cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to import Portal Group? And portal role assignment issue in ARM

Former Member

on ‎12-05-2014 2:28 AM

0 Kudos

Hi GRC Expert

Thanks for @Madhu Babu and @Alessandro Banzer 's nice help, really appreciate your guys.  I successfully imported portal roles into BRM, but I still have two issue in my follwoing  testing

1. Try to create new portal account and assign the imported role, but the MSMP workflow log says"Can not update role because: Cannot update group as member null doesn't exist". Maybe I need also import portal group, right?

2. Try to assign the imported role to existing portal account, according to the MSMP log, the assignment successed, but I checked the portal side, the role has not been assigned

Here is my last question for your reference

Hope someone can give me some suggestion.

Thank you in advance

James

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

madhusap
Active Contributor
‎12-05-2014 10:09 AM
0 Kudos

Hi James,

For importing portal groups you can use the same template which you used for importing portal roles, only thing is in place of Role Name you will mention the Portal group name and for Role Type mention it as GRP and then import.

For the Portal User creation/Role assignment issue please review the notes which I have mentioned in the earlier discussion and also check with your basis team.

http://service.sap.com/sap/support/notes/2033714

http://service.sap.com/sap/support/notes/2029592

http://service.sap.com/sap/support/notes/2025129

Regards,

Madhu.

Show replies
Show replies
Former Member
‎12-08-2014 6:14 AM
0 Kudos

Hi Madhu

I found that every new account need to assign the user group

Everyone

GRUP.SUPER_GROUPS_DATASOURCE.EVERYONE

Authenticated Users

GRUP.SUPER_GROUPS_DATASOURCE.AUTHENTICATED_USERS

To import these two user group, do I need to add the prefix "PCD:" and the begin of the user group?

For example"PCD:GRUP.SUPER_GROUPS_DATASOURCE.EVERYONE" or just directly "GRUP.SUPER_GROUPS_DATASOURCE.EVERYONE"?

Thanks a lot

James

Former Member
‎12-08-2014 6:30 AM
0 Kudos

Hi Madhu

It seems that we need to add prefix "PCD:" at the begin of the user group. I tried to import the user groups, but I still cannot assign the user group to the new portal account since I cannot find the user groups in the request form, please refer to the following snapshot, thank you

Best regards

James

Former Member
‎12-08-2014 9:02 AM
0 Kudos

Hi Madhu

Here I found:

"If the user doesn't have the assigned Java action "Spml_Write_Action", you won't be able to have a writing access. There is also a "Spml_Read_Action". According to


I assigned the UME database MY_SPML_FULL_ACCESS_ROLE, is it enough? Thank you


Best regards

James

madhusap
Active Contributor
‎12-08-2014 9:35 AM
0 Kudos

Hi James,

Yeah the portal RFC user should have Spml_Write_Action and Spml_Read_Action

Also for portal groups is considered, it depends on how your groups have been defined and you need to upload them in the same way as defined in portal.

Once you have uploaded make sure the role status is PRODUCTION and you have completed repository object sync and then try searching for the roles.

Regards,

Madhu.

Former Member
‎12-08-2014 10:03 AM
0 Kudos

Hi Madhu

Please refer to the snapshot, even I synchronize the reposity, the role exist still display as"No"? I still cannot find the user group in access request

Also, could you please help to tell me how to assign UME action Spml_Write_Action and Spml_Read_Action to portal account? Thank you

Best regards

James

Former Member
‎12-08-2014 10:12 AM
0 Kudos

Here is the portal role snapshot, role exist is "Yes"

madhusap
Active Contributor
‎12-08-2014 10:31 AM
0 Kudos

Hi James,

While uploading the portal groups we used the Unique Name and not the Unique ID of the group. Once after import we ran the repository sync job and all roles are updated with Role exists status "YES".

Prefixing PCD, i don't think it is required

Regards,

Madhu.

Former Member
‎12-08-2014 11:10 AM
0 Kudos

Dear Madhu

Thanks for your reply, I imported the User Goups now

But I still cannot create portal account, it's the same error message "Can not update group because: Can not update group as member null doesn't exist"

Also, I checked the note 1840613 - Groups are not getting assigned to users on Portal, but it seems that our configuration is correct

Best regards

James

madhusap
Active Contributor
‎12-08-2014 11:18 AM
0 Kudos

Hi James,

We had a similar issue where Portal group provisioning is not happening.

You need to check with your basis team or Portal admin team and make sure the portal RFC user has Read and Write access.

Since Portal Sync is working fine and all roles and groups you are able to import and raise the request and only issue is during User Creation and Roles/Groups assignment first check the access of portal RFC user.

Regards,

Madhu.

Former Member
‎12-08-2014 11:20 AM
0 Kudos

Hi  Madhu

BTW, I tested to change the existing portal account, I can assign imported roles to the existing portal account

Best regards

James

madhusap
Active Contributor
‎12-08-2014 11:28 AM
0 Kudos

Hi James,

So, your issue is more on Creation of Portal Users and assignment of Portal groups.

For existing users you are able to assign portal roles. Is that correct?

May be I will check and get back to you on Portal user creation.

Regards,

Madhu.

Former Member
‎12-08-2014 11:35 AM
0 Kudos

Dear Madhu

Thanks a lot for your feedback. Unfortunate, the portal admin has no more experience about the RFC authorization, I raised a message to SAP support, hope they can give me some advice, thanks a lot

Best regards

James

Former Member
‎12-08-2014 11:38 AM
0 Kudos

Hi  Madhu

Exactually, I can assign portal roles to an existing user,  but cannot create new user and assign roles/group to the new user.

Really appreciate your help, thanks a lot

Best regards

James

alessandr0
Active Contributor
‎12-05-2014 8:40 AM
0 Kudos

Dear James,

I can only guess as I am not having Enterprise Portal in place. Did you run a full sync once? Full sync for users, roles and authorization?

Also see the following note: http://service.sap.com/sap/support/notes/2033714

Let us know.

Regards,

Alessandro

Show replies
Show replies
Ask a Question