UME Role and Action

I am developing a recursive tree in a Web Dynpro App. My tree has some nodes and subnodes. Under the subnodes i have documents. Depending to the permission of the users should be decided what can the user do with the documents, for example, create, upate, delete and so on. I need to check the authorization of users. I want to follow the conzept like the Web Dynpro tutorial RentCar APP with Actions und Permissions. If a user logs on, i can get his UME role and group. My question is: if it is possible to list the permissions behind of one specific role, which is assigned to the user or a group.
In short I want to list the permissions and not only check if the user has it or not.
Please help me.
Regards
Hairong Zhao

Hi Sudhir,
thank you very much for your quick answer. But it can't resolve our problem really.If we only use hasPermission() method to check if the user has right, the efford to check user in our case is too great .
I try to describe our problem exactly. In our case, thers is possible that tausend documents can be attached to a node. we can't create a permission for every document. We create for every node a role, but for document we haven't role. If we don't use the conzept with Actions and Permissions, how can we check the permission of the users, have you another idea?
Regards,
Hairong Zhao

Similar Messages

Fetch PCD and UME roles and worksets

Hello,
I want to fetch PCD and UME roles and worksets of the logged in user in a web dynpro java application. Can some one help ?
Regards
Mrinalini

hi mriNalini
check this wiki links for web dynpo java
[Retrieving all iViews,pages,worksets from PCD |http://wiki.sdn.sap.com/wiki/display/WDJava/RetrievingalliViewsfromPCD]
[web dynpro java home page wiki|http://wiki.sdn.sap.com/wiki/display/WDJava/WelcometoWebDynproJava%21]
[Get Current Logged In User, using Web Dynpro for Java |http://wiki.sdn.sap.com/wiki/display/Snippets/GetCurrentLoggedInUser%2CusingWebDynprofor+Java]
and
[Fetching all the Portal Roles Assigned to the Current Logged in User, Using Web Dynpro for Java|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/80ef07f8-3e6c-2b10-9cb7-81d4ef2e294a?QuickLink=index&overridelayout=true] ( document)
hope these links solve your problem
Regards,
Maheshchandra

Custom UME Role with action: Manage_All_User_Passwo

Hi all,
I have to create a custom role on EP. This role has to able a user to manage the password of all user (only password).
i created a custom UME role Reset_PWD and I add the following action
Manage_All_User_Password
I attribute this role to a user.
When I logon with this user I get an error: Page not found.
Any suggestion to solve my problem?
Thanks in advantage
Enzo

Hi Enzo,
The reason why you are getting this error is because you have assigned just the role and an action to it. There is no content attached to the role.
For this requirement, I am not sure if adding any existing iview will help or not.
Thanks,
Nikhil

Roles and Action

Hi,
I need a clarification about this basic funda.
administrator user belongs to Administrator Group.
Administrator group contains 2 roles i.e.Administrator role and Superadmin role.
Administrator role contains Manage_all and JMXManage_all actions.
Superadmin role contains Manage_all and Aclsuperuser actions.
Now if I create a role that contains Manage_All,JMXmanage_All actions and Aclsuperuser actions , and If I assing this role to a user call "test", is the test user same as the administrator? As I did this but could not get the desired result. Kindly help me out in understanding this concept.
cheers
Naveen.H
P.S. Loads of points would be awarded..

Hi Naveen,
The MANAGE_LICENSE permission is part of the Manage_all action which is only assigned to the super admin role. Therefore only users who have the super admin role assigned are able to manage licenses.
The administration tools of the portal, such as the Cluster Administration Console and other components in the package com.sap.portal.runtime.system.console, cannot be used by roles which are not super administrator.
Roles defined in the UME parameter: "ume.portal_admin.role" are super
administrators.
Cluster Administration Console, administration tools, super_admin
Because these tools have a great impact on the security of the portal, only the super administrator has the rights to work with them. When launched, these tools check whether or not the user is a super administrator.
These tools can be used if the user has one of the roles defined in the
UME parameter: "ume.portal_admin.role".
The portal comes with a minimal set of permissions assigned to its initial content. These default permissions are designed to provide maximum security for a freshly installed portal.
The default permissions settings are sufficient to enable users assigned to the super administrator role to work and gain access to all initial content. They also enable the remaining standard administration roles (content, system, and user) to access tools specific to these roles, but not to initial content objects. For example, a content administrator has access to the Portal Content Studio, but is not able to gain access to any content objects, such as iViews, pages, and rolesthe Portal Catalog in the Portal Content Studio is empty.
This topic describes the default permissions assigned to the initial content of the portal.
The initial permissions are only valid for a fresh and full installation of the portal. When upgrading a portal, the initial permissions script in the portal is not executed. This prevents the permissions in an existing portal from being overwritten.
For guidelines on reconfiguring the strict initial permissions to allow the pre-configured portal roles to access initial content objects relevant to their role, read Configuring Permissions for Initial Content in SAP Enterprise Portal 6.0 (SP9 & Higher)
Permissions for Super Administration Role
The standard super administer role is assigned maximum access to the entire set of portal initial content.
The user store and data source of the User Management Engine used in your organization determines which standard administrator users are members of the standard Administrators user group after the portal is installed. The Super Administrator role is assigned by default to the Administrators group. Therefore, initially all standard administrator users have super administrator permissions in the portal.
Cheers,
Shaym

Notification Task needs UME role and other value

Hi Experts,
I have a BPM notification task which needs to go to two UME roles (always same) and a UME user (dynamic selection).
This UME user is already stored in my context data.
However, when I configure the "To" tab of the notification task, how do I achive this.
If I select "Choose one or more UME principles" - I can assign the 2 UME roles. But then how do I get that UME user?
Please help.
Thanks,
Rahim.

Hi Rahim,
You want to use an expression and one of the getPrincipal built-in mapping functions.
How are your user id and role names formatted? If you have the full UME name you can use getPrincipal or getPrincipals (for a list of values).
If you only have the name itself then you use getPrincipalByUniqueName - the identityType parameter is 1, 2 or 3 indicating whether its a user, group or role respectively. That only returns a single value ... so if you need to process multiple values then suggest you create a EJB-based mapping function using the UMFactory API to do something similar.
Regards,
Jocelyn

Where are all the UME actions and UME roles stored?

Hi there,
I had a look at the SAP<SID>DB.UME* tables, it seems to me that they are not stored there.
What I wanted to achieve is to build a list of all user, user to role assignment, all UME actions, and role to action assignment so that we can do some analysis of the data.
Another related question is about the SPML based java API for user management in UME. It only allows you to list all the UME roles. What about the J2EE security roles? It seems to me that by using this API, you can not get a complete picture of user authorization, which includes both UME role and J2EE security role. Any comments?
Thanks in advance
GG

Hi,
I would suggest to use [UME Java API|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/package-summary.html] instead of reading from the DB tables. You can get all users using methods of the class IUserFactory. The class IRoleFactory has method getRolesOfUser which gives you all roles for each user. Don't forget about roles assigned to user groups. Have a look also at package com.sap.security.api.acl. You should be able to get all ACL entries using [IAclManager|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/acl/IAclManager.html]. Especially, check the code example. I've never done this but from reading javadocs it looks like it should be possible.
Have a look also at this [document|http://help.sap.com/saphelp_nwce711core/helpdata/en/a4/d39b3e09cdf313e10000000a114084/frameset.htm]. It describes the authorization concept of the AS Java.
Cheers

UME Roles for PDF Actions

Hello All,
Can you please let me know which UME roles I need to add in NWA to enable PDF actions in MII workbench for my user. For e.g. I want to use the Generate Documentation feature and even after following SAP notes 1325997. Its still disabled.
Thanks,
Kiran

Hi Jeremy,
Thanks for your help in answering our questions. I tried adding the PDF actions XMII_PDF* to one of our roles assigned to the user and still the Generate Documentation icon is disabled. I followed the steps provided in 1325997
Solution
1. Download and unzip the attached pdfactions.zip file to your local
machine.
2. Obtain version 1.4.5. of
the third-party iText.jar and iTextAsian.jar, from
http://www.lowagie.com/iText/download.html and save to your local machine.
3. Rename the files iText.jar and iTextAsian.jar making sure to match the
noted case.
4. Open a browser window and navigate to the SAP xMII Administration
Menu at http://<server>:<port>/XMII/Menu.jsp.
5. On the SAP xMII Administration Menu, choose System Management ->
Custom Actions. The Custom Actions screen appears.
6. To upload the .jar files to SAP xMII, click Upload. PDFActions.jar is
the assembly .jar file, and iText.jar and/or iTextAsian.jar are the
dependency .jar files.
I also restarted my server to make sure the changes will be activated but so far I have been unable to make it work.
Thanks,
Kiran

Import of XML file failed in portal using XML Content and Action

Hi Friends,
I am trying to import the simple XML file which is just creating the folder in the PORTAL_CONTENT using XML CONTENT AND ACTIONS which is one way of creating the portal content. GO TO SYSTEM ADMINISTRATION > TRANSPORT > XML CONTENT AND ACTIONS > IMPORT.
The reason for using this import tool is to upload the backend Business roles, which is not not working on our corporate portal. To test the import functionality I used the following xml file (I got this XML file by exporting the test folder in the portal using the same tool)
<GenericCreator author="XML Creator" version="XML Automatic Creation" mode="clean,execute" report.level="success" createMode="1" default.locale="en" ignore="false">
<Context name="portal_content" objectClass="com.sap.portal.pcd.gl.GlContext"></Context>     <Property name="parent1" value="pcd:portal_content"/>
     <Context name="com.dri.fldr.im" objectClass="com.sap.portal.pcd.gl.GlContext" create_as="0" parent="$">
          <Attributes>
               <Attribute name="com.sap.portal.pcm.Description" type="text">
                    <AttributeValue value="" locale=""/>
                    <Attribute name="administration" type="string">
                         <AttributeValue value=""/>
                    </Attribute>
                    <Attribute name="Inheritance" type="string">
                         <AttributeValue value="NONFINAL"/>
                    </Attribute>
               </Attribute>
               <Attribute name="com.sap.portal.pcm.Title" type="text">
                    <AttributeValue value="test" locale=""/>
                    <AttributeValue value="test" locale="en"/>
                    <Attribute name="administration" type="string">
                         <AttributeValue value=""/>
                    </Attribute>
                    <Attribute name="mandatory" type="string">
                         <AttributeValue value="true"/>
                    </Attribute>
                    <Attribute name="Inheritance" type="string">
                         <AttributeValue value="NONFINAL"/>
                    </Attribute>
               </Attribute>
          </Attributes>
     </Context>
</GenericCreator>
SDN BLOCKED THE XML The above XML file works fine in other portal in the landscape but not in corporate portal ( which is freshly build recently).Following error message is display when i am trying to upload the file
Status Name Action Type Comment
General Extracting root node E:\usr\sap\EPD\JC00\j2ee\cluster\server0\%USERPROFILE%\AppData\Local\Temp\tmp_masscontent4135391959047431276.xml Failed to extract root node
General Extracting root node E:\usr\sap\EPD\JC00\j2ee\cluster\server0\%USERPROFILE%\AppData\Local\Temp\tmp_masscontent4135391959047431276.xml Parsing failed .
Dont know is there a service/ configurations needs to be done to enable this feature?.
Thanks
Edited by: hammad on Sep 4, 2009 5:48 PM
Edited by: hammad on Sep 4, 2009 5:49 PM

The problem statement is not very clear.
Try following this how to guide [https://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/207a2141-c870-2910-e080-90c920b24f47&overridelayout=true|How-To]
Best Regards,
Prasanna K

Export: ". exporting post-schema procedural objects and actions"

Hi all,
I am trying to do a full database export from the server and an import to another PC.
I tried exporting recieved the following warnings:
. exporting synonyms
. exporting views
. exporting referential integrity constraints
. exporting stored porcedures
. exporting operators
. exporting indextypes
. exporting bitmap, functional and extensible indexes
. exporting posttables actions
. exporting triers
. exporting matrializes views
. exporting snapshot logs
. exporting job queues
. exporting refresh grups and children
. exporting dimensions
. exporting post-schema procedural objects and actions
EXP-00008: ORACLE error 903 encountered
ORA-00903: invalid table name
ORA-06512: at "SYS.DBMS_RULE_EXP_RL_INTERNAL", line 311
ORA-06512: at "SYS.DBMS_RULE_EXP_RULES", line 142
ORA-06512: at line 1
EXP-00083: The previous problem occurred when callig SYS.DBMS_RULES.schema_info_exp
. exporting user history table
. exporting defualt and system auditing options
. exporting statistics
Export terminated successfully with warnings.
I been through the forum and was advised to run the catalog.sql, then rerun the exp command.
I did as suggested but the export hangs at the last line:
Export donw in WE8MSWIN1252 character set and AL16UTF16 NCHAR character set
About to export the entire database ...
. exporting tablespace definitions
. exporting profiles
. exporting user definitions
. exporting roles
. exporting resource costs
. exporting rollback segment definitions
. exporting database links
. exporting sequence numbers
. exporting directory aliases
. exporting context namespaces
. exporting foreign function library names
. exporting PUBLIC type synonyms
. exporting private type synonyms
. exporting object type definitions <- hangs here
Is there a way to resolve this? Or should I approach another method?
Any of your help is greatly appreciated. Thank you.
Thanks and Regards
San

I am also trying to figure all the stuffs out. I try to answer as much as I know. Thanks.
What is the export utility version?
Using exp, "Export: Release 9.2.0.1.0"
What is the import utility version?
Using imp, "Import: Release 9.2.0.1.0"
What version of Oracle database are you trying to export?
9.2.0.1.0
Into what version of Oracle database are you trying to import?
9.2.0.1.0
What are the database character sets and values of environment variable 'NLS_LANG' for each case?
Not sure about this but I didnt change any parameters of the character set, should be
WE8MSWIN1252
Using WinXP OS, <- quite problematic, having a hard time trying to configure. :(

Provisioning EP roles and user groups through CUP

Hello experts,
I am configuring EP provisioning through CUP.
I created the EP connector as per the instructions in the config guide. But I have not added any parameter values or did any field mapping. I have imported necessary Portal roles.
My EP connector is tested successful. But when I try to provision a role through CUP, I get this error:
Error processing your request, Request no: 4 in stage : NEW_AS11.
In the log it shows, Field Mapping is not set for Application (EP)
But when I go to field mapping, I get this error for EP.
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
I could not find much documentation on fieldmapping.
Are there any steps that I am missing for EP provisioning?
Thanks in advance..
Kee

Thanks for your response.
I have set up the parameters while setting up the EP connector in CUP.
My role search URI is correct but I am not sure about the last three parameters...
ASSIGN_GROUPS:OC sapgroup
ASSIGN_ROLES:OC saprole
CHANGE_USER:OC sapuser
CREATE_USER:OC sapuser
CREATE_USER:password password
DELETE_USER:OC sapuser
LOCK_USER:OC sapuser
LOCK_USER:islocked true
RESET_PASSWORD:OC sapuser
RESET_PASSWORD:password password
ROLESEARCH_URI - http://portalserver name:port number/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
ROLESEARCH_URI_USERNAME - same user Id I provided for the connector
ROLESEARCH_URI_PASSWORD See your system administrator for the value.
UNLOCK_USER:OC Sapuser
UNLOCK_USER:islocked false
ROLE_DATA_SOURCE -- ROLE.UME_ROLE_PERSISTENCE.un:   ??? What is the role data source?? Is the value that is provided is correct for the UME roles
SCHEMA_ID SAPprincipals   ?? What does this Schema Id mean???
USER_DATA_SOURCE ???? Should we mention the user data source on the Portal system. In our case, it is the LDAP. But what would be the corresponding parameter value for LDAP.
So when I go to field mapping to create one for EP, I get the following error:
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
Log Details:
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR Error in gettting Field Def
com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
     at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
     at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
     at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
     at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
     ... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
     ... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
     at com.sap.engine.lib.xml.parser.XMLParser.scanAttValue(XMLParser.java:1403)
     at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1577)
     at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1712)
     at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
     at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
     at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
     at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
     at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
     at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
     at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2845)
     at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:231)
     at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
     at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:160)
     at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:261)
     at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
     at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
     ... 31 more
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
com.virsa.ae.core.BOException: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:134)
     at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
     at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
     at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
     ... 22 more
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
     at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
     at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
     ... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
     at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
     at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
     ... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
Appreciate your response.
Thanks
Kee

Roles and authorizations in BI content

Hi experts,
I'm trying to define a very simple scheme of roles and authorizations for my queries.
So, i'm trying to limit the acess by infocube and DSO, but I'm missing the authorizations objects for Cube and DSO.
I know that authorization object for queries it's S_RS_COMP.
So my roles would be something like
BI_ROLE_FI
Authorization Object                                  Autorization Object Value
Acess query (S_RS_COMP)                         NA
Infoobject (whats the object???)                   0FIGL_C01
DSO (whats the object???)                            0FIGL_O14
BI_ROLE_PUR
Authorization Object                                  Autorization Object Value
Acess query (S_RS_COMP)                         NA
Infoobject (whats the object???)                   0PUR_C01
Can you help me find out whats the missing information
Thanks and regards
Joana

Hi,
Iu2019ve gave authorization to the object youu2019ve mentioned, but itu2019s still not working.
Basically what I have is the following:
One role that allows me to execute queries, workbooks, etc.
A second role, dependent on the area of work, that should allow me only to have access to queries from cubes/MP/DSO that are specific to users area.
I will then give each user role 1 + the adequate role 2, depending on their work area.
For role 1 I have got:
S_RFC
Activity: 16
Name of RFC to be protected: *
Name of RFC object to be protected: *
S_TCODE
Transaction code: RRMX
S_GUI
Activity: 16
S_USER_AGR
Activity: 01, 02, 03
Role Name: ANLG_BI_01
S_USER_TCD
Transaction code: RRMX
S_RS_AUTH
BI Analysis Authorization: BI_ALL
S_RS_COMP
Activity: 03, 16
InfoArea:*
InfoCube: *
Name (ID) of a reporting component: *
Type of a reporting component: *
S_RS_COMP1
Activity: 03, 16, 22
Name (ID) of a reporting component: *
Type of a reporting component: *
Owner (Person Responsible) for a reporting Component: *
S_RS_TOOLS
Logical Command Name: THEMES
Iu2019ve tested this role, and it works u2013 they can access queries, create workbooks, create permanent model workbooks
For role 2 u2013 Finance I have
S_USER_AGR
Activity: 01, 02, 03
Role Name: ROLE2
S_RS_ADMWB
Activity: 03,66
Data warehousing workbench Object: INFOAREA
S_RS_ODSO
Activity: 03
Infoarea: 0FIGL_ERP
DataStore Object: 0FIGL_014
SubObject for ODS Object: *
S_RS_ICUBE
Activity: 03, 66
Infocube SubObject: *
Infoarea: 0FIAP
InfoCube: 0FIAP_C02
S_RS_MPRO
Activity: 03
Infoarea: 0FIN_REP_SIMPL_1_ERP
MultiProvider: 0FIAP_M20, 0FIAP_M30
MultiProvider SubObject: *
I then gave to my test user this 2 roles, and with that user I can still see every infoarea, and access all reports.
I will have more specific roles u2013 to other areas (SCM, TV, etc), but I chose this one has an example.
First question I have: can I manage my requirement in 2 different roles: one for action that can be performed (role 1) and other for areas that they can access data from (role 2)?
What objects/restrictions am I missing in role 2?
Many thanks
Joana

UME Roles/Groups problem

UME Roles/Groups problem
I have installed an ABAP +J2EE instance with the view of using it for Adobe Document Services.
While following the Adobe Document Services configuration guide, Step 3.2.1.1:
I'm creating a role in the ABAP engine, creating a user (ADSUser); creating and assigning the role (ADSCallers) to it.
When I start visual admin, i expect the user to be shown under the 'group': ADSCallers.
While I can see the user in visual admin, I'm unable to see the group (role in ABAP instance)
I'm on SP19 NW2004. Any views???

There is a delay before roles show up as groups on the Java side. The delay runs about 30 minutes. See http://help.sap.com/saphelp_nw04s/helpdata/en/45/af3ac012d32e78e10000000a155369/frameset.htm
-Michael

What are the Roles and Responsibilities of SAP Testing Consultant?

Hello,
           i want to know about The Roles and Responsibility of SAP Testing Consultant,,pls anybody guide me Real time scenarios.
regards,
Balaram

Understanding the business scenarios
Organization Structure to incorporate the tune of the script.
Preparation of test scripts
Execute and record results to see if it is fine before going to approval.
Make changes to your test script if required.
What is Test Script (Scenario Testing)
Header Data
Step in Process
Transaction Code / Program (FB60)
Menu Path
Description
Field Data and actions to complete
Expected Results
Actual Results
TPR
Closing Period
F.19 Clearing GR/IR Account
F.13 Adjustments GR/IR Account
Using of these above two accounts will help us in clearing the balances and adjustments to those respective clearing accounts so that the GR/IR account will be zero balance and the balances will appear in respective reconciliation accounts accordingly the balances will be carried forwarded to next fiscal year.
GR/IR Clears the following Documents
GL Document
Customer Documents
Vendor Documents
Assignment Field is important in any document (ZUONR), Amount (DMBTR)
Foreign Currency Valuation
Lowest Value Method, If we are in loss then only we will account for it.
GL Accounts which are important in Testing
Enjoy Transaction   - FB50
Normal Transaction - FB01
Document Parking   - FV50
Post with Clearing   - F-04
Incoming Payment   - F-06
Outgoing Payment   - F-07
Document Related
Reset Cleared Items   - FBRA
Parking Document Posting - FBVO
Reversal Documents   - F-14
Company Code Clearing A/C
(Trial Balance purposes) reversal - (FBUB)
Clearing Account
Partial clearing Invoice - 100 - Open Item
                           Paid -   70 - Open Item
                       Balance -   30
In Partial Clearing you can see 100 and 70 are cleared line items and 30 as balance and if it is in Residual you can only 30 as balance as it creates new line item and you canu2019t see the other cleared line items.
As no company will use residual clearing as it affects on ageing reports.
Open Items in Foreign Currency in all Modules GL/AP/AR - F.05
Master Data
Company Code
Currency
Only Balances in local currencies
Reconciliation Account Type
Year End Scripts
Re Grouping Receivables / Payables - (F101)
Bad Debts Provisions u2013 Scripts
We assume that the customer has not paid at the end of the year you doubt whether this receivable will ever be paid. So you make a transfer posting for the receivables to an account for individual value adjustments using special GL Indicator E and Transaction Code F-21
Carry forward Balances
Sub Ledgers and General Ledger balances to be forwarded to next Fiscal Year
Accounts Payables
Vendor Down Payments
Invoice
Parking
Reversal
Outgoing Payments
Automatic Clearing
Manual Clearing
Advance (Down Payment)
Post with Clearing
Post without Clearing
Reset Clearing
Carry forward
Regrouping
Foreign Currency Valuations
Accounts Receivables
Customer Down Payments
Invoice
Parking
Reversal
Incoming Payments
Manual Clearing
Advance (Down Payment)
Post with Clearing
Post without Clearing
Reset Clearing
Carry forward
Regrouping
Foreign Currency Valuations
Other than that, it is important to know the following:
Unit Testing
When you test every single document is called unit testing.
String Testing
One transaction full activity is called string testing . For example Vendor invoice, goods received and vendor payment.
Integration Testing
It is purely with other modules and we have to check whether the FI testing is working with other related modules or not.
Regression Testing
Testing for whole database. Bring all the data into another server and do the testing is called regression.
UAT
When we test any particular document with the user and if it is ok immediately we have to take the signature on the document, which is signed off and can be forwarded to the immediate boss. There are some steps to be followed when we go for user acceptance testing.
Transaction u2013 Script Writing u2013 Expected Results u2013 Compare with Actual Results
TPR (Transaction Problem Reporting)
While doing the user acceptance testing if we get any problems then there are some methodologies to be followed according to the companyu2019s policy and normally as a tester we always need to write on Test Script itself.
Hope this helps you.
Regards,
Rakesh

SP12: Auto-provisioning failed for role with action "keep"

Hi,
If you want to keep an exisiting role for a user in CUP. It wasn't possible to change the validity of the role. Therefor you have to set parameter 145 value to 1 in database table VIRSA_AE_ERMCONFIG and refresh cache in CUP(solution with SP11).
But know we have problemes with the auto-provisioning.
We can enter the other validity of the role and after that the request provisioning failed. In our workflow the request rerouted to the admin because of escape-route settings. All other new roles in the request are assigned well to the user in the backend system.
Any ideas?
Many thanks,
Alexa

Hi,
we actually have the same Problem, that changes to the role validity with action "keep" are not provisioned to the SAP system.
If it is only possible to change the validity with the action "add" it is not possible to limit the validity of a previously unlimited role. Because as you said another role with the new validity dates is simply added to the existing roles.
The only workaround would be to delete the old role and add a new one with new validity dates. But in my opinion this workaround is not acceptable for the users.
Best Regards
Jonas

GRC5.3 UME roles & CUA

Hi,
I am implementing GRC in an environment with a CUA and have the following questions
1. Is it possible to configure GRC & CUA so that the UME users and roles can be provisioned through the CUA?
2. In this case of having a CUA would this be used as the user master source for RAR?
3. Am I right in assuming that single sign-on will not be possible until I have linked the portal to GRC?
Thanks,
Niamh

Hi,
> 1. Is it possible to configure GRC & CUA so that the UME users and roles can be provisioned through the CUA?
>
Yes, this is possible.
> 2. In this case of having a CUA would this be used as the user master source for RAR?
>
Yes.
> 3. Am I right in assuming that single sign-on will not be possible until I have linked the portal to GRC?
>
I am not able to understand that you mentioned linked Portal to GRC ? which portal you want to link to GRC ?
Also, Check SAP Note 1099011 - Limitations of using CUA with GRC Access Control
Thanks
Sunny

UME Role and Action

Similar Messages

Maybe you are looking for