Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://go.sap.com/community.html
Thank you,
The SAP Community team.

News from October, 2007

hi

Hello All

Crossing Over (2007-10-16 to 2007-10-22)

We take great pride in our contributors, especially contributors who have reached or surpassed the 250 point mark. This milestone represents a crossing over from casual SDNer or BPXer to esteemed community member. Congratulations to all!

  • 1/4 K - Michael Schroeder, Eli Gomez, Rohit Kamath, Ted Sohn, John Krakowski Jr, Christian Mueller, Filip Misovski, Jeff Duly, Markus Frick, Praveen Garapati, Adi Kavaler, Derek L Johnson, Ranga Bodla, Stefanie Garcia Laule, Gunther Schmalzhaf, Brian Wood, Alexander Schuchman, Thomas Ellenberg, Surya Pavan nadimpalli, Cornelius Maguire, Venu Kumar Nlalabothula, Teodor Joav Bally, Aaron Mahimainathan, Srinivas Rapthadu, Puneet Jhari, Zane Connally, Junjie Xu, suresh kallur, Holger Mack, Jon H Goldberg, yogesh gupta, Ram Bairavarsu, William Gardella, Atul Shrivastava, Sundaram ManiKumaar, Prasanth Vijayan, Vishwanath H.E, Rao Subba, Peter Walters, Axel Schuller, Daniel Housmans, Patrick Wells, Kartik Dave, Babu Sri, BW Chacha, Kevin Kuestermeyer, Hari Krishna, Brian Yarnell, Thomas Becker, Stuart Lewsey, saurabh diwakar, Lakshman Iyer, mohd zia, Chandra V, Uddhav Gupta, Madan Gopal Sharma, Sunanda Das, ramesh sankannavar, Serguei Zabrodski, Stefan Bresch, Amir Glatt, Vikas Lodha, Sathya Rajkumar, Tim Hild, Christina Miller, Marc Oliver Schaefer, Gilles Berthelot, Markus Eble, Markus Lauff, Franz-Josef Stortz, Glen Leslie, Belinda Lineman, Masoud Aghadavoodi Jolfaei, Lance Pawlikowski, Ionut Istrate
  • 1/2 K - Storm Archer III, Raphael Vogel, Chitrarth Kastwar, George Quaye, Suda Sampath, Goran Stoiljkovski, Manohar Sreekanth, Tim Steuer, Rolf Hammer, Michael Koegel, Wulf Vogler, Lakshmipathi Ganesan, Robert Peebles, Dirk Ammermann, minal nampalliwar, Thomas Hensel, Reema Shahbazkar, Susan Keohan, paruchuri nageswarrao, Sathish R, swapna gollakota, Divya Sarraju, U. P. L. Tummers, SUMIT BHUTANI, Srihari Hebbar, Kartik Iyengar
  • 1 K - Karen Comer, Peter Barker, Sivakumar Gopalakrishnan, William Adams, Daniel Yackel, Yonko Yonchev, Rekha Dadwal, Vasu G, Siddhartha Rao, Carol Gustav, Swapan Saha, Michael Acker, Kyle Lawrence, Austin Chinn, Tesha Harvey, Kiran K, Prasanna Krishnamurthy, jimmy michael
  • 2 K - Klaus David, Rudolf Held, Ed Herrmann, Sam Raju, Kristian Lehment, Abdul Razack, Jr Roberto, Serge Muts, nagaraj kumar nishtala, Marion Schlotte, Dirk Feeken, Swarna Ramya, Chris Whealy, Dipankar Saha, Arun Ramachandran
  • 5 K - Chetan Patel

PURPOSE

So here I am writing my first post on OSA.In my new project my PM told me to work on OSA.my first question is what is OSA? So I have started searching over SDN and found lots of useful information.Keeping this in mind that together this information can be useful to other I have decided to post it on SDN.

MBO ( Management By Objectives ) is what SAP application OSA ( Objective Setting and Appraisal ).Component is PA-PD-PM.It is not specificly an MSS/ESS scenario. It will also run in R/3, stand-alone in the intranet or included in your portal outside of MSS/ESS.

IMPORTANT LINKS

BLOG

https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/5596

https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3310

https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/4692

SAP HELP

http://help.sap.com/erp2005_ehp_02/helpdata/EN/53/6e6927a14411d19d450000e8215202/frameset.htm

TABLES NAME

DESCRIPTION


HRHAP

Appraisal Document

HRHAP_ACT_LOG

Appraisal Document: Action Log - Additional Data

HRHAP_ANON

Appraisal Document: Anonymous Appraiser Assignments

HRHAP_APPEE

Appraisal Document: Appraisee Assignment

HRHAP_APPER

Appraisal Document: Appraiser Assignment

HRHAP_BASIC

Appraisal Document: Basic Element Data

HRHAP_FINAL

Appraisal Document: Cell Values of Final Appraisal Column

HRHAP_FURTHER

App. Document: Cell Values of Additional Particpnts' Column

HRHAP_OBJECT

Appraisal Document: Cell Values of Objective Columns

HRHAP_OFFLINE

Appraisal Document Offline Lock Table

HRHAP_OTHERS

Appraisal Document: Additional Participant Assignment

HRHAP_P

Appraisal Document: Reference Appraisal

HRHAP_P_APPER

Appraisal Document: Part Appraiser Assignment

HRHAP_P_D

Appraisal Document: Reference Appraisal (Structure)

HRHAP_P_E

Appraisal Document: Reference Appraisal (Data)

HRHAP_P_T

Reference Appraisal Names

HRHAP_PART

Appraisal Document: Cell Values of Part Appraisal Columns

HRHAP_PROCESS

Appraisal Document: Processed Appraisal Functions

HRHAP_SEM_OBJ

Strategic Objectives from SEM System

HRHAP_T

Appraisal Document Name

TRANSACTION CODES

Transaction Code 

Short text

PHAP_ADMIN

Administrator - Appraisal Document

PHAP_ADMIN_PA

PA: Administrator - Appr. Document

PHAP_ANON

Appraisal Documents - Anonymous

PHAP_CATALOG

Appraisal Template Catalog

PHAP_CATALOG_PA

PA: Catalog for Appraisal Templates

PHAP_CHANGE

Change Appraisal Document

PHAP_CHANGE_PA

PA: Change Appraisal Document

PHAP_CREATE

Create Appraisal

PHAP_CREATE_PA

PA: Create Appraisal Document

PHAP_PREPARE

Prepare Appraisal Documents

PHAP_PREPARE_PA

PA: Prepare Appraisal Documents

PHAP_SEARCH

Evaluate Appraisal Document

PHAP_SEARCH_PA

PA: Evaluate Appraisal Document

PHAP_START_BSP

Generate Internet Addresses

IMPORTANT FUNCTION MODULES

HRHAP_DOCUMENT_GET_LIST : To get the appraisal ids.

HRHAP_DOCUMENT_GET_DETAIL: To get the appraisal details

Flex hands-on tutorial

If you missed the Flex hands-on sessions at Community Day in Vegas and Munich, it is now available on the wiki as a step-by-step tutorial.

Consuming ABAP Web Services using Flex

Crossing Over (2007-10-09 to 2007-10-16)

We take great pride in our contributors, especially contributors who have reached or surpassed the 250 point mark. This milestone represents a crossing over from casual SDNer or BPXer to esteemed community member. Congratulations to all!

  • 1/4 K - Chitrarth Kastwar, Nathan Genez, Paolo Romano, Goran Stoiljkovski, Lakshmipathi Ganesan, ilesh 24x7, Venkadesh Seetharaman, Murali Poli, Joerg Loosen, Dirk Ammermann, Sri Tayi, Shakir Shakir, Robert Max, Samson Rodrigues, Abhijith YS, Mohan Bethur, Haydn Haynes, pradeep kumar, Martin Guenther, Sriram Ponna, Panupong Jarupeanleart, Amit Singla, Rajiv Gopinath, eddhie kurnianto, Ina Verena Wehrmann, Anil. C, Sarvesh Singh, jayaprakash j, Matthias Steiner, Janardhan Karmala, khan voyalpad usman, Prabu Muthu, venkatakalyan karanam, Brian Sammond, Srini Tanikella, Satyendra Dhar, Arvind Neelakantan, Lokesh Nandula, Lijo Vazhappilly, Jabeen Banu, Akshay Jamgaonkar, Ratan Kumar Tantravahi, MURUGESAN THANGATHURAI, Murali Krishna, Vamshi Tallada, Frank Friedrich, Gordan Flego, anilkumar panguluri, Loren Heilig
  • 1/2 K - Raghavendra Karthik Kunchapudi, Scott Campbell, Rekha Dadwal, prem cherukuri, Alessio Perboni, Shalini Chauhan, pranesh siddhanti, Pankaj Nimje, Nilay Ghosh, Alexander Bruch, Velangini Showry Maria Kumar Bandanadham, narendran vajravelu, Winald Kasch, hari hk, sivakumar palaniswamy, S SS, Raimund Gross, Rama Jyothi P, Venkata Kannaiah Sastry Kavuri, Srikanth Nall, Sai Giridhar Kasturi, raghuramam brahmandam, Suraj Ramamurthy, Tim Witte
  • 1 K - Bill Faison, Jim Spath, senthil kumar, Santhosh Kumar V, Kamal Kumawat, Shivakumar Hosaganiger, Dolores Correa, Jawahar Govindaraj, Partho Mukherjee
  • 2 K - Praveen Kumar Gudapati, Edward Herrmann, wondewossen demissie, Bharat Kalagara, Girish Kumar Loganathan, Dieter Gröhn
  • 5 K - Abesh Bhattacharjee, rajan singh
  • 10 K - Mark Finnern, Bertram Ganz
2008 ASUG-SAPPHIRE Call for Speakers is Open!

The Call for Speakers for the 2008 ASUG/SAPPHIRE Annual Conference is now open.  If you have a success story to share, lessons learned from a recent project, or a lively debate from the Systems Management discussion forum that could expand into a panel or round table, please consider submitting an abstract. Speaking at the ASUG Annual Conference is a great way to showcase your organization, as well as earn a complimentary registration to the conference. Prior to the conference, training on presentation skills, on writing the document and on public speaking, will be offered, so don't let a lack of public speaking experience hold you back. The 2008 Conference will be held in Orlando, Florida, May 4-7, 2008. The Call for Speakers will close at the end of November -- so don't delay - draft a presentation abstract today!

Previous hot topic subjects

  • NetWeaver System Administration
  • Solution Manager and End-to-End process monitoring
  • Upgrades and Unicode migrations
  • System Landscape Scenarios
  • Your favorite subject or war story!!!!
    To submit an abstract for a presentation at the 2008 Annual Conference, please follow this link:

http://events.asug.com/CALLFORSPEAKERS/tabid/505/Default.aspx

Thanks - Kristen Dennis, ASUG Systems Management SIG Program Chair

Crossing Over (2007-10-06 to 2007-10-09)

We take great pride in our contributors, especially contributors who have reached or surpassed the 250 point mark. This milestone represents a crossing over from casual SDNer or BPXer to esteemed community member. Congratulations to all!

  • 1/4 K - suredarreddy pulimamidi, Lori Jaeger, nirdesh panwar, Anil Gopidi, Folkert Eilts, SURENDRA KUMAR PATRA, narendran vajravelu, Umesh Botwe, Bhamy Samanjay Shenoy, SUNIL KUMAR REDDY LCP
  • 1/2 K - Habeebuddin Mohammed, Pratheb Nadarajah, Hariprasad kakumanu, Ranjit kumar, Aasif Khan, Michael Wiedemann
  • 1 K - Nadarajah Pratheb, Balaji D
  • 2 K - vijay kumar
Crossing Over (2007-09-24 to 2007-10-06)

We take great pride in our contributors, especially contributors who have reached or surpassed the 250 point mark. This milestone represents a crossing over from casual SDNer or BPXer to esteemed community member. Congratulations to all!

  • 1/4 K - Siddhartha Rao, Manoj Mahajan, bwuser ram, Karthik Potharaju, biplab das, Ranjit kumar, Velangini Showry Maria Kumar Bandanadham, Hariprasad kakumanu, Habeebuddin Mohammed, Raghavendra Karthik Kunchapudi, Srikanth Nall, paruchuri nageswarrao, Sri Rajagopalan, KAUSTUV BASU, Sailaja Vadlamudi, Gattu Chaithanya, Aasif Khan, Juan Carlos Llanes, Shori ..., hari hk, Premkishan Chourasia, Srihari Hebbar, Anuj Goyal, Gokul Natarajan, minal nampalliwar, Lakshminarayanan Jagannathan, Jayasudha Premkumar, Sanil Bhandari, Mohan Ramalingam, Srinivas krishnamoorthy, Pankaj Nimje, Dhwani shah, Sreenivas Nettem, Aryani Earla, Charukesh Gaikwad, Nolwen Mahe, Barin Desai, partha sarathy, Harini Somaysula, Ravi Ganti, Dan Sullivan, Radha Nannapaneni, pritha agrawal, Arvind S Pawar, shyam gopal, Prasanthi Chavala, Nehal Fonseca, Hans Butenschon, swapna gollakota, Berndt Woerner, kiran kumar, Ayyapparaj KV, PrabhuRajesh Janardanan, Rajendrakumar Gaikwad, Prashant Dusane, Norbert Sieker, Priyanka Dixit, Esther Schmitz, Frank Ober, Prasad Padmanabhan, Clas Hortien, Wiboon Chaiyabutsakul, thyagarajan krishnamurthy, Gokul n, gokul n, Rekha Dadwal, Lidia Chernichenko, avadh gautam, Swapnil Mishra, prem cherukuri, Olivier CHRETIEN, Vivekananda Wali, yunus shaik, sam masker, Daniel Laure, Jean-Hubert Guillot, Ahmad Ali Shaik, Jessica Bello, Sushil Hadge, vijay krishna, Yannick Peterschmitt, Ajay Vaidya, Nitesh Nagpal, Siva Govender, Pradeep P N, Joke Devriese, Sreejith Ramachandran, Kumar V, Pierluigi Demaria, Suda Sampath, Naveenan p, Mugdha Kulkarni, Martin Stockwald, Abhishek S Tatachar, Vinodh Kumar Narayanan, Jiannan Che, Udayan Upreti, ravi kumar, S Muralidaran, Andre Monteiro, Michael Schwandt, Chris Chen, Mikkel Iversen, Denis Kleymenov, Sangeetha A, Mar Novalbos, J S, Cornelia Lezoch, n Khan, CHAN HARI, Amit Kumar, U-one U-one, John Mcg, Michael Teubner, Farooq Farooqui, Jakub Krzysztof Turminski, Jaime Mata, kishore ramana, Kyung Woo Nam, anju sinha, Venkatesh Kaliappan, Anjali Dhingra, Vara Prasad Kunathi, Ganesh S, biyaz a, roni bar david, Ravi Shankar B, Ramesh Kollepara, Ravikumar Bolla, Balaji R, ramya villupuram, Reema Elsy Easow, Mikhail Koshkin, José Luis Delgado, Javed Ihsan, Praveen Sirupa, Anisha Dadhia, Ciara Mathews, Shovon Banerjee, JagadishBabu nagarapu, Fidel Vales, Rebecca V, Keith Wood, Maria Gleridu, Som Sarkar
  • 1/2 K - Jr Roberto, Eric Cartman, Rajesha Vittal, Nelapatla Naresh, Stephan Schluchter, Sudipta Kr Chowdhury, Stefanie Gerbig, Murtuza Kharodawala, Meryl Lobo, Kanwalpreet singh, Jim Spath, Arne Manthey, venkata siva narayana, Patrick Rieken, Vasu G, vishal shelke, Regina Sheynblat, DHRUBACHARAN BEHERA, Martin Nooteboom, Kamal Hassan, VIJAY KUMAR VARANASI, Claudius Metze, jimmy michael, Satyabrata Basu, Bob Loyd, Twan Jans-Beken, Srikanth Kanuri, Vasanth Kumar S, DilliB R, arun prasad, Richard Hill, Philip Kisloff, sivaprakash pandian, Mayank Gupta, Ville Leivo, Shane Hart, rakesh elangovan, Byju Edamana, Nadim Razvi, Swapan Saha, Roy Cohen, Naveen Babu Devabathini, Florin Wach, manoj kumar, Jodi Fleischman, Faaiez Sallie, Peter Koch, kishore kumar karnati, Prashant Kolhatkar, Kevin Jacques, momo h, YM REDDY, Jürgen Noe, Sudheer Tammana, Gillian Leo, Boujema Bouhazama, Anil Bavaraju, Alagammai Arunachalam, Vuppala Venakata Ramana, prabhu jayaraman, sriram kiran, Nilesh Shete, Harish Narayan, Siegfried Boes, Biju K, Rolf-Martin Woersinger, Søgaard Martin, Frank Koehntopp, Sathishkumar GS, Tanuj Kumar Bolisetty, John Kurgan, David Sirvent, Henry Nordstrom, maddipatla Seshu chowdary, Markus Klein, Pavani G, Tripat Singh, Mukul R. Kulkarni
  • 1 K - rajan singh, Ashish Gundawar, DJ Adams, Darwin Lo, Pradhiba Santhosh, Bhaskar Chikine, Abhishek Agrahari, Andreas Seifried, Prem Mascarenhas, Rajesh P, Jonathan Coleman, David Lincourt, Martin Shinks, praveen mathew, Vinoth Murugaiyan, Gali Kling Schneider, Ashvender Kumar Singh, Ameya Pimpalgaonkar, VijayaSateeshKumar Kandula, Joerg Hoffmeister, Roland Mallmann, pavan pachimatla, Kris Donald, Arun Sundararaman, mukesh kumar, Nigel James, Jeremy Good, Wolfgang Janzen, Srinivas Anil kumar, Marc Wirth, Harikishore Sreenivasulu, Jamie Cawley, Sudheer Babu, Judy Kestecher, Dasari Narendra
  • 2 K - John Astill, SHESAGIRI G, Sridhar Vasudevan, Raymond Giuseppi, BV PILLAI, Clemens Li, Sergio Ferrari, Mangal raj, Roberto Mazzali, Sai Ram Reddy Neelapu, Srinivas Reddy, Juan Reyes, prashanth gaddam, Pascal Willemsen, Markus Kohler, Ravi Rana, RakeshSingh Chauhan, Sreeram Goradindla Reddy
  • 5 K - Marilyn Pratt, Atul Kant Saxena, Ginger Gatling, KJ @Kamaljeet, Maksim Rashchynski, Mohammad Arif Mansuri
  • 10 K - Prakash Darji, Seshu reddy Maramreddy, Ravi Thothadri
SU01 - MAINTAIN USERS

SU01-MAINTAIN USERS
 
As an administrator, you control who has access to applications by creating users and providing these users with a means of authenticating themselves to an application. To simplify user administration, users can be collected in groups according to criteria such as the users' function in a company or the department they work in. Roles define the users' authorizations. Roles can be assigned to either users or groups. 
Tools- Administration - User Maintenance - Users 
Or  
SU01

Administration

The  lists of administrative tasks, general and specific, for the management of users, groups, and roles.

Daily Tasks

1.      Managing Users, Groups, and Roles

2.    Assigning Principals to Roles or Groups

3.      Locking or Unlocking Users

4.      Password Management

1.      Managing Users, Groups, and Roles

This function enables you to create, modify, and delete users, groups, and roles with the user management engine (UME). This enables you to define these objects so you can then group them according to your access management strategy.

Prerequisites

To manage users, groups, or roles, you must be assigned a role that includes the relevant actions or combination of actions. For example, to assign roles to users, your role assignments must include UME actions that enable you to change both principals, roles and users, such as UME.Manage_Roles and UME.Manage_Users. The figure below summarizes the UME actions available by default

UME Actions According to Principal and Role

Along the top of the figure is a list of role archetypes. For example, if you are an overall administrator, under Administrators All is a list of actions appropriate to that role. The rows represent the different permission areas or principals for which the actions are relevant. For example, the top row of blocks lists actions relevant to working with users, from full access to read-access to only your own profile. The last two rows refer to specific functions, such as permission to access the import and export functions, or profile-specific actions. Some actions are subsets of other actions. For example, UME.Manage_My_Profile includes UME.Manage_My_Password. Standard UME roles include such actions. The UME role Administrator includes UME.Manage_All, which enables you to display and change everything. By default, administrator roles are only assigned to administrators.

   ACTIVITIES                                                                                 

   a) Search for a user, group, or role (simple search) :- In the search area, choose the type of object you are looking for: user, group, or role.Enter a string to search for.The search function searches for this string in the user ID (users only) and name.Use the asterisk (star) as a wildcard. If you do not enter any text, the search function returns a list of all users, groups, or roles, depending on the object you chose.Choose Go.A list of search results appears in the Search view.
b) View detailed information on a user, group, or role :- In the search results list, select the user, group, or role. The detailed information appears in the Details view.

c) Create new user, group, or role :- In the search area, choose the type of object you wish to create. Choose Create. Enter data as required in the Details view.
 
 
 

d) Copy an existing user :- In the search results list, select the user you want to copy. Choose Copy to New. Enter a logon ID and define a password. Choose Save.
2.     Assigning Principals to Roles or Groups
You can assign principals (users, roles, and groups) to roles and groups as follows:

?      Roles

-         ?       Users

-         ?       Groups

-         ?       Actions

?      Groups

-         ?       Users

-         ?       Groups

-         ?       Roles

Roles

Roles reflect a user's function. By assigning a role to a user, you provide the user with the authorizations or functions that he or she needs to fulfill specific tasks. You can also indirectly assign a role to a user by assigning the group to which the user belongs to the role.

You can display the following types of roles:

?      Portal roles

These roles define how content is grouped together and how it is displayed in the SAP NetWeaver Portal. By assigning a user or group to a portal role, you define which content that user or group sees in the portal. During assignment, the system checks the Role Assigner permission to see if you have the proper rights to assign the role.

?      User management engine (UME) roles

These roles define a set of authorizations. By assigning a user or group to a UME role, you grant the set of authorizations that the role defines to the assigned user or group.


Do not assign roles that are in the SAP namespace, for example, roles that begin with com.sap.portals. Instead, assign users to delta links of roles that are in the SAP namespace. This prevents your changes from being overwritten when you upgrade your portal.

By default, roles that contain the SAP namespace com.sap.portals are not displayed in the role assignment function.

Groups

Restrictions

Restrictions to group assignments (if any) depend on the data source where the principals reside. For more information, see the following:

?      Database Only as Data Source

?      LDAP Directory as Data Source

?      User Management of Application Server ABAP as Data Source

Prerequisites

To assign principals, you must be assigned a role that includes the relevant actions. For example, to assign users to a role, you must have the right to manage both users and roles.

3.      Locking or Unlocking Users

Locked users are deactivated and cannot access applications. There are two ways of locking users:

i)       Automatically

The system can lock a user automatically if the user tries to log on too many times with the wrong password. This is a password lock. Optionally the system can unlock the user automatically after a configurable amount of time elapses. These are configured with the following settings:

-             Maximum Number of Failed Logon Attempts

-               Auto Unlock Time

ii)        Explicitly

An administrator can lock a user. The administrator must subsequently unlock the account for the user to regain access to the system.

2.     Password Management

Users require a password to be able to log on with user ID and password. As administrator you need to define or generate an initial password for newly created users. If users forget their passwords, you can also define or generate a new password for them. You can provide a link on the logon screen where users can reset their passwords themselves. If you enable self-management, users can view their profile and change their own passwords.

You can also disable a user's password. A user with a disabled password cannot log on with a password, but can still log on under certain circumstances.

The security policy defines the password rules. For example, you can define how long until a password expires or how many digits a password must contain.

On Demand Tasks

1.   Creating a Technical User

2.   Maintaining the User's Certificate Information

3.   Import and Export of User Management Data

1.   Creating a Technical User

To create a user for system to system communication. In most cases applications create their own users for communication automatically, but some applications may require you to create such a user manually.

In the Details view, on the General Informationtab, enter the following data:

-               Log On ID

-               Password

-                Last Name
2.   Maintaining the User's Certificate Information

When using SSL and client certificates for user authentication, the user is identified using a client certificate. To allow the J2EE Engine to identify users, their client certificate must be available in their user account on the J2EE Engine. There are several options:

-         The administrator imports users certificates manually and adds them to the user's data. The following procedure describes the steps required.

-         Users map their own certificates to their user ID at logon. The administrator does not need to perform any steps.

2.     Import and Export of User Management Data

The following functions are available:

-         UME Object Data Import :- This function enables you to import users, groups, and roles.

-         UME Object Data Export :- This function enables you to export users, groups, and roles.

Required Actions

To import and export user data, you must be assigned a role with the action UME.Batch_Admin. To import and export user data for all companies, you must be assigned a role with the action UME.Manage_All_Companies.

TechEd Mobile Widgets

Hey,

I attended last TechEd in Las Vegas and found it an amazing experience. I was supporting TechEd attendees who had difficulties install and use Mobile Widgets. Using those widgets people can get the entire sessions schedule and even the updates. If the schedule gets updated your phone will vibrate!!!

Do you want to get it to your phone?? Go the following URL and comeback here if you run into problems  http://www.sapteched.com/emea/edu_sessions/widget.htm

Regina Sheynblat from Imagineering group will show these Widgets and can help you get running.

After you get the Widsets client and the TechEd widgets installed on your device you should see the following on your screen.

This is the first screen showing on the Widget engine screen. You should wait for some seconds until your phone vibrates then you can click on the widget to see the details. On Blackberries and some other devices use the keys 'P' and 'Q' for different menu options. Also the thumb-ball doesn't work on some blackberries, use the 'Enter' key instead.


 
First tab shows the sessions that have been updated and the second tab shows all the sessions organized by day. When selecting one of the tabs you get to the sessions of that day
 

 
For every day, the sessions are organized by the time of the day. When clicking on a session you get the details as shown below. For getting the abstract of a particular session just go and click on the provided link. Abstract data is hosted on the server side and downloaded on demand  
 

 
  Search functionality is also provided, you can search using session code or some keywords within the session title
 

 
For entering the keywords please click on the input field first. the phone will open for you a separate window for typing the keywords. I know this is not verryyyy user friendly but that's what Java is giving us today  (sad) 
 

 
Some other notes:
For some old devices the network is slow. It's not my fault, you should be patient.
If you run into offline-online-offline-online problem it's is preferable that you change your transport protocol from Sockets to Http 
 

SU01-MAITAIN USERS

As an administrator, you control who has access to applications by creating users and providing these users with a means of authenticating themselves to an application. To simplify user administration, users can be collected in groups according to criteria such as the users' function in a company or the department they work in. Roles define the users' authorizations. Roles can be assigned to either users or groups.
Toolsà AdministrationàUser Maintenance àUsers
Or
SU01!a1.JPG|align=center!
 

Administration

The  lists of administrative tasks, general and specific, for the management of users, groups, and roles.

Daily Tasks

1.      Managing Users, Groups, and Roles

2.    Assigning Principals to Roles or Groups

3.      Locking or Unlocking Users

4.      Password Management

1.      Managing Users, Groups, and Roles
This function enables you to create, modify, and delete users, groups, and roles with the user management engine (UME). This enables you to define these objects so you can then group them according to your access management strategy.

Prerequisites

To manage users, groups, or roles, you must be assigned a role that includes the relevant actions or combination of actions. For example, to assign roles to users, your role assignments must include UMEactions that enable you to change both principals, roles and users, such as UME.Manage_Roles and UME.Manage_Users. The figure below summarizes the UME actions available by default.

UMEActions According to Principal and Role

Along the top of the figure is a list of role archetypes. For example, if you are an overall administrator, under Administrators All is a list of actions appropriate to that role. The rows represent the different permission areas or principals for which the actions are relevant. For example, the top row of blocks lists actions relevant to working with users, from full access to read-access to only your own profile. The last two rows refer to specific functions, such as permission to access the import and export functions, or profile-specific actions. Some actions are subsets of other actions. For example, UME.Manage_My_Profile includes UME.Manage_My_Password. Standard UMEroles include such actions. The UME role Administrator includes UME.Manage_All, which enables you to display and change everything. By default, administrator roles are only assigned to administrators.

   ACTIVITIES
   a)Search for a user, group, or role (simple search) :- In the search area, choose the type of object you are looking for: user, group, or role.Enter a string to search for.The search function searches for this string in the user ID (users only) and name.Use the asterisk (star) as a wildcard. If you do not enter any text, the search function returns a list of all users, groups, or roles, depending on the object you chose.Choose Go.A list of search results appears in the Search view.
 

PFCG-ROLE MAINTENANCE

PFCG - ROLE MAINTENANCE

We can use the role maintenance to manage roles and authorization data. The tool for role maintenance, the Profile Generator automatically creates authorization data based on selected menu functions. These are then presented for fine-tuning.

We recommend that you use the role maintenance functions and the profile generator (transaction PFCG) to maintain your roles, authorizations, and profiles. Although you can continue to create profiles manually, you need detailed knowledge of all SAP authorization components.

The role maintenance functions support you in performing your task by automating various processes and allowing you more flexibility in your authorization plan. You can also use the central user administration functions to centrally maintain the roles delivered by SAP or your own, new roles, and to assign the roles to any number of users.

The roles (previously: activity groups), which are based on the organizational plan of your company, form the structure for the Profile Generator. These roles are the connection between the user and the corresponding authorizations. The actual authorizations and profiles are stored in the SAP system as objects.

With the roles, you assign to your users the user menu that is displayed after they log on to the SAP System. Roles also contain the authorizations with which users can access the transactions, reports, Web-based applications, and so on that are contained in the menu.
 
 

Features

In the role maintenance you can:

  •         Changing and Assigning Roles
  •         Creating Roles
  •         Creating Composite Roles
  •         Transporting and Distributing Roles

1)Changing and Assigning Role

1.    Choose the pushbutton Create role or the transaction PFCG in the initial transaction SAP Easy Access.
2.    Enter the name of the delivered standard role in the Role field .
3.    Copy the standard role by choosing Copy role and enter a name from the customer namespace.
Do not change the delivered standard roles (SAP_), but rather only the copies of these roles  (Z_). Otherwise, the standard roles that you have modified will be overwritten by newly delivered standard roles during a later upgrade or release change. 
     
4.    Choose Change (the new name is in the Role field).
5.     You can change the user menu on the Menutab page. You can reduce, extend or restructure it.
6.     On the Authorizations tab choose Change authorization data.
7.    Maintain the authorization field values as required. To adjust the authorizations for the menu changes, choose the Profile generation expert mode pushbutton on the Authorizations tab and thenRead old version and adjust to new data.
8.    Generate the profile for the role.
9.    Assign users on the User tab page and compare users if necessary.The users must already exist in the system before you can assign them.
2)   Creating Roles
1.    To start role maintenance, either choose Create Role in the SAP Easy Access transaction die or Tools ? Administration ? User Maintenance?Role Administration? Roles (transaction PFCG).
2.   Enter the name of the role. Roles delivered by SAP start with the prefix  "SAP_". For your own user roles, instead of using the SAP namespace, use the customer namespace. This means that the prefix is "Y_" or "Z_".  You cannot tell from the names of the delivered roles whether they are single or composite roles. You should therefore create a naming convention for your roles so that you can differentiate between single and composite roles.
3.   Choose Create.
4.    You can assign transactions, reports, and Web addresses to the role on the Menutab page
5.    To generate the profile for the role, choose Change Authorization Data on the Authorizations tab page.
An input window may appear, depending on which activities you selected You are prompted to enter the organizational levels. Organizational levels are authorization fields which occur in a lot of authorizations (an organizational level is, for example, a company code). If you enter a particular value in the dialog box, die authorization fields of the role are maintained automatically.The authorizations which are proposed automatically for the selected activities of the role are displayed in the following screen. Some authorization have default values.
Wherever traffic lights appear in the tree display, you must adjust the authorization values manually. You can maintain the authorization values by expanding the object classes and clicking on the white fields to the right of the authorization field name.
When you have maintained the values, the authorizations count as manually modified and are not overwritten when you copy more activities into the role and edit the authorizations again. You can assign the complete authorization (star) for the hierarchy level for all non-maintained fields by clicking on the traffic lights.
Wherever there are red traffic lights, there are organizational levels with no values. You can enter and change organizational levels with Org. levels.
If you want other functions in the tree display, such as copying or collecting authorizations, you can show them with Utilities ? Settings.
a.    Generate an authorization profile for the authorizations. To do this, Choose Generate.You are prompted for an authorization profile name. A valid name in the customer namespace is proposed.
b.    Leave the tree display after the profile generation.
If you change the menu and then call the tree display for the authorizations again, the authorizations of the new activities are mixed with those for the existing authorizations. There may then be a few yellow traffic lights, because there are authorizations in the tree that are incompletely defined. You must either manually assign values to these, or if you do not want to do this, delete them. To delete an authorization, deactivate it first and then delete it.
6.    You can also assign users to the role immediately.

7.    Save your entries.
3)  Creating Composite Roles

1.    Enter a name in the Role field in the role maintenance (transaction PFCG).The SAP System does not distinguish between the names of simple and composite roles. You should adopt your own naming convention to distinguish between simple and composite roles.
2.    Choose Create collective role.
3.    You can define the composite role in the following screen.
4.    Save your entries.
5.    Enter the roles in the composite role in the Roles tab page. You can display all the simple roles in the system with the possible entries help.
You cannot include composite roles in a composite role.
6.    You can restructure the role menus which you read in with Read menu, in the Menutab.
This does not affect the menus of the roles.
Note also the information about menus of composite roles provided if you choose Information  on the Menutab page.
7.    Either enter the names of the users individually in the Users tab (manually or from the possible entries help) or choose Selection. You can define selection criteria (such as  all users in a user group)
If you select a username and choose Display, detailed user information is displayed.
Choose Compare users. The user data is updated after the comparison.
Note that users which are assigned to a composite role are displayed on a gray background in its roles (not changeable). The user assignment should only be             changed in the composite role.You can display an overview of Roles in composite roles with the View pushbutton in the role maintenance initial screen.
4) Transporting and Distributing Roles

1.    To start role maintenance, choose Tools ? Administration ? User Maintenance ? Role Administration ? Roles  (transaction PFG).

2.    Enter the role to be transported and choose Transport Role.

The Mass Transport of Rolesscreen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport     generated profiles for roles using Customizing switches (see Role Maintenance Functions in the section Functions of the Utilities Menu).
You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate     them for the first time, transport the entire role again afterwards.
3.    In the following dialog box, specify whether the user assignment and the personalization data should also be transported. If the user assignments are also transported, they will replace the entire user assignment of roles in the target system. To lock a system so that user assignments of roles cannot be imported, enter it in the Customizing table PRGN_CUST using transaction SM30. Add the line USER_REL_IMPORTand the value NO.
4.   Enter a transport request.
The role is entered in a Customizing request. Use Transaction SE10 to display this.
The authorization profiles are transported along with the roles. Unless the profile parameter transport/systemtype is set in this SAP system to value SAP. In this         case, only the profiles whose roles are assigned to customer-relevant delivery classes are transported.
 
5.    Perform a user master comparison in the target system.

Process Flow

You process the upper level shown in the graphic with the role maintenance functions and the Profile Generator. You define the roles for the various job descriptions with the permitted activities. The Profile Generator determines the authorizations for users for a particular role based on this information. The basic process is as follows:

1.    Assign the job descriptions to transactions.

Define job descriptions for each application area in your company (for example, in a job description matrix). Determine for each description the menu paths and transactions that the users with this job require. Determine both the required access authorizations (display, change) and any restrictions.

2.    Maintain activity groups or roles with the role maintenance and the Profile Generator (transaction PFCG).
Use the role maintenance functions to create the roles or activity groups that correspond to the individual job descriptions. For each role or activity group, choose the tasks (reports and transactions) that belong to the job.

3.    Generate and maintain authorization profiles.
In this step, the profile generator automatically generates the authorization profile for the activity group or role. To accept or change the proposed profile, you must work through the tree structure of the profile and confirm the individual authorizations that you want to assign to the activity group or role.

4.    Assign users.
In this step, you assign the users that belong to the relevant roles or activity groups.

5.    Update the user master records.
The user assignment and the generated profile must be updated in the user master records. There are a number of ways in which you can do this (depending on your release status):

-     In all releases, you can schedule a background job that regularly updates the user master records.

-     As of SAP R/3 4.5, you can either use the user comparison function or have the user master records automatically updated when saving the activity groups or roles. (Choose Utilities ?Settings,_and activate the option _Automatic comparison at save.)

Even if you use the User Comparison function or the option Automatic Comparison at Save, we recommend that you schedule a background job and ensure that all user master records are regularly automatically updated.

In the R/3 transport management system you can find a lot of information about transports, but a list with the status (import date/time) of transports for the development system, quality system and production is hard to build from standard SAP. So i have created a Z-program for it.

The basic part of the program is the data retrieval from the relevant tables and using the relevant function modules :

  • Tables :
    • E070 : Change & Transport System: Header of Requests/Tasks
    • E07T : Change & Transport System: Short Texts for Requests/Tasks
  • Function modules:
    •  STRF_READ_COFILE : Read and interpret contents of the COFILE

The select-options for my report are :

  • S_TRKORR (type E070-TRKORR) : transport request or task id
  • S_AS4TXT (type E07T-AS4TEXT) : transport request or task description (transports description belonging to project starts with project relevant prefix, so we can select easily all project related transports)

The following systems are uses :

  • DEV for development
  • QAS for quality
  • PRD for production 

The code for the data retrieval is :

Lately I published a position paper Business case for Mobile Ajax Ajax at W3C/OpenAjax Workshop on Mobile Ajax. I couldn't attend the workshop because I was busy presenting MobileWeaver at DKOM and supporting mobile widget users at TechEd Las Vegas.

MobileWeaver Ajax is an Ajax browser-based framework for easily building and consuming lightweight and rich mobile web applications/widgets that are occasionally disconnected, asynchronous, supportive of push mode, and integrated with enterprise and third party services (SOAP and RESTful services) without requiring any additionnal software installation. These mobile applications are composed visually and can be built by business users or web developers. MobileWeaver Ajax distinguishes itself by tacking care of known mobile application problems including poor usability, network latency and development/deployment cost. It defines an innovative application model that is well suited for on-demand mobile solutions.

MobileWeaver Ajax is a very valuable platform for customers who are struggling to enable ad-hoc mobile access to their enterprise solutions in an easy, fast and TCO-conscious manner.For a short glimpse of MobileWeaver Ajax you can see this 5 minutes Demo: https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/mobile/mobile%20infrastructure/MobileWeaver%20Ajax%20-%20Widget%20Composer.swf

Lock Objects

Lock Objects

The R/3 System synchronizes simultaneous access of several users to the same data records with a lock mechanism. When interactive transactions are programmed, locks are set and released by calling function modules (see Function Modules for Lock Requests). These function modules are automatically generated from the definition of lock objects in the ABAP Dictionary.

Structure of a Lock Object

The tables in which data records should be locked with a lock request are defined in a lock object together with their key fields. When tables are selected, one table (the primary table) is first selected. Further tables (secondary tables) can also be added using foreign key relationships (see also Conditions for Foreign Keys).

Lock Arguments

The lock argument of a table in the lock object consists of the key fields of the table.

The lock argument fields of a lock object are used as input parameters in the function modules for setting and removing locks generated from the lock object definition. When these function modules are called, the table rows to be locked or unlocked are specified by defining certain values in these fields. These values can also be generic. The lock argument fields therefore define which subset of the table rows should be locked.

The simplest case of a lock object consists of exactly one table and the lock argument of the table is the primary key of this table. Several tables can also be included in a lock object. A lock request therefore can lock an entire logical object, and not only a record of a table. Such
a logical object can be for example a document comprising an entry in a header table and N entries in a position table.

Locks can also be set from programs in other systems with the corresponding interfaces if the lock object was defined with RFC authorization.

A lock mode can be assigned for each table in the lock object. This mode defines how other users can access a locked record of the table.

Table SFLIGHT in the flight model contains all the scheduled flights of a carrier. Field SEATSMAX contains the number of seats available.
Field SEATSOCC contains the number of seats already booked. If a booking is made for a customer (by a travel agency or sales desk), you must check whether there are enough seats available. The number of seats booked is incremented when the booking is made.

This mechanism must ensure that two sales desks do not make the same booking at the same time and that the flight is not overbooked.

This can be done by creating lock object ESFLIGHT. Only the table SFLIGHT must be included in this lock object. The flight can then be locked (with the function modules generated from the lock object) when booking. If another sales desk also wants to book seats for this flight, the
lock will prevent the flight from being overbooked.

Example for Lock Objects

When booking flights (see Flight Model) it is important to prevent flights from being overbooked. For this reason, you have to lock the particular flight as well as all the bookings existing for this flight during processing. You can do this with lock object E_BOOKING.

The flights are recorded in table SFLIGHT and the bookings for the flights in table SBOOK. The two tables are linked with a foreign key. Lock object E_BOOKING must therefore contain table SFLIGHT as primary table and table SBOOK as further table.

The lock argument of table SFLIGHT thus contains the fields MANDT, CARRID, CONNID, and FLDATE. The lock argument of table SBOOK thus contains the fields MANDT, CARRID, CONNID, FLDATE, BOOKID and CUSTOMID.

Select exclusive lock mode, that is the locked data can only be displayed and edited by one user.

When the lock object is activated, the following function modules are generated from its definition:

ENQUEUE_ E_BOOKING (set locks)
ENQUEUE_ E_BOOKING (release locks)
These function modules can now be linked to ABAP programs.

The following example shows how function module ENQUEUE_ E_BOOKING is called.  

With this call, flight LH 400 on Nov. 29,1998 is exclusively (lock mode E) locked in table SFLIGHT together with all the bookings entered in table SBOOK for this flight (since the initial value 0 is transferred for BOOKID and CUSTOMID). The lock is sent to the update program (_SCOPE = '2'). If there is a lock conflict, another attempt is made to set the lock after a certain time (_WAIT = 'X').
The set locks can be removed by calling the function module DEQUEUE_E_BOOKING as follows:  

The existing exclusive lock entries for flight LH 400 are deleted in table SFLIGHT and the
bookings for this flight are deleted in table SBOOK. The request to delete the lock entries is
passed on to the update program (_SCOPE = '3').
Function Modules for Lock Requests
Activating a lock object in the ABAP Dictionary automatically creates function modules for setting (ENQUEUE_<lock object name>) and releasing (DEQUEUE_<lock object name>) locks.
The generated function modules are automatically assigned to function groups. You should not change these function modules and their assignment to function groups since the function modules are generated again each time the lock object is activated.

Never transport the function groups, which contain the automatically generated function modules. The generated function modules of a lock object could reside in a different function group in the target system. Always transport the lock objects. When a lock object is activated in the target system, the function modules are generated again and correctly assigned to function groups.

Parameters of the Function Modules
Field Names of the Lock Object
The keys to be locked must be passed here.

A further parameter X_<field> that defines the lock behavior when the initial value is passed exists for every lock field <field>. If the initial value is assigned to <field> and X_<field>, then a generic lock is initialized with respect to <field>. If <field> is assigned the initial value and
X_<field> is defined as X, the lock is set with exactly the initial value of <field>.

Parameters for Passing Locks to the Update Program
A lock is generally removed at the end of the transaction or when the corresponding DEQUEUE function module is called. However, this is not the case if the transaction has called update routines. In this case, a parameter must check that the lock has been removed.

Parameter _SCOPE controls how the lock or lock release is passed to the update program (see The Owner Concept for Locks). You have the following options:

-        _SCOPE = 1: Locks or lock releases are not passed to the update program. The lock is removed when the transaction is ended.

-        _SCOPE = 2: The lock or lock release is passed to the update program. The update program is responsible for removing the lock. The
interactive program with which the lock was requested no longer has an influence on the lock behavior. This is the standard setting for the
ENQUEUE function module.

-        _SCOPE = 3: The lock or lock release is also passed to the update program. The lock must be removed in both the interactive program
and in the update program. This is the standard setting for the DEQUEUE function module.

Parameters for Lock Mode
A parameter MODE_<TAB> exists for each base table TAB of the lock object. The lock mode for this base table can be set dynamically with this parameter. The values allowed for this parameter are S (read lock), E (write lock), X (extended write lock), and O (optimistic lock).

The lock mode specified when the lock object for the table is created is the default value for this parameter. This default value can, however, be overridden as required when the function module is called.

If a lock set with a lock mode is to be removed by calling the DEQUEUE function module, this call must have the same value for the parameter
MODE_<TAB>.

Controlling Lock Transmission
Parameter _COLLECT controls whether the lock request or lock release should be performed directly or whether it should first be written to the local lock container. This parameter can have the following values:

-        Initial Value: The lock request or lock release is sent directly to the lock server.

-        X: The lock request or lock release is placed in the local lock container. The lock requests and lock releases collected in this lock container can then be sent to the lock server at a later time as a group by calling the function module FLUSH_ENQUEUE.

Whenever you have lock mode X (extended write lock), locks should not be written to the local lock container if very many locks refer to the same lock table. In this case, there will be a considerable loss in performance in comparison with direct transmission of locks.

Behavior for Lock Conflicts (ENQUEUE only)
The ENQUEUE function module also has the parameter _WAIT. This parameter determines the lock behavior when there is a lock conflict.

You have the following options:

-          Initial Value: If a lock attempt fails because there is a competing lock, the exception FOREIGN_LOCK is triggered.

-         X: If a lock attempt fails because there is a competing lock, the lock attempt is repeated after waiting for a certain time. The exception
FOREIGN_LOCK is triggered only if a certain time limit has elapsed since the first lock attempt. The waiting time and the time limit are defined
by profile parameters.

Controlling Deletion of the Lock Entry (DEQUEUE only)
The DEQUEUE function module also has the parameter _SYNCHRON.

If X is passed, the DEQUEUE function waits until the entry has been removed from the lock table. Otherwise it is deleted asynchronously, that is, if the lock table of the system is read directly after the lock is removed, the entry in the lock table may still exist.

Exceptions of the ENQUEUE Function Module
-        FOREIGN_LOCK': A competing lock already exists. You can find out the name of the user holding the lock by looking at system variable
SY-MSGV1.

-        SYSTEM_FAILURE: This exception is triggered when the lock server reports that a problem occurred while setting the lock. In this case, the lock could not be set.

If the exceptions are not processed by the calling program itself, appropriate messages are issued for all exceptions.