cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting up Workflow Approvers in CUP

Go to solution
Former Member

on ‎07-22-2009 11:01 AM

0 Kudos

Hi Experts,

I am in the midst of configuring the CUP workflow approval. I understand that in order for a user to approve a CUP request, I need to:

1. Create this user (approver) in UME

2. Assign this user with AE approver role

However, my user base is around 20,000, and it seems that as long as a user has a direct reporting line (i.e. has staff under him/her), the user can be a CUP approver. This would translate into around 90% of the 20,000 user base!

In such scenario, do I need to manually create the 90% of the 20,000 users in UME, and assign them the AE Approver role in order for them to be able to approve CUP requests? Or is there any way I can use the LDAP (SunOne) to avoid such a manual creation?

FYI, the LDAP SunOne is my authentication source.

Hope to hear your valuable advice.

Thanks!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-23-2009 10:21 PM
0 Kudos

Hi,

As the solution for your issue is already given by Shweta and Varun , I would recommend you to keep USER DATA SOURCE to be pointed with LDAP. As you can not fetch the manager information from UME in CUP request. The manager information can only be fetched from SAP HR system or from LDAP.

Thanks,

Show replies
Show replies

Answers (3)

Answers (3)

hkaur
Advisor
Advisor
‎08-04-2009 12:26 PM
0 Kudos

Hello,

You are right in your approach .

Make sure to execute the config tool and update the configuration for UME LDAP data.

Please refer the following link that explains the steps required to configure LDAP for UME:

http://help.sap.com/saphelp_nw04/helpdata/en/cc/cdd93f130f9115e10000000a155106/content.htm

Harleen

SAP GRC RIG

Show replies
Show replies
Former Member
‎07-22-2009 11:47 AM
0 Kudos

Hi,

To overcome your issue and task of the manual creation, follow the given steps.

1. Map your LDAP with UME so that all users are reflected in UME.

2. In UME select thee role AEApprover and then in "Assigned Users" tab select the data source as

LDAP. Now select all user which are fetchd from LDAP and add then to the role AEApprover.

This way all the LDAP user will be able to approve CUP requests and you will not have to create user again in UME.

Regards,

Shweta

Show replies
Show replies
Former Member
‎07-22-2009 5:44 PM
0 Kudos

Hi,

The solution Shweta mentioned is the only way to achieve what you want. If you don't want to create any users in UME then you can point UME to any datasource (in your case SunOne LDAP). Once this is done, all of the users from the LDAP will show up in UME.

Regards,

Alpesh

Former Member
‎08-04-2009 10:10 AM
0 Kudos

Hi Experts,

Thanks for all the in-sights shared.

Just some background info - there were some technical issues connecting to SunOne, as a result, we explored the possibility of using Active Directory instead, which also contains vital fields such as manager, which we need to satisfy our scenario mentioned in my first post in this thread.

We've done the following In CUP

1. Successfully created and tested connection to Active Directory LDAP in "Connectors"

2. Mapped the LDAP fields required (i.e. sAMAccountName/ l / c / etc etc)

3. Configured the Authentication System (to LDAP) and System Name based on step 1 (i.e. the AD LDAP). We also checked the "End User Verification Required" checkbox.

4. We pointed the "Search Data Source" and "User Details Data Source" to LDAP with the corresponding LDAP system name

After doing this, we tried to simulate a creation request, but when we clicked SEARCH based on last name under the General Info/ Requestor / Manager Information, we hit "No records found". However, If we point our data source -> search data source to UME, we can see the dummy users which we manually created in UME. But we want to search base on our AD LDAP which contains our 20,000 users records.

We then proceed to UME, based on Swea's suggestion, however, some queries

For step #1, "Map your LDAP with UME so that all users are reflected in UME", does this involve going to the UME Configuration -> Data Source, modify it to point to Microsoft ADS? We see a few options, such as flat and deep hierarchy + database. Are we on the right track here? The default was "Database Only", but we experimented selecting all the MS ADS options to see what are the different effects, as a result the default option disappeared.

For step #2, "In UME select thee role AEApprover and then in "Assigned Users" tab select the data source as

LDAP. Now select all user which are fetchd from LDAP and add then to the role AEApprover", we tried to follow this to the letter, but when we clicked "Assigned Users" tab and tried to modify, the data source was a greyed out (i.e. non-selectable) option.

Appreciate if anyone can point us in the right direction, or advise if we missed out any step, in view of the above that we done so far.

Former Member
‎07-22-2009 11:13 AM
0 Kudos

Hello,

In that case you can make your UME point to LDAP which will make the users (approvers) to be fetched from LDAP into UME. As per CUP every approver has to be assigned the approver role and thus has to be in UME. If you could map UME to LDAP then CUP will be able to fetch the approver information from UME.

Regards,

Varun

Show replies
Show replies
Ask a Question