cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Questions on SP05 repository security/Import

Go to solution
Former Member

on ‎06-10-2007 3:52 PM

0 Kudos

1. How to reset the Admin password for the repository without logging into the repository (what if you forget the password)?

2. I need to have three roles,

- Role One should have authorizations to load / unload the repository only

- Role two should be able to login to a repository and create users/ roles only

- Role three should be able to add/modify tables and table fields

Basically I need to have seperation in Basis/Security/developer roles. Is that possible with the current version

3. Is it possible to end a user login session from console or by using clix or API?

4. I read somewhere is SP05 documentation that it would allow secure logins using LDAP - does that mean we can do a SSO from portal through LDAP?

5. SP05 allows role transports. Is there any documentation available for that. Can someone provide steps for role transports as I could not see the option anywhere.

6. What does save update in import manager do? how is it different from save? does it impact the XML schema also if your map is based on XML schema?

Thanks

Harsha

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

michael_theis
Active Contributor
‎06-12-2007 8:23 AM
0 Kudos

Hi Harsha,

regarding 6:

"Save Update" saves the complete old Map and adds the changes you have done. In other words it extends the old mapping with your changes. This differs from "Save" because with "Save" you store the current state of the map only. There is no impact on the XML schema.

Kind regards

Michael

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎06-18-2007 4:58 PM
0 Kudos

Thanks Guys.

Show replies
Show replies
Former Member
‎06-12-2007 8:05 AM
0 Kudos

In addition to Cleopatra's response

5. If you export a repository (Console -> RightClick repository -> Export Repository Schema...), roles are included in the XML file created. When creating a repository from this XML file, the roles are imported along with the schema structure.

Mark

Show replies
Show replies
Former Member
‎06-12-2007 12:49 AM
0 Kudos

Hi Harsha,

1. If you don't have another administrative-level account to use to login and reset the password, an MDM Consultant can reset the Admin password for you. We do not publish the procedure for obvious security reasons. In SP5 Patch2 you will be able to archive the repository without logging in to the repository and send it to support to have the Admin password reset. (You will need to have the MDS server password, if one is set, to perform this operation since you will not need to login to the repository anymore.)

2. I don't think the Load/Unload role permission granularity was added until SP5 Patch 2. The other roles can be created in Patch 1.

3. No, there is no way to end a user session (you can essentially boot all client users off by unloading a repository, but there's no way to do just a single user at this time). If you would like, you can submit a feature request (I guess via OSS) for us to potentially include this feature in the next major release.

As for the last three, I am unable to address those issues. Hopefully someone else can.

Hope this helps,

-Cleopatra

Show replies
Show replies
Former Member
‎06-12-2007 1:33 PM
0 Kudos

Cleopatra/Mark/Michael,

Thankyou for your responses.

Any thoughts on 4?

Also regarding point 5. Does that mean that roles go alongwith schema only? and you do not have a way to transport the roles alone? What if I only want to transport one role? What if I want to transport some changes to the schema(I do not want roles to go alongwith schema in the transport package or vice versa) and I have different role assignments in development and production environments? Instead of a feature isn't this a big security flaw??

Thoughts...

Former Member
‎06-12-2007 7:07 PM
0 Kudos

Point 5: You have to export the entire repository schema. On import, you may "reject" changes. In your case, you would want to reject all changes except for Roles. Within roles, you may accept or reject individual roles. So, you have the ability to only transport one role.

Conversely, you may also accept all the other changes but reject the changes for "Roles".

Former Member
‎06-12-2007 8:47 PM
0 Kudos

Hi Harsha,

You read somewhere in SP05 documentation that it would allow secure logins using LDAP.

What did you read?

>>does that mean we can do a SSO from portal through LDAP?

Do you have to log-on MDM while using the Portal?

Cheers

Klaus

Former Member
‎06-12-2007 10:45 PM
0 Kudos

Klaus,

This is what I read in console guide SP05 - Page 308.

"Trusted connections enable users from “safe” machines to access MDM

Servers and repositories using their sign-on credentials only (without

having to additionally provide MDM Server and repository passwords)."

Currently from what I understand from portal you need to setup user mapping with MDM. What I am looking at is if it is possible to have SSO using SAP logon tickets as with other systems.

Harsha

Former Member
‎06-13-2007 4:44 PM
0 Kudos

Brent,

This seems to be a bad practice by SAP. This is not even in sync with other SAP products. Typically you should only export the objects that need to be transported to the target systems, you dont want to export everything and let the decision on what needs to be imported to the target system made while importing - this is a big flaw as some objects might be overwriiten by mistake in the target system.

<b>more thoughts??</b>

Harsha

former_member496675
Participant
‎06-13-2007 7:46 PM
0 Kudos

Regarding 4.

Yes you can integrated LDAP with MDM to authenticate users against user directory in LDAP. You would need to either create a new attribute to hold the user security role matching a MDM role or you can use an existing attribute and just enter the MDM role in that attribute.

Does that mean that you can utilize SSO? No. It is not possible. Please read the LDAP configuration section in MDM Console Reference Guide for details.

Regards,

-TS

Former Member
‎06-13-2007 7:56 PM
0 Kudos

MDM does not make use of SAP log-on tickets.

The question here is: Why should it? What for?

What's your business process? Please tell me more.

What for do you need to set up user mapping with MDM?

Cheers

Klaus

Former Member
‎06-13-2007 8:33 PM
0 Kudos

Klaus,

Data will be maintained through enterprise portal standard iviews and all the business users need to have individual logins to MDM through portal. We cannot map portal roles to MDM roles and a group of business users access/modify the business data whout knowing who did it.

Harsha

Former Member
‎06-14-2007 12:47 AM
0 Kudos

Hi Harsha,

You mentioned that all business users need to have individual logins to MDM thru Portal.

The connection between Portal and MDM works with user mapping. You map the portal user group to an MDM repository user.

To me it seams that there is no option for individual log-on to MDM thru Portal.

What does it mean when you say that you cannot map portal roles to MDM roles?

Don't you know how it works or don't you want to go that way?

Again I'd like to ask you for more information about your business case?

Cheers

Klaus

Former Member
‎06-14-2007 5:29 AM
0 Kudos

Hi Klaus,

Thats the difference, we dont want to map portal user group to mdm user. We want to map portal user to mdm user (for which every portal user would be required to do personalization settings to sign into mdm system). Thats the reason I was looking if logon tickets based authentication was possible or not. seems like its not, so the only option left is user mapping.

Harsha

Former Member
‎06-14-2007 10:03 PM
0 Kudos

Hi Harsha,

Indeed, there is only the option of user mapping.

Don't you want to tell me something about the business background?!

Cheers

Klaus

Ask a Question