cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User getting assigned to default role in MDM 7.1

former_member298408
Participant

on ‎02-21-2013 11:42 AM

0 Kudos

Hi,

We have an issue in our MDM System.

We cannot create any user without assigning any role to them (unlike other SAP ABAP Systems, where we can create users without roles).

When we try to create user without any role, it automatically takes the SAP Delivered Default Role.

Hence if any user has left the company and we want to delete user's roles in MDM we are unable to do that because when we are removing all the roles, it is automatically taking Default Role.

Is there anyway to resolve this issue.  Can't we have a user in MDM without any role assigned to it. If not, is there anyway we can replace this Default Role with Display. I mean that on removing all the roles from user id it doesn't take the Default Role, but takes the Display Role instead.

Are there any options in MDM.

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-04-2013 6:23 AM
0 Kudos

Hi Aditi,

Did you receive any updates from SAP.? Please update this thread.

Show replies
Show replies
former_member298408
Participant
‎03-12-2013 2:13 PM
0 Kudos

Hi Mir,

Haven't raised this with SAP yet.

Thanks

Aditi

Former Member
‎02-21-2013 12:08 PM
0 Kudos

Hi Aditi,

Please explore the Roles & Users table under Admin node in MDM console.

Read/write access rights for any user can be handled through this. Go through Admin-->Roles--> then review Role Detail & Function tabs.

Attached is the snapshot for your reference.

Hope this information helps. Please let us know if any concerns.

Regards,

Ali

Show replies
Show replies
former_member298408
Participant
‎02-21-2013 12:13 PM
0 Kudos

Hi Ali,

Thanks for the reply. However, we do not want to modify the role.

There are two SAP Standard roles in MDM System: Default and Display. We want that when we are removing all the roles from user id it doesn't automatically take the Default Role. Infact we want to save the user without any role, but if it's not possible in MDM then we want that instead of taking Default role automatically it takes Display Role.

Thanks

Aditi

Former Member
‎02-21-2013 12:32 PM
0 Kudos

I understand you wish to change the role of a specific user from Default to No role (or) Display.! Please correct if my understanding is wrong?

For any user that is added to MDM system, they are assigned a role to perform certain activities. When a new user is created- a role can be declared under field "Roles" whether its Admin, Default or some other customized role.

If you just want a user with no role and still exist in MDM system , then its not possible. But as a second option you can change the roles to Read mode by customizing or create a new role.

Regards,

Ali

former_member298408
Participant
‎02-21-2013 12:53 PM
0 Kudos

Hi Ali,

Your understanding of my issue is partially correct.

This issue is not with a single user. It's with all the users.

As you said that we cannot have a user in MDM without any role and roles should be assigned to them, so that users may perform their activities.

Issue is what if a user leaves the company. Client doesn't want us to delete the user, all they want is to remove the roles from users, and here comes the issue, when we are removing all the roles from the user, the system is automatically assigning the Default Role to user and saves it like that.

Default Role is a very powerful role and we do not want leavers to get this role. So what I am looking for is that anyway through which system assigns Display Role to users from whom we are removing all the roles. Display role would be a safer option than the default one.

We need to find out that from what logic is sytem assigning this Default Role to those users, who do not have any other role assigned to them.

In nut shell the issue is: In MDM if there is any user without any role assigned to it, then system automatically assigns Default Role to such users.

What can be done so that system assigns Display Role to such users instead of Default Role, since this is not done manually, it's getting done automatically by system and for us it's a big task to check what all users have been automatically assigned to default role by system and then manually change it back to display role.

Thanks

Aditi

Former Member
‎02-22-2013 6:41 AM
0 Kudos

Hi Aditi,

Its obvious Default role will be assigned to any user, once created in system. There's no automated way to change the roles from Default to Display rather than performing manual action - atleast i am not aware.

In my opinion create a customized role for all seperated/terminated employees and assign that role to them which has only read only access.

This might satisfy your client requirement.

The functionality you are looking for is a change in MDM itself. You might want to create an OSS note and check with SAP on this.

Please share your thoughts upon confirmation. I will glad to know if SAP has such functionality in MDM.

Regards,

Ali

Former Member
‎03-04-2013 7:47 AM
0 Kudos

Hi Aditi,

Can you please let me know that how are you removing the roles of the users who have left the company?

As far as i think, this would be manual process to remove the roles of the users in MDM.

So if you are removing the roles manually, then while removing all other roles, you can easily assign new Read-Only role to the user ID. This way your problem would be resolved.

Please provide us the information like how are you removing all the roles from a particular user.

Thanks and Regards,

Ankush

martin_schffler
Participant
‎03-05-2013 1:40 PM
0 Kudos

Hi Aditi,

if you have a system in place that automatically removes roles from MDM users then you probably should look into this system and enhance it so that it assigns the display role automatically.

There is no way to change which role is assigned as the default role is a special role that is used exactly for this case.

So you basically have two options:

  1. change the default role to match the restrictions you want for users without roles (your situation is exactly what the default role should handle - it is just not matching your requirements out of the box)
  2. change the program that removes the roles automatically to assign the display role to the user (should be possible via MDM Java API for example)

Best regards,
Martin

former_member298408
Participant
‎03-12-2013 2:12 PM
0 Kudos

Hi Ankush,

Sorry I missed your reply.

It's an automated process.

We are removing it through IDM, hence the Default Role is getting automatically assigned.

Thanks

Aditi

Former Member
‎03-14-2013 5:25 AM
0 Kudos

Hi Aditi,

  • Then perhaps you can alter your process a little bit to add new Role when you are removing all other roles.

  • Another option would be to change the access of Default role to the read only so that there is no harm in having default role assigned to user.

  • Last option you could use to Lock the account in MDM so that even if the User ID exists(whatever may be the roles assigned to user) no-one will be able to use any application using that user ID as it will be locked in MDM. You will need to check the feasibility of this option because account lock generally happens when user fails to logon by entering wrong password multiple times.

Easiest way would be to use second option of removing all the access of Default Role.

Please let us know your thoughts on this.

Thanks and Regards,

Ankush

Ask a Question