Solved: Red Light with Authorization Object in PFCG

Former Member · ‎05-12-2009

Hello All - I have a question with authorization objects, there are three roles with red lights 'ON' in authorization object screen in our PRD. However users who are using these roles have no auth issues, standard procedure is to make all lights green in PFCG by maintaining these auth objects.

Big question is "what is the down fall by leaving these objects RED, I need to support my theory when I say all lights green with auth objects.

Why best practise says maintain all lights to green?

Please suggest, appreciate your suggestions.

Thanks.

Edited by: AJ on May 12, 2009 9:44 PM

Former Member · ‎05-12-2009

> Why best practise says maintain all lights to green?

This is true from a role admin perspective.

If the object is needed, chances are good that another authorization instance is present in this role or another which satisfies the check.

Take a look through the role to see whether the red authorizations are accompanied by another subsequent green on which is "Manual" status.

Can happen when you are in a rush...

Cheers,

Julius

Former Member · ‎05-12-2009

> Why best practise says maintain all lights to green?

This is true from a role admin perspective.

If the object is needed, chances are good that another authorization instance is present in this role or another which satisfies the check.

Take a look through the role to see whether the red authorizations are accompanied by another subsequent green on which is "Manual" status.

Can happen when you are in a rush...

Cheers,

Julius

Former Member · ‎05-12-2009

Julius really appreciate your quick response!

What is the difference between a red light and a yello light

Red Light says: Variable missing

Yellow lilght says: missing values

I understand little bit on 'Yellow' light but not red light.

We upgraded from 4.6 through ECC 6.0, I guess with SU25 activities these auth objects were pulled in our roles:

"What will be the difference between leaving that red lights 'ON' vs "disabling" these red objects? (I am bit confused on this).

Thanks much!

Former Member · ‎05-12-2009

This is true, I saw our roles:

"Take a look through the role to see whether the red authorizations are accompanied by another subsequent green on which is "Manual" status."

former_member182098 · ‎05-12-2009

Hello,

Red light means you have not maintained the organizational values within the role. NOTE: Never maintain organization values directly at the field level, it will very difficult for future maintenance purpose. The field will become thick blue. You have to maintain the organizational values at the button in right hand top corner.

Yellow values means, certain authorization fields you have filled with values, but you NOT filled some. Then it comes to yellow.

Recommendation: You should make sure that all the fields are turned into GREEN.

Regards,

Ravi

Former Member · ‎05-13-2009

You're right, the objects would have come in after the upgrade as STANDARD and if you already have a MANUAL inserted authorization object, then you could choose to deactivate the STANDARD object.

I guess you've received good explanations on the red, yellow & green indicators.

sdipanjan · ‎05-13-2009

Hi,

> "What will be the difference between leaving that red lights 'ON' vs "disabling" these red objects? (I am bit confused on this).

Red Object: As you know that authorization Objects comprises of Authorization fields. There are certain fields, which are known as "Organization Level" fields and need to be maintained Centrally. If you miss this fields, then the traffic light icon is RED. For all other authorization fields, light will be Yellow if you miss any blank field to maintain. During check, these fields will provide missing authorization (but you may not get error if same object is present in the role with all fields maintained status).

Disabled Object: If you make any Object Disable, then during check, this Object will not be treated for checking Authorizations. But profile generator will keep this in mind, so you don't get Standard Objects repeatedly (if already present in Deactivated status also) whenever you go to "..Merge with New Data".

You all other questions are very nicely answered already.

Regards,

Dipanjan

Former Member · ‎05-15-2009

Hi

It wont generate profile if it will remain red in authorization part.

to generate full authorizations it needs to be green as to generate profile.

thx

shilpa

Former Member · ‎05-16-2009

> It wont generate profile if it will remain red in authorization part.

> to generate full authorizations it needs to be green as to generate profile.

Hi Shilpa, this is not correct. As Farooq pointed out, the profile will generate if you have indicators in red or yellow status.

A role will not generate if there are no authorisation objects assigned.

Former Member · ‎05-18-2009

Hi

thx for the correction , its true the profile will generate as required authorizations.

Thx

Shilpa

Former Member · ‎05-16-2009

hii,

There is no blind idea to make all the feild as green it depends on douments u get through the tickets

u can keep some feilds green,yellow,red

Green means u have maintained authorization feilds for all the authroziation objects

Yellow means u have partially maintained authorization for all the authorization objects by laeving some feilds without maintaining it

red means u have not maintained organisational assigment for the auth object

thatsall

byeeeeeeeee

takecare

former_member954801 · ‎05-18-2009

Hi Aj,

Its always best to keep Green status in authorization object and this is recommended.

If you donot know the value for the object,its better you can maintain a dummy value like ' ' in the value field. this will make the object to green.

Arun

Former Member · ‎05-21-2009

Thanks All Guyz for your suggestions!

For me SDN and Google are like "Bread and Butter"