violated, certificate chaining engine will report an error. If Policy CA defines policy with OId=1.1.1 and some certificate below is issued under policy 1.2.1 --
the certificate will become invalid, because of constraint violation.
Since it is bare measure, an owner of Policy CA should perform regular audits of its members to verify whether the policies are followed. Policy CA may stop relationships with child CA (by revoking child CA certificate) if policy violations are found during
audit.
> some how preventing the Issuing CA from issuing a Code Signing Cert for example
it is possible, but not mandatory. Policy CA certificate may define only particular EKUs allowed below. It can be done via specific EKU in the policy CA certificate, application policy constraints, or extended properties.
> I would really like to understand the machanics of the above
you are going to be a PKI expert!
Ok, I wrote a ton of words, but the reality is not that bright. Policies are violated, constraints are not followed. Eventually, who cares? Comodo has enough strict CPS, but constantly issues legitimate certificates to unknown persons, because someone calls
to Comodo and says "Hello, I'm from Google, please, send me few certs" and they send. Many years ago, VeriSign failed in the same way. Who said that EKU extension is strictly followed? Examine the certificate at
https://login.live.com. Intermediate CA is not eligigle to issue end entity certificates for other purposes (EKU) than the ones listed in its own certificate. REALLY? But who cares? IE doesn't care. Policy constraints are
violated? Who cares if nobody will notice that (I didn't see the app that would complain so loud). But all this doesn't matter that you can do the same way. You still need to follow all rules, recomendations, best practices even if they are not mandatory.
It is a part of your PKI's success.
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell FCIV tool.

How do get the role from ldap session.

i am using the follwing getting the role from the request in openldap and j_security_check:
f(request.isUserInRole("manager")){
how can i use this in the session:

You might wanna change permissions for that attribute ...
Change it from Admin to OWNER and you should be able to then get it for any user ...
HTH ..

What are the roles required for MSS

What are the roles required for MSS in R/3.
I have created ESS roles. But need to find for MSS.
I am able to see the PERNR in ESS on portal which created in R/3.
I need to get my staff on portal.
What config is required for this.
MSS User.

HI
you will have to create manager as portal role and assigned to them necessary worksets containing necessary worksets look into the PCD in migrated content and line *?? folder you will have necessary ESS and Mss packages. and all configs is related to iviews system properties and transactions and applications you need to do it .please do not forget to give points
with regards
subrato kundu

What is the roles of technical and functional consultants in ESS/MSS area?

Gurus,
What is the roles of technical consultants in ESS/MSS area?
What is the roles of functional consultants in ESS/MSS area?
Please help me see the differences.
Thanks,

Hi Thaman,
Responsibility of functional consultant in ESS/MSS:- Functional configuration under SPRO > Employee self service and manager self service, then preparation of Functional specification design (FSD) if any deviation from standard SAP, Unit test plan preparation and all functionailty testing
Responsibility of Technical consultant:- Preparation of Technical specification design document (TSD), activation of work flow and creation of workflow if additional is required. Creatio of form like vacancy requisition form, new position creation form etc.
Also some kind of technical configuration is there in SPRO for workflow and form
Regards,
Purnima

How to stop BAPI_USER_ACTGROUPS_ASSIGN from overwriting the roles

Hello,
I m currently working on a program where I have to modify certain roles for users. What I am doing is using the FM BAPI_USER_ACTGROUPS_ASSIGN to collect all of the roles for the user, looping thru the table to get the role that needs to be modified, modifying the role, and then adding all of the roles back. I have to do this because when I tried to modify the 1 role, all of the roles that were assigned to the user were deleted and only this role that was ,modified was added back.
The program is built that process is working correctly. I have been informed by the security person who I am writing the program for, that when they check the information in SU01, they see that the roles were deleted and added back. , they say that our auditors are going to ask why this happening.
My question is - is there a way to modify a role without having to delete ad re-add all of the roles for a user
thanks in advance for the help

Timothy,
I'd love for you to re-post this question in the Security forum. .
If you found a way to modify roles via LSMW, eCATT or program ... we'll make you our king (no joking!). There simply isn't any way as far as we know - it depends on so many variables, e. g. which values have been adjusted in SU24 and so on, so there isn't a method (in the market now) to manage that. You might easily insert transactions and such, but to adjust the objects attached to said transaction (report/query ...) isn't even an algorithm one can phase with 100% accuracy (surely not over a variety of customers and never in Julius' presence).
Edited by: Mylène Dorias on Oct 1, 2010 2:20 PM
ETA: on second thought, I have re-read you original post ... could it be I misunderstand? Could you please elaborate what exactly you want to do to the role?

I would like to know the role of the each thread on coherence

Help me.
I would like to know the role of the each thread on coherence.
There are too many kind of threads.
Example ~
GC Slave     GC Slave     RUNNABLE
RMI TCP Accept-1972     RMI TCP Accept-1972     RUNNABLE
Health Center trace subscriber     Health Center trace subscriber     RUNNABLE
LT=0:P=342534:O=0:port=55170     LT=0:P=342534:O=0:port=55170     RUNNABLE
Attach API wait loop     Attach API wait loop     RUNNABLE
PacketListener1     PacketListener1     RUNNABLE
PacketListener1P     PacketListener1P     RUNNABLE
PacketListenerN     PacketListenerN     RUNNABLE
Cluster|Member(Id=1, Timestamp=2013-04-05 10:45:44.655, Address=192.168.240.157:8088, MachineId=50044, Location=site:,machine:TMTEST-PC,process:5316, Role=CoherenceServer)     Cluster|Member(Id=1, Timestamp=2013-04-05 10:45:44.655, Address=192.168.240.157:8088, MachineId=50044, Location=site:,machine:TMTEST-PC,process:5316, Role=CoherenceServer)     RUNNABLE
RT=0:P=342534:O=0:TCPTransportConnection[addr=192.168.240.157,port=55178,local=55170]     RT=0:P=342534:O=0:TCPTransportConnection[addr=192.168.240.157,port=55178,local=55170]     RUNNABLE
Finalizer thread     Finalizer thread     RUNNABLE
WT=10     WT=10     RUNNABLE
main     main     TIMED_WAITING
IpMonitor     IpMonitor     TIMED_WAITING
Invocation:Management:EventDispatcher     Invocation:Management:EventDispatcher     TIMED_WAITING
Invocation:Management     Invocation:Management     TIMED_WAITING
DistributedCache     DistributedCache     TIMED_WAITING
JMX server connection timeout 52     JMX server connection timeout 52     TIMED_WAITING
RMI Scheduler(0)     RMI Scheduler(0)     WAITING
Thread-6     Thread-6     WAITING
stop JMX Server on shutdown     stop JMX Server on shutdown     WAITING
Logger@9228429 3.7.1.7     Logger@9228429 3.7.1.7     WAITING
PacketReceiver     PacketReceiver     WAITING
PacketPublisher     PacketPublisher     WAITING
PacketSpeaker     PacketSpeaker     WAITING
WT=7     WT=7     WAITING
WT=9     WT=9     WAITING
-----------------------------------------------------------------------------------------------------------------------------------------------

Briefly
PacketListener1 PacketListener1P PacketListenerN - listening IO threads for TCMP transport protocol
Cluster|Member(Id=1, Timestamp=2013-04-05 10:45:44.655, Address=192.168.240.157:8088, MachineId=50044, Location=site:,machine:TMTEST-PC,process:5316, Role=CoherenceServer) - main thread for cluster service (discovery, node joing / leave, etc)
IpMonitor - IP monitor, participates in death detection scheme
Invocation:Management:EventDispatcher - Event dispatch thread for distributed JMX service in Coherence
Invocation:Management - main thread for distributed JMX service in Coherence
DistributedCache - main thread for DistributedCache cache service
Logger@9228429 3.7.1.7 - Coherence async logging thread
PacketReceiver - Thread dispatching incomming network packets
PacketPublisher - Thread sending out packets via TCMP
PacketSpeaker - Thread sending out packets via TCMP (offloads some work from PacketPublisher for better core utilization)

What is the Role that gives me access to JCO settings page?

Hi all,
I am at the customer site doing some WDP dev. I need to setup JCO so as to make use of RFC.
Customer has already assigned all the roles they have and i still cant access to the backend setting page.
What is the role to give me the access? how do i operate?
thanks guys!

Hi Erv2,
As you have mentioned that you are at your customer, then I presume you would want to get things fix ASAP. Thus I would suggest that you talk to your custmoer that they allow you to have the below authorisations or role assignment to your userID (you can ask one of their Portal Admin to sit with you while you work on it and at the same time, train him/her ).
As already mentioned by Koti, in the backend, ask for J2EE_Admin role to be assigned to you via SU01 transaction. Then next, ask them to give you the "Super Administration" role in the Portal via User management ...this role contains all the neceesary authorisation that a Portal Admin needs to execute most/all Portal admin activities.
Once you have finish setup, you can ask to remove the "Super Administration" role.
As a customer (myself), I give the necessary Admin role in Portal and/or J2EE authorisation on backend systems to our portal consultant with me next to him, so as a reasurring to the SAP security team and also to achieve needed knowledge transfer. Its a win-win situation.
If your customer does not want to give more authorisations...then the above mention roles/steps are to be follow..which at times, maybe afew steps instead of just 1.
Hope that helps.
Ray

Is it possible to export and import the roles and users tables?

Hi,
is there any possibility to export and import the role and user definitions?
We have a SAP MDM repository with a lot of roles and users and also with a lot of changes.
And now I'm searching for a fast and efficient way of managing the roles and users.
Thanks and Regards, Melanie

Hi Melanie,
There is no export/import functionality for roles and users. The only way to manage these in an automated way would be to write a program that uses the Java or ABAP APIs. Both APIs expose functionality to create, update and delete roles and users.
Hope this helps,
Richard

The role of Management ID

Similar Messages

Maybe you are looking for