User Details Data Source in CUP 5.3

Dear GRC Gurus,
Iam configuring CUP 5.3., in the User data source (which is used to fetch users,approvers,managers from backend)  there is User Details Data Source -> i select SAP and i get the system name -> There is a Field Function Template -> there are two options, standard and Custom. 
What is the use of Function Template ?
What is standard and Custom?
If we select Custom, what should we enter in Function Template Name?
Can you please clarify
Thanks a lot...
Regards
Selva

Hi,
The user data source only reads the user details for use in defaulting the information into request forms / workflow.
I believe that the function template just tells the system whether to use standard fields within the SAP user master or whether you have requirements to use alternative field mappings.
I don't think that the custom template name matters as it is identified.
I must admit that I haven't used it so I may be wrong but that is my current understanding!
Regards, Simon
Edited by: Simon P Persin on Oct 26, 2009 4:40 PM

Similar Messages

  • GRC 10 - Legacy connector as user detail data source

    Hello, 
    I'm trying to use a legacy connector (with a text file as input) as a user data-source.
    Repository user sync for this legacy connector works : checked GRACUSER table, it is populated with all the user details from the input file (id,firstname,lastname,mail,department,phone
    I got it working for user search data source : when creating an access request for "other" user, searching for a user ID/name works : data are displayed in search result, however when I select the user from the serach result the user details are not populated in an access-request form.
    Any clue about this ? Any one already got this working ?
    GRC 10.0 SP13.
    Checked SP14 and SP15 release notes, and found no relevant notes yet.
    repository-related notes applied :
    -1864423
    -1950231
    Regards,
    Emmanuel.

    Hi Pedro,
    You only have confirmed that 2 accounts are maintained in HCM and in SU01 as well, so you would be able to see these accounts' details both ways.
    Yes, you are right about user account maintenance first in HCM at the time of new hire, then you can manually raise the access request to grant them access to various SAP systems. Or in order to automate this process as Prasahant suggested, you can take help from HR Triggers.
    You can refer: GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki
    But responding to your original discussion, whatever user accounts are maintained in HCM you would see those details provided you define HR for the "user search data source" AND from SU01 for "user detail data source"
    In your case you have 2 accounts which have been maintained in HCM as well as SU01, so that is what creating confusion for you.
    Let us know if you need any more clarifications.
    Regards,
    Ameet

  • User Details Data Source

    Hello all,
    I´m working to configure the user search data source and also user details data source from our GRC AC environment. Bellow my doubt:
    Can I configure GRC AC to automatically fill the Manager field in the access request screen? Obviously the User Details Data Source must be configured. Is it possible using SU01? HR? LDAP? All of them? Some examples would be really appreciated.
    In other words:
    When an Access Request is made, I want all User Details filled automatically, including the Manager.
    Regards,
    SAP Legend

    Hi,
    Yes you can configure the manager look up functionality by configuring the detail data source in the IMG and make sure you do all the configurations respective to what data source you are using.
    If you are using LDAP then make sure you have done the mapping for your AC field name and target system field name and all the LDAP related configurations.
    If you are using HR system as the data source please check the below link.
    Configure Manager Look-Up in ARM for GRC 10
    Regards,
    Neeraj

  • User Data Source in CUP AC5.3

    Hello,
    What is the functionality of the User data sourcein Compliant User Provisioning?
    We are using HR module and i have created the connector using the Jco destination VIRSA_HRModel.
    I have configured the User data source type as SAP HR System as VIRSA_HRModel and Details source type as SAPHR with System name as VIRSA_HRModel.
    Please explain the functionality.
    Regards,
    Kumar Rayudu

    Kumar,
       As you know CUP is an ticket creation, user provisioning tool with automated workflow. So CUP will need to bring user details or user information for requestor, approver, manager etc. from some kind of source. This is where data source comes into picture. Whenever you need to search for an user ID, CUP will look at the search data source and whenever CUP needs to bring in user information like name, email, phone etc., CUP will use user details data source.
    DO NOT USE JCO IN CUP, ERM AND SPM. You will need to have exactly same connector names in all four modules of AC 5.3 for all of the integration functionality to work. When you use JCo, it will not allow you to change the default name (virsahr_model in your case).
    ONE MORE THING, NEVER EVER TOUCH JCo OTHER THAN VIRSAXSR3 EVEN FOR RAR (CC). VIRSAHR AND VIRSAR3 ARE NOT RECOMMENDED TO USE.
    I hope this helps.
    Regards,
    Alpesh

  • GRC AC - HCM as user search data source

    Hello all,
    I´ve configured GRC AC to user HCM as user search data source and also user details data source. During my user change tests through the "Access Request" function, I noticed that only existent users at SU01 and HCM (checked through PA30) appear in the access request User Selection. Existent users at HCM but not at SU01 doesn´t appear.
    Someone can tell me why? I mean, if I configured the user search to use HCM as data source, shoudn´t it bring all HCM users regardless of his existence at SU01?
    Thanks in advance,
    Pedro

    Hi Pedro,
    You only have confirmed that 2 accounts are maintained in HCM and in SU01 as well, so you would be able to see these accounts' details both ways.
    Yes, you are right about user account maintenance first in HCM at the time of new hire, then you can manually raise the access request to grant them access to various SAP systems. Or in order to automate this process as Prasahant suggested, you can take help from HR Triggers.
    You can refer: GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki
    But responding to your original discussion, whatever user accounts are maintained in HCM you would see those details provided you define HR for the "user search data source" AND from SU01 for "user detail data source"
    In your case you have 2 accounts which have been maintained in HCM as well as SU01, so that is what creating confusion for you.
    Let us know if you need any more clarifications.
    Regards,
    Ameet

  • Lync monitoring Details reports are not getting opened, Getting SQL error like "Cannot impersonate user for data source 'CDRDB"

    Hi,
         Two month before, We have deployed Lync 13 set up with lync monitoring and archiving service enabled. After configuring we have the Lync monitoring and archiving services are working fine... few weeks back I have changed the Admin Password
    of the Lync Setup. After that Lync Monitoring and Archiving services are not working.
    when I try open Lync monitoring service from web UI, 
    http://localhost/ReportServer_LyncMonitoring/
    Web UI is opening but Reports home page is not Accessible , Getting error Like
    "An error has occurred during report processing. (rsProcessingAborted)
    Cannot impersonate user for data source 'CDRDB'. (rsErrorImpersonatingUser)
    Log on failed. Ensure the user name and password are correct. (rsLogonFailed)
    The user name or password is incorrect"
    Please help me to trouble shoot this problem.
    Thanks,
    Rajarajan.D

    Hi Rajarajan.D
    You probably need to update the password against the CDRDB datasource in SSRS Report manager, take a look at this article: http://lyncme.co.uk/microsoft-lync-server-2013/cannot-impersonate-user-for-data-source-cdrdb-rserrorimpersonatinguser-error/
    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
    Georg Thomas | Lync MVP
    Blog www.lynced.com.au | Twitter
    @georgathomas
    Lync Edge Port Check (Beta)
    This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • GRC AC User Search Data Source Configuration

    Hello all!
    I´ve configured BRM and ARM as recommended on SAP Access Control 10.0. A lot of things are working ok and some of them not. At this moment I´m testing an Access Request to lock a user, the problem happens when I try to search the user, I didn´t receive any return. Please check the print screen:
    "Maintain Data Sources Configuration" is configured as the print bellow pointing to our ECC/HR system:
    Someone can help?
    Regards,
    SAP Legend

    HI,
    Also maintain detail data source and make sure you run repository sync job..
    Also check if the user you are trying to lock is present in the table GRACUSER/GRACUSERCONN.
    Regards,
    Neeraj

  • Got rid of User Profiles data source in 2013?

    We're trying to put together an approval workflow using 2013, but it seems like they got rid of the "User Profiles" data source, so you cant simply select the Manager of the current user. I wanted to add that manager to the Participants of a Task
    process, but I kind of hit a brick wall with that.
    Is the process overall different in how I would talk to the active directory through the workflow? Or should I just stick to 2010 workflow?

    Correct, it is no longer there. You're going to have to use the user profile web service. See here:
    http://sharepointrocks.wordpress.com/2013/08/22/sharepoint-2013-using-infopath-and-userprofileservice-asmx-with-claims-based-web-applications/
    Andy Wessendorf SharePoint Developer II | Rackspace [email protected]

  • Cannot impersonate user for data source 'SMSDB'. --- Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Log on failed. ---

    After Upgrading from SCCM 2012 Sp1 to SCCM 2012 R2 we are getting following error:
    System.Web.Services.Protocols.SoapException: An error has occurred during report processing. ---> Microsoft.ReportingServices.ReportProcessing.ProcessingAbortedException: An error has occurred during report processing. ---> Microsoft.ReportingServices.ReportProcessing.ReportProcessingException:
    Cannot impersonate user for data source 'SMSDB'. ---> Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Log on failed. ---> System.Runtime.InteraopServices.COMException: The referenced account is currently locked out and may not
    be logged on to. (Exception from HRESULT: 0x80070775)
       at Microsoft.ReportingServices.WebServer.ReportingService2005Impl.GetReportParameters(String Report, String HistoryID, Boolean ForRendering, ParameterValue[] Values, DataSourceCredentials[] Credentials, ReportParameter[]& Parameters)
       at Microsoft.ReportingServices.WebServer.ReportingService2005.GetReportParameters(String Report, String HistoryID, Boolean ForRendering, ParameterValue[] Values, DataSourceCredentials[] Credentials, ReportParameter[]& Parameters)
    Microsoft.ConfigurationManagement.ManagementProvider.SmsException
    An error has occurred during report processing.
    Stack Trace:
       at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ParameterPresenter.GetParameters()
       at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ParameterPresenter.LoadParameters(IReport report, Collection`1 navigationParameters, IResultObject resultObject)
       at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ReportViewerPresenter.Worker_DoWork(Object sender, DoWorkEventArgs e)
       at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
       at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
    System.Web.Services.Protocols.SoapException
    System.Web.Services.Protocols.SoapException: An error has occurred during report processing. ---> Microsoft.ReportingServices.ReportProcessing.ProcessingAbortedException: An error has occurred during report processing. ---> Microsoft.ReportingServices.ReportProcessing.ReportProcessingException:
    Cannot impersonate user for data source 'SMSDB'. ---> Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Log on failed. ---> System.Runtime.InteropServices.COMException: The referenced account is currently locked out and may not
    be logged on to. (Exception from HRESULT: 0x80070775)
       at Microsoft.ReportingServices.WebServer.ReportingService2005Impl.GetReportParameters(String Report, String HistoryID, Boolean ForRendering, ParameterValue[] Values, DataSourceCredentials[] Credentials, ReportParameter[]& Parameters)
       at Microsoft.ReportingServices.WebServer.ReportingService2005.GetReportParameters(String Report, String HistoryID, Boolean ForRendering, ParameterValue[] Values, DataSourceCredentials[] Credentials, ReportParameter[]& Parameters)
    Stack Trace:
       at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ParameterPresenter.GetParameters()
       at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ParameterPresenter.LoadParameters(IReport report, Collection`1 navigationParameters, IResultObject resultObject)
       at Microsoft.ConfigurationManagement.AdminConsole.SrsReporting.ReportViewerPresenter.Worker_DoWork(Object sender, DoWorkEventArgs e)
       at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
       at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)

    HI,
    Check the SQL Reporting services account that is used, the one that you supplied when setting up the SQL Reporting Services point in the Configuration Manager 2012 console, it seems to be locked out.
    I believe it has been asked once before on the forums as well.
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • CUP 5.3 SP8 - Authentication Source/User Details Source question

    Hello,
    Here is another issue I'm noticing with CUP.
    Currently we have it configured as such:
    Authentication Source: LDAP
    Search Data Sourec: SAPHR
    User Details Data Source: SAPHR
    When a Requestor logs in to create a request for themself, Requestor Username and Email are correctly populated under the Requestor section of the request screen. This Username and Email match identically from SAPHR; and it should, as that is what we have defined as our User Data Source
    When a Requestor logs in to create a request for another user, Requestor Username and Email are populated differently under the Requestor section of the request screen; this information in this case appears to be coming from LDAP. This does not seem correct to me. LDAP is only defined as the Authentication Source, not the User Data Source.
    1) Why would the Requestor section populate differently when creating a request for yourself vs. another user?
    2) Is this a bug in CUP?
    3) Has anyone else noticed this or found a fix?
    Thanks!!
    Jes

    We are on the same SP level and are configured similarly but don't see this issue. 
    Data Source - LDAP
    Search - SAP
    Datasource - Multiple (SAPHR, SAP(BI), LDAP, SAP(SRM))
    Also, our LDAP does not carry the email address (yet).
    When I create a new request for someone else, all the information is filled in correctly from our SAPHR system, if they are in HR, or from our BI system if they are not in HR but are in BI.  However, since we don't carry e-mail address in our LDAP system yet, the requestor e-mail field is left blank and I have to manually fill it in.  (We do plan on changing this).
    Hope this helps,
    Peggy

  • GRC 10.0 Access Request Creation- Data Source of User Details

    Hi Experts,
    I was doing GRC 10.0 Configuration and found a query which I am not able to resolve.
    While creation of any kind of Access Request in GRC through NWBC> Acces Management Tab>Access Request>Access Request Creation.
    In the user details section, I can see the HR records( like Pernr, position, manager) have been visible to some extent.
    My question is where from these details came in GRC. What configuration we should maintain to achieve these HR records?
    Hope to get a quick response as this is one of the requirement of the implementation which I am doing with my customer.
    Thanks,
    Atanu

    Alessandro,
    Thanks for your response. It helped me to know certain things.
    But when I am navigating to SPRO > GRC > Access Control > Maintain Data Sources Configuration > [User Detail Data Source], it is configured with a ECC system in target connector and User data type is maintained as "SU01".
    Now my question is where from in my case the GRC is pulling the HR records (PA20) like PERNR, POSITION,PERSONEL AREA etc? SU01 does not provide these information. My ECC box is integrated with HR module, so is it taking the data from HR directly?
    Thanks in advance!
    Atanu

  • Displayed data in User Details vs. Information entered in User Profile

    Hello All,
    I am running Portal 7.0 SPS13.
    In my Users Profile tab "Additional Information" I entered:
    Organizational Unit:  NIS
    Position: Consultant
    Department:  <is greyed-out / not editable>
    In my Users Details tab "Company" I only see:
    Job Title: Consultant
    My Questions are:
    1) Why do I only see the Information from "Position"
    2) The greyed out field "Department" is not filled (I guess at this point that it gets filled with the department information from the MS ADS (LDAP). But it's not.  Whoever the telephone information from the MS ADS is transferred to the regarding UME fields
    Thank you in advance for your help and hints.
    Kind regards,
    Philipp

    Hi Neeraj,
    i have already configured as below_
    User Details Data Source
              Target Connector =ECC system
               Sequence=1
               user Data Type=HR
    Regards,
    Arif

  • User Data Source - Access Enforcer

    Hi,
    I currently have my User Details Data Source and Search Data Source in AE pointed to the UME. In the UME I have my requestors and approvers set up. However when I go to raise a request to change a user account and want to search for an SAP user, the search only returns the requestors and approvers set up in the UME and does not show user data from SAP. How can set up AE so that it shows me user data from SAP and requestor/approver data from the UME?
    Thanks,
    Gary

    What you can do is... to point your UME to your SAP system,  where you can find all users.....
    And keep your configuration of AE the way you have it....
    Another way is, to change your configuration of User Details Data Source pointing to SAP.
    Youy User Details Data Source have to point to the system that have all the new users....
    For example, in my company before giving the SAP access we give LDAP access, so my User Details Data Source  are pointing to my LDAP system.... this way i can find easily the  user that need to request access..
    Hope this help.
    Regards,

  • ARQ: User details fields mappings problem in Access Request

    Dear All,
    My "User Search Data Sources" are: HR system and LDAP (in this order) and
    "User Details Data Sources" are: HR system, LDAP, GRC Production system and ERP Development system (in this order)
    I could search for the users in HR and LDAP systems correctly. However, the problems I am facing are:
    1. For some users, First Name, Last Name and Email id fields are not getting mapped. Though they are correctly shown in search screen of ARQ. This
        behavior is sporadic and not sure why this is not mapped for some of the users only. But for other users, they are getting mapped correclty!
    2. For some other users selected users from the search result, First Name, Last Name and Email id fields are correctly mapped. However, "Manager" field is empty and not mapped! Though they are correctly maintained in HR system.
    Any idea why this is behaving like this and how to solve this?
    Please advise.
    REgards,
    Faisal

    Hi,
    I could figure out something.
    I have below hierarchy in Active Directory:
    1. OU=Unit1,OU=ABC,DC=123,DC=COM
    2. OU=Unit2, OU=XYZ,DC123,DC=COM
    Unit1 and Unit2 are peers, fall under DC "123" and contain different sub-nodes and users. What is happening is that, if a user and his manager are from same OU (Unit1 for example), it is pulled appropriately.
    In case if a user is in Unit1 and manager is in Unit2, then in this case, manager first and last name is pulled and Manager id field is not filled.
    I could only maintain one of the above entries in LDAP tcode. I dont know how I can maintain peer-OUs in LDAP!
    When I maintained like this:
    OU=Unit1,OU=ABC,DC=123,DC=COM;OU=Unit2, OU=XYZ,DC123,DC=COM
    It give me error: "Entry does not exist".
    It is looking for only one node at at time but can not traverse in multiple peer nodes.
    CAn anyone suggest me on this?
    Regards,
    Faisal

  • "Sequence number already exists in table" maintining Data Sources

    Hi fellows, i am seting up a new connector in GRC 10.0, but when configuring the connector for the User detailed Data sources i get the same error; "Sequence number already exists in table".
    I have tried with over 200 numbers which I know for sure are available and still get the same error. Where can I find the table with this information?
    Can the information be removed to clean up table space?
    Thanks for your help!!!

    Hi Gabriela
    I recall getting this error a lot and it seemed to be a buffering/memory problem where it was remember the old value was getting remember. I had to exit out of the IMG navigation and reenter it again. It'd happen if I deleted one entry and then went to add another (even after saving). Not sure if you are getting this
    Other thing is to check the backed tables to see if any orphaned values on the primary key
    Regards
    Colleen

Maybe you are looking for

  • Can no longer connect to the internet with the 580...

    Hi, my PC was able to connect to the internet with my 5800 via a USB cable.  Now, I can no longer connect to the internet with the 5800 via a USB cable.  I had never tried connecting the computer to the internet with the 5800 via Bluetooth prior to t

  • Select among the columns

    I have a table A contains two date file - date1 and date2.. Is there a way to select the latest date on this table for each row? Thank you.

  • T400 LED Display

    I just recieved my T400, and am trying to confirm I have the LED backlit monitor.  Right after I ordered my laptop, I was confirming the features I ordered, and noticed the description didn't show the display was LED backlit.  I called up Lenovo, and

  • Taking an App from OAS into WLS

    Hi, I have a Java project mostly develop in Oracle Forms and implemented on a Oracle Application Server (OAS). I'd like to take that project from the OAS into a WLS 5.1. Is it posible? What constrainsts / limitations must I be aware? Is there any doc

  • Urgent iMovie Help

    Hello everyone, I am in need of some desperate help. Background info: - I have an HTC phone; not sure what model, but it has a 3d camera - I am doing a project and recorded it with my phone However, I accidently used the 3d camera and when I import i