User Comparison - Roles contantly going to 'red' inactive
Hi,
Can someone shed some light on this issue i'm having here.
I noticed today while working with a user in SU01 that the role assigned to the user switch from green 'active' to 'red' inactive. There were updates made to the master role and then passed to the child (derived) roles. I manually ran user comparison and then verified in SU01 that the roles were still green. Couple hours later I noticed the child role went to 'red' inactive. Why is this happening. This happened and I took at as one time incident but this happening more frequently.
-Wes
Could be...
According to Wes's Business Card he (?) is from the US and for some reason (probably the training documentation in ADM940...!) I have more often than not noticed that US based systems tried to allign the profile names to the "activity group" names when building little single roles - sometimes one role per transaction - as "building blocks" for activities clubbed together into composites.
@ David: I also hate composites...
Unless Wes clarifies, I would however still place my bets on a profile name collision as a result of the DEV, QAS and PROD having the same first and third characters in the SID name, or a client disorder in DEV from which the roles are being transported (e.g. "golden security client" implemented later than the productive client transport routes, or a customizing client was used to make the changes).
AGR_NUM_2 has MANDT as a key field and with derived roles and small singles the limit can be reached with ease, particularly if these were download / uploaded in the past to avoid transport request sequence confusion - which is reasonable in my opinion.
Cheers,
Julius
Similar Messages
-
CUP Auto Provisioning Error 260: User Comparison
I am in the process of configuring the CUP 5.3 module within our ECC and SRM environments. I believe the path and associated stages are established properly. I have tested the auto provisioning functionality within both SRM and ECC. As it relates to SRM, the auto provisioning functionality works without a hitch. However, when I attempt to auto provision a user into our ECC environment, I receive the following error:
Auto provisioned for request on 04/07/2010 13:41
New User: T00522 created on 04/07/2010 13:42 in System(s): DR4-300.
User attributes changed for User : T00522 in System(s) :DR4-300.
Role Provisioning failed for System(s) : DR4-300. Error Message : 260:User master comparison incomplete; see long text
Speaking with out security team, the only time they have seen this issue was when they attempted to map a user, using PFCG, to a role. However, I informed them that CUP uses SU01. They have not experienced such an issue using SU01 and clicking on the user comparison button.
Interesting point: The user record is created and roles assigned to user but have a red light indicator by the role within SU01. However, when the next day rolls around the role has been changed to a Green light, profile assigned and everything is looking good. Unfortunately, CUP can't seem to register this and when the Role Owner attempts to approve the role / user request again. The same error occurs and until I can get around this error, the workflow is not closed out nor is the requester notifiied.
Questions:
(1) How can I fix this issue, I assume it will require a security change to be made within the ECC environment?
(2) If this issue can't be fixed, can I get around this issue with a detour or other CUP error processing step?Denoted below is the log that corresponds to the 260 comparison error. Does anyone know what access I am missing within the UME. I have tested this provisioning process, manually, and do not run into a Comparison error within the SU01 screens:
2010-04-27 13:44:54,748 [SAPEngine_Application_Thread[impl:3]_31] ERROR com.virsa.ae.service.ServiceException: 260:User master comparison incomplete; see long text
com.virsa.ae.service.ServiceException: 260:User master comparison incomplete; see long text
at com.virsa.ae.service.sap.SAPProvisionDAO.executeRoleOperation(SAPProvisionDAO.java:1706)
at com.virsa.ae.service.sap.SAPProvisionDAO.assignRoles(SAPProvisionDAO.java:1458)
at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionInNonCUA(ProvisionSAPUserDAO.java:1232)
at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionRole(ProvisionSAPUserDAO.java:932)
at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionUser(ProvisionSAPUserDAO.java:118)
at com.virsa.ae.accessrequests.bo.ProvisioningBO.autoProvision(ProvisioningBO.java:216)
at com.virsa.ae.accessrequests.bo.RequestBO.autoProvisioningForApprove(RequestBO.java:4572)
at com.virsa.ae.accessrequests.bo.RequestBO.callAEExitService(RequestBO.java:5565)
at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5339)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5191)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4984)
at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:941)
at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
2010-04-27 13:44:54,927 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.accessrequests.bo.RequestAuditHelper : logMajorAction() : : intHstId : 3068
2010-04-27 13:44:54,972 [SAPEngine_Application_Thread[impl:3]_31] ERROR no dtos exist which are in the same state as the passing dto
com.virsa.ae.core.ObjectNotFoundException: no dtos exist which are in the same state as the passing dto
at com.virsa.ae.workflow.bo.WorkFlowBOHelper.getIfUnapprovedPathExists(WorkFlowBOHelper.java:2662)
at com.virsa.ae.workflow.bo.WorkFlowBOHelper.handleWFForNewPathStage(WorkFlowBOHelper.java:2516)
at com.virsa.ae.workflow.bo.WorkFlowRequestRerouteHelper.rerouteRequest(WorkFlowRequestRerouteHelper.java:68)
at com.virsa.ae.workflow.bo.WorkFlowBO.rerouteRequest(WorkFlowBO.java:614)
at com.virsa.ae.accessrequests.bo.RequestBO.rerouteRequestForAutoProvisioningFailure(RequestBO.java:6897)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5239)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4984)
at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:941)
at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
2010-04-27 13:44:55,394 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.accessrequests.actions.RequestViewAction : confirmRequestApproval() : : setting context to true, ending context
2010-04-27 13:44:55,414 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.dao.sqlj.RequestDataForwardDAO : findTransactions() : : sbQuery : SELECT REQNO, REQPATHID, STAGE_NAME, FWDED_BY, APRVRID, ITERATION, FORWARD_TYPE, STATUS FROM VIRSA_AE_RQD_WPFWD WHERE REQNO = ?
2010-04-27 13:44:55,486 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.dao.sqlj.SAPConnectorDAO : findAllActiveSAPConnectors : : going to return no of records= 3
2010-04-27 13:44:55,495 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.dao.sqlj.OracleAppsConnectorDAO : findAllActiveORACLEConnectors : : going to return ImmutableList(empty)
2010-04-27 13:44:55,498 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.dao.sqlj.PACSConnectorDAO : findAllActivePACSConnectors : : going to return ImmutableList(empty)
2010-04-27 13:44:55,502 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.dao.sqlj.WSConnectorDAO : findAllActive : : going to return ImmutableList(empty)
2010-04-27 13:44:55,505 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.dao.sqlj.ApplicationDAO : findAllForContext : : going to return ImmutableList(empty)
2010-04-27 13:44:55,532 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.dao.sqlj.RequestDataSODConflictDAO : findAllForContext(SqljContext ctx) : : going to return ImmutableList(empty)
2010-04-27 13:44:55,535 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.dao.sqlj.RequestDataSODConflictDAO : findAllForContext(SqljContext ctx) : : going to return ImmutableList(empty)
2010-04-27 13:44:55,540 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.dao.sqlj.RequestDataMitigationDAO : findAllForContext(SqljContext ctx) : : going to return ImmutableList(empty)
2010-04-27 13:44:55,579 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.accessrequests.actions.RequestViewAction : pageLoad() : : INTO the method
2010-04-27 13:44:55,580 [SAPEngine_Application_Thread[impl:3]_31] INFO com.virsa.ae.accessrequests.actions.RequestViewAction : pageLoad() : : request number : 154
2010-04-27 13:45:14,055 [SAPEngine_Application_Thread[impl:3]_18] INFO com.virsa.ae.dao.sqlj.RequestTypeDAO : findAll : : going to return no of records= 20 -
Deassignment of users from roles
Hi,
We have a couple of users in our system who are assigned to some standard SAP roles.
These roles are themselves not composite roles , but form a part of some composite roles.
Now when I try to deassign the "blue" users from these roles, it's not possible.
How do I go about it?
Please help.
Thanks,
Saba.Hi,
Both ways its not possible.
When I remove the user from the role, it comes back after user comparison:((
& the role refuses to get deleted from the user.
Also, both appear in blue.
Plsss. help..
Thanks,
Saba. -
Hey All,
The following environment:
- RedHat Enterprise Linux AS Update 4
- Oracle DB EE 10.2.0.1.0
- OHS 10.1.2.0.0 (Standalone Companion CD)
* No errors with any of the installs. All working order.
Application Express 2.2 installation:
When I ran apexins.sql and passed the following six arguments in the order shown:
@apexins password adde addeData TEMP /i/ NONE
I noticed the following set of errors in the error logs:
grant connect, resource to flows_files
ERROR at line 1:
ORA-01917: user or role 'FLOWS_FILES' does not exist
... and it goes on and on about the user/role.
After post installation tasks have been completed, visits to
http://hostname.domain:port/pls/apex
result in the following error being displayed:
wwv_flow.app_not_found_footer_err
wwv_flow.err wwv_flow.app_not_found_err
*Note: My URL shows
http://hostname.domain:port/pls/apex/apex
Any ideas or suggestions? I am afraid I have a necessary database account locked, the documentation is off, or I have misconfigured a necessary step.
Thanks!
Daniel NguyenYou should also double check that the tablespace named addeData actually exists in your database. If it does not, the FLOWS_FILES user will not be created, and that will result in a failed installation.
-
Hi all!!!
I am relatively new to SAP authorisation concept, ad i think i dont completely understand the idea of user comparison.
Am i correct:
- if i use SU01 to assign a role to a user there's no need to perform a user comparison
- if i assign user to a role i have to run user comparison. Before comparison,if you look into user master record the role is already there, but it is uncompared, and user dont have authorisations yet, though he can log on and see role menu.
What is the point of user comparison? what does it do apart from assigning profiles? if nothing, why is it so that user dont have roles authorisation immeadiately after assignin him to a role in pfcg?? What is the point? First i thought that it removes all profiles which are not connected to the assigned role..but i try to attach some profiles manually and did user comparison, wich didn't remove manually entered profiles...so..
Can anybody describe it using simple language?
Tanks!Hi Stanislaw,
>
Stanislaw Adamski wrote:
> - if i use SU01 to assign a role to a user there's no need to perform a user comparison
Yes, that is correct. When saved through SU01, SU10, a UMR reconcilation is done for the user(s).
>
Stanislaw Adamski wrote:
> - if i assign user to a role i have to run user comparison. Before comparison,if you look into user master record the role is already there, but it is uncompared, and user dont have authorisations yet, though he can log on and see role menu.
>
Thats a very good observation. Even I didnt know that the role menu would be displayed. However, (technically) since its actually the profiles and not the assignment of roles that give authorization, a user or role compare is required. The assignment of profiles to users can be viewed in table UST04. SU01/SU10 updates the UMR to reflect the appropriate profile(s) of the role in UST04. PFCG does not do this, unless manually done. If not compared via PFCG, this compare is rectified on the next run of PFCG_TIME_DEPENDENCY.
>
Stanislaw Adamski wrote:
> What is the point of user comparison? what does it do apart from assigning profiles? if nothing, why is it so that user dont have roles authorisation immeadiately after assignin him to a role in pfcg?? What is the point?
User Comparison updates the profiles in the UMR, table UST04 ...and maybe many others! . I hope you are clear on assigning through PFCG now
>
Stanislaw Adamski wrote:
First i thought that it removes all profiles which are not connected to the assigned role..but i try to attach some profiles manually and did user comparison, wich didn't remove manually entered profiles...so..
Generated profiles should not be assigned via the profiles tab. It does not allow to do this, maybe on earlier versions, still does allow this. However, if you still do assign this, PFCG_TIME_DEPENDENCY will remove this assignment!
A standard SAP profile, or a manually created profile(through SU02) will not get affected.
Hope this clarifies
Abhishek -
Show or hide ADF custom tab based on user's role
Hi everyone,
I have created a custom tab on the self-service interface (OIM 11.1.1.5) which contains two sub-tabs. I would like to show or hide one of the sub-tabs based on the role of the currently logged in user. Does anyone know of way to achieve this?
Thank you very much!
PaulFigured it out. Here's how to do it:
Scenario:
You are working in OIM 11.1.1.x. You create a custom tab on the self-service page. This tab should only be visible to users with a certain role, say XYZ.
Step 1: Create a Boolean variable in the managed bean that will be true if the user has the role, false otherwise.
Step 2: Create a class called CurrentUser or something along those lines that will grab the logged in user's roles and test to see if he/she has the required role. It should set a variable within the class to true or false. Or you can skip creating a class and put this code in your managed bean constructor so that it runs as soon as the user goes looking for the tab. The whole point of this, regardless of how you do it, is to end up with a Boolean variable that is set to true or false depending on the role requirements.
Step 3: In your .jsff file (the one with the tab you want to show/hide in it), find the tab and look for an attribute named "rendered." This will likely be located in your <af:showDetailItem> tag under your <af:panelTabbed> tag. This controls whether or not the tab is displayed. So set the rendered value to the value of the boolean you created earlier, like this:
rendered=#{somebeanname.yourbooleanvariablename}"
Hence, when your variable is false, this tab will not be shown. If it's true, they will see the tab. That's all there is to it. :-) -
User Comparison made easy?
Hello all --
Sorry if this is an old and already answered question, I did some searching but nothing came up.
Is it possible to do a "User Comparison" in bulk, or to schedule that as a background job? I find myself go through many roles and check the user comparison manually, but it seems like there should be a way to automate that. I am not that clear on what it actually does, although I believe it applies changes made somewhere.
Thanks in advance...
MMPPThanks Raghu for your reply, and sorry for posting in the wrong forum.
May I ask you for further details regarding your comment?
Raghu wrote:
This can play havoc with authorizations if you do not use it properly.
How is this different from running the user master comparison from within the role? How would you avoid using it "improperly"? -
Hi,
in PFCG trx there is a tab named user and a button "user comparison".
I cannot understand what is the function of that button.
After clicked it I can see that the warning icon on the abova tab becomes green.
Thanks
Best regardsHi,
This tab does similier job as PFUD for reconcilation of profiles to users.
Yello tab of User Comparison indicates , though role is assigned to user , it is not up to date and needs to reconsile.
Green tab indicates , profiles assigned to user is up to date and have all required authorization granted.
Read Help guidelines :
Comparing user master records
o The user master record comparison that is run automatically by
report PFCG_TIME_DEPENDENCY can also be executed manually for a
single role. To do this, choose Compare users on the Users tab. The
status display on this pushbutton indicates whether or not you need
to execute the comparison again.
- If you make changes to the users assigned to the role or
generate a corresponding authorization profile, then you need to
compare the user master records again.
- This compares the authorization profiles with the user master
records, that is, profiles that are no longer current are
removed from the user master records, and the current profiles
are entered.
Regards,
Edited by: Rupali B on Mar 6, 2012 2:36 PM -
Hi all,
In solaris 10, i have an Application started by user called <test> and this application will start the many process.
when all the process are up and running which were started by user <test>.
- Now i am going convert this user <test> to role <test> ( using usermod -K type=role test), will it have any impact on the system?
-Are do i need to stop the all the process which are running by user <test> after that i have to convert the user to role?
which one is good approach?
can you please provide your views on these.
thanks,
RajeshwarHi Bernard,
getRoles(boolean recursive)
Gets the list of (all) assigned roles of this user including parent groups, grandparent groups,...
should be what you are looking for?!
See http://media.sdn.sap.com/html/submitted_docs/60_sp2_javadocs/ume/com/sap/security/api/IUser.html#getRoles(boolean) for details
Hope it helps
Detlev -
ABAP Program: User comparison
Hi all,
I would like to know the name of ABAP report that can enable me to perform user comparison after I have created a new role and added to user.
thanksHi,
You can use the program RHAUTUPD_NEW or goto the transaction PFCG->Utilities-> Mass Comparison.
Hope it helps.
Regards,
Gaurav -
Creation of user and roles in ldap using jldap api
Please help me in creating user and roles in ldap through java api.
I am able to manupulate the existing user and role in ldap. Please give
me some steps or some sample code for creating user
satyanandasahu
satyanandasahu's Profile: http://forums.novell.com/member.php?userid=89095
View this thread: http://forums.novell.com/showthread.php?t=414763Thanks Jim..
this is doing the work. Here we have a custimised class with customised
attributes I am looking how to do that.
Can you give your mail id.
thanks again
Jim Willeke;1995096 Wrote:
> Have you seen these samples:
> 'Novell Documentation'
> (http://developer.novell.com/document...mple/index.htm)
>
> See the AddEntry.java
> -jim
>
> On 7/2/2010 9:36 AM, satyanandasahu wrote:
> >
> > Please help me in creating user and roles in ldap through java api.
> > I am able to manupulate the existing user and role in ldap. Please
> give
> > me some steps or some sample code for creating user
> >
> >
satyanandasahu
satyanandasahu's Profile: http://forums.novell.com/member.php?userid=89095
View this thread: http://forums.novell.com/showthread.php?t=414763 -
AppServer: problems trying to add users to roles in security dialog
I'm trying to learn J2EE using AppServer. My current example has a client accessing
an entity bean. I want two classes of user - Reader, and Updater. Most methods
of Home and Remote are accessible to both classes, a few are restricted to users
in Updater role. I'm currently having problems adding users to roles in deploytool.
I have defined users using the Admin client.
I have implemented and test run client and entity bean without security restrictions, it works.
I have defined roles associated with the application.
I have allocated roles to every method in Home and Remote interface of bean.
I have extracted the generated XML file and checked the <assembly-descriptor> section and
it appears that all roles and role descriptions are defined as required.
deploytool lets me use the "Security Role Mapping" dialog, I can select either of my roles and
try "Add user to role" - subsequent dialog shows my users and allows me to "Map user to role" -
but selected user does NOT appear in the user names panel.
What am I doing wrong or what am I omitting? Hints please!Thanks for suggestions. (I'm using Windows so file-protections pretty
non-existent).
I looked in the Sun file you mentioned and found the users were defined.
When I restarted AppServer and deploytool, the users were shown in the appropriate
panel.
There is probably some minor bug in deploytool that causes the User Panel not
to be updated as it should be after a user has been added to a role. -
How to use the user and role API's and where to use it
Hi All,
I have configured SSO for my UCM11g. Now my application authenticates through the Oracle SSO login page. Currently it is working with SQL authenticator.
Now, i have to use LDAP authenticator. when i will configure the LDAP authenticator, i have to use the user and role API's to fetch the user profile information from LDAP. i have got the API's which will be used to fetch the respected information, but i am not getting as where i will write those java programs and how this API will be used in my application. what settings i need to do on it so that application uses the API's. ?
Please can anyone help me on this.
thanks,
SaurabhHi, Mithu,
Thanks a lot for your help in advance.
I have carefully read the document: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6b66d7ea-0c01-0010-14af-b3ee523210b5.
Now, I think I have to set the processor of every actions in every process if I use the GP for processing the workflow.
I am better to hope that I can set the processor to the role for every actions in every process in the runtime through get the organizational structure in the WDA(webdynpro for java or webdynpro for java). Thus, the customer don't set the processor to the role for every action in every process when runing in the GP. I don't know how to do this.
Whether the function is not supported in the GP? If so, I have to config two organizational structure: in the R/3 and in the Portal. I don't think our customer don't receipt this solution.
Do you give me some hints? Thanks a lot. My email: [email protected]
Thanks again.
Thanks & Regards,
Tao -
During import ora-01917 user or role does not exist "High Priority"
Hi,
When i import the data the following error occured.
imp system/[email protected] fromuser=dmv_ace_ruh touser=dmv_ace_ruh file=F:\dmvaceruh.dmp log=F:\dmvaceruhimp.log ignore=y
fromuser=dmv_ace_ruh (exported by another database i.e database name is ACE)
OS = Sun solaris
touser=dmv_ace_ruh (database name is SAI)
OS = windows server 2003
Database Common 10g
Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
Export file created by EXPORT:V10.02.01 via direct path
Warning: the objects were exported by DMV_ACE_RUH, not by you
import done in AR8MSWIN1256 character set and AL16UTF16 NCHAR character set
export client uses WE8MSWIN1252 character set (possible charset conversion)
. importing DMV_ACE_RUH's objects into DMV_ACE_RUH
. . importing table "DMV_COVER_RISK_SMI_DISC_LOAD" 0 rows imported
IMP-00017: following statement failed with ORACLE error 1917:
"GRANT ALTER ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
IMP-00003: ORACLE error 1917 encountered
ORA-01917: user or role 'PREM_ACE_RUH' does not exist
IMP-00017: following statement failed with ORACLE error 1917:
"GRANT DELETE ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
IMP-00003: ORACLE error 1917 encountered
ORA-01917: user or role 'PREM_ACE_RUH' does not exist
IMP-00017: following statement failed with ORACLE error 1917:
"GRANT INDEX ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
IMP-00003: ORACLE error 1917 encountered
ORA-01917: user or role 'PREM_ACE_RUH' does not exist
IMP-00017: following statement failed with ORACLE error 1917:
"GRANT INSERT ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
IMP-00003: ORACLE error 1917 encountered
ORA-01917: user or role 'PREM_ACE_RUH' does not exist
IMP-00017: following statement failed with ORACLE error 1917:
"GRANT SELECT ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
IMP-00003: ORACLE error 1917 encountered
ORA-01917: user or role 'PREM_ACE_RUH' does not exist
IMP-00017: following statement failed with ORACLE error 1917:
"GRANT UPDATE ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
IMP-00003: ORACLE error 1917 encountered
ORA-01917: user or role 'PREM_ACE_RUH' does not exist
IMP-00017: following statement failed with ORACLE error 1917:
"GRANT REFERENCES ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
IMP-00003: ORACLE error 1917 encountered
ORA-01917: user or role 'PREM_ACE_RUH' does not exist
IMP-00017: following statement failed with ORACLE error 1917:
"GRANT ON COMMIT REFRESH ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
IMP-00003: ORACLE error 1917 encountered
ORA-01917: user or role 'PREM_ACE_RUH' does not exist
IMP-00017: following statement failed with ORACLE error 1917:
"GRANT QUERY REWRITE ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
IMP-00003: ORACLE error 1917 encountered
Regards
S.Azar
DBA
Edited by: azarmohds on Oct 5, 2009 5:11 AMoradba wrote:
What's not clear with this error message? The mentioned role ''PREM_ACE_RUH' does not exist in the target database. So granting privileges to this role cannot work.
Werner''PREM_ACE_RUH' this is one of the user of ACE database. but i exported DMV_ACE_RUH user data only...
but i cannot import the dmv_ace_ruh data to same user name of SAI database..
regards
S.azar -
Hi Experts,
I am learning GP(Guided processor)according the document
http://help.sap.com/saphelp_nw70/helpdata/en/44/0d5b8f250d5cfae10000000a155369/frameset.htmneed.
I meet two question when I learn the GP.
The first:
This document don't tell me how to config the member framework of the company. After I design the GP, I have to config the user and role in the runtime for executing. I hope I can use the WDA(webdynpro for java or webdynpro for java) to implement to config the user for executing in the runtime. Thus, the customer don't config the user when runing the GP. But I don't know how to do this.
I need a document guide step by step to tell me how to do this.
The second:
If I use the workflow in the GP, I have to install and config the NWDI(Netweaver Development Infrastructure). Now I have installed the NWDI, but I don't know config it so that I can download it to my machine for develop the workfolw in the GP.
Do you give me some hints? Thanks a lot.
Thank a lot.
Best regards,
taoHi, Mithu,
Thanks a lot for your help in advance.
I have carefully read the document: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6b66d7ea-0c01-0010-14af-b3ee523210b5.
Now, I think I have to set the processor of every actions in every process if I use the GP for processing the workflow.
I am better to hope that I can set the processor to the role for every actions in every process in the runtime through get the organizational structure in the WDA(webdynpro for java or webdynpro for java). Thus, the customer don't set the processor to the role for every action in every process when runing in the GP. I don't know how to do this.
Whether the function is not supported in the GP? If so, I have to config two organizational structure: in the R/3 and in the Portal. I don't think our customer don't receipt this solution.
Do you give me some hints? Thanks a lot. My email: [email protected]
Thanks again.
Thanks & Regards,
Tao
Maybe you are looking for
-
Help: related to selection screen
hi all, Fields on selection screen (input screen) : Company Code, Document Number, Fiscal Year , Date , Tax Code , LST Condition, CST Condition. Field in the output List : Total Amount comes as Basic Amount and ( BED + CESS ) a
-
Rather significant BUG in Lightroom 3.0-3.2
Ok, I have found a really annoying bug in Lightroom. It was not there in 2.0, but is in 3.0 and 3.2. (I use the MAC version) When in the library module, if you select a number of images and switch to the survey view. You cannot mark individual im
-
I have SBO 2005 A on my computer. I have just downloaded SBO 2005 SP1. What are the differences between SBO 2005 and SBO 2005 SP1?
-
Hello, Is there a way where we can refresh the report when the user opens it. Without having the user to click on refresh ? We are having some JS code in the report and without refresh it doesn't seem to fetch the latest values. Thanks in Advance.
-
How to display group data only when the particular group is clicked
Hi frnds, I want to design my report as follows: Data is grouped by country, and for each country it is showing details for that country. I need to find out a way to display all group names first. E.g. Argentina Aruba Australia And on click of parti