Usage of SAP* user in OOSB

Similar Messages

• Best practices / preferred usage of SAP standard (delivered) roles

  Dear Experts,
  When going about designing roles for a new system, what is the preferred usage on SAP standard/delivered roles?  I was thinking of using them as a "base", then tweaking auth objects here and there to make the roles work but the more I work with them, I find it may be better to create roles entirely from scratch.  A lot of the time, I find a lot of inactivated auth objects or objects that seem to not really be needed when looking at the t-codes offered in the menu (S_TCODE).
  In that case, I figured it might be cleaner if I started creating roles and adding t-codes via the Menu and maintaining only the auth objects that are proposed in PFCG (and adding a few if necessary).
  Do people typically build their roles around these the standard SAP role set or is it preferred to create your own and only use the SAP standard roles as reference (i.e. the t-codes offered in the menu, etc.)?
  Thanks for any insights!

  > When going about designing roles for a new system, what is the preferred usage on SAP standard/delivered roles?
  Those are provided by SAP as a reference so that you can consult with the Authorization Structure of a Standard Position / Task for which you are going to create your own role. For e.g. what are the TCodes, values of Objects should be given to users for their tasks.
  I was thinking of using them as a "base", then tweaking auth objects here and there to make the roles work but the more I work with them, I find it may be better to create roles entirely from scratch.
  Absolutely! Please do not use SAP delivered roles for you use and also don't try to alter any values.
  A lot of the time, I find a lot of inactivated auth objects or objects that seem to not really be needed when looking at the t-codes offered in the menu (S_TCODE).
  >
  > In that case, I figured it might be cleaner if I started creating roles and adding t-codes via the Menu and maintaining only the auth objects that are proposed in PFCG (and adding a few if necessary).
  >
  > Do people typically build their roles around these the standard SAP role set or is it preferred to create your own and only use the SAP standard roles as reference (i.e. the t-codes offered in the menu, etc.)?
  >
  Yes.. as reference.. as you say..
  Regards,
  Dipanjan

• How to let SAP user use SSO to access Application in DMZ?

  Hi All,
  Our J2EE application is running on a system in DMZ which can not be connected with LDAP. So I am wondering if it's possible to let SAP user use SSO to access our application.
  After talking with my colleague I think the only way is to import SSO public key to our WebAS and create user in UME and then assign user to the corresponding public key, but anybody know where to download SSP verification file or is it allowed to download and import into another system at all?
  Regards,
  Bin

  Hi,
  Take a look at this example, it uses property nodes to select tha
  active plot and then changes the color of that plot.
  If you want to make the number of plots dynamic you could use a for
  loop and an array of color boxes.
  I hope this helps.
  Regards,
  Juan Carlos
  N.I.
  Attachments:
  Changing_plot_color.vi ‏38 KB

• Error while scheduling report for SAP users

  Hi All,
  We have SAP authentication enabled in our BO environment. (BO XI 3.1 sp2 FP 2.6 on windows 2003 server).
  There are some webi reports based on BW Bex queries that we are trying to run on behalf of certain SAP end users. This we are doing using "schedule for" option.
  Now what is happening here is if the end user has logged in once in BO system ,it runs fine. But in case user has not logged in to BO (using infoview etc.) ,it throws error saying "incomplete logon data" . Also if user changes or reset his password in BW and if he doesn't login to infoview after that ,system throws another error "Name or password incorrect (repeat logon)".
  Based on these observation, we are suspecting if BO system uses stored SAP users credentials while scheduling report for them based on their last login.
  Would like to mention here that we have checked option "automatically import users".
  Please advice if this behavior is normal or we are missing some setting.
  Thanks in advance,
  Chandra

  Hi All,
  Any pointers or suggestions for this issue ??
  Is there a setting/option avialable in CMC which could resolve these errors.
  Or, user has to login once to infoview in all circumstances to avoid these errors.
  Thanks,
  Chandra

• Backup message error -SAP system is running or SAP user is connected to dat

  Hello ..
  when the backup started i got this message error ..before starting the backup, the shell shutdown the sap system but below message was showed
  BR0262I Enter database user name[/password]:
  BR0055I Start of database backup: bedvugxg.aff 2010-08-08 05.31.48
  BR0484I BRBACKUP log file: /oracle/AAA/sapbackup/bedvugxg.aff
  BR0477I Oracle pfile /oracle/AAA/102_64/dbs/initAAA.ora created from spfile /oracle/AAA/102_64/dbs/spfileAAA.ora
  BR0068E SAP system is running or SAP user is connected to database AAA - database cannot be shut down
  BR1025I Please shut down SAP system first or use the 'offline_force' option
  BR0056I End of database backup: bedvugxg.aff 2010-08-08 05.31.48
  BR0280I BRBACKUP time stamp: 2010-08-08 05.31.49
  BR0054I BRBACKUP terminated with errors
  [Major] From:  "OMNISAP" Time: 08/08/10 05:31:49
  BRBACKUP /usr/sap/AAA/SYS/exe/run/brbackup -t offline -d util_file -c -m all -u hpbkup/******* returned 3
  i am new on this, what should i review into the db?
  Regards and thanks in advance
  Dma.

  Hello Daniela,
  you try to perform an offline backup (which is a very uncommon way nowadays) and your SAP system is not down.
  This is also described in the official documentation:
  http://help.sap.com/saphelp_sm32/helpdata/en/0d/d309664a0c11d182b80000e829fbfe/content.htm
  offline: Database backup in offline mode, in other words, the database is shut down during backup. When you select this parameter, BRBACKUP checks that no SAP system users are connected to the database. If an SAP System is active, the database is not shut down and BRBACKUP terminates the process with an error message (message number BR0068E).
  Regards
  Stefan

• How to Send SAP User to Spool Job instead of SAPService SID

  Dear Gurus,
  I have to print data using access method C (or L) via print server that runs on win 2008.
  SAP AS runs on win 2003.
  It works fine, but user which appears in print job is SAPService<SID>. We need here sap user who actually initiated printing. It can be obtained easily by chaning access method to G. However, this solution is not acceptable.
  Thank you in advance,
  Nenad

  Problem solved on OS level by introducing anonymous log on.
  Cheers.

• How to analyse the main memory usage in SAP ERP systems?

  Dear expert,
  I'm doing a research work about analysing the main memory usage in SAP ERP systems.
  I would like to find out what is load in buffers and when. That means, which process have the control of these memories and which are always performing something, tables loaded, and so on. Becuase I tried to isolate the space needed by a simple webservice call (create one material) in my test system, but even after a $SYN there are something stored in the buffers. I use a BAPI to avoid the execution of the SAPGUI and its repercussion in the system (I know the BAPI called uses resources too, but when I run this BAPI to get the statistics, it's like ST02, I get different values). Could someone help me or recommend something specific to read? Thanks a lot in advance.

  Dear expert,
  Thanks a lot for your answer. The point is now that I want to isolate the memory used by a webservice that I call, I mean, I would like to know how many memory is this webservice using in each buffer. And could you tell me where could I read something about the order that things happen in SAP System when a webservice is called (always memory related), that's which steps are done to store data in buffers and so on. Thanks in advance.

• Problem connection in OIM 9.1 with SAP user managment

  Hi!
  When I want to provision a sap user management resource to an user, it appeared this problem.
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] Create User Request
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] userId :PRUEBA4803, userGroup:AUDITOR_ARG,lastName:prueba4803,firstName:prueba4803,userTitle:0003,langComm:S,department:,langLogIn:,timeZone:,telephone:,extension:,Fax:,email:,dateFormat:1,decimalNotation:Y,function:,roomNo:,floor:,building:,code:,commType:,alias:,startMenu:000,userType:A,sapUserId:,empId:PRUEBA4803,fromHRMS:
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Request
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] Inside XLSAPUTILITIES
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Requesting****
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] START SAP Connection creation.
  It is strange because it was working all right since 3 months ago and in these 2 last weeks, it is frequently this problem. Sometimes it works sometimes it does not.
  Of course, I tried the connection between OIM and SAP, with the SAP login, and the connection is all OK.
  My oim vertion is 9.1 and the SAP User Management connector is 9.0.4.1.
  Did anybody have this problem before?
  Bye!

  Oh I forget, when I restart the application server, in my case the jboss, the problem is fixed. Strange...

• OIM - SAP Employee Recon and SAP User Management Connectors vs. OC4J

  In reading through the SAP connector documentation I've found that we cannot use OC4J to run OIM if the 9.0.3 SAP User Management Connector or SAP Employee Recon Connector is used. This is all related to a conflict in JDK versions supported between the SAP JCo (Java Connector) library and OC4J. A thought we've had is to use a Remote Manager for these connectors. Can anyone validate this approach? Is it possible to use a different JDK version with your remote manager? Is there another workaround that anyone is aware of?
  Thanks

  Hi,
  The remote manager should work with different JDKs. We are going to be doing the same thing for one of our adapters.
  As for SAP, I cannot think of another workaround -- we actually abandoned the SAP JCo approach and are doing web services with XI.
  Thanks,
  Deborah
  http://www.linkedin.com/in/dvolk

• Sap UM connector 9.1.2 trouble with "SAP User Management User Recon" task

  Hello All,
  i have a problem with Sap UM Connector version 9.1.2.
  OIM version 11.1.1.5
  Windows 2008 R2
  Problem is:
  Then accounts in Sap are created through direct provisioning feature of connector everything works ok (subsequent update or delete an account).
  But if a user account is created in Sap using Sap GUI, scheduled task "SAP User Management User Recon" of connector doesn't create reconciliation event to link user.
  Sometimes it does though, but for one user account created using Sap GUI in OIM created two reconciliation events, so corrsponding user in oim have two records for resource SAP.
  In this reconciliation events, one have full set of attributes (Login, First Name, Last Name, E Mail, etc), another one - just these 3 attributes: IT Resource, User ID, Lock.
  "SAP User Management Delete Recon" scheduled task works ok then user account has been deleted using Sap Gui.
  How one can troubleshoot such behavior?
  Can anyone advise please?

  resolved the issue by updating sap um connector to version 9.1.2.5

• How to find out the cost of SAP user for a particular user id

  Dear All,
  I got one issue like how to find out the cost of SAP user, i mean for a particular user id.
  Could you please advice me regarding this.
  Raghu

  Hello Raghu,
  I got one issue like how to find out the cost of SAP user, i mean for a particular user id.
  Could you please advice me regarding this.
  I think you need to reach out to BASIS consultant to check out the Cost involved for User ID for the SAP application.
  Regards,
  Sarthak

• Automatic creation of BP from SAP User (created manually) in PPM 5.0

  Hi Gurus;
  There are some way to create BP automaticaly from SAP User?
  I know that exits some Function Module BP* can do this automatic creation.
  Someone did this?
  Best regards.
  Mariano

  Hi Rajadurai,
  In the BADI - BUPA_FURTHER_CHECKS implement the method - CHECK_CENTRAL.
  The following code could serve your purpose:
  IF IV_ACTIVITY eq '01'. "Check if it is for creation
    CALL FUNCTION 'BUPR_RELATIONSHIP_CREATE'
     EXPORTING
      IV_PARTNER_1 = IV_PARTNER
      IV_PARTNER_2 = LV_createdby "BP no of the creator
      IV_RELATIONSHIP = 'BUR011' "Code for emp. resp
      IV_DATE_FROM = SY-DATLO
      IV_DATE_TO = '99991231'.
  endif.

• New sap user creation

  Hi All SAP experts,
  My company has implemented 2 Systems SAP Landscape with one development and one production server which are running on R/3 Enterprise 4.7 (Kernel Release 6.20) with Microsoft SQL 2000 as database server.
  I have the following questions regarding new sap user creation by using user copy function.
  1.When I request to create new SAP User by using user copy function ,should I just create the user acct in DEV and transport it to PROD System? If yes, how could I do that?
  2.When I request to create new SAP User by using user copy function, can I just create it on PROD System only? If yes, what is the impact?
  3.When using User copy function to create new user acct, should I select all parts (like adress ,defaults,reference user, user groups.....) of the existing user to be cloned to new user acct?
  Thanks.
  Leon

  Hi Leon,
  Answer to your questions in their respective order:
  1. You can create user in DEV and then make remote client copy to PRD system using scc9 t-code. Here you can choose user accounts and authorizations for the copy. ( Rem: Data will be overwritten in target system when copied).
  You can also use client export/import(scc8/scc7)
  But, When you do the client import from the exported files using STMS,you will have to select only one of the transport requests and then STMS automatically selects the other requests for you.
  Then it will show you the different transport requests that you have created during your export, the client copy profile and the target system and client. The customizing and application data is deleted in the target client before copying for all profiles except SAP_USER. This is technically unavoidable (and hence the data will be overwritten).
  So if you can afford overwritting of user data in target client , you can go with the above procedure.
  2. Using  user copy in su01, you can copy one user to another user only in that client and is confined to that system only. So yes, If you want 2 or more users to have same authorizations, profiles ,etc etc.. you can choose this in PROD system.
  3. It depends.. If you want user to be in same group, then you can choose user groups. If you want them to have same authorizations , you can choose roles and profiles... If you want them to have same company address and others,... you can select address.. and so on.
  Also below link provides required steps in case you choose local/ remote client copy:
  http://www.sap-basis-abap.com/bc/client-copy-by-using-scc8-and-scc7.htm
  Hope this helps...
  Thanks,
  Ajith
  Edited by: Ajith Kamath on Oct 20, 2009 8:28 AM

• Business Partner ID same as SAP User ID

  Hi All,
  We have one SAP Service Desk Implementation going on.
  There is an intresting requirement as follows:
  1) BP ID generated should be same as their respective SAP User ID, irrespective of the BP Role.
  2) First Run for Mass Generation has to be done and that should take care of point 1.
  3) Business Partners should be automatically created by system whenever a new SAP User ID is created in system landscape.
  I know that if i use external number range, this can be done. Moreover there is one standard BP Mass Creation program also. But challenge is to find setting which makes this BP ID generated same as SAP User ID.
  In past, I have manually created external BPs like this because volume was very low in those projects... but now we have more than 1000+ users whose will be associated with service desk.
  Please advice.
  Regards,
  SM

  Hi,
  there is a technical problem with your request:
  BP numbers are limited to 10 characters but user IDs can have up to 12 characters.
  So you will not be able to set BP number = user ID if you have user IDs with more than 10 characters.
  Regards,
  Christoph

• How to send an email with from address not as a SAP user id

  Hi,
  sender = cl_sapuser_bcs=>create ( pv_user ).
  I am using the above piece of code to send an email.
  In the method "CREATE" , I CAN PASS ONLY THE SAP USER ID.
  But i want to pass the email address (user) which does not  a SAP user id?
  how to do this.

  Hi Brad Bohn,
  I have coded  like below. I could see the mail in SOST, in that from address is as 'myname'.
  But the mail does not reaches to the recipient.
  Can you tell me where the problem is?
        DAta:: from_addr TYPE REF TO CL_CAM_ADDRESS_BCS,
                   lo_bcs_recipient  TYPE REF TO if_sender_bcs,
                   send_request TYPE REF TO cl_bcs.
        CALL METHOD cl_cam_address_bcs=>create_internet_address
          EXPORTING
            i_address_string   = 'myname at the rate of domain'
            i_address_name   = 'myname'
          RECEIVING
            result                    = from_addr.
              CALL METHOD send_request->set_sender
                EXPORTING
                  i_sender = from_addr.
            CATCH cx_send_req_bcs .
              IF sy-subrc <> 0.
                CLEAR sy-subrc.   " added to hide warnings.
              ENDIF.