Updating the SAP IDM Provisioning Framework

Similar Messages

• Updating the SAP Component Repository in the SLD

  Hi All,
  Can I get someone to clarify note 669669 - Updating the SAP Component Repository in the SLD for me?
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D36363936363926
  Currently, I am on version:
  My Solution Manager is telling me:
  I don't see a newer version. Am I reading this incorrectly?
  Thanks,
  Diana

  The problem is with the CR Content version which is on 9.0 patch level and I see patch levels 12 and 13 available on SMP
  Check this article and update the CR Content
  http://scn.sap.com/docs/DOC-41516
  Regards
  RB

• [svn:fx-4.x] 14640: updating the ignore patterns for frameworks/libs, projects/automation_airspark, and rsls

  Revision: 14640
  Revision: 14640
  Author:   [email protected]
  Date:     2010-03-09 06:44:21 -0800 (Tue, 09 Mar 2010)
  Log Message:
  updating the ignore patterns for frameworks/libs, projects/automation_airspark, and rsls
  QE notes: no
  Doc notes: no
  Bugs: sdk-25755
  Reviewer: carol
  Tests run: no
  Is noteworthy for integration: no
  Ticket Links:
      http://bugs.adobe.com/jira/browse/sdk-25755
  Property Changed:
      flex/sdk/branches/4.x/frameworks/libs/
      flex/sdk/branches/4.x/frameworks/projects/automation_airspark/
      flex/sdk/branches/4.x/frameworks/rsls/

  Thats good news.

• Response payload is not updating the SAP tables in Sync Interface

  Dear Experts,
  We are doing the ECC to SFDC sync interface by using the ABAP Proxy to Webservice ICO scenario (SOAP to SOAP).
  The response payload from SFA has having the SOAP envelope, to remove this I have used the Java mapping with this we resolve the normal graphical mapping issue and ECC is able to get the response at MONI level.
  But the response payload is not updating the ECC SE11 tables at the proxy level.
  I have attached ECC synchronous proxy testing results with response payloads. With this original response payload the proxy is not updating the tables.
  Please help me out.
  Regards
  RK

  Hi RK,
  Set run-time parameter( LOGGING_SYNC) to 1 in Integration Engine (SXMB_ADM --> Integration Engine Configuration -> Edit configuration ) . LOGGING_SYNC may have set to 0 in IE. If LOGGING_SYNC is set to 0 , IE will not save or write the messages .
  Note: If PI system is Java only stack , please perform above step in ECC.
  Thanks
  Hari.

• How do you update the SAP Integration Kit license?

  When your SAP Integration Kit license has expired, how do you update it?
  For example : In designer, not being able to create OLAP universes on SAP BW anymore.
  Thank you,
  Raphaë

  Hi Ingo
  do you know, I,ve tried to put in the licens key in CMC for int.kit that I got from SAP self and also another from the marketplace page.
  I getting message:
  Currently held license keys (Select a key to see its licensing information)
  License Key Error: Invalid Key : <my key>
  There is no license added for int.kit in CMC right now, do I need to have it?
  Reason to this is that we got some connection error: "The specific module could not be found" and error "WIS 10901"
  This after Infoview and "refresh data"
  From my opinion I would guess that this is licens problem?
  Can you please help us?
  regards Jacob

• IDM70: SAP Provision Framework & Role-Approvals

  Hi all
  How can I use the SAP Provisiong Framework (PF) with Role Approvals?
  User-Provisioning works fine without any Approval Tasks. I can create a user in the Workflow and assign a role which triggers the SAP PF Provisioning-Tasks for Exchange/ADS and SAP ABAP.
  Then I tried to assign a Role where I defined an Approver and an Approval task. I expected that after the Role assignment is approved the respective Provisioning Tasks (ProvisionADS, ProvisionABAP) are started automatically, but they aren't.
  The Approval is raised in the Workflow, I approve it and nothing happens. If I look at the User-Details the role is not assigned to the user.
  Do I have to link the SAP PF-Provisioning Tasks to the Approvals Approve-Node?
  If yes, do I have to define an approval task for every system-type and possible combination of systems???
  Or what else should I include in the Approve-Node?
  Any help appreciated.
  Regards
  Michael

  OK, I solved the question:
  I followed the "Implementing pending approvals" Tutorial step by step and "wrapped" my ApprovalTask with an PreprocessApprovers and a CommitApproval task. But I'm quite sure the CommitApproval Task would be sufficient.
  This leads to another question in the same area:
  If I use an Approval Task with a defined Approver and Sub-Tasks in its Approve/Decline-Nodes (as I use for e.g. Workflow public "Create User" Task) I see the Approval in the Monitoring Approval Queue.
  The MX_PENDING_VALUE created during the Role-Approval is not listed there.
  What is the difference, technically speaking, between a Role-Approval (MX_PENDING_VALUE) and a "normal" Approval (Task + Subtasks)?
  Why do I have to commit the one and not the other?
  What other usage has the MX_PENDING_VALUE / Where else is it used (since it is more complex than simply creating an "interrupting" Approval Task)?
  Points still available
  Regards
  Michael
  Edited by: Michael on Jul 20, 2009 5:06 PM

• ActiveDirectory - SAP IDM integration in Identity Life cycle Management

  Hi Experts
  In our landscape SAP HCM is supposed to be  the  leading data source and SAP IDM takes identity information from SAP HCM.  From SAP IDM it will provision into Active directory and other third party systems, Sap systems.
  Here are the questions
  1) How  can we leverage on the investment on Active directory after  SAP IDM -Active directory investment ?  I mean after SAP IDM comes to a landscape,  Active directory will only be used to login to domain and for authentication if for java system Active directory have been set as user data source.  What are the other advantages of Active directory- SAP IDM integration as Active directory will not be leading data source and identity information will be in identity store.?
  2) After the user details are taken from SAP HCM system, will  the user record will be created in SAP IDM on Identity store ?  Is it where we actually assign the SAP IDM business role and the related technical role  to the  user? 
  3) Suppose if we assign a business role " employee " , will IDM actually create user id in all target system and assign all the technical roles? . Or we have to manually select each repository for target system in Identity center and  select the privileges and provision it ?  Will there be any automated feature that after assigning the business role to identity in identity store users and roles get automatically provisioned on all the target systems?
  Thank you in advance for your help.

  Hi Matt,
  Thank you very much.
  Only change we have is before approval it should go to GRC AC check all the compliance   and only after that it is approved and it should come back to SAP IDM  .
  I am actually looking for a tutorial which actually shows how you assign a business role and the whole procedure of SAP IDM automatically provisioning to target systems which you have just explained.  I suppose there is no such exact tutorial and I want to know how we can configure this on SAP IDM . Any  specific clues?
  Also  I am describing the exact steps that will follow . Correct me if I am wrong.
  1) User id will be created on AD with same user name and password as it is in Identity store. Will be assigned AD groups
  2) Create same user in Portal and make the user data source as AD and will assign the technical role portal as per the business role definition
  3) create same user in all abap systems and set abap database as user data source and assign the technical role needed as per the business role definition
  4) Create same user in third party systems  and with the privileges on their target systems as per the business role definition.
  With this provisioning stops. I suppose all the above steps will be automatically done by SAP IDM with no manual interaction required after final approval. Correct me if I am wrong.
  So some other information i wanted is
  1) When you assign business role at work flow,  how exactly SAP IDM  know about the target systems that user should be created and  assigned roles and made their authentication source.
  for eg:- for  a  business role "employee"  should get  access to ERP with role X,  AD with group Y, Portal with role Z.  So in work flow when business role employee is assigned  how SAP IDM will know that user should be created on to ERP with role X,  AD with group Y, Portal with role Z. Can you explain technically along with  detail steps? Or how exactly we configure a business role which knows the target systems and their techical roles.
  Thank you once again for the fabulous help . You/Matthew is a tremendous  help in understanding SAP IDM better.

• SAP IDM Connector list

  Hi there!
  So I was looking at the most recent version of the SAP IDM Connector List, and I don't see BI or BOBJ.  Can anyone provide best practices information on connecting / working with these systems?  We are considering leveraging AD for Authentication and Authorization. 
  Please advise.
  Thanks,
  Matt

  AFAIK there is no direct provisioning from IdM 7.2 to BO. In my current project the BO access rights are delivered via AD groups. BI is just an ABAP system.
  It was possible to map the BO access rights agains BI-privileges. But  AD was chosen as that enabled SSO-login to BO.
  Your BO/BI/authorization-folks should know how the mapping of access rights works.
  regards, Tero

• New version of sapyto - SAP Penetration Testing Framework

  Hello list,
  I'm glad to let you know that a new version of sapyto, the SAP Penetration Testing Framework, is available.
  You can download it by accessing the following link: http://www.cybsec.com/EN/research/sapyto.php
  News in this version:
  This version is mainly a complete re-design of sapyto's core and architecture to support future releases. Some of the new features now available are:
  . Target configuration is now based on "connectors", which represent different ways to communicate with SAP services and components. This makes the
  framework extensible to handle new types of connections to SAP platforms.
  . Plugins are now divided in three categories:
       . Discovery: Try to discover new targets from the configured/already-discovered ones.
       . Audit: Perform some kind of vulnerability check over configured targets.
       . Exploit: Are used as proofs of concept for discovered vulnerabilities.
  . Exploit plugins now generate shells and/or sapytoAgent objects.
  . New plugins!: User account bruteforcing, client enumeration, SAProuter assessment, and more...
  . Plugin-developer interface drastically simplified and improved.
  . New command switches to allow the configuration of targets/scripts/output independently.
  . Installation process and general documentation improved.
  . Many (many) bugs fixed. :P
  Enjoy!
  Cheers,
  Mariano

  Hi Mariano,
  Thanks for the update.
  We implemented secinfo restrictions 5 years ago, but used a rather complicated approach. We did some tests today (the "local" setting works okay so far) and will continue tomorrow.
  We now use the HOST and USER-HOST set to "local" and let the application security deal with who-can-do-what and this works quite well; though we have encountered some external 3rd party server programs in some cases. It seems to be popular amongst the business folks and some of the products use the gateway monitor to comunicate with the SAP system to find out when it has completed processing.
  I think this is a design error, but they of course think otherwise
  What was interesting to note, was that we locked ourselves out of an unprotected system. We changed the gw/monitor from 2 to 1 in a test. This worked. But then the gwmon cannot be used to change it back to 2! To we tried RZ11, and experienced the same. So we changed it to 0 in a test, and then 1 was blocked as well. This appears to be implemented in the kernel, as even hobbling the application coding does not help. The parameter is only dynamic when decreasing the value and increasing the security.
  We had to restart the whole system for the instance profile to take effect again. Rather noisy and a few developers could take an additional 10 minute coffee break as a result
  We are testing this on 3 different releases with different config:
  - 4.6C (46D)
  - 6.40
  - 7.00
  The different config relates to:
  - gw/sec_info
  - gw/monitor
  - auth/rfc_authority_check
  Our intention behind this is to improve baseline security and harden some special systems further.
  Cheers,
  Julius

• SLD auto update of SAP's realease versions

  Hello,
  I heard that the administrator has to download manually a file with the current release version informations and put this file to the neccessary file. Is this the normal way or is there a possibility to download the files automatically?
  Thank you, Maximilian

  Hello again,
  sorry, now I got it.
  From time to time you need to update the data models in the SLD, so the
  SLD can handle/recognize new software versions and software releases.
  You need to update the
  cim data model
  content repository
  This is described in sap note
  669669                                             
  24 from 24.06.2008                                 
  Released for Customer                              
  24.06.2008                                                                               
  EN                                                 
  DE                                                 
  Updating the SAP Component Repository in the SLD   
  kr,
  andreas

• Path to put the SAP Kernel files

  I have to update the SAP Kernel.
  Please let me know the folder in whihc i have to put the sap kernel softwares

  Hello Balaji,
  Please visit this link:
  http://www.sap-img.com/bc019.htm
  It will solve all your doubts.
  Please award points accordingly.
  Regards.
  Ruchit.

• Difference Between SAP Connectors and SAP Web Services Framework

  Hello,
  I would like to know the main difference between the SAP Connectors protocol (that uses SOAP) and the SAP Web Services Framework starting with NetWeaver.
  Thank you,
  Pedro Carrilho

  Hi Pedro,
  I guess you are talking about Business Connectors and XI.
  If that is the case, the differences are:
  SAP XI belongs to SAP Netweaver Technology, whereas BC is an Integration tool provided by Webmethods.
  SAP XI is based on a model called "Hub & Spoke" and Business Connectors are "point to point". So by using XI, what happens is that you do not redesign Solutions once again.
  With XI you save the entire integration knowledge of a collaborative process centrally in SAP XI: Objects at design time in the Integration Repository and objects at configuration time in the Integration Directory. In this way, SAP Exchange Infrastructure follows the principle of shared collaboration knowledge: You no longer need to search for information about a collaborative process in each of the systems involved, but can call this information centrally instead. This procedure considerably reduces the costs for the development and maintenance of the shared applications.
  Also SAP XI comes with pre-configured solutions bundled along with it, so you can straight-away use the solution instead of redesigning.
  Also i believe SAP XI is integrated as a required solution for some new mySAP solution like SRM, there are some scenarios within SRM requires SAP XI to be used and we cannot use BC's there.
  But incase if you do not have multiple systems connected and communication is between just 2 systems, BC should be sufficient, instead of investing on XI.
  But i guess slowly SAP will be stopping its support for BC, as SAP XI can do everything that BC does and even much more.
  Also go through these threads...
  Re: Business connector
  XI vs Connectors (Like JCo and .NET)
  I hope this is what you were looking for...
  Regards,
  Abhy

• Where can i find resources to SAP B1 Integration Framework, Workflows and Web Services?

  Hello Professionals,
  I'm new to SAP B1, and i want to know more and comprehend the SAP B1 Integration Framework, Workflows and SAP B1 Web Services.
  I need resources to study them. Could you please help find a comprehensive resources to these topics specifically?. i have tried a lot to get some resources but they were not enough to understand the whole capabilities.
  Thanks in Advance,

  Hi Karem,
  Please check below links Video for Integration  Framework.
  SAP Business One Training - July 11, 2012 - Integration Framework (B1i) and Mobility by Vision33 - YouTube
  SAP Business One to SAP Business One Integration using B1i - YouTube
  Please check below links SAP Library Integration  Framework and Workflow.
  http://help.sap.com/saphelp_sbo900/helpdata/en/d7/dceab0d1ae42b1929ffaf1168a0bf7/content.htm
  Please check below link Video for Workflow.
  Workflow in SAP Business One 9.0 - YouTube
  Please check below links for Web Services.
  B1WS: Business One Web Services Wrapper
  Please check below links Video for Creating Web Services
  Part 1-Creating Web Services with B1if - YouTube
  Part 2-Creating Web Services with B1if - YouTube
  Part 3-Creating Web Services with B1if - YouTube
  Part 4-Creating Web Services with B1if - YouTube
  Part 5-Creating Web Services with B1if - YouTube
  Part 1-Consuming B1if Web Services by DotNet - YouTube
  Part 2-Consuming B1if Web Services by DotNet - YouTube
  Part 3-Consuming B1if Web Services by DotNet - YouTube
  Part 4-Consuming B1if Web Services by DotNet - YouTube
  Part 5-Consuming B1if Web Services by DotNet - YouTube
  Hope this help
  Regards::::
  Atul Chakraborty

• Provisioning Framework for SAP IDM 7.2 -- Download link required

  Hello Experts,
  Could you please provide me the link to download Provisioning Framework for SAP IDM 7.2 .
  Thanks in Advance,
  Regards,
  Dev

  you can get links to all doco [here|http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/4000d09f-a9b9-2d10-8b90-ba3a0f9fe0c8]. That link is accessible from IdM 7.2 homepage.
  Yes, I meant using version 7.2 of provisioning framework with 7.1 components.
  Cheers

• Update manager in IdM automatically when the manager changes in SAP HR

  Hi Experts
  I have been given a requirement where the manager of a user in IdM should be updated automatically when the manager changes in SAP HR.
  The HR extraction job is currently in place and runs every 30mins.
  Please could you give me some ideas on how to implement this.
  IDM 7.2 SP 6
  Thanks
  Ran

  Hi Deepak
  I have been discussing this a bit more in detail with the client. So, the issue is as follows
  When a new/replacement manager is hired
  When people are moved from one org unit to another
  The scheduled extraction job (RPLDAP_EXTRACT_IDM with a variant with the delta tick on) does not update the new manager info in IDM for the relevant users who report to that manager. The client has to run the program (RPLDAP_EXTRACT_IDM with a variant with the delta tick off) manually each time for the affected users which updates the manager info successfully in idm.
  I investigated the query LDAP_IDM_QUERY from user group /SAPQUERY/L1 and want to know if the below should be ticked as well. Your thoughts please?
  Please advise.
  Thanks
  Ranjit