Updating the SAP IDM Provisioning Framework
HI Laurent,
I know this has been posted and answered for some time but reading the documentation on how to upgrade the provisioning framework is not really clear to me what will happen and I am hoping you have the experience now to help me (importing the SAP Provisioning Framework.mcc file).
Reading the documentation it sounds like the whole provisioning framework from SAP should have been disabled and renamed during implementation but all I have done is use the SAP framework and put the custom tasks in a different folder.
In the identity center I have the provisioning framework folder and underneath I have custom tasks, core and connector folders. Do you know if I import the new .mcc file will it overwrite my custom tasks folder and effectively delete it?
Many thanks,
Andy
Andy,
I branched this off as a new question. Take a look at these documents as a start.
Updating the SAP Provisioning Framework Version 2 - SAP NetWeaver Identity Management Provisioning Framework for SAP Sys…
https://websmp205.sap-ag.de/~sapidb/011000358700001230022010E
However, the basic process is just to import it. You should make sure that you have backups first. Note that there are some options when importing that will help you through controlling what gets overwritten. Best practice is always to make sure that your active provisioning framework is renamed so that when you import the new version it will not cause conflicts. I've never really had to upgrade my frameworks so hopefully someone out there will have some "hands on" advice to share.
Matt
Similar Messages
-
Updating the SAP Component Repository in the SLD
Hi All,
Can I get someone to clarify note 669669 - Updating the SAP Component Repository in the SLD for me?
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D36363936363926
Currently, I am on version:
My Solution Manager is telling me:
I don't see a newer version. Am I reading this incorrectly?
Thanks,
DianaThe problem is with the CR Content version which is on 9.0 patch level and I see patch levels 12 and 13 available on SMP
Check this article and update the CR Content
http://scn.sap.com/docs/DOC-41516
Regards
RB -
Revision: 14640
Revision: 14640
Author: [email protected]
Date: 2010-03-09 06:44:21 -0800 (Tue, 09 Mar 2010)
Log Message:
updating the ignore patterns for frameworks/libs, projects/automation_airspark, and rsls
QE notes: no
Doc notes: no
Bugs: sdk-25755
Reviewer: carol
Tests run: no
Is noteworthy for integration: no
Ticket Links:
http://bugs.adobe.com/jira/browse/sdk-25755
Property Changed:
flex/sdk/branches/4.x/frameworks/libs/
flex/sdk/branches/4.x/frameworks/projects/automation_airspark/
flex/sdk/branches/4.x/frameworks/rsls/Thats good news.
-
Response payload is not updating the SAP tables in Sync Interface
Dear Experts,
We are doing the ECC to SFDC sync interface by using the ABAP Proxy to Webservice ICO scenario (SOAP to SOAP).
The response payload from SFA has having the SOAP envelope, to remove this I have used the Java mapping with this we resolve the normal graphical mapping issue and ECC is able to get the response at MONI level.
But the response payload is not updating the ECC SE11 tables at the proxy level.
I have attached ECC synchronous proxy testing results with response payloads. With this original response payload the proxy is not updating the tables.
Please help me out.
Regards
RKHi RK,
Set run-time parameter( LOGGING_SYNC) to 1 in Integration Engine (SXMB_ADM --> Integration Engine Configuration -> Edit configuration ) . LOGGING_SYNC may have set to 0 in IE. If LOGGING_SYNC is set to 0 , IE will not save or write the messages .
Note: If PI system is Java only stack , please perform above step in ECC.
Thanks
Hari. -
How do you update the SAP Integration Kit license?
When your SAP Integration Kit license has expired, how do you update it?
For example : In designer, not being able to create OLAP universes on SAP BW anymore.
Thank you,
RaphaëHi Ingo
do you know, I,ve tried to put in the licens key in CMC for int.kit that I got from SAP self and also another from the marketplace page.
I getting message:
Currently held license keys (Select a key to see its licensing information)
License Key Error: Invalid Key : <my key>
There is no license added for int.kit in CMC right now, do I need to have it?
Reason to this is that we got some connection error: "The specific module could not be found" and error "WIS 10901"
This after Infoview and "refresh data"
From my opinion I would guess that this is licens problem?
Can you please help us?
regards Jacob -
IDM70: SAP Provision Framework & Role-Approvals
Hi all
How can I use the SAP Provisiong Framework (PF) with Role Approvals?
User-Provisioning works fine without any Approval Tasks. I can create a user in the Workflow and assign a role which triggers the SAP PF Provisioning-Tasks for Exchange/ADS and SAP ABAP.
Then I tried to assign a Role where I defined an Approver and an Approval task. I expected that after the Role assignment is approved the respective Provisioning Tasks (ProvisionADS, ProvisionABAP) are started automatically, but they aren't.
The Approval is raised in the Workflow, I approve it and nothing happens. If I look at the User-Details the role is not assigned to the user.
Do I have to link the SAP PF-Provisioning Tasks to the Approvals Approve-Node?
If yes, do I have to define an approval task for every system-type and possible combination of systems???
Or what else should I include in the Approve-Node?
Any help appreciated.
Regards
MichaelOK, I solved the question:
I followed the "Implementing pending approvals" Tutorial step by step and "wrapped" my ApprovalTask with an PreprocessApprovers and a CommitApproval task. But I'm quite sure the CommitApproval Task would be sufficient.
This leads to another question in the same area:
If I use an Approval Task with a defined Approver and Sub-Tasks in its Approve/Decline-Nodes (as I use for e.g. Workflow public "Create User" Task) I see the Approval in the Monitoring Approval Queue.
The MX_PENDING_VALUE created during the Role-Approval is not listed there.
What is the difference, technically speaking, between a Role-Approval (MX_PENDING_VALUE) and a "normal" Approval (Task + Subtasks)?
Why do I have to commit the one and not the other?
What other usage has the MX_PENDING_VALUE / Where else is it used (since it is more complex than simply creating an "interrupting" Approval Task)?
Points still available
Regards
Michael
Edited by: Michael on Jul 20, 2009 5:06 PM -
ActiveDirectory - SAP IDM integration in Identity Life cycle Management
Hi Experts
In our landscape SAP HCM is supposed to be the leading data source and SAP IDM takes identity information from SAP HCM. From SAP IDM it will provision into Active directory and other third party systems, Sap systems.
Here are the questions
1) How can we leverage on the investment on Active directory after SAP IDM -Active directory investment ? I mean after SAP IDM comes to a landscape, Active directory will only be used to login to domain and for authentication if for java system Active directory have been set as user data source. What are the other advantages of Active directory- SAP IDM integration as Active directory will not be leading data source and identity information will be in identity store.?
2) After the user details are taken from SAP HCM system, will the user record will be created in SAP IDM on Identity store ? Is it where we actually assign the SAP IDM business role and the related technical role to the user?
3) Suppose if we assign a business role " employee " , will IDM actually create user id in all target system and assign all the technical roles? . Or we have to manually select each repository for target system in Identity center and select the privileges and provision it ? Will there be any automated feature that after assigning the business role to identity in identity store users and roles get automatically provisioned on all the target systems?
Thank you in advance for your help.Hi Matt,
Thank you very much.
Only change we have is before approval it should go to GRC AC check all the compliance and only after that it is approved and it should come back to SAP IDM .
I am actually looking for a tutorial which actually shows how you assign a business role and the whole procedure of SAP IDM automatically provisioning to target systems which you have just explained. I suppose there is no such exact tutorial and I want to know how we can configure this on SAP IDM . Any specific clues?
Also I am describing the exact steps that will follow . Correct me if I am wrong.
1) User id will be created on AD with same user name and password as it is in Identity store. Will be assigned AD groups
2) Create same user in Portal and make the user data source as AD and will assign the technical role portal as per the business role definition
3) create same user in all abap systems and set abap database as user data source and assign the technical role needed as per the business role definition
4) Create same user in third party systems and with the privileges on their target systems as per the business role definition.
With this provisioning stops. I suppose all the above steps will be automatically done by SAP IDM with no manual interaction required after final approval. Correct me if I am wrong.
So some other information i wanted is
1) When you assign business role at work flow, how exactly SAP IDM know about the target systems that user should be created and assigned roles and made their authentication source.
for eg:- for a business role "employee" should get access to ERP with role X, AD with group Y, Portal with role Z. So in work flow when business role employee is assigned how SAP IDM will know that user should be created on to ERP with role X, AD with group Y, Portal with role Z. Can you explain technically along with detail steps? Or how exactly we configure a business role which knows the target systems and their techical roles.
Thank you once again for the fabulous help . You/Matthew is a tremendous help in understanding SAP IDM better. -
Hi there!
So I was looking at the most recent version of the SAP IDM Connector List, and I don't see BI or BOBJ. Can anyone provide best practices information on connecting / working with these systems? We are considering leveraging AD for Authentication and Authorization.
Please advise.
Thanks,
MattAFAIK there is no direct provisioning from IdM 7.2 to BO. In my current project the BO access rights are delivered via AD groups. BI is just an ABAP system.
It was possible to map the BO access rights agains BI-privileges. But AD was chosen as that enabled SSO-login to BO.
Your BO/BI/authorization-folks should know how the mapping of access rights works.
regards, Tero -
New version of sapyto - SAP Penetration Testing Framework
Hello list,
I'm glad to let you know that a new version of sapyto, the SAP Penetration Testing Framework, is available.
You can download it by accessing the following link: http://www.cybsec.com/EN/research/sapyto.php
News in this version:
This version is mainly a complete re-design of sapyto's core and architecture to support future releases. Some of the new features now available are:
. Target configuration is now based on "connectors", which represent different ways to communicate with SAP services and components. This makes the
framework extensible to handle new types of connections to SAP platforms.
. Plugins are now divided in three categories:
. Discovery: Try to discover new targets from the configured/already-discovered ones.
. Audit: Perform some kind of vulnerability check over configured targets.
. Exploit: Are used as proofs of concept for discovered vulnerabilities.
. Exploit plugins now generate shells and/or sapytoAgent objects.
. New plugins!: User account bruteforcing, client enumeration, SAProuter assessment, and more...
. Plugin-developer interface drastically simplified and improved.
. New command switches to allow the configuration of targets/scripts/output independently.
. Installation process and general documentation improved.
. Many (many) bugs fixed. :P
Enjoy!
Cheers,
MarianoHi Mariano,
Thanks for the update.
We implemented secinfo restrictions 5 years ago, but used a rather complicated approach. We did some tests today (the "local" setting works okay so far) and will continue tomorrow.
We now use the HOST and USER-HOST set to "local" and let the application security deal with who-can-do-what and this works quite well; though we have encountered some external 3rd party server programs in some cases. It seems to be popular amongst the business folks and some of the products use the gateway monitor to comunicate with the SAP system to find out when it has completed processing.
I think this is a design error, but they of course think otherwise
What was interesting to note, was that we locked ourselves out of an unprotected system. We changed the gw/monitor from 2 to 1 in a test. This worked. But then the gwmon cannot be used to change it back to 2! To we tried RZ11, and experienced the same. So we changed it to 0 in a test, and then 1 was blocked as well. This appears to be implemented in the kernel, as even hobbling the application coding does not help. The parameter is only dynamic when decreasing the value and increasing the security.
We had to restart the whole system for the instance profile to take effect again. Rather noisy and a few developers could take an additional 10 minute coffee break as a result
We are testing this on 3 different releases with different config:
- 4.6C (46D)
- 6.40
- 7.00
The different config relates to:
- gw/sec_info
- gw/monitor
- auth/rfc_authority_check
Our intention behind this is to improve baseline security and harden some special systems further.
Cheers,
Julius -
SLD auto update of SAP's realease versions
Hello,
I heard that the administrator has to download manually a file with the current release version informations and put this file to the neccessary file. Is this the normal way or is there a possibility to download the files automatically?
Thank you, MaximilianHello again,
sorry, now I got it.
From time to time you need to update the data models in the SLD, so the
SLD can handle/recognize new software versions and software releases.
You need to update the
cim data model
content repository
This is described in sap note
669669
24 from 24.06.2008
Released for Customer
24.06.2008
EN
DE
Updating the SAP Component Repository in the SLD
kr,
andreas -
Path to put the SAP Kernel files
I have to update the SAP Kernel.
Please let me know the folder in whihc i have to put the sap kernel softwaresHello Balaji,
Please visit this link:
http://www.sap-img.com/bc019.htm
It will solve all your doubts.
Please award points accordingly.
Regards.
Ruchit. -
Difference Between SAP Connectors and SAP Web Services Framework
Hello,
I would like to know the main difference between the SAP Connectors protocol (that uses SOAP) and the SAP Web Services Framework starting with NetWeaver.
Thank you,
Pedro CarrilhoHi Pedro,
I guess you are talking about Business Connectors and XI.
If that is the case, the differences are:
SAP XI belongs to SAP Netweaver Technology, whereas BC is an Integration tool provided by Webmethods.
SAP XI is based on a model called "Hub & Spoke" and Business Connectors are "point to point". So by using XI, what happens is that you do not redesign Solutions once again.
With XI you save the entire integration knowledge of a collaborative process centrally in SAP XI: Objects at design time in the Integration Repository and objects at configuration time in the Integration Directory. In this way, SAP Exchange Infrastructure follows the principle of shared collaboration knowledge: You no longer need to search for information about a collaborative process in each of the systems involved, but can call this information centrally instead. This procedure considerably reduces the costs for the development and maintenance of the shared applications.
Also SAP XI comes with pre-configured solutions bundled along with it, so you can straight-away use the solution instead of redesigning.
Also i believe SAP XI is integrated as a required solution for some new mySAP solution like SRM, there are some scenarios within SRM requires SAP XI to be used and we cannot use BC's there.
But incase if you do not have multiple systems connected and communication is between just 2 systems, BC should be sufficient, instead of investing on XI.
But i guess slowly SAP will be stopping its support for BC, as SAP XI can do everything that BC does and even much more.
Also go through these threads...
Re: Business connector
XI vs Connectors (Like JCo and .NET)
I hope this is what you were looking for...
Regards,
Abhy -
Where can i find resources to SAP B1 Integration Framework, Workflows and Web Services?
Hello Professionals,
I'm new to SAP B1, and i want to know more and comprehend the SAP B1 Integration Framework, Workflows and SAP B1 Web Services.
I need resources to study them. Could you please help find a comprehensive resources to these topics specifically?. i have tried a lot to get some resources but they were not enough to understand the whole capabilities.
Thanks in Advance,Hi Karem,
Please check below links Video for Integration Framework.
SAP Business One Training - July 11, 2012 - Integration Framework (B1i) and Mobility by Vision33 - YouTube
SAP Business One to SAP Business One Integration using B1i - YouTube
Please check below links SAP Library Integration Framework and Workflow.
http://help.sap.com/saphelp_sbo900/helpdata/en/d7/dceab0d1ae42b1929ffaf1168a0bf7/content.htm
Please check below link Video for Workflow.
Workflow in SAP Business One 9.0 - YouTube
Please check below links for Web Services.
B1WS: Business One Web Services Wrapper
Please check below links Video for Creating Web Services
Part 1-Creating Web Services with B1if - YouTube
Part 2-Creating Web Services with B1if - YouTube
Part 3-Creating Web Services with B1if - YouTube
Part 4-Creating Web Services with B1if - YouTube
Part 5-Creating Web Services with B1if - YouTube
Part 1-Consuming B1if Web Services by DotNet - YouTube
Part 2-Consuming B1if Web Services by DotNet - YouTube
Part 3-Consuming B1if Web Services by DotNet - YouTube
Part 4-Consuming B1if Web Services by DotNet - YouTube
Part 5-Consuming B1if Web Services by DotNet - YouTube
Hope this help
Regards::::
Atul Chakraborty -
Provisioning Framework for SAP IDM 7.2 -- Download link required
Hello Experts,
Could you please provide me the link to download Provisioning Framework for SAP IDM 7.2 .
Thanks in Advance,
Regards,
Devyou can get links to all doco [here|http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/4000d09f-a9b9-2d10-8b90-ba3a0f9fe0c8]. That link is accessible from IdM 7.2 homepage.
Yes, I meant using version 7.2 of provisioning framework with 7.1 components.
Cheers -
Update manager in IdM automatically when the manager changes in SAP HR
Hi Experts
I have been given a requirement where the manager of a user in IdM should be updated automatically when the manager changes in SAP HR.
The HR extraction job is currently in place and runs every 30mins.
Please could you give me some ideas on how to implement this.
IDM 7.2 SP 6
Thanks
RanHi Deepak
I have been discussing this a bit more in detail with the client. So, the issue is as follows
When a new/replacement manager is hired
When people are moved from one org unit to another
The scheduled extraction job (RPLDAP_EXTRACT_IDM with a variant with the delta tick on) does not update the new manager info in IDM for the relevant users who report to that manager. The client has to run the program (RPLDAP_EXTRACT_IDM with a variant with the delta tick off) manually each time for the affected users which updates the manager info successfully in idm.
I investigated the query LDAP_IDM_QUERY from user group /SAPQUERY/L1 and want to know if the below should be ticked as well. Your thoughts please?
Please advise.
Thanks
Ranjit
Maybe you are looking for
-
Unable to install adobe Extension Manager 6.1 update
unable to install Extension Manager 6.1 update on my Mac. Running Lion
-
I am not sure if this is the right group for this. I purchased a touch screen desktop monitor L12341wt at Best Buy. It was shipped because they were out of stock at that location. It works fine except that it is not "touch." In other words nothin
-
PROFIT CENTRE DETERMINATION FOR VAT LINE ITEMS
Hi Experts, My client having IS Retail ECC 6.0 Version and having several sites in all over Inida. Now problem Profit centre not updated in VAT Line items while billing. Every site having one profit centre. Site equal to Profit centre. Would you plea
-
Hi, Can anyone help me with this issue? Any form I have downloaded regardless of the source freezes and crashes when I try to enter text. I click on Ad Text and next as soon as I click on a line on the form, the cursor disappears and I can't do anyth
-
OBIEE usage tracking questions
Hi, I am using OBIEE 11g and we enabled usage tracking. Recently, i have observed that some inserts to S_NQ_ACCT table is failing due to "String literal too long" error. We have configured VARCHAR(4000) for QUERY_TEXT column in physical layer which