UME Actions - Manage All User Passwords

Similar Messages

• How Can I change all User Passwords Within a Directory Instance

  Hi Experts,
  I've been asked to refresh an old directory instance with some production data.  Easy enough I thought, however, the user has requested that all user passwords within the old directory instance are preserved.  Is that at all possible?  My chain of thought was that I can extract user passwords from the old instance into a file: -
  # ldapsearch -D cn="Directory Manager" -w xxxxxxxx -b o=xxxxxxx objectclass=* userpassword > <name of file>
  And then then use ldapmodify (or alike) to re-import the user passwords once I've refresh the old instance with the production data.  However, to my knowledge, in order to modify a particular entry via a file, i'd need the following format: -
  dn: gci=-1,ou=people,o=xxxxxxxx
  changetype: modify
  replace: userpassword
  userpassword: xxxxxxxxxxxxxxxx
  The only information I have in the file I created using the ldapsearch command above is as follows: -
  dn: gci=-1,ou=people,o=xxxxxxxx
  userpassword: xxxxxxxxxxxxxxxx
  I don't want to have to edit the file and add the relevant missing entries accordingly as the generated file has somewhere in the region of 150 thousand entries.
  Am I approaching this the correct way?  Is there any other mean of achieving my requirement.
  Thanks in Advance.

  Hi,
  It does not seem a big deal to add the missing lines to your output file.
  For instance, the following awk command should do the trick
  cat search.out
  dn: gci=-1,ou=people,o=xxxxxxxx
  userpassword: xxxxxxxxxxxxxxxx
  cat search.out | awk '/userpassword/ {print "changetype: modify} ; print "replace: userpassword"; }  {print $0}
  dn: gci=-1,ou=people,o=xxxxxxxx
  changetype: modify
  replace: userpassword
  userpassword: xxxxxxxxxxxxxxxx
  Then you can use ldapmodify to apply your changes
  -Sylvain

• Oracle 10g all user password forget

  Dear all,
              my oracle 10g all user password forget so pls give me right way for sql+ login.
  regards
  vinod

  Hi Uta hedemann,
  I am Angeline Purnama,
  I was looking your answer above question, your answer is soooooooo good, I like that.... I have some confousing about oracle datbase...
  In SAP NW2004s
  1. When I goto DataBASE instance in Windows Env. I can see some folder like sapdata1, sapdata2, sapdata3, sapdata4
  it contance almost 20GB size of HDD what is basically inside ?
  2. How to Use BR* Tools, thats really confouse and I read lot of sdn help but still confouse how to setup step by step ?
  3. I forget basically my sqlplus username and password: you said you can go to look at SAPUSER table... but when I see that using Tr: SE16 that table doesn't exist...
  4. I want to get view one table name is XI_AF_MSG this is XML table I am not sure where is that table located...
  5. Why everyday archived background job are running and keep archived data ?
  Thanks in Advanced...
  Angeline Purnama

• Hide Gear Icon (Site Actions) from all Users Except Admin

  SharePoint 2013: I need to hide the gear icon (site actions) from all Users except the admin.  Please let me know the simplest and easiest way to achieve.  I basically have Users that fall into two groups - View and Edit.  For expansion
  purposes though, would like the solution to include and group that may be formed in the future.  Requirement is that only the Admin needs to see the gear icon.  THANKS!

  check the below link
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/ec876026-12dc-4afa-b2ae-61e98e843b20/how-to-hide-the-whole-site-actions-button-please-read-for-details?forum=sharepointgeneralprevious
  http://sharepoint.stackexchange.com/questions/53728/how-to-hide-only-site-action-using-securitytrimmedcontrol

• Workgroup Manager: Adv, User Password Type grayed out (was Shadow Password)

  I've set Workgroup Manager, Advanced, User Password Type: Shadow Password, Options to inactive after 90 days, fail after 5 attempts, allow user to change password, at least 8 characters every 90 days. Today after user logged in to the console, the user locked herself out remotely via sftp, ssh, & xterm from a WinXP PC running ReflectionX.
  I went to the console, used Fast User Switching to bring up my admin account (her account was still logged in), we reset the password with Workgroup Manager so the red X is no longer on her username.
  However, the Advanced User Password Type: drop down list is blank and grayed out and she can't log in? How do I reset this? The user has a lot of files, I'm afraid to delete and recreate the user account. That seems pretty drastic for an invalid password attempt. I've rebooted and ran Apple Updates for good measure. Any ideas how to put Shadow Password back in that box?

  To unlock the user's account, after backing everything up and noting the user's uid, home dir, groups, etc, we deleted the user in WorkGroup Manager and readded her putting the user id, home dir, etc back the way it was. Everything seems to work again. The home directory files were not deleted when the user account was deleted so everything just reattached.
  Still have no idea how we managed to get things so confused in the first place? The Server UI is so much more complicated and inconsistent from the client OS for dealing with users. The Mac OS X Server for Dummies book I found did not have a troubleshooting section and was no help in resolving this. We ended up contacting the Mac User's Group.
  I was blown away to get an email survey from Apple support asking me to rate my opinion of my help request. I didn't get any help! They told me my 3 years of AppleCare don't apply to the Server OS I installed separately after buying the mac. Mac OS X Server has 90 days of support that I never used but had expired. They offered to sell me a help ticket for $99.
  This has not lived up to the user experience I was hoping to have. I regret the day we "upgraded" to the server. Is there a way to downgrade? Now that there is only 1 unlimited version, we're totally stuck. We have no mac client connected, just PCs via sftp, ssh, vnc, & X windows...

• Actions for All users - Detection Problem

  I have created some action in illustrator and copied in the Presets\Actions folder. But it is not detecting for all users. Is there any way make the recorded action to be detected for all users?
  Version: Illustrator CS2 and CS3 Windows XP SP2
  The same way I did for photoshop is detecting recorded actions for all users after copying to default action folder.
  Thanks,
  Selvakumar

  Check the permissions on the files themselves. They certainly do not inherit the properties of the folder and thus are not readable by all users. "System" and "Everyone" should possibly have full access in that case.
  Mylenium

• RCA Managed SID users password locked

  Hi All,
  The configuration of the managed system went well for SID DR2. I have given Dialog user for the configuration of managed system and it created SMDAGENT_SMP and SAPSUPPORT users. But now when my Dialog user password is changed (due to its expiry), the RCA of some part is locking the Dialog user of managed system DR2 as its using same old password.
  My question is whether this behaviour is happend to anyone else, and if it happend how to solve it.
  Thanks,
  Rohan

  Hi Rohan,
  If you are refering to SAPSUPPORT user being locked, check if you have changed the password for this user in the Setup Wizard for the system DR2.
  1. Diagnostics Setup
  2. Managed Systems
  3. Setup Wizard
  4. Setup Parameters
  Under "Initial User/Passwords" inform the new password and rerun the setup.
  If you are refering to the Diagnostics agent user being locked, refer to "RCA User Administration Guide" section 2.3.8. There you will see how to update the password for this user.
  ["RCA User Administration Guide"|https://websmp204.sap-ag.de/~form/sapnet?_SHORTKEY=01200252310000086995&_SCENARIO=01100035870000000202&_OBJECT=011000358700000178012009E]
  Kind Regards,
  Allam Drebes

• List all UME actions of all Roles

  HI all,
           I need to list all the UME actions associated to all roles. I couldn't find any API suitable for this requirement. Can some one help me on this. ? 
  Thanks,

  Dear P734305
  Please have a look at [http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=16442|http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=16442] and search in the SDN. you can use the security api to list the UME data.
  Refer to [Security API |http://help.sap.com/javadocs/NW04S/current/se/index.html]
  Best Regards
  Arun Jaiswal

• Enabling Non technical person to reset all users passwords

  My director of operations would like to ability to reset passwords. Is there a slick product which can accomplish this sole task? I don't want her getting in to ADU&C. Thanks very much!

  Hi,
  Based on your requirement, you can choose either
  JiJi AuditReporter or
  JiJi Self Service Password Reset.
  Short summary of above products are as follows,
  - JiJi AuditReporter is an web based auditing and reporting tool, which facilitates user actions such as enable, disable, delete and password reset from the report UI itself.
  - JiJi SelfService Password Reset is a web based password reset / account unlock tool designed for enterprise categories such as Employees Self Password Reset, Help Desk Password Reset and Employees Self Profile Update. 
  Regards,
  Gopi
  JiJi
  Technologies

• I use the Norton toolbar feature that manages all my passwords. How can I go back to the former version of Firefox since 4 is not compatible?

  How can I go back to a former version of Firefox?

  Symantec need to update their Firefox add-ons so that they are compatible with Firefox 4. They have indicated that for Norton 360 they plan to release an update to Norton 360 to support Firefox 4 in early May - http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20100720113635EN&ln=en_US
  I do not know about the time scale for updates for other Norton products. Pending the update by Symantec, if you want to use the Norton add-ons you will need to downgrade to Firefox 3.6.
  To downgrade to Firefox 3.6 first uninstall Firefox 4, but do not select the option to "Remove my Firefox personal data". If you select that option it will delete your bookmarks, passwords and other user data.
  You can then install the latest version of Firefox 3.6 available from http://www.mozilla.com/en-US/firefox/all-older.html - it will automatically use your current bookmarks, passwords etc.
  To avoid possible problems with downgrading, I recommend going to your profile folder and deleting the following files if they exist - extensions.cache, extensions.rdf, extensions.ini, extensions.sqlite and localstore.rdf. Deleting these files will force Firefox to rebuild the list of installed extensions, checking their compatibility, and reset toolbar customizations.
  For details of how to find your profile folder see https://support.mozilla.com/kb/Profiles

• Standard UME Actions: Read_All

  Hi,
  I'm trying to allow the identity managment iview in my NW04s SP10 poirtal to read (but not modify) all the users/groups/roles and their relationships. Looking at [SAP Help|http://help.sap.com/saphelp_nw70/helpdata/en/5f/670db7939b8e48999d65f8a05ad611/frameset.htm], it sounds like Read_All is what I want.
  Enable a user to read user, group, and role profiles in all companies.
  This is a portal for our suppliers so the companies part is very important. However looking at the description of this action in the pcd properties is says:
  Read only access to users, roles and groups (belonging to one company only).
  This is a direct contradiction to SAP's documentation. So is there something I'm doing wrong or another way to do this?

  Yonko,
  The role's assigned to my test user are all user created. There are no other assigned actions that would interfere. I have not assigned the delegated user admin role as this would give more power to the user than we want. What we are going for is a role for our support people to be able to unlock and reset people's passwords. So we just want them to be able to be able to unlock and reset the passwords of all users in all companies, which I assumed manage all user passwords would do, but I am obviously missing something.
  Best Regards,
  Chris

• How to expire password for all users

  I need to be able to expire the password for all users. This is to prevent access by any user until each one is released individually (administrator will set a new password and notify user).
  Please could someone give me any tips on how to expire all users passwords.
  Thanks

  Login to the Internet Directory
  Select the user and modify its expiry date
  hope this helps u

• Guest and all users have invalid password

  Dear all,
  os oul5x64
  ebs 12.1.3
  when login from login page no one can connect because somehow guest user password was invalid.
  using note How To Successfully Change The Guest Password In E-Business Suite 11.5.10 and R12 (Doc ID 443353.1)
  and was able to change guest password and now had to change password for every users.
  This is a test ENV so not many users on it.
  Question: How can i find down what happened to GUEST and all users password.
  and where to check.
  Thanks in advance.
  Regards,

  Thanks Hussein,
  there is some error in the application.log file.
  Would you please advise.
  Regards,
  13/09/18 15:27:53.717 html: Servlet error
  java.io.IOException: Broken pipe
          at sun.nio.ch.FileDispatcher.write0(Native Method)
          at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:29)
          at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:72)
          at sun.nio.ch.IOUtil.write(IOUtil.java:43)
          at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:334)
          at java.nio.channels.Channels.writeFullyImpl(Channels.java:59)
          at java.nio.channels.Channels.writeFully(Channels.java:81)
          at java.nio.channels.Channels.access$000(Channels.java:47)
          at java.nio.channels.Channels$1.write(Channels.java:155)
          at com.evermind.server.http.AJPOutputStream.endRequest(AJPOutputStream.java:117)
          at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:317)
          at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
          at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
          at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
          at java.lang.Thread.run(Thread.java:662)
  13/09/18 15:32:25.704 html: OABodyBean, localName='body': Could not find partial target: PayablesReviewSettings
  13/09/18 15:33:50.414 html: OABodyBean, localName='body': Could not find partial target: PaymentMethodCode2
  13/09/18 15:33:50.414 html: OABodyBean, localName='body': Could not find partial target: PaymentDocumentName
  13/09/18 15:33:50.415 html: OABodyBean, localName='body': Could not find partial target: BankAccountName
  13/09/18 15:43:05.385 html: OABodyBean, localName='body': Could not find partial target: SendPaymentARFlag
  13/09/18 15:43:05.385 html: OABodyBean, localName='body': Could not find partial target: SSNId
  13/09/18 15:46:30.744 html: OABodyBean, localName='body': Could not find partial target: SendPaymentARFlag
  13/09/18 15:46:30.744 html: OABodyBean, localName='body': Could not find partial target: SSNId
  13/09/18 15:47:34.80 html: OABodyBean, localName='body': Could not find partial target: SendPaymentARFlag
  13/09/18 15:47:34.80 html: OABodyBean, localName='body': Could not find partial target: SSNId

• Where are all the UME actions and UME roles stored?

  Hi there,
  I had a look at the SAP<SID>DB.UME* tables, it seems to me that they are not stored there.
  What I wanted to achieve is to build a list of all user, user to role assignment, all UME actions, and role to action assignment so that we can do some analysis of the data.
  Another related question is about the SPML based java API for user management in UME. It only allows you to list all the UME roles. What about the J2EE security roles? It seems to me that by using this API, you can not get a complete picture of user authorization, which includes both UME role and J2EE security role. Any comments?
  Thanks in advance
  GG

  Hi,
  I would suggest to use [UME Java API|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/package-summary.html] instead of reading from the DB tables. You can get all users using methods of the class IUserFactory. The class IRoleFactory has method getRolesOfUser which gives you all roles for each user. Don't forget about roles assigned to user groups. Have a look also at package com.sap.security.api.acl. You should be able to get all ACL entries using [IAclManager|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/acl/IAclManager.html]. Especially, check the code example. I've never done this but from reading javadocs it looks like it should be possible.
  Have a look also at this [document|http://help.sap.com/saphelp_nwce711core/helpdata/en/a4/d39b3e09cdf313e10000000a114084/frameset.htm]. It describes the authorization concept of the AS Java.
  Cheers

• Adding a domain user to the admin role within the local user management breaks all metro apps for all users!!

  Hi,
  I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
  After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
  Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
  I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines. 
  First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
  Here are my exact steps of what I did to reproduce our problem:
  Complete format of HDD in preperation for a clean install
  Clean install performed
  Set up the machine initially with a local account
  Test metro apps - all working fine
  Open control panel from the desktop, click on System, change the system to join the domain, click reboot
  Log into the system using my domain account
  Test metro apps - all working fine
  Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
  I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
  In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
  I click add and then add my domain account - also giving it administrator access
  Sign off or reboot to ensure the new security is applied
  Sign back in to the domain account
  Test metro - ALL BROKEN
  Sign out
  Sign in as local account
  Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
  So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
  Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
  could fathom was a full re install and not giving the domain user admin access to the local  machine.
  Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
  Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
  I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
  soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
  Thanks

  Hi Juke,
  Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
  I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
  your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
  in event viewer.
  Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
  information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
  Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
  Under "Applications And Services Logs" --> "Microsoft" -->  "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
  Windows.Launch contract failed with error: The app didn't start."
  If you require any further information just let me know and I will provide as much as I can.
  Thanks