1788588 - SAP Roles deleted when attempting Update

Symptom

All or some SAP Roles have been deleted from the SAP Authentication plugin.

SAP Roles (Users and Groups) have been deleted from CMC and may have lost all Personal Inbox documents, Favorites and Security Rights assignments.

Environment

SAP Business Objects Enterprise XI 3.1

All Service Packs (SP), Fix Packs (FP), and minor versions patches and Limited Availability (LA) Fixes

Reproducing the Issue

Login to the CMC
Browse to Authentication > SAP
Browse to Role Import tab
Select your source SAP system
Either select Available Roles from the left column to add to XIR3.1 or select Imported Roles from the right column to remove.
Click the update button (some variations of this workflow may produce the problem as well)

Cause

This problem has been reported to development in Problem Report ADAPT01669336.

A Fix Request is currently under review, ADAPT01669337, and is slated for fix in Fix Pack 4.5.

This is basically the same problem and workflow documented in SAP KB '1755220 - Can LDAP or AD groups get deleted by network communication issues with AD/LDAP? '

What we believe happens is the CMS query to the SAP system to retrieve SAP Roles must allow the Web/application server and client browser to draw the screen (list) of SAP roles completely before the User clicks the Update button. If the screen does not draw completely, and the User clicks the Update button, whichever SAP Roles were drawn on the screen at that time, are updated in the CMS DB (possibly causing some SAP Roles or groups to be deleted).

Resolution

Development Milestone set for Fix Pack 4.5 (Fix Request ADAPT01669337)

Keywords

KBA , BI-BIP-ADM , BI Servers, security, Crystal Reports in Launchpad , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Bug Filed

Product

Crystal Reports 2008 V1