User Data Source in CUP AC5.3
Hello,
What is the functionality of the User data sourcein Compliant User Provisioning?
We are using HR module and i have created the connector using the Jco destination VIRSA_HRModel.
I have configured the User data source type as SAP HR System as VIRSA_HRModel and Details source type as SAPHR with System name as VIRSA_HRModel.
Please explain the functionality.
Regards,
Kumar Rayudu
Kumar,
As you know CUP is an ticket creation, user provisioning tool with automated workflow. So CUP will need to bring user details or user information for requestor, approver, manager etc. from some kind of source. This is where data source comes into picture. Whenever you need to search for an user ID, CUP will look at the search data source and whenever CUP needs to bring in user information like name, email, phone etc., CUP will use user details data source.
DO NOT USE JCO IN CUP, ERM AND SPM. You will need to have exactly same connector names in all four modules of AC 5.3 for all of the integration functionality to work. When you use JCo, it will not allow you to change the default name (virsahr_model in your case).
ONE MORE THING, NEVER EVER TOUCH JCo OTHER THAN VIRSAXSR3 EVEN FOR RAR (CC). VIRSAHR AND VIRSAR3 ARE NOT RECOMMENDED TO USE.
I hope this helps.
Regards,
Alpesh
Similar Messages
-
User Details Data Source in CUP 5.3
Dear GRC Gurus,
Iam configuring CUP 5.3., in the User data source (which is used to fetch users,approvers,managers from backend) there is User Details Data Source -> i select SAP and i get the system name -> There is a Field Function Template -> there are two options, standard and Custom.
What is the use of Function Template ?
What is standard and Custom?
If we select Custom, what should we enter in Function Template Name?
Can you please clarify
Thanks a lot...
Regards
SelvaHi,
The user data source only reads the user details for use in defaulting the information into request forms / workflow.
I believe that the function template just tells the system whether to use standard fields within the SAP user master or whether you have requirements to use alternative field mappings.
I don't think that the custom template name matters as it is identified.
I must admit that I haven't used it so I may be wrong but that is my current understanding!
Regards, Simon
Edited by: Simon P Persin on Oct 26, 2009 4:40 PM -
Dear Experts,
Need clariofcation regarding User data Source for SAP GRC AC .
Till GRC AC 5.3 we can use only one sap backend system as user data source for gettting users like manager,approver etc and have to change User data source if user reside in some other system .
Is this been address with GRC AC 10 .
Thanks & Regards
AsheeshHi Asheesh,
Looking at the configuration, you can configure multiple target systems against all of the different data sources and authentication sources. It uses the sequence number to identify in which order these should be accessed.
SPRO - Ref IMG - GRC - Access Controls - Maintain Data Sources Configuration
However, in my experience connecting lots of different systems to take elements of user data causes performance issues and often cuases some confusion about the actual data to be displayed. You'll need to consider the field mapping and source elements casrefuly to ensure you don't get conflicting information.
Simon -
Access enforcer and User Data Source for HR
We are on Access Enforcer 5.2 - service pack 2:
My problem is that when creating a new request in AE, I able to get a list of all users when I point my User Data Source to either SAP or UME. However when I attempt to create a request whilst pointing the User Data Source at the SAPHR system, I do not get any users back (and we have user set up in the SAP HR system).
Ive changed the connector to YES under the HR System box, Ive changed the Data Source Type and Details Source Type to point at the SAPHR and still it fails to fetch any users.
I've tried looking at the log, but can't get much out of it.
I would appreciate it, if anyone could provide any assistance.
Thanks you in advance.
Amarjit
Message was edited by:
amarjit singhHi Micheal,
Thanks for your reply.
I'm pointing both Data Source Type and Details Source Type to the same system SAPHR and to the same system name (which is our dev system)
Regards,
Amarjit -
GRC 10/10.1 User Data Source question
Hi folks, I've been unable to find any document that addresses this so I thought I'd ask.
I've configured GRC 10.1 so that the GRC system is looking at the ECC system and all the scenarios are configured and things are working well. We have a separate LDAP issue, and until that's resolved, the user data sources have been set to the ECC system.
Specifically for Firefighter, we want to create Firefighters in the GRC system and assign them IDs that are configured in the ECC system so that they can get in for Firefighter related access and get their work done. Many of these people are not in the ECC system.
I realized that I have not set up the GRC system as a connector within the GRC connectors configuration. I also did not find any reference to this in any of the documentation that's available out there.
So I wanted to know how do you get the GRC system to become available as a user data source so that in the event a user is not available in the ECC system, and as in our case, LDAP isn't working, the user will still pull up because they exist in the GRC system?
Can I use a connection type of LOCAL in the "Change View "Connection type definition": Overview" Screen?
Please advice.
Thanks,
SantoshHi Santosh,
If your requirement is to use GRC as a data source, configure it as a SAP connector as you do for other SAP systems (the underlying system of GRC is Netweaver so its SAP as well).
Once the connector is configured, you can use that in your "data sources configuration - user search data source". List all your connectors and the sequence in which the user ID has to be searched for.
For your case.,
1. LDAP connector
2. ECC connector
3. GRC connector
Thanks.
Regards,
Muthu -
Portal language refresh / reload (user data source ABAP stack)
Hello,
I'm on SAP NetWeaver Portal 7.0 with user data source on ABAP stack.
I'm trying to create simple JavaScript links for changing the Portal language.
I was able to change the ABAP stack user's logon language by BAPI call.
But the newly set language shows up only after the user logs out and logs in again.
I know that in the WebDynpro for Java, which implements the UME user interface, there is a functionality, that allows that relogging of the user is not necessary. After setting the language you only refresh the browser page (F5) and the new language shows up.
Does anyone know what function I should call, for the language refresh (could be the same as in UME standard WDJ)?Hi Andres,
language doesn't change on the Portal. The content remains in the previous language.
I know that the switching of Logon language parameter in the user profile in ABAP stack and logoff and login on the portal leads to change of the language on the Portal. But I don't know, how to do it without the relogging of the user.
I change the Logon language in ABAP by AJAX call of BAPI.
Thank you for any idea.
Jiri -
dear all
how can i know the user dat source index in Good Receipt's matrix??
I need to read the uncommited value in the matrix.Hi Ian,
I think that is a system data source...if you want to access it (read only), explore the DBDataSource collection of the mentioned form.
Hope this helps -
Help Me "Data Source - Not User Data Source"
Hi All!
I have written an addon in Service Call Form To add new Matrix in this form with code as follows:
Dim oLink As SAPbouiCOM.LinkedButton
oFormServiceCall = SBO_Application.Forms.GetFormByTypeAndCount(60110, 1)
oItem = oFormServiceCall.Items.Item("159")
oNewItem = oFormServiceCall.Items.Add("Matrix1", SAPbouiCOM.BoFormItemTypes.it_MATRIX)
oNewItem.Left = oItem.Left
oNewItem.Width = oItem.Width
oNewItem.Top = oItem.Top
oNewItem.Height = oItem.Height
oNewItem.FromPane = 8
oNewItem.ToPane = 8
oMatrix = oNewItem.Specific
oColumns = oMatrix.Columns
oColumn = oColumns.Add("#", SAPbouiCOM.BoFormItemTypes.it_EDIT)
oColumn.TitleObject.Caption = "#"
oColumn.Width = 20
oColumn.Editable = False
'// Add a column for BP Card Code
oColumn = oColumns.Add("callID", SAPbouiCOM.BoFormItemTypes.it_LINKED_BUTTON)
oColumn.TitleObject.Caption = "Call ID"
oColumn.Width = 20
oColumn.Editable = True
oColumn = oColumns.Add("subject", SAPbouiCOM.BoFormItemTypes.it_EDIT)
oColumn.TitleObject.Caption = "Subject"
oColumn.Width = 120
oColumn.Editable = True
oColumn = oColumns.Add("customer", SAPbouiCOM.BoFormItemTypes.it_LINKED_BUTTON)
oColumn.TitleObject.Caption = "Cust.Code"
oColumn.Width = 30
oColumn.Editable = True
'// Link the column to the BP master data system form
oLink = oColumn.ExtendedObject
oLink.LinkedObject = SAPbouiCOM.BoLinkedObject.lf_BusinessPartner
oColumn = oColumns.Add("custmrName", SAPbouiCOM.BoFormItemTypes.it_EDIT)
oColumn.TitleObject.Caption = "Cust.Name"
oColumn.Width = 120
oColumn.Editable = True
oColumn = oColumns.Add("itemCode", SAPbouiCOM.BoFormItemTypes.it_LINKED_BUTTON)
oColumn.TitleObject.Caption = "Item Code"
oColumn.Width = 30
oColumn.Editable = True
oLink = oColumn.ExtendedObject
oLink.LinkedObject = SAPbouiCOM.BoLinkedObject.lf_Items
oColumn = oColumns.Add("itemName", SAPbouiCOM.BoFormItemTypes.it_EDIT)
oColumn.TitleObject.Caption = "Item Name"
oColumn.Width = 100
oColumn.Editable = True
And code to bind data to matrix
oDBDataSource = oFormServiceCall.DataSources.DBDataSources.Add("OSCL")
'oUserDataSource = oFormServiceCall.DataSources.UserDataSources.Add("OSCL", SAPbouiCOM.BoDataType.dt_LONG_TEXT)
oColumn = oColumns.Item("callID")
oColumn.DataBind.SetBound(True, "OSCL", "callID")
oColumn = oColumns.Item("subject")
oColumn.DataBind.SetBound(True, "OSCL", "subject")
oColumn = oColumns.Item("customer")
oColumn.DataBind.SetBound(True, "OSCL", "customer")
oColumn = oColumns.Item("custmrName")
oColumn.DataBind.SetBound(True, "OSCL", "custmrName")
oColumn = oColumns.Item("itemCode")
oColumn.DataBind.SetBound(True, "OSCL", "itemCode")
oColumn = oColumns.Item("itemName")
oColumn.DataBind.SetBound(True, "OSCL", "itemName")
But It's error when Run at the row is bold. This error:
oColumn.DataBind.SetBound(True, "OSCL", "callID") Run-time exception thrown : System.Runtime.InteropServices.COMException - Data Source - Not User Data Source
Please help me fix problem.
Thanks
Edited by: Tao lao on Mar 5, 2008 3:10 AMI think, u can't bind the system table system columns to the column of the matrix in the form which is bound to the same table.(though, m not sure on this.) service call is by default bound to OSCL. If u try creating a user defined column in OSCL and then bind it, it works. but, if CallId is already bound on form, and u r bnding it one more time, it will give you error.
-
AE 5.2: Using Database as User Data Source
Hi all,
we have a problem connecting our User Data Source, which is basically just a DB accessible via SQL, to Access Enforcer 5.2 SP08.
To my knowledge AE only supports LDAP, SAP, SAP UME and SAP HR, none of which will be able to extract the data from our data source.
Is there a way of directly mapping the DB fields with our user data to the AE request fields (like the LDAP mapping, but without using the LDAP protocol)?
Would there be a workaround like attaching the UME to an external database? SAP Help only refers to the following sources:
"UME can use the following types of data sources: Database of the AS Java, Directory service, User management of the AS ABAP"
If so, would this also work with a dual stack system (ABAP&JAVA)?
Thanks,
DanielaHi,
I'm not sure of all the complexities around this but we had a similar problem where the user respository we used could not be connected using LDAP.
The solution that was implemented was to create an ADAM (Active Directory Application Mode) directory, which is connected to the user repository - ADAM is then connected the UME for AE as the LDAP server.
Probably not the most elegant solution, but we have been using this in PRD environment for a couple of months now without any performance issues.
Unfortunately I don't have all the details to guide you through all the config that was required, but perhaps you could investigate this as an alternative solution.
Regards -
User Data Source - Access Enforcer
Hi,
I currently have my User Details Data Source and Search Data Source in AE pointed to the UME. In the UME I have my requestors and approvers set up. However when I go to raise a request to change a user account and want to search for an SAP user, the search only returns the requestors and approvers set up in the UME and does not show user data from SAP. How can set up AE so that it shows me user data from SAP and requestor/approver data from the UME?
Thanks,
GaryWhat you can do is... to point your UME to your SAP system, where you can find all users.....
And keep your configuration of AE the way you have it....
Another way is, to change your configuration of User Details Data Source pointing to SAP.
Youy User Details Data Source have to point to the system that have all the new users....
For example, in my company before giving the SAP access we give LDAP access, so my User Details Data Source are pointing to my LDAP system.... this way i can find easily the user that need to request access..
Hope this help.
Regards, -
Abap+java stack for Portal 7.0 and MI - User Data Source
The SAP pre-requisites for Portal and MI (Mobile Infrastructure) 7.0 is an ABAP and Java Stack. If you install an AS ABAP + Java, the UME is automatically set up to use the ABAP user management of the same AS installation. What does this mean? The user store will be created in ABAP, for both the Portal and MI.
The impact of this is portal users management is in ABAP. This configuration by design cannot be connected to LDAP Active directory for user authentication.
Please let me know , if some body had already face similar issue and come up with the solution. Thanks in advance.Hi Surya ,
When you install portal or any NW component with ABAP stack , ABAP stack hold precidence over the JAVA Stack , refer to this link to have more idea on this .
http://help.sap.com/saphelp_nw2004s/helpdata/en/2b/306bb5bc98f24f8a85d489449af456/frameset.htm--
http://help.sap.com/saphelp_nw04s/helpdata/en/12/7678123c96814bada2c8632d825443/frameset.htm
Thanx
Pankaj -
Hi all ,,
i have a question if you can help me :
i put choose from list in matrix but when i choose item didn't fill in the column and my code is :
** on create form
oForm.DataSources.UserDataSources.Add("IDS", BoDataType.dt_SHORT_TEXT);
SAPbouiCOM.Matrix Mat = (SAPbouiCOM.Matrix)oForm.Items.Item("12").Specific;
// SAPbouiCOM.EditTextColumn EC = Mat.Columns.It
Mat.Columns.Item("V_ITM").ChooseFromListUID = "ITM";
Mat.Columns.Item("V_ITM").ChooseFromListAlias = "ItemCode";
Mat.Columns.Item("V_ITM").DataBind.SetBound(true, "", "IDS");
***on Item Event
if ((pVal.ColUID== "V_4"))
//oForm.DataSources.UserDataSources.Item("IDS").ValueEx = val;
SAPbouiCOM.Matrix Mat = (SAPbouiCOM.Matrix)oForm.Items.Item("12").Specific;
// SAPbouiCOM.EditTextColumn EC = Mat.Columns.It
SAPbouiCOM.EditText c = null ;
try
oForm.DataSources.UserDataSources.Item("IDS").ValueEx = val;
Mat.LoadFromDataSource();Hi folks, i know this thread is a little old but i have the same insue and i want to share the solution, it could help others.
Like Mayank said, get line and set line works the last row of the matrix, but is not true at all, GetLineData and SetLineData works for the row of the matrix that is set on the offset of DBDatasource lines, so to works fine you need to set the offset first.
oForm.DataSources.DBDataSources.Item("@MY_DS_LINES").Offset = x-1;
Mat.GetLineData(x);
oForm.DataSources.UserDataSources.Item("IDS").ValueEx = val;
// Update any other UserDataSources for the same row here...
Mat.SetLineData(x);
where x is the row number of the matrix you want to update. -
CUP 5.3 SP8 - Authentication Source/User Details Source question
Hello,
Here is another issue I'm noticing with CUP.
Currently we have it configured as such:
Authentication Source: LDAP
Search Data Sourec: SAPHR
User Details Data Source: SAPHR
When a Requestor logs in to create a request for themself, Requestor Username and Email are correctly populated under the Requestor section of the request screen. This Username and Email match identically from SAPHR; and it should, as that is what we have defined as our User Data Source
When a Requestor logs in to create a request for another user, Requestor Username and Email are populated differently under the Requestor section of the request screen; this information in this case appears to be coming from LDAP. This does not seem correct to me. LDAP is only defined as the Authentication Source, not the User Data Source.
1) Why would the Requestor section populate differently when creating a request for yourself vs. another user?
2) Is this a bug in CUP?
3) Has anyone else noticed this or found a fix?
Thanks!!
JesWe are on the same SP level and are configured similarly but don't see this issue.
Data Source - LDAP
Search - SAP
Datasource - Multiple (SAPHR, SAP(BI), LDAP, SAP(SRM))
Also, our LDAP does not carry the email address (yet).
When I create a new request for someone else, all the information is filled in correctly from our SAPHR system, if they are in HR, or from our BI system if they are not in HR but are in BI. However, since we don't carry e-mail address in our LDAP system yet, the requestor e-mail field is left blank and I have to manually fill it in. (We do plan on changing this).
Hope this helps,
Peggy -
GRC 10 - Legacy connector as user detail data source
Hello,
I'm trying to use a legacy connector (with a text file as input) as a user data-source.
Repository user sync for this legacy connector works : checked GRACUSER table, it is populated with all the user details from the input file (id,firstname,lastname,mail,department,phone
I got it working for user search data source : when creating an access request for "other" user, searching for a user ID/name works : data are displayed in search result, however when I select the user from the serach result the user details are not populated in an access-request form.
Any clue about this ? Any one already got this working ?
GRC 10.0 SP13.
Checked SP14 and SP15 release notes, and found no relevant notes yet.
repository-related notes applied :
-1864423
-1950231
Regards,
Emmanuel.Hi Pedro,
You only have confirmed that 2 accounts are maintained in HCM and in SU01 as well, so you would be able to see these accounts' details both ways.
Yes, you are right about user account maintenance first in HCM at the time of new hire, then you can manually raise the access request to grant them access to various SAP systems. Or in order to automate this process as Prasahant suggested, you can take help from HR Triggers.
You can refer: GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki
But responding to your original discussion, whatever user accounts are maintained in HCM you would see those details provided you define HR for the "user search data source" AND from SU01 for "user detail data source"
In your case you have 2 accounts which have been maintained in HCM as well as SU01, so that is what creating confusion for you.
Let us know if you need any more clarifications.
Regards,
Ameet -
Getting USERS data in a Multiple LDAP scenario
Hi All
We have users in 3 entirely different domains....with different LDAP existing....While getting users data in CUP from LDAP, how do I establish a connection with all of them....? Shall I create different LDAP connectors for them? But I can only determine one user data source....at a time
Please advice if there is some other option
Thanks
AbhijeetHello Abhijeet,
Yes you have to create three different connectors for all the LDAP systems and you can fetch user data from different systems too. From AC 5.3, you can define multiple user detail souces in CUP and assign priority to them
Here is a document on BPX that may help you in configuring the same:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b07a775f-038e-2b10-4091-e7cfc47ec9b0
Hope this answers the query.
Harleen
SAP GRC RIG
Maybe you are looking for
-
IPod Touch 4th gen won't connect to wi-fi
So I was in my university, when I noticed the iPod suddenly disconected from Wi-Fi. When I got home, it didn't connect to the home network either, and asked for the network password. I entered it, and said it was wrong. I entered it from my iMac,
-
In OWB can I execute a function which is in another database in processflow
I am in database1 and want to create a process flow in which I want to call a function which is in database 2 and then run the process flow. Can I do this. If so can anyone tell me how to do this. Thank You
-
Hi there. I am having constant problems when trying to connect to www.pretty green.com.When going to check out it is telling me that the site is unsognes,unsecure and doesn't use encryption.Other people are not seeing this message. I have tried every
-
Brand-spanking new T61's screen is blank after hitting power on button.
Good evening, ladies and gentlemen. I've been at this for over 6 hours. I've tried everything in the lame troubleshooting manual, and almost everything from the Lenova's website. Here's the deal: I hit the power button... blank screen. Battery,
-
How do I delete a digital certificate that is no longer valid?
Whenever I try to send an email I get an alert about an invalid digital certificate that is no longer valid but I don't know how to get rid of it. The email account was deleted some time ago. It also shows up in my address book and in my calendar