User Management (for dummies?)

Similar Messages

• User Management for e-Commerce ERP

  Hello Experts,
  I am working on e-Commerce ECC6.0 version.
  Had some questions in the area of user management:
  A)
  The scenario is that the e-commerce application needs to be integrated to Poral, now my doubt is which userType option is the best to be chosen for such cases.
  Is it mandatory to use user type "ERP e-Commerce logon via UME"?
  I have not worked with UME before and hence if you can also share some links / pointers in that area?
  what other SSO logon options are available?
  B) In case there is no portal and e-Commerce is working as standalone application:
  There is already a ECC6.0 system in place where until now customers have been maintained. The client has been using a custom Online Store application on which login was via the customer id. Now they want to use e-Commerce for ERP, but still want the logon to be via the customer id only. In such case the only option that I can think of is via "R3_SU05Customer_LoginCustomerNo" userType. But since su05 type is not recommended now, I was wondering if there could be some other option as well? Can you guide..
  Thanks

  A
  Is it mandatory to use user type "ERP e-Commerce logon via UME"?
  UME makes the user management simple and central to the Security / System group.
  have not worked with UME before and hence if you can also share some links / pointers in that area?
  UME is not something any developer / functional analyst will do. We should leave that to the security group. If you insist, here is a starter [Help on UME.|http://help.sap.com/saphelp_nw04/helpdata/en/e5/618a3eacd49076e10000000a114084/frameset.htm]
  B
  See section 2.6 of this [E-Commerce with ERP Business Configuration Guide|https://websmp205.sap-ag.de/~sapdownload/011000358700002100812006E/Config_Guide_ECO_ERP_50.pdf]
  There are some steps on migrating from SU05 to SU01. You can always have the current customer number as the alias for the internet user.
  Easwar Ram
  http://www.parxlns.com

• Portal user management for SRM

  Hi ,
  We will be using global portal & SRM as a backend.
  Portal<---->SRM<----->ERP
  Which will be the best option for  data sources of the User Management Engine (UME)?
  Regards,
  Arpit.

  Repeated.

• Colour management for dummies please

  I have seen many discusions about ink limits and colour profiles but can anyone offer a  dummies' guide?!
  I use CS5 and in Bridge it is set to Europe Prepress 3. My understanding is that this should take care of things but when I make a PDF of my job and preflight it in Acrobat I get an ink limit warning. The profile of the placed Photoshop file (which is CMYK) is FOGRA39, as is the InDesign file (obviously, as this is defined by Prepress 3). So if I make a PDF X-1a shouldn't all that control the ink limit?
  I have found that if I switch the Photoshop file to RGB then it works fine - I can see in InDesign separations preview that ink is OK, and the PDF preflights OK in Acrobat. So that tells me that the ink control happens when a conversion is required. The general wisdom seems to be that for CMYK print, files linked to InDesign should be CMYK not RGB (though to me, RGB seems to work fine as it gets converted at PDF stage), so how do I limit the ink if the file is CMYK? Should my Photoshop file not be colour managed perhaps? I read in a forum that Photoshop restricts the ink limit according to the colour profile being used, but that doesn't seem to be happening for me.*
  I called Adobe and their best shot was that I should switch CS5 to North America Prepress, and use the 'High Quality Print' PDF preset. Well maybe I'm taking it too literally, but I'm In England and have a job which is about to be printed in Hungary! And also, this yields a US Web Coated (SWOP) v2 profile which doesn't seem right as I will be printing sheetfed.
  I would appreciate it if someone could straighten me out.
  * I tested this by switching the Photoshop file to Web Coated FOGRA28 and the colour values did change to allow for a lower ink limit, so maybe there's something in that. So why doesn't FOGRA39 do it? With the colour set to FOGRA39 Photoshop happily accepts a nice black blob coloured as 100% each of C,M,Y and K.
  Sorry if this is a bit long but it seems like a useful discussion for Colour management newbies.

  I read in a forum that Photoshop restricts the ink limit according to the colour profile being used, but that doesn't seem to be happening for me.*
  Total Ink limit is a parameter of a CMYK profile—so the limit won't be exceeded when you make a color conversion from any other color space into that profile's color space, i.e AdobeRGB>FOGRA39, or US Sheetfed Coated>FOGRA39. However, once the file is converted to CMYK there's nothing stopping me from exceeding the limit via a color correction. For example, I could convert a PS file filled with 0|0|0 RGB to FOGRA39 CMYK and the ink limit would not exceed the 330% defined in the FOGRA39 profile, but as you noted I could also fill the resulting CMYK file with 100|100|100|100 and exceed the 330%  limit.
  Also, there's nothing stopping me from assigning the FOGRA39 profile to any CMYK file. In that case there's no color conversion—I could make a new SWOP Coated CMYK file, fill it with 100|100|100|100, assign FOGRA39, and the fill would still have 400% total ink.
  Total ink is only limited via a color conversion
  The general wisdom seems to be that for CMYK print, files linked to InDesign should be CMYK not RGB (though to me, RGB seems to work fine as it gets converted at PDF stage)
  The general wisdom is actually old conventional wisdom, there's nothing wrong with making the conversion from RGB to CMYK when you export—the resulting CMYK values will be no different than the ones you would get out of PS assuming the source and destination profiles, and rendering intents are the same. The no RGB rule is a hangover from when you couldn't make color managed color conversions inside a page layout program.

• Need T420 ThinkVantage Password Manager for Dummies

  OK.  I"m an idiot.  How is the password manager supposed to work?  The "help" section says this about making a new entry: When you type in a user name and password for the first time in a particular Web site or Web page that requires this information, Password Manager automatically displays the following prompt: "Would you like to save this Web Site with Password Manager?"
  I have created several new user names and passwords at sites since using this new computer, and I have yet to see the Password Manager ask any questions.  What am I missing?

  you have to have at leased a windows password set before you can use it for web logins
  also in the settings make sure the check box is checked
  your will look different
  Thinkpad R61 7733-1GU
  Thinkpad X61T 7762-54U
  Thinkpad X60T 6363-4GU
  Did a member help you today? Thank them with a Kudo!
  If a post answers your question, please mark it as an "Accepted Solution"!
  Regards,
  GMAC

• Forgot Password setup in User Management for Oracle 11.5.10.2

  Can someone tell me how to setup the Forgot Password feature in Oracle 11i. Currently users call on the phone to reset their passwords for them. Please advise.
  Thanks
  svnelson

  Please refer to the following notes:
  Note: 399766.1 - Reset Password Functionality FAQ
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=399766.1
  Note: 390894.1 - 'Forgot Your Password' Feature Does Not Reset Password Automatically
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=390894.1

• User management for the Identity Management User Interface

  Hi everyone!
  We have set up synchronization users from Identity Store in UME UI([Guides|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/304280b4-25d0-2b10-b6a4-89c27409dea7?quicklink=index&overridelayout=true]).
    When we assign the privilege priv: ume should be performed three tasks:
  1. creating UME user
  2. modify UME user
  3. Add Password
  But we see the fulfillment of only 1 and 2 tasks.
  Why not fulfilled the task number 3?

  Ivan,
  In the workflow called "#Create UME user" from attached MCC files of the Guide,
  Job "Add Password" will be executed only if the selected user does NOT have attribute MX_ENCRYPTED_PASSWORD set.
  So, if the user on who you tried to provision UME privilege has already an MX_ENCRYPTED_PASSWORD defined correctly (DES3 encoded string), the job "Add Password" will not be executed.
  To check this, get the MSKEY of the provision user and execute the following SQL query of the conditional task :
  If you get a line in return, result is TRUE, else it's FALSE
  SELECT COUNT(DISTINCT mskey) FROM MXIV_SENTRIES WHERE is_id=%$glb.SAP_MASTER_IDS_ID% AND
  ((mskey IN (SELECT mskey FROM MXIV_SENTRIES WHERE attrname='MX_ENCRYPTED_PASSWORD' AND searchvalue LIKE '%' AND mskey= <Enter the MSKEY of the provision USER>)))
  Benjamin

• "Starting user manager for UID 120" loop during startup

  Hi guys,
  Recently after not turning on my computer for a week and a half, I got this issue when I start up. Basically after I load into Arch Linux, that message loops for like 12 times before the computer gets stuck at a random part of the boot process. I think it is a hardware issue but I am unsure. Here's a pic of it below:
  http://i.imgur.com/Qd1DgXP.jpg

  Mike:
  Welcome to Apple Discussions.
  If you have a new installation and you do not have any data to preserve, the easiest thing is to go back, reformat and erase HDD, then reinstall software. If you have data on it that is not backed up the do an Archive and Install.
  Please do post back with further questions or comments.
  Cheers
  cornelius

• User Management in JSP

  hi all,
  i want to make a user managment for already built web Site, i want to make a isolate type of User management system so i can easily embed it in different web site.
  can any one suggest me any good tutorial , article or any sample code?
  thx

  http://sourceforge.net/projects/bofhms
  http://sourceforge.net/projects/cw-ums
  http://sourceforge.net/projects/jgum
  http://sourceforge.net/projects/minpo
  http://sourceforge.net/projects/corendaldiry
  http://freshmeat.net/projects/opa/

• Lookout 6.02 User Manager Non-Functional

  When User Manager is launched from Lookout menu (6.02 Full Development Version),  a "User Manager for Domains" window opens and an error dialog with the same title says "Could not find domain controller for this domain."

  Hmm..  do you perchance have LabVIEW / DSC 8.0 installed on the same machine?  I know LabVIEW / DSC 8.0 has added "domain" funtionality to the security stuff.  It could also be the latest Logos. 
  -Khalid

• OIM as user management

  Hi All,
  I am using OIM as user management for managing target systems AD and Oracle database.
  I have some common fields like email and telephone number for both the accounts of AD and database.
  When I get a request for creating account in AD (with set of attributes which include email and telephone number) in the form of feed, first I need to find out if already user is present in OIM with the given email and telephone number that present in given feed, if exist I just need to go and create account in AD if not I need to first create a user then provision that user to AD.
  Can any one explain how to achieve this in OIM and I need all this to be performing automatically, I will get account creation request in the form of feed.
  Regards,
  Poorna

  You have written
  When I get a request for creating account in AD (with set of attributes which include email and telephone number) in the form of feed, first I need to find out if already user is present in OIM with the given email and telephone number that present in given feed, if exist I just need to go and create account in AD if not I need to first create a user then provision that user to AD.+
  I have confusion in your requirement.
  From where you are getting request for AD. And if it doesn't present in OIM then you'll have to first create that user in OIM then provision to AD.
  Just create an entity adapter and attach with User Form which will validate that any user with given email and number ia already present in USR table or not. If no then it will create the user in OIM otherwise it will throw error.
  And you can create one group and move that user into that group using some rule realated to your requirement and put access policy on that group.
  otherwise you can put accee policy on All User group too if it doesn't affect your other functionality..
  Re: Auto provision based on rule

• Using Jackrabbit User Manager programmatically for changing passwords and getting user data.

  I am trying to do a change password request using the Jackrabbit User Manager with the REST URL /system/userManager/user/<username>.changePassword.json.  The problem I am having is that this request requires an oldPwd form param in the request.  The issue is that when I am trying to do this request it is in response to the user selecting "Forgot Password" so our logic has created a random password which we then email to the user so they can use that the next time they want to login.  We need to change that user's password in CRX so they can log in using it next time.  Since they haven't logged in there is no session, NOT the problem.  THE PROBLEMS, I don't know 1. how to use the userManager to get that user's old password, since /system/userManager/user/<username>.json doesn't appear to return the password and 2. if I could get the old password it most certainly will be encoded, some how, so I will need some decoding algorithm to pass it through in order to get the actual password to set as the oldPwd form param to my change password request.  Please let me know if you require any further explanation.  Any assistance would be greatly appreciated.  Thank you, in advance, for your assistance.
  Sincerely,
  Mike Sucena
  [email protected]

  Hi Mike,
  msucena wrote:
  Justin:
  Does your response mean that until version 2.1.2 of Jackrabbit User Manager is released I cannot change the password without knowing the old password?
  No. It means that this feature is not available in version 2.1.0 of the Sling Jackrabbit User Manager bundle. It was added after that release. You have a number of options:
  Build the bundle from source.
  Use one of the SNAPSHOT bundles available from the Apache Snapshots repository.
  Use the release which is being voted upon now (https://repository.apache.org/content/repositories/orgapachesling-175/org/apache/sling/org .apache.sling.jcr.jackrabbit.usermanager/2.2.0/). (Note - we decided to use 2.2.0 as the version number rather than 2.1.2 as originally planned due to the scope of this release).
  Write a different servlet which performs the same actions.
  Meaning that being able to use either the credentials of the "Admin" user or using the credentials of a member of the "UserAdmin" group is not supported in the current released version 2.1.0?
  Correct. It was added after the 2.1.0 release.
    If I currently need the old password is there any Sling REST - Jackrabbit API call I can use in order to get the old password since using /system/userManager/user/<username>.json doesn't appear to return the password?
  -Mike
  The plain text password is not stored. And this should be considered a good thing.
  If you have questions about the development process we follow in Sling (or at Apache as a whole), by all means ask on the Sling users mailing list. It is reasonably well-established and we love to talk about it.

• Adding a domain user to the admin role within the local user management breaks all metro apps for all users!!

  Hi,
  I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
  After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
  Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
  I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines. 
  First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
  Here are my exact steps of what I did to reproduce our problem:
  Complete format of HDD in preperation for a clean install
  Clean install performed
  Set up the machine initially with a local account
  Test metro apps - all working fine
  Open control panel from the desktop, click on System, change the system to join the domain, click reboot
  Log into the system using my domain account
  Test metro apps - all working fine
  Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
  I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
  In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
  I click add and then add my domain account - also giving it administrator access
  Sign off or reboot to ensure the new security is applied
  Sign back in to the domain account
  Test metro - ALL BROKEN
  Sign out
  Sign in as local account
  Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
  So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
  Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
  could fathom was a full re install and not giving the domain user admin access to the local  machine.
  Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
  Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
  I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
  soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
  Thanks

  Hi Juke,
  Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
  I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
  your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
  in event viewer.
  Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
  information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
  Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
  Under "Applications And Services Logs" --> "Microsoft" -->  "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
  Windows.Launch contract failed with error: The app didn't start."
  If you require any further information just let me know and I will provide as much as I can.
  Thanks

• How to find solution for avoiding WARNING J2EE SECUR-00100 ********** user-manager (see application/server descriptors) will no longer be supported in the next release of this product

  HI All,
  We are using Oc4j version 10g 10.1.3 , and while starting conatiner  getting below warning , let me know if anyone have solution for this,.
  14/01/10 01:01:29 ********** user-manager (see application/server descriptors) will no longer be supported in the next release of this product!
  Please take the appropriate actions to migrate to an alternative strategy! **********
  2014-01-10 01:01:29.833 WARNING J2EE SECUR-00100 ********** user-manager (see application/server descriptors) will no longer be supported in the next release
  of this product!

  I just checked my BIOS and my current setting is set at IDE although it also mentions that the default should be AHCI. Currently I have a dual boot of Windows 7 (need it for Tax software) and Arch
  So I guess, when I get the new HDD, I will first set it to AHCI and then install the OSes on it. See if NCQ helps any, and if not I will turn it back and re-install (if I have to). I am planning to have Windows only in virtualbox in the new drive.
  Anyhoo, while I was in the BIOS I found two things which I had questions about :
  1) Under Onboard Devices --> Integrated NIC , my setting is currently set at "On w/PXE" and it says the default should be just "On". Would it be ok to change it back to On since its a single machine and its not booting an OS on any server. I just don't want to have to re-install anything now since I will be doing that in the new HDD.
  2) How would I know whether my BIOS would support a 64 bit OS in Virtualbox? I checked some setting under Virtualization, but they weren't very clear.
  I will edit this post and let you know exactly what settings were present under the Virtualization sub-section.

• ISE Time Management for Sponsor Portal User

  Hi all,
  I'm currently using ISE version 1.2 and when I create a custom time management for each user, the rule applied to each user is only applied for a maximum 10 days eventhough I configured it for ex.30 days.
  want to check with all of you if anyone have the same issue?
  Firstly I think it's because the purge time is default set for 15 days, but even when I already changed it. The expiration time will still not get over than 10 days.
  Cheers
  Ryan

  Default Guest Time Profiles
  Time profiles provide a way to give different levels of time access to different guest accounts. Sponsors must assign a time profile to a guest when creating an account, but they cannot make changes to the time profiles. However, you can customize them and specify which time profiles can be used by particular sponsor groups. Beginning with Cisco ISE 1.2 time profiles are referred to as the account duration in the Sponsor portal.
  Cisco ISE 1.2 includes these default time profiles, which replace the profiles available previously:
  •DefaultFirstLoginEight—the account is available for 8 hours starting when the guest user first successfully connects to the Guest portal. This replaces the DefaultFirstLogin time profile.
  •DefaultEightHours—the account is available for 8 hours starting when sponsors first create the account. This replaces the DefaultOneHour time profile.
  •DefaultStartEnd—sponsors can specify dates and times on which to start and stop network access.
  If you upgrade to Cisco ISE 1.2, the older time profiles are still available, but you can delete them if you are not using them. If the older time profiles are assigned to a sponsor group, a message alerts you before deleting. If you perform a new installation of Cisco ISE 1.2, only the new time profiles display.