cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ERM overwrites backend role without warning.

Go to solution
Former Member

on ‎11-15-2010 12:37 PM

0 Kudos

We are on version 5.3 - SP13.

I have uploaded roles to our ERM installation. The upload was performed with the bulk download file collected via the /VIRSA/RE_DNLDROLES - program in backend in combination with the role information file which we have maintained with relevant role attribute data. The Org-level file is not relevant for us since our security concept does not include derived roles.

When we took the tool into use we discovered that even though the upload was completed successfully there are examples of roles which are created with non-identical content (authorization objects and field values) from the actual backend roles.

When we started performing changes to those roles, not identical in ERM and backend, via ERM, the system did not give a warning of the inconsistency but just directly overwrote the backend role with the incorrect ERM version of the role.

Anyone else with experience with the same error?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎11-15-2010 1:29 PM
0 Kudos

Hi Kari,

Even though you didn't require the derived roles, the org.level data is required. Can you try uploading all the master roles/single roles with org.level data and see whether the problem is resolved. If not, you may get in touch with the SAP support folks.

Regards,

Raghu

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎11-18-2010 10:34 AM
0 Kudos

Kari,

In which roles did you find differences between ERM and Backend just after you performed the mass upload?

What is the status of your issue?

Many thanks in advance. Kind rergards,

Imanol

Show replies
Show replies
Former Member
‎12-09-2010 2:47 PM
0 Kudos

Thanks for your interest, Imanol.

The issue is still open. We have opened an OSS, but SAP has not yet been able to recreate the error.

BR

Kari

koehntopp
Product and Topic Expert
Product and Topic Expert
‎11-15-2010 1:59 PM
0 Kudos

Wait a minute - is that what you did:

1. imported roles into ERM

2. Made changes to those roles in ERM

3. Told ERM to generate the role(s)

If so, that's how it's intended to work. The state of the role as it is in the backend does not really matter - ERM is supposed to have the only valid version of a role. You need to make sure that the ERM data is correct before you generate, whatever is in the backend is considered not relevant.

Frank.

Show replies
Show replies
Former Member
‎11-15-2010 2:52 PM
0 Kudos

Thanks Raghu and Frank for your replies!

What I did was:

1. Yes: I imported roles into ERM.

I made the assumption that the roles would be created correctly contentwise in ERM since the upload is done from a file which is directly downloaded from the backend system. I probably have some issues in this department as you have both already pinpointed.

Maybe the lack of including the OrgData file in the upload is the source for the error...?

Sorry about my stupid question Raghy, but how do I maintain the Org Data file? I see that the data columns are:

Rolename - Derived Org Level - From value - To value

Do I really have to maintain this manually when I do not have derived roles....?

(I see that there is a lot of org level values included in the system already from the initial upload.)

Do you have any general advise on how I can easily verify that my roles are created with correct content in ERM compared with the backend system?

2. Yes/No: I agree that if you generate a role from ERM, then you must know what you do and expect the backend role to be overwritten.

What I did was that I opened PFCG from ERM to make changes to the role.

I have in earlier test scenarios received a system messages at this point in the process asking me if I really want to overwrite the backend role. To my understanding this message is supposed to appear in any case when the ERM role is different from the backend role. Then I have the possibility to cancel the opening of PFCG and synchronize the role from backend to ERM before I continue with actually opening PFCG and performing the role changes.

I do not know why I get this message sometimes, but not always.....

Best regards

Kari

Former Member
‎11-15-2010 12:52 PM
0 Kudos

Hi,

Did you run the the following background jobs in the ERM:

- Org Value Sync

- Transaction/Object/Field Sync

- Activity Sync

These 3 jobs should run in the same sequence. Also, wait until the jobs are finished successfully and try. This should solve the problem.

Warm Regards,

Raghu

Show replies
Show replies
Former Member
‎11-15-2010 12:58 PM
0 Kudos

I forgot to mention that initially, but I have also already run those sychronization jobs in the manner you describe.

Ask a Question