on 01-30-2011 4:07 PM
Hello consultant:
We have installed and configurated IDM with following guides:SAP-NW_IdM_IC_Tutorial_GettingStarted_7-1 and SAP-NW_IdM_IdMForSAPSystems_Configuration_7-1
We have configurated HCM scenarios
Now we need log in Identity Management User Interface (http://host:50000/idm) but we have a problem , we only have access monitoring tab.
We have created role"idm" with following actions :
sap.com_tcidmjmx~ump.idm_authenticated
sap.com_tcidmjmx~ump.monitoring_administration
sap.com_tcidmjmx~ump.monitoring_support
We have add user in our Identity Store
Click the General Tab
Click Add user
Entry Type: MX_PERSON
User name: user with role idm with action sap.com_tcidmjmxump.idm_authenticated,sap.com_tcidmjmxump.monitoring_administration and
sap.com_tcidmjmx~ump.monitoring_support
Then we have created temporary self-service task for privilege assignment1. In the Identity Center, select the identity store and choose New/Folderu2026 from the context menu to create a new folder. Rename the folder to "IdM UI".
2. Select the folder and choose New/Unordered task group from the context menu. Rename the task to "Assign privilege".
3. Select the "Attributes" tab:
Entry type - Select "MX_PERSON" entry type. Choose "u2026" to open a dialog box from which you select the entry type.
4. Choose "Apply".
5. Select the "Access control" tab.
6. Choose "Addu2026" and fill in the following:
Allow access for: Select "Logged-in user or identity store entry".
ID store: Select the correct identity store. In this example "Enterprise People" is used.
On behalf of: There are two ways of creating a self service task. You either select "User or identity store entity" or "Relation - Self". Both ways are legitimate.
7. Choose "OK".
8. Choose "Apply".
But when we log in the url we only acces a monitoring tab
Please help me
Thanks and Regards,
Hello consultant:
We have created new Identity store(SAP_Master) and when we try adding privileges we don`t view anything in the url , but when we have added privileges in Enterprise People(identity store) , we view all tabs in the url.
We have readed SAP-NW_IdM_IC_Tutorial_GettingStarted_7-1.pdf and SAP-NW_IdM_IdMForSAPSystems_Configuration_7-1.pdf because we need created IDm with HCM SAP.
Our first problem is resolved but now when execute RPLDAP_EXTRACT_IDM report we obtein following errors with all person number:
Object Not Found
LDAP_CREATE failed
Entry already exists
When we log in the URL we have all tabs but we don`t know how work it.
Is there a guide that explains how to work with the URL?
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Esther - just to simplify things please start a new thread for the RPLDAP_EXTRACT_IDM issue (make sure first to search old threads to see if you can find an answer) as this is seperate to the logon issues to the UI.
Also don't forget to reward points with helpful and/or correct answer if the issue is resolved with the help of the members here.
Best of Luck
Chris
IdM SCN Moderator
Hello consultant:
Now we have logged in the url but we view monitoring tab only.
We have add following roles our user:(solman_admin)
idm.authenticated
idm_monitoring_administration
idm_monitoring_support
We have added privilege our user in our identity center with botton "Add manager privileges"
In the url we view monitoring tab with different actions, distpacher status ,lob job ....with correct data.
Many thanks
Reagrds
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello consultant:
Now the new url work fine , but we have the same problem without sp05
In the url only view Monitoring tab.
We have add java-user with "add privileges" button , but the problem persist.
We have created task Assig privileges in Identity Center for add "Self Service "tab(guide Installing and configuring the Identity
Management User Interface) , but we don`t view the tab only "monitoring" tab.
Many thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
What did you need to do to solve the Access Denied / Server Down message?
Regarding your login problems, I would suggest the following:
1. Check how your UME roles are configured? Are the correct with regard to the install guide?
2. Is your Identity Store database (usually mxmc_db) correct? It might have become corrupted. Have you considered using mxmc_remove and then reinstalling via mxmc_install?
What database, Oracle or SQL Server are you using.
Regards,
Matt
Hello consultant:
We have apllied last package (sp05)
Now we have "add manager privileges" button.
We have upgraded BBDD,VDS,Identity Center and IDMIC.sca
But we have new error , now qhen we have logged in the url http://host:port/idm we obtein following error:
Access denied
Service is down
Please could you help me again
Thank you very much
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello consultant:
In the IdM MMC we have added a user to the Identity store that exists in the AS Java(solman_admin)
In the MMC --> Identity Stores --> Pick the IdS that your AS Java points to - SAP_Master, and press the Add user button
In this moments we have a popup with following options.
Entry type->we have added MX_PRIVILEGE
User name->Solman_admin
But we unknown how tick the "Add Manager Privileges".
We have logged in the URL but we have the same problem , only monitoring tab is display.
We have readed in the Security Guide :
Access to the other tabs in the User Interface is controlled by assigning privileges in the identity store to the person entries.
u2022 MX_PRIV:WD:TAB_TODO gives access to the "To Do" tab.
u2022 MX_PRIV:WD:TAB_MANAGE gives access to the "Manage" tab.
u2022 MX_PRIV:WD:TAB_HISTORY gives access to the "History" tab.
But we unkown how do it
Many thanks for your collaboration
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello consultants:
Now we have the self service tab but the tab is empty
Available Self Service Tasks:
Many thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
In the IdM MMC, you need to add a user to the Identity store that exists in the AS Java. In the MMC --> Identity Stores --> Pick the IdS that your AS Java points to - by default it is Enterprise People, and press the Add user button. Type in the user name - normally you can start with "Administrator" and ensure that you tick the "Add Manager Privileges".
This will give the AS Java Administrator User access to the IdM Privileges MX_PRIV:WD:TAB_MANAGE amongst others, and it is these that give you the other tabs. Once you have these on Administrator, you can use the MANAGE tab to add the WD(WebDynpro) privliege to any other users you like.
Hope this helps,
Ian
Hi Ian,
A small doubt in your reply. I agree that we need to add user in Identity store in order to give access to UI for that user. But the problem is there are over 100000 users who has to have access to IdM UI and all these users shouldnt be given Admin access. Your reply would surely help us.
Thank You
Regards,
Mohamed Fazil
Hi Fazil,
Yes, the admin access is given only to the SAP IDM Administrators. it should not be given to all the users !! To add a administrator, you can follow the step mentioned above.
if no privileges are assigned, by default the user will have access to self-servies tab.
if you need to give access to specific tabs for a user, the respective privileges are to be assigned.
say MX_PRIV:WD:TAB_MANAGE for Manage tab.
MX_PRIV:WD:TAB_TODO for ToDo tab.
hope its clear..
~ Krishna.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.