User Management Strategy

Hi everyone,
I would like to discuss with you about User Management Strategy for multi-site MII implementations. What is the best architecture for the UME instances when you have MII users both on the corporate level and the shop floor level?
Consider we don't have a central MII server.
Regards,
Henry

User management can cause some difficulties, mixing disconnected operation support with distributed MII servers, but wanting to use LDAP from corporate.  We all have used the term 'when SAP is unavailable' but what about 'when LDAP in unavailable' - the application may be buffered but the user logins would cause the issue.
Aside from having some form of federated/replicated LDAP I think the only option would be some essential backup local users in UME.  I would imagine this would have been encountered with Enterprise Portal, or any other NW java apps in the past, but the potential for a distributed NW server (plant or region based) may be a bit different.  The configuration of a solution would be done inside UME, but the best practices in this regard are what you're probably after.
I hope that some customers with more clear strategies in this area can share their insight in this thread.

Similar Messages

  • How to find solution for avoiding WARNING J2EE SECUR-00100 ********** user-manager (see application/server descriptors) will no longer be supported in the next release of this product

    HI All,
    We are using Oc4j version 10g 10.1.3 , and while starting conatiner  getting below warning , let me know if anyone have solution for this,.
    14/01/10 01:01:29 ********** user-manager (see application/server descriptors) will no longer be supported in the next release of this product!
    Please take the appropriate actions to migrate to an alternative strategy! **********
    2014-01-10 01:01:29.833 WARNING J2EE SECUR-00100 ********** user-manager (see application/server descriptors) will no longer be supported in the next release
    of this product!

    I just checked my BIOS and my current setting is set at IDE although it also mentions that the default should be AHCI. Currently I have a dual boot of Windows 7 (need it for Tax software) and Arch
    So I guess, when I get the new HDD, I will first set it to AHCI and then install the OSes on it. See if NCQ helps any, and if not I will turn it back and re-install (if I have to). I am planning to have Windows only in virtualbox in the new drive.
    Anyhoo, while I was in the BIOS I found two things which I had questions about :
    1) Under Onboard Devices --> Integrated NIC , my setting is currently set at "On w/PXE" and it says the default should be just "On". Would it be ok to change it back to On since its a single machine and its not booting an OS on any server. I just don't want to have to re-install anything now since I will be doing that in the new HDD.
    2) How would I know whether my BIOS would support a 64 bit OS in Virtualbox? I checked some setting under Virtualization, but they weren't very clear.
    I will edit this post and let you know exactly what settings were present under the Virtualization sub-section.

  • OIM 9.1.0 with Database User Management: Connector Exception upon Connect

    Hi,
    I've been struggling with the Database User Management connector (9.0.4) with Sybase, following the steps word-for-word as per the documentation (Oracle® Identity Manager Connector Guide for Database User Manage Release 9.0.4; E10425-0; July 2009).
    When defining the IT Resource through the Install Connector wizard, I get the following when it does a connection test:
    14:51:52,795 ERROR [WEBAPP] Class/Method: CreateITResourceAction/testConnectivityForDataBase/ClassNotFoundException encounter some problems: No ClassLoaders found for: com.sybase.jdbc2.jdbc.SybDriver
    java.lang.ClassNotFoundException: No ClassLoaders found for: com.sybase.jdbc2.jdbc.SybDriver
    even though I've ensured jconn2.jar is in the ThirdParty directory, reflushed the cache, and restarted OIM; the connector still can't seem to load the driver.
    I've tried the database testing script with similar results.
    Any thoughts?
    Cheers
    Simon
    PS: I believe v5.5 of JConnect (as required by the OIM Connector) has been EOL'd and Sybase. They recommend you use v6.0 (v6 is jconn3.jar)), which from what I can see should work as com.sybase.jdbc3.jdbc.SybDriver; I tried that as well but had the same ClassNotFoundException.

    I've fixed it; needed to copy jconn2.jar into the $JBOSS_HOME/lib directory and restart the server.

  • Can not launch user manager

    Hello,
    I just installed Lookout 6.0 , the OS is Windows 2000, and not install
    any NI's DSC module. When choose the menu Options>>user manager
    and trying to launch it , there always popup an error message : could
    not start the user manager. Please advise what is wrong and how to
    repair it. Thanks.
    David

    This may help you... 
    http://digital.ni.com/public.nsf/allkb/6ABE5C9554F285D386256E9B0066156E
    -Khalid

  • SAPJSF user cannot log-on to the User Management Engine.

    We have a newly installed PI 7.0 system.
    SLDCHECK is succussful but if we go to the http://hostname:50100/sld - we are redirected to http://hostname:50100/logon/logonServlet?redirectURL=%2Fwebdynpro%2Fdispatcher%2Fsap.com%2Ftc%7Esld%7Ewd%7Emain%2FMain
    When we check the default.trc file, we see the error: User "SAPJSF" is the communication user for the connection between User Management Engine and the ABAP backend system SIDCLNTxyz. This user cannot log-on to the User Management Engine.
    The SAPJSF user is not locked in SU01.  This user is used by the JCO providers to connect to the gateway service.
    We opened Visual Administrator and navigated to Server0 -> Services -> UM Provider
    We changed the password  property at ume.r3.connection.master.passwd
    We then restarted the ABAP and J2EE engine.  But we still see this error.
    Any help to solve this issue is appreciate.
    Jay Malla

    Hi,
    Please, refer the link below. It says you cannot logon with SAPJSF user to J2EE engine for security reasons.
    http://help.sap.com/saphelp_nw2004s/helpdata/en/4e/225b42eeb66255e10000000a155106/frameset.htm
    Thanks
    R.Murali

  • User Management - How to submit Additional Access Request on behalf of employee

    User Management - how can we configure "Access Requests" so that Managers can submit Additional Access Requests, or Initial Access Requests on behalf of employee?
    Have looked at "Manage Proxies" but this seems to allow access to everything - not ideal
    Please assist with knowledge and/or experience
    Many Thanks
    Me

    Additional Access Request Registration Process is complete
    Giving access to User Management to users is not an option.
    What I would like is the scenario below - is this achievable?
    When employee goes to iProcurement > Preferences > Access Requests > Request Access | they can submit an access request on behalf of themselves.
    Would like an option where a manager, navigates to same UI as above, has option to choose a subordinate, and request additional access on their behalf
    The table UMX_REG_REQUESTS has columns REQUESTED_FOR_USER_ID & REQUESTED_BY_USER_ID - so it seems they don't have to be same person (manager can submit request on behalf of an employee)
    Can this be achieved through UI for "Access Requests"?

  • Hiding fields in standard user management view

    Hi all,
    How to hide fields in user management views.
    Like in the create user view, suppose I want to hide the <b>additional information fieldgroup</b>. how can I do it?
    I have the par file and tried to comment the code which is related to the additional information field group. But when we try creating an iview from the new par(modified par-i changed changed the name ) I do not c the portal component called <b>create user</b>. I am a bit confused.
    Can anyone help me out regarding this.
    thanks,
    Paul

    Hi Paul
    Have a look at
    http://help.sap.com/saphelp_webas630/helpdata/en/d1/956f8b86b2a949913ed22d253e0012/content.htm
    and http://help.sap.com/saphelp_webas630/helpdata/en/91/646d498fd94142a37e90a3b848e45e/content.htm
    By setting the default values you can either have them displayed or hidden.
    Hope this helps,
    Regards
    Uma.

  • BPC Mass User Management Tool in BPC 10.0 NW-Version Component Error

    Hi,
    We have a problem when importing request K900024.RBP and R900024.RBP.
    We changed the UJ_STRING in "DATA: lv_value TYPE uj_value" in the source code as recommended at BPC Mass User Management Tool in BPC 10.0 NW
    Unfortunately, when we try to import CSV files we receive a error message "BPC Version Component must be 800". Our is 801.
    Where can I find this files or its upgrades? Is there a SAP link?
    Can anybody help us?
    Best Regards,
    Ana Teresa

    Hi Ana,
    See note https://css.wdf.sap.corp/sap/support/notes/1861347.  You should solve this issue.
    Best Regards,
    Charlie

  • Problem connection in OIM 9.1 with SAP user managment

    Hi!
    When I want to provision a sap user management resource to an user, it appeared this problem.
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] Create User Request
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] userId :PRUEBA4803, userGroup:AUDITOR_ARG,lastName:prueba4803,firstName:prueba4803,userTitle:0003,langComm:S,department:,langLogIn:,timeZone:,telephone:,extension:,Fax:,email:,dateFormat:1,decimalNotation:Y,function:,roomNo:,floor:,building:,code:,commType:,alias:,startMenu:000,userType:A,sapUserId:,empId:PRUEBA4803,fromHRMS:
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Request
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] Inside XLSAPUTILITIES
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Requesting****
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] START SAP Connection creation.
    It is strange because it was working all right since 3 months ago and in these 2 last weeks, it is frequently this problem. Sometimes it works sometimes it does not.
    Of course, I tried the connection between OIM and SAP, with the SAP login, and the connection is all OK.
    My oim vertion is 9.1 and the SAP User Management connector is 9.0.4.1.
    Did anybody have this problem before?
    Bye!

    Oh I forget, when I restart the application server, in my case the jboss, the problem is fixed. Strange...

  • OIM 11g: Error Installing Sybase DBUM User Management 9.1.0.4 connector

    Hi All,
    While installing Sybase DBUM User Management 9.1.0.4 connector from OIM console, I get the following:
    While on Step 2 of the wizard (Connector Installation):
    - Configuration of connector libraries: passes
    - Import of connector XML Files (using deployment manager): FAILS
    The following error message appears:
    DOBJ.XML_IMPORT_ERROR
    Unresolved dependency{WIN=Reconciliation Manager}
    Operating System: Linux
    Thanks in advance for any ideas!

    which release of OIM are you using.
    Did you try to retry the installation of connector?
    If not then refrsh your OIM database and then install again.
    Seems like some earlier installation has kept some data in OIM DB.

  • MS SQL DB User Management Connector Unable to Select Multiple Server

    Hi,
    We are trying to connect to multiple server using MS SQL DB user management connector but receive the error below when selecting server.
    <Sep 3, 2012 4:28:59 PM MYT> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcLookupOperationsBean/getLookupValuesForColumnFilteredData encounter some problems: Lookup.PDBUM.MSSQL.DBNamesis not a valid form field>
    Running InitUtil
    Running ExecuteStoredProcForAuthTypeUser
    Running SetProcessFormData
    <Sep 3, 2012 4:30:13 PM MYT> <Error> <XELLERATE.ADAPTERS> <BEA-000000> <Class/Method: tcAdpEvent/verifyServer encounter some problems: IT Resource Type mismatch found for Adapter variable MSSQL_ITRVerify that IT Resource selected on Process Form matches IT Resource type selected for variable>
    Running InitUtil
    Running ExecuteStoredProcForAuthTypeUser
    Running SetProcessFormData
    Running COMBINENAMEWITHSUFFIXPA
    Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
    Running COMBINENAMEWITHSUFFIXPA
    Target Class = com.thortech.xl.util.adapters.tcUtilStringOperations
    Running InitUtil
    Running ExecuteStoredProcForAuthTypeUser
    Running SetProcessFormData
    <Sep 3, 2012 4:33:13 PM MYT> <Error> <XELLERATE.ADAPTERS> <BEA-000000> <Class/Method: tcAdpEvent/verifyServer encounter some problems: Could not determine IT Resource Key for variable MSSQL_ITR>
    delete mds name:/db/MSSQL DB User Privilege Login Requestrecon.profile
    Unable to delete profile with mds name:/db/MSSQL DB User Privilege Login Requestrecon.profile
    <Sep 3, 2012 4:33:43 PM MYT> <Warning> <Socket> <BEA-000450> <Socket 8 internal data record unavailable (probable closure due idle timeout), event received 17>
    <Sep 3, 2012 4:33:48 PM MYT> <Warning> <Socket> <BEA-000450> <Socket 4 internal data record unavailable (probable closure due idle timeout), event received 17>
    MS SQL DB connector version is 9.1.0.4
    Any ideas on this error above?
    Thank you.
    Edited by: 950985 on Aug 17, 2012 12:21 AM

    verify lookup : Lookup.DBUM.MSSQL.Configuration and provide the required information (eg: provide query property file)
    --nayan                                                                                                                                                                                                                                                                   

  • Error Installing OIM - Ebiz User Management connector

    Hi all,
    I am trying to install ebusiness suite user management connector 9.1.0.1.0.
    But, while installation, I am getting an exception
    Invalid Connector Installation Directory
    Ensure that the connector installation files are in the specified directory.
    From the server log, I have seen this error.
    ERROR,01 Jun 2010 11:29:19,153,[XELLERATE.WEBAPP],Class/Method: ConnectorInstallProcessAction/CopyJarFilesForInstallation encounter some problems: IO exception while copying jar files
    java.io.IOException: FileCopy: destination file is unwriteable: /g03/oim/xellerate/JavaTasks
    at com.thortech.xl.webclient.actions.ConnectorInstallProcessAction.copy(Unknown Source)
    at com.thortech.xl.webclient.actions.ConnectorInstallProcessAction.copyJarFilesForInstallation(Unknown Source)
    at com.thortech.xl.webclient.actions.ConnectorInstallProcessAction.completeInstallation(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
    at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
    at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
    at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
    at com.thortech.xl.webclient.actions.ConnectorInstallProcessAction.execute(Unknown Source)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
    at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
    at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(Unknown Source)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    But, before this, I have done the ebusiness suite employee reconciliation 9.1.0.1.0 in the same way.
    Please let me know, if any one has faced this kind of error earlier.
    Regards
    Vicky

    Figured out the error,
    When I have installed Ebiz HRMS Employee recon connector, it has imported all the files with root privileges. (Dont know why importing was done with root privileges).
    Becuase of EBSCommon.jar and Common.jar having root as the owner, EBIZ UM connector is unable to replace those files. After modifying the owner and group of these two files to oracle.
    I am able to succesfully install the UM connector.
    Regards
    Vicky

  • OIM - SAP Employee Recon and SAP User Management Connectors vs. OC4J

    In reading through the SAP connector documentation I've found that we cannot use OC4J to run OIM if the 9.0.3 SAP User Management Connector or SAP Employee Recon Connector is used. This is all related to a conflict in JDK versions supported between the SAP JCo (Java Connector) library and OC4J. A thought we've had is to use a Remote Manager for these connectors. Can anyone validate this approach? Is it possible to use a different JDK version with your remote manager? Is there another workaround that anyone is aware of?
    Thanks

    Hi,
    The remote manager should work with different JDKs. We are going to be doing the same thing for one of our adapters.
    As for SAP, I cannot think of another workaround -- we actually abandoned the SAP JCo approach and are doing web services with XI.
    Thanks,
    Deborah
    http://www.linkedin.com/in/dvolk

  • Sap UM connector 9.1.2 trouble with "SAP User Management User Recon" task

    Hello All,
    i have a problem with Sap UM Connector version 9.1.2.
    OIM version 11.1.1.5
    Windows 2008 R2
    Problem is:
    Then accounts in Sap are created through direct provisioning feature of connector everything works ok (subsequent update or delete an account).
    But if a user account is created in Sap using Sap GUI, scheduled task "SAP User Management User Recon" of connector doesn't create reconciliation event to link user.
    Sometimes it does though, but for one user account created using Sap GUI in OIM created two reconciliation events, so corrsponding user in oim have two records for resource SAP.
    In this reconciliation events, one have full set of attributes (Login, First Name, Last Name, E Mail, etc), another one - just these 3 attributes: IT Resource, User ID, Lock.
    "SAP User Management Delete Recon" scheduled task works ok then user account has been deleted using Sap Gui.
    How one can troubleshoot such behavior?
    Can anyone advise please?

    resolved the issue by updating sap um connector to version 9.1.2.5

  • OIM - EBusiness User Management Connector

    Hello there,
    Can anybody please tell me within the Ebusiness connector i.e. provided in 9.1 version connector pack, which one needs to be installed? there are 3 different categories within the same -
    1.) For the User Management connector:
    Oracle EBS User Management 9.1.0.0
    2.) For the User Management with HR Foundation connector:
    Oracle EBS HR Foundation User Management 9.1.0.0
    3.) For the User Management with TCA Foundation connector:
    Oracle EBS TCA Foundation User Management 9.1.0.
    I don't know which one resembles to which operations that OIM can perform. Can anybody please throw some light and explain which connector does what?
    thanks,
    - oidm.

    An FND_USER record represents an Oracle E-Business Suite account. This record is the main component of the account data whose management is enabled by the connector. *(Oracle EBS User Management 9.1.0.0)*
    Depending on your configuration of the target system, there may be other user data components that must be managed by the connector:
    Some applications in Oracle E-Business Suite require a user to have a person record in Oracle E-Business HRMS. *(Oracle EBS HR Foundation User Management 9.1.0.0)*
    These users are either full-time employees of the organization or users (such as contract or part-time employees) who have been provided with access that is similar to the access provided to full-time employees. iExpense is an example of an application that requires users to have person (HRMS) records.
    Some applications in the Oracle E-Business Suite require a user to have a record in Oracle E-Business TCA. *(Oracle EBS TCA Foundation User Management 9.1.0.)*
    Typically, these users are representatives or employees of customers and vendors of your organization. iStore and iProcurement are examples of applications that require users to have TCA records.
    For more info
    http://download.oracle.com/docs/cd/E11223_01/doc.910/e11203/intro.htm#CHDJCHDC
    Thanks
    Suren

Maybe you are looking for

  • How do i fix an ipod touch 2gen continually rebooting.

    Hi i have an repair business that i am running for many items like cracked screens. I got this ipod from a friend to fix two things, one a cracked screen,second to replace battery. The problem he told me that it continueslly reboots when in a chargin

  • How to set the icon for the entire application with JFrame.setIconImage

    I set the icon on the main frame using JFrame.setIconImage(). The icon is shown properly in the main frame. If more JFrames are opened from the main frame, the newly opened JFrames also show the icon. However if JDialogs are opended, in some cases th

  • Doku for pdf printing ends in a dead link

    Hi everyone, I want to setup pdf printing in APEX. The most important installation doku is http://www.oracle.com/technology/products/database/application_express/html/configure_printing.html Since there is APEX 4.0 it results in 404 page not found. B

  • Download hung in waiting status

    I have multiple applications I'm trying to download  but they are all hung with "waiting" status. I can't delete them because they don't have the little "x" in the corner when I try to delete them. Any suggestions?

  • Install for Mac OS 10.2.8

    Please help, I know absolutly nothing about macs. I have a friend who needs to upgrade her version of adobe reader for her mac. She has version 5 and needds to install version 8. could some provide step by step instruction for installing adobe reader