on 07-22-2009 11:01 AM
Hi Experts,
I am in the midst of configuring the CUP workflow approval. I understand that in order for a user to approve a CUP request, I need to:
1. Create this user (approver) in UME
2. Assign this user with AE approver role
However, my user base is around 20,000, and it seems that as long as a user has a direct reporting line (i.e. has staff under him/her), the user can be a CUP approver. This would translate into around 90% of the 20,000 user base!
In such scenario, do I need to manually create the 90% of the 20,000 users in UME, and assign them the AE Approver role in order for them to be able to approve CUP requests? Or is there any way I can use the LDAP (SunOne) to avoid such a manual creation?
FYI, the LDAP SunOne is my authentication source.
Hope to hear your valuable advice.
Thanks!
Hi,
As the solution for your issue is already given by Shweta and Varun , I would recommend you to keep USER DATA SOURCE to be pointed with LDAP. As you can not fetch the manager information from UME in CUP request. The manager information can only be fetched from SAP HR system or from LDAP.
Thanks,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
You are right in your approach .
Make sure to execute the config tool and update the configuration for UME LDAP data.
Please refer the following link that explains the steps required to configure LDAP for UME:
http://help.sap.com/saphelp_nw04/helpdata/en/cc/cdd93f130f9115e10000000a155106/content.htm
Harleen
SAP GRC RIG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
To overcome your issue and task of the manual creation, follow the given steps.
1. Map your LDAP with UME so that all users are reflected in UME.
2. In UME select thee role AEApprover and then in "Assigned Users" tab select the data source as
LDAP. Now select all user which are fetchd from LDAP and add then to the role AEApprover.
This way all the LDAP user will be able to approve CUP requests and you will not have to create user again in UME.
Regards,
Shweta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Experts,
Thanks for all the in-sights shared.
Just some background info - there were some technical issues connecting to SunOne, as a result, we explored the possibility of using Active Directory instead, which also contains vital fields such as manager, which we need to satisfy our scenario mentioned in my first post in this thread.
We've done the following In CUP
1. Successfully created and tested connection to Active Directory LDAP in "Connectors"
2. Mapped the LDAP fields required (i.e. sAMAccountName/ l / c / etc etc)
3. Configured the Authentication System (to LDAP) and System Name based on step 1 (i.e. the AD LDAP). We also checked the "End User Verification Required" checkbox.
4. We pointed the "Search Data Source" and "User Details Data Source" to LDAP with the corresponding LDAP system name
After doing this, we tried to simulate a creation request, but when we clicked SEARCH based on last name under the General Info/ Requestor / Manager Information, we hit "No records found". However, If we point our data source -> search data source to UME, we can see the dummy users which we manually created in UME. But we want to search base on our AD LDAP which contains our 20,000 users records.
We then proceed to UME, based on Swea's suggestion, however, some queries
For step #1, "Map your LDAP with UME so that all users are reflected in UME", does this involve going to the UME Configuration -> Data Source, modify it to point to Microsoft ADS? We see a few options, such as flat and deep hierarchy + database. Are we on the right track here? The default was "Database Only", but we experimented selecting all the MS ADS options to see what are the different effects, as a result the default option disappeared.
For step #2, "In UME select thee role AEApprover and then in "Assigned Users" tab select the data source as
LDAP. Now select all user which are fetchd from LDAP and add then to the role AEApprover", we tried to follow this to the letter, but when we clicked "Assigned Users" tab and tried to modify, the data source was a greyed out (i.e. non-selectable) option.
Appreciate if anyone can point us in the right direction, or advise if we missed out any step, in view of the above that we done so far.
Hello,
In that case you can make your UME point to LDAP which will make the users (approvers) to be fetched from LDAP into UME. As per CUP every approver has to be assigned the approver role and thus has to be in UME. If you could map UME to LDAP then CUP will be able to fetch the approver information from UME.
Regards,
Varun
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.