User Data Source - Access Enforcer

Similar Messages

• Access enforcer and User Data Source for HR

  We are on Access Enforcer 5.2 - service pack 2:
  My problem is that when creating a new request in AE, I able to get a list of all users when I point my User Data Source to either SAP or UME. However when I attempt to create a request whilst pointing the User Data Source at the SAPHR system, I do not get any users back (and we have user set up in the SAP HR system).
  I’ve changed the connector to ‘YES’ under the HR System box, I’ve changed the Data Source Type and Details Source Type to point at the SAPHR and still it fails to fetch any users.
  I've tried looking at the log, but can't get much out of it.
  I would appreciate it, if anyone could provide any assistance.
  Thanks you in advance.
  Amarjit
  Message was edited by:
          amarjit singh

  Hi Micheal,
  Thanks for your reply.
  I'm pointing both Data Source Type and Details Source Type to the same system SAPHR and to the same system name (which is our dev system)
  Regards,
  Amarjit

• AE 5.2: Using Database as  User Data Source

  Hi all,
  we have a problem connecting our User Data Source, which is basically just a DB accessible via SQL, to Access Enforcer 5.2 SP08.
  To my knowledge AE only supports LDAP, SAP, SAP UME and SAP HR, none of which will be able to extract the data from our data source.
  Is there a way of directly mapping the DB fields with our user data to the AE request fields (like the LDAP mapping, but without using the LDAP protocol)?
  Would there be a workaround like attaching the UME to an external database? SAP Help only refers to the following sources:
  "UME can use the following types of data sources: Database of the AS Java, Directory service, User management of the AS ABAP"
  If so, would this also work with a dual stack system (ABAP&JAVA)?
  Thanks,
  Daniela

  Hi,
  I'm not sure of all the complexities around this but we had a similar problem where the user respository we used could not be connected using LDAP.
  The solution that was implemented was to create an ADAM (Active Directory Application Mode) directory, which is connected to the user repository - ADAM is then connected the UME for AE as the LDAP server.
  Probably not the most elegant solution, but we have been using this in  PRD environment for a couple of months now without any performance issues.
  Unfortunately I don't have all the details to guide you through all the config that was required, but perhaps you could investigate this as an alternative solution.
  Regards

• User Data Source in GRC AC 10

  Dear Experts,
  Need clariofcation regarding User data Source for SAP GRC AC .
  Till GRC AC 5.3 we can use only one sap backend system as user data source for gettting users like manager,approver etc and have to change User data source if user reside in some other system .
  Is this been address with GRC AC 10 .
  Thanks & Regards
  Asheesh

  Hi Asheesh,
  Looking at the configuration, you can configure multiple target systems against all of the different data sources and authentication sources. It uses the sequence number to identify in which order these should be accessed.
  SPRO - Ref IMG - GRC - Access Controls - Maintain Data Sources Configuration
  However, in my experience connecting lots of different systems to take elements of user data causes performance issues and often cuases some confusion about the actual data to be displayed. You'll need to consider the field mapping and source elements casrefuly to ensure you don't get conflicting information.
  Simon

• GRC 10/10.1 User Data Source question

  Hi folks, I've been unable to find any document that addresses this so I thought I'd ask.
  I've configured GRC 10.1 so that the GRC system is looking at the ECC system and all the scenarios are configured and things are working well.  We have a separate LDAP issue, and until that's resolved, the user data sources have been set to the ECC system.
  Specifically for Firefighter, we want to create Firefighters in the GRC system and assign them IDs that are configured in the ECC system so that they can get in for Firefighter related access and get their work done.  Many of these people are not in the ECC system.
  I realized that I have not set up the GRC system as a connector within the GRC connectors configuration.  I also did not find any reference to this in any of the documentation that's available out there.
  So I wanted to know how do you get the GRC system to become available as a user data source so that in the event a user is not available in the ECC system, and as in our case, LDAP isn't working, the user will still pull up because they exist in the GRC system?
  Can I use a connection type of LOCAL in the "Change View "Connection type definition": Overview" Screen?
  Please advice.
  Thanks,
  Santosh

  Hi Santosh,
  If your requirement is to use GRC as a data source, configure it as a SAP connector as you do for other SAP systems (the underlying system of GRC is Netweaver so its SAP as well).
  Once the connector is configured, you can use that in your "data sources configuration - user search data source". List all your connectors and the sequence in which the user ID has to be searched for.
  For  your case.,
  1. LDAP connector
  2. ECC connector
  3. GRC connector
  Thanks.
  Regards,
  Muthu

• User data Source

  dear all
  how can i know the user dat source index in Good Receipt's matrix??
  I need to read the uncommited value in the matrix.

  Hi Ian,
  I think that is a system data source...if you want to access it (read only), explore the DBDataSource collection of the mentioned form.
  Hope this helps

• User Data Source in CUP AC5.3

  Hello,
  What is the functionality of the User data sourcein Compliant User Provisioning?
  We are using HR module and i have created the connector using the Jco destination VIRSA_HRModel.
  I have configured the User data source type as SAP HR System as VIRSA_HRModel and Details source type as SAPHR with System name as VIRSA_HRModel.
  Please explain the functionality.
  Regards,
  Kumar Rayudu

  Kumar,
     As you know CUP is an ticket creation, user provisioning tool with automated workflow. So CUP will need to bring user details or user information for requestor, approver, manager etc. from some kind of source. This is where data source comes into picture. Whenever you need to search for an user ID, CUP will look at the search data source and whenever CUP needs to bring in user information like name, email, phone etc., CUP will use user details data source.
  DO NOT USE JCO IN CUP, ERM AND SPM. You will need to have exactly same connector names in all four modules of AC 5.3 for all of the integration functionality to work. When you use JCo, it will not allow you to change the default name (virsahr_model in your case).
  ONE MORE THING, NEVER EVER TOUCH JCo OTHER THAN VIRSAXSR3 EVEN FOR RAR (CC). VIRSAHR AND VIRSAR3 ARE NOT RECOMMENDED TO USE.
  I hope this helps.
  Regards,
  Alpesh

• Portal language refresh / reload (user data source ABAP stack)

  Hello,
  I'm on SAP NetWeaver Portal 7.0 with user data source on ABAP stack.
  I'm trying to create simple JavaScript links for changing the Portal language.
  I was able to change the ABAP stack user's logon language by BAPI call.
  But the newly set language shows up only after the user logs out and logs in again.
  I know that in the WebDynpro for Java, which implements the UME user interface, there is a functionality, that allows that relogging of the user is not necessary. After setting the language you only refresh the browser page (F5) and the new language shows up.
  Does anyone know what function I should call, for the language refresh (could be the same as in UME standard WDJ)?

  Hi Andres,
  language doesn't change on the Portal. The content remains in the previous language.
  I know that the switching of Logon language parameter in the user profile in ABAP stack and logoff and login on the portal leads to change of the language on the Portal. But I don't know, how to do it without the relogging of the user.
  I change the Logon language in ABAP by AJAX call of BAPI.
  Thank you for any idea.
  Jiri

• Help Me "Data Source - Not User Data Source"

  Hi All!
  I have written an addon in Service Call Form To add new Matrix in this form with code as follows:
  Dim oLink As SAPbouiCOM.LinkedButton
  oFormServiceCall = SBO_Application.Forms.GetFormByTypeAndCount(60110, 1)
          oItem = oFormServiceCall.Items.Item("159")
          oNewItem = oFormServiceCall.Items.Add("Matrix1", SAPbouiCOM.BoFormItemTypes.it_MATRIX)
          oNewItem.Left = oItem.Left
          oNewItem.Width = oItem.Width
          oNewItem.Top = oItem.Top
          oNewItem.Height = oItem.Height
          oNewItem.FromPane = 8
          oNewItem.ToPane = 8
          oMatrix = oNewItem.Specific
          oColumns = oMatrix.Columns
          oColumn = oColumns.Add("#", SAPbouiCOM.BoFormItemTypes.it_EDIT)
          oColumn.TitleObject.Caption = "#"
          oColumn.Width = 20
          oColumn.Editable = False
          '// Add a column for BP Card Code
          oColumn = oColumns.Add("callID", SAPbouiCOM.BoFormItemTypes.it_LINKED_BUTTON)
          oColumn.TitleObject.Caption = "Call ID"
          oColumn.Width = 20
          oColumn.Editable = True
          oColumn = oColumns.Add("subject", SAPbouiCOM.BoFormItemTypes.it_EDIT)
          oColumn.TitleObject.Caption = "Subject"
          oColumn.Width = 120
          oColumn.Editable = True
          oColumn = oColumns.Add("customer", SAPbouiCOM.BoFormItemTypes.it_LINKED_BUTTON)
          oColumn.TitleObject.Caption = "Cust.Code"
          oColumn.Width = 30
          oColumn.Editable = True
          '// Link the column to the BP master data system form
          oLink = oColumn.ExtendedObject
          oLink.LinkedObject = SAPbouiCOM.BoLinkedObject.lf_BusinessPartner
          oColumn = oColumns.Add("custmrName", SAPbouiCOM.BoFormItemTypes.it_EDIT)
          oColumn.TitleObject.Caption = "Cust.Name"
          oColumn.Width = 120
          oColumn.Editable = True
          oColumn = oColumns.Add("itemCode", SAPbouiCOM.BoFormItemTypes.it_LINKED_BUTTON)
          oColumn.TitleObject.Caption = "Item Code"
          oColumn.Width = 30
          oColumn.Editable = True
          oLink = oColumn.ExtendedObject
          oLink.LinkedObject = SAPbouiCOM.BoLinkedObject.lf_Items
          oColumn = oColumns.Add("itemName", SAPbouiCOM.BoFormItemTypes.it_EDIT)
          oColumn.TitleObject.Caption = "Item Name"
          oColumn.Width = 100
          oColumn.Editable = True
  And code to bind data to matrix
  oDBDataSource = oFormServiceCall.DataSources.DBDataSources.Add("OSCL")
          'oUserDataSource = oFormServiceCall.DataSources.UserDataSources.Add("OSCL", SAPbouiCOM.BoDataType.dt_LONG_TEXT)
          oColumn = oColumns.Item("callID")
          oColumn.DataBind.SetBound(True, "OSCL", "callID")
          oColumn = oColumns.Item("subject")
          oColumn.DataBind.SetBound(True, "OSCL", "subject")
          oColumn = oColumns.Item("customer")
          oColumn.DataBind.SetBound(True, "OSCL", "customer")
          oColumn = oColumns.Item("custmrName")
          oColumn.DataBind.SetBound(True, "OSCL", "custmrName")
          oColumn = oColumns.Item("itemCode")
          oColumn.DataBind.SetBound(True, "OSCL", "itemCode")
          oColumn = oColumns.Item("itemName")
          oColumn.DataBind.SetBound(True, "OSCL", "itemName")
  But It's error when Run at the row is bold. This error:
  oColumn.DataBind.SetBound(True, "OSCL", "callID")     Run-time exception thrown : System.Runtime.InteropServices.COMException - Data Source - Not User Data Source
  Please help me fix problem.
  Thanks
  Edited by: Tao lao on Mar 5, 2008 3:10 AM

  I think, u can't bind the system table system columns to the column of the matrix in the form which is bound to the same table.(though, m not sure on this.) service call is by default bound to OSCL. If u try creating a user defined column in OSCL and then bind it, it works. but, if CallId is already bound on form, and u r bnding it one more time, it will give you error.

• Validity date issue: Access Enforcer

  Hi All,
  There is a request in Access Enforcer wherein there are total 4 stages of approval, the first 2 stages have been properly approved however when the same arrived to the 3rd stage of approval, the validity date for the request was over and therefore the approvers tried to extend the same, but the "more" tab is not appearing and therefore the approvers are not able to approve the request by extensing the validity date.
  Can you please help with this issue?
  Thanks
  Vani

  Vani,
    Go to the stage level settings for this particular stage via configuration -> workflow -> stage. Change the option of 'Change request content' to 'Yes' and the approver in this stage should be able to change the vailidity dates.
  Regards,
  Alpesh

• Multi User request in Access Enforcer

  Is anyone aware of a user limit in an access enforcer multi user request?
  We get errors when we submit  a multi user access enforcer request with more than 25 users.
  Thanks

  Hi
  There is no standard limit even though we advice to keep the user to max of 20 .
  The limit depends upon the email content you have configured .
  In case in your email notifications you have taken the argument USERID then mulitple user creation request causes issue and the limit gets set to anything between 20-25 , again depending on content of the email .
  Thanks

• Abap+java stack for Portal 7.0 and MI - User Data Source

  The SAP pre-requisites for Portal and MI (Mobile Infrastructure) 7.0 is an ABAP and Java Stack. If you install an AS ABAP + Java, the UME is automatically set up to use the ABAP user management of the same AS installation. What does this mean? The user store will be created in ABAP, for both the Portal and MI.
  The impact of this is portal users management is in ABAP. This configuration by design cannot be connected to LDAP Active directory for user authentication.
  Please let me know , if some body had already face similar issue and come up with the solution.  Thanks in advance.

  Hi Surya ,
  When you install portal or any NW component with ABAP stack , ABAP stack hold precidence over the JAVA Stack , refer to this link to have more idea on this .
  http://help.sap.com/saphelp_nw2004s/helpdata/en/2b/306bb5bc98f24f8a85d489449af456/frameset.htm--
  http://help.sap.com/saphelp_nw04s/helpdata/en/12/7678123c96814bada2c8632d825443/frameset.htm
  Thanx
  Pankaj

• User Data source with matrix

  Hi all ,,
  i have a question if you can help me :
  i put choose from list in matrix but when i choose item didn't fill in the column and my code is :
  ** on create form
     oForm.DataSources.UserDataSources.Add("IDS", BoDataType.dt_SHORT_TEXT);
                  SAPbouiCOM.Matrix Mat = (SAPbouiCOM.Matrix)oForm.Items.Item("12").Specific;
                //  SAPbouiCOM.EditTextColumn EC = Mat.Columns.It
                  Mat.Columns.Item("V_ITM").ChooseFromListUID = "ITM";
                  Mat.Columns.Item("V_ITM").ChooseFromListAlias = "ItemCode";
                  Mat.Columns.Item("V_ITM").DataBind.SetBound(true, "", "IDS");
  ***on Item Event
      if ((pVal.ColUID== "V_4"))
                          //oForm.DataSources.UserDataSources.Item("IDS").ValueEx = val;
                           SAPbouiCOM.Matrix Mat = (SAPbouiCOM.Matrix)oForm.Items.Item("12").Specific;
                    //  SAPbouiCOM.EditTextColumn EC = Mat.Columns.It
                           SAPbouiCOM.EditText c = null ;
                          try
                               oForm.DataSources.UserDataSources.Item("IDS").ValueEx = val;
                               Mat.LoadFromDataSource();

  Hi folks, i know this thread is a little old but i have the same insue and i want to share the solution, it could help others.
  Like Mayank said, get line and set line works the last row of the matrix, but is not true at all, GetLineData and SetLineData works for the row of the matrix that is set on the offset of DBDatasource lines, so to works fine you need to set the offset first.
  oForm.DataSources.DBDataSources.Item("@MY_DS_LINES").Offset = x-1;
  Mat.GetLineData(x);
  oForm.DataSources.UserDataSources.Item("IDS").ValueEx = val;
  // Update any other UserDataSources for the same row here...
  Mat.SetLineData(x);
  where x is the row number of the matrix you want to update.

• GRC 10 - Legacy connector as user detail data source

  Hello, 
  I'm trying to use a legacy connector (with a text file as input) as a user data-source.
  Repository user sync for this legacy connector works : checked GRACUSER table, it is populated with all the user details from the input file (id,firstname,lastname,mail,department,phone
  I got it working for user search data source : when creating an access request for "other" user, searching for a user ID/name works : data are displayed in search result, however when I select the user from the serach result the user details are not populated in an access-request form.
  Any clue about this ? Any one already got this working ?
  GRC 10.0 SP13.
  Checked SP14 and SP15 release notes, and found no relevant notes yet.
  repository-related notes applied :
  -1864423
  -1950231
  Regards,
  Emmanuel.

  Hi Pedro,
  You only have confirmed that 2 accounts are maintained in HCM and in SU01 as well, so you would be able to see these accounts' details both ways.
  Yes, you are right about user account maintenance first in HCM at the time of new hire, then you can manually raise the access request to grant them access to various SAP systems. Or in order to automate this process as Prasahant suggested, you can take help from HR Triggers.
  You can refer: GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki
  But responding to your original discussion, whatever user accounts are maintained in HCM you would see those details provided you define HR for the "user search data source" AND from SU01 for "user detail data source"
  In your case you have 2 accounts which have been maintained in HCM as well as SU01, so that is what creating confusion for you.
  Let us know if you need any more clarifications.
  Regards,
  Ameet

• User Details Data Source in CUP 5.3

  Dear GRC Gurus,
  Iam configuring CUP 5.3., in the User data source (which is used to fetch users,approvers,managers from backend)  there is User Details Data Source -> i select SAP and i get the system name -> There is a Field Function Template -> there are two options, standard and Custom. 
  What is the use of Function Template ?
  What is standard and Custom?
  If we select Custom, what should we enter in Function Template Name?
  Can you please clarify
  Thanks a lot...
  Regards
  Selva

  Hi,
  The user data source only reads the user details for use in defaulting the information into request forms / workflow.
  I believe that the function template just tells the system whether to use standard fields within the SAP user master or whether you have requirements to use alternative field mappings.
  I don't think that the custom template name matters as it is identified.
  I must admit that I haven't used it so I may be wrong but that is my current understanding!
  Regards, Simon
  Edited by: Simon P Persin on Oct 26, 2009 4:40 PM