cancel
Showing results for 
Search instead for 
Did you mean: 

Initial Load - AS ABAP - getting only user with a group

Former Member
0 Kudos

Hi,

when i start initial load, i just get users with groups. Is that standard?

Br,

Philip

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

This should not happen.

Or do you mean users with a role assigned?

Former Member
0 Kudos

No not roles, groups.

I just get the users which have groups maintenanced. (starting hcm system --> tcode "su01" --> blank search --> getting new page with 5 tabs --> just getting users from last tab "Users by User Groups (General)"

Former Member
0 Kudos

If you look at table sap%REPNAME%users, what can you see there? Do you see the same users?

Is a FILTER defined in the ReadABAPUsers -> Source-Tab?

Is a where/join defined in WriteABAPUsers -> Source-Tab?

Does your service/communication-user has a special restriction in place (Profile-maintenance)?

BR

Michael

Former Member
0 Kudos

Btw, where are these tables? On local machine where dispatcher is running or directly in DB?

No filters or where conditions in the job.

Maybe the user is the problem. This user just had read rights.

Br,

Philip

Former Member
0 Kudos

First of all - you'll need to familiarize yourself with the database for effective learning and debugging. I'm talking about the MS-SQL or Oracle-DB where you installed the IC-schema. It often helps me to understand whats going on behind the scenes.

Secondly - I read some of your posts - I would advise you to install the dispatcher and everything on the server where the DB is hosted - at least as long as you're in development. The MMC can still be on your local pc/laptop, although some things won't work well there (Import, Dispatcher-Status, ...). This'll ease things a lot I suppose.

About the service-user... SAP delivers a role you can import into PFCG (SAP_BC_SEC_IDM_.SAP-File in misc-folder of installation media). This role should be sufficient for your communication user, is updated every now and then and contains only the necessary permissions. Maybe you'll have to extend it (Z_SAP_) in case you want to read special tables not supported by the SAP framework (e.g. license data).

I can hardly believe that the current role assigned to your user only has permissions to users with groups != empty

By now I have no clue why you only see users in IdM with groups assigned in SU01... look up the SQL-table I mentioned if there are more users.

BR

Michael

Former Member
0 Kudos

Hi Michael,

we use an Oracle-DB and i have often been connected to it with ora developer.

I think maybe wrong, but i could not find these temp tables for exampe sapREPusers in the db. Where should it be exactly?

All normal tables and views can be found under user ORADB_OPER.

I agree too you in relation to the installation of dispatcher/ic on server. I told my sysadmins already yesterday.

Service user has SAP_BC_SEC_IDM_COMMUNICATION role. AUTO_USERCOMPARE = YES at PRGN_CUST

Br,

Philip