05-12-2009 8:44 PM
Hello All - I have a question with authorization objects, there are three roles with red lights 'ON' in authorization object screen in our PRD. However users who are using these roles have no auth issues, standard procedure is to make all lights green in PFCG by maintaining these auth objects.
Big question is "what is the down fall by leaving these objects RED, I need to support my theory when I say all lights green with auth objects.
Why best practise says maintain all lights to green?
Please suggest, appreciate your suggestions.
Thanks.
Edited by: AJ on May 12, 2009 9:44 PM
05-12-2009 9:12 PM
> Why best practise says maintain all lights to green?
This is true from a role admin perspective.
If the object is needed, chances are good that another authorization instance is present in this role or another which satisfies the check.
Take a look through the role to see whether the red authorizations are accompanied by another subsequent green on which is "Manual" status.
Can happen when you are in a rush...
Cheers,
Julius
05-12-2009 9:12 PM
> Why best practise says maintain all lights to green?
This is true from a role admin perspective.
If the object is needed, chances are good that another authorization instance is present in this role or another which satisfies the check.
Take a look through the role to see whether the red authorizations are accompanied by another subsequent green on which is "Manual" status.
Can happen when you are in a rush...
Cheers,
Julius
05-12-2009 9:24 PM
Julius really appreciate your quick response!
What is the difference between a red light and a yello light
Red Light says: Variable missing
Yellow lilght says: missing values
I understand little bit on 'Yellow' light but not red light.
We upgraded from 4.6 through ECC 6.0, I guess with SU25 activities these auth objects were pulled in our roles:
"What will be the difference between leaving that red lights 'ON' vs "disabling" these red objects? (I am bit confused on this).
Thanks much!
05-12-2009 9:27 PM
This is true, I saw our roles:
"Take a look through the role to see whether the red authorizations are accompanied by another subsequent green on which is "Manual" status."
05-12-2009 9:54 PM
Hello,
Red light means you have not maintained the organizational values within the role. NOTE: Never maintain organization values directly at the field level, it will very difficult for future maintenance purpose. The field will become thick blue. You have to maintain the organizational values at the button in right hand top corner.
Yellow values means, certain authorization fields you have filled with values, but you NOT filled some. Then it comes to yellow.
Recommendation: You should make sure that all the fields are turned into GREEN.
Regards,
Ravi
05-13-2009 8:42 AM
You're right, the objects would have come in after the upgrade as STANDARD and if you already have a MANUAL inserted authorization object, then you could choose to deactivate the STANDARD object.
I guess you've received good explanations on the red, yellow & green indicators.
05-13-2009 11:14 AM
Hi,
> "What will be the difference between leaving that red lights 'ON' vs "disabling" these red objects? (I am bit confused on this).
Red Object: As you know that authorization Objects comprises of Authorization fields. There are certain fields, which are known as "Organization Level" fields and need to be maintained Centrally. If you miss this fields, then the traffic light icon is RED. For all other authorization fields, light will be Yellow if you miss any blank field to maintain. During check, these fields will provide missing authorization (but you may not get error if same object is present in the role with all fields maintained status).
Disabled Object: If you make any Object Disable, then during check, this Object will not be treated for checking Authorizations. But profile generator will keep this in mind, so you don't get Standard Objects repeatedly (if already present in Deactivated status also) whenever you go to "..Merge with New Data".
You all other questions are very nicely answered already.
Regards,
Dipanjan
05-15-2009 8:17 AM
Hi
It wont generate profile if it will remain red in authorization part.
to generate full authorizations it needs to be green as to generate profile.
thx
shilpa
05-16-2009 11:34 AM
> It wont generate profile if it will remain red in authorization part.
> to generate full authorizations it needs to be green as to generate profile.
Hi Shilpa, this is not correct. As Farooq pointed out, the profile will generate if you have indicators in red or yellow status.
A role will not generate if there are no authorisation objects assigned.
05-18-2009 7:44 AM
Hi
thx for the correction , its true the profile will generate as required authorizations.
Thx
Shilpa
05-16-2009 6:07 AM
hii,
There is no blind idea to make all the feild as green it depends on douments u get through the tickets
u can keep some feilds green,yellow,red
Green means u have maintained authorization feilds for all the authroziation objects
Yellow means u have partially maintained authorization for all the authorization objects by laeving some feilds without maintaining it
red means u have not maintained organisational assigment for the auth object
thatsall
byeeeeeeeee
takecare
05-18-2009 3:51 PM
Hi Aj,
Its always best to keep Green status in authorization object and this is recommended.
If you donot know the value for the object,its better you can maintain a dummy value like ' ' in the value field. this will make the object to green.
Arun
05-21-2009 2:06 PM
Thanks All Guyz for your suggestions!
For me SDN and Google are like "Bread and Butter"