Symptom
Starting b2011 release, you can now sync role-based permission artifacts successfully even if there are any discrepancies between the source and the target instance. However, the instance sync is completed with warning and you must manually update the discrepancy in the target tenant.
Environment
SAP SuccessFactors HXM Suite
Resolution
This enhancement improves the user experience with improved warning messages, so that the user can update the discrepancies in the target instance, based on the warning messages.
The below table gives you a gist of various scenarios and what you must do when you get such warnings/errors:
Case |
What happens when… |
Previously, in 2005… |
Now, in 2011... |
Instance Sync status is… |
Solution… |
1. |
there’s no special dependency (i.e. tree security permission or data blocking) and there’s no permission mismatch between the source instance and target instance. |
syncing the role and the rule from the source tenant to the target tenant was successful |
syncing the role and the rule from the source tenant to the target tenant is successful. |
Completed Successfully |
|
2. |
the permission settings of object definition aren’t available in the target instance. |
syncing the role from the source tenant to the target tenant failed. |
the role sync is successful. However, a warning message appears because the object definition is not synced from the source tenant to the target tenant. |
Completed with Warnings |
If you need the permission settings of such object definition, sync the object definition from the source to the target instance and then sync the role. If not, you can ignore this warning. |
3. |
the permission settings of object definition aren’t secured in the target instance. |
syncing the role from the source tenant to the target tenant failed. |
the role sync is successful. However, a warning message appears because the object definition is not synced from the source tenant to the target tenant. |
Completed with Warnings |
If you need the permission settings of such object definition, make sure the object definition is secured in the target instance and then sync the role. If not, you can ignore this warning |
4. |
there’s no special dependency (i.e. tree security permission or data blocking) and there’s permission mismatch between the source instance and target instance |
syncing the role from the source tenant to the target tenant failed |
the role sync is successful. However, a warning message appears because the permission which is not available is not synced from the source tenant to the target tenant. |
Completed with Warnings |
You can fix the issue by manually unselecting the permissions in the source instance or enabling the permissions in the target instance of the role. |
5. |
there's permission mismatch between the source instance and the target instance, and the permission mismatch is due to tree security permission, |
syncing the role from the source tenant to the target tenant failed |
the role sync is successful. However, a warning message appears because the permission which is not available is not synced from the source tenant to the target tenant. |
Completed with Warnings |
You can fix the issue by manually unselecting the permissions in the source instance or enabling the permissions in the target instance of the role. |
6. |
there's permission mismatch between the source instance and the target instance, and the permission mismatch is due to data blocking permission. |
syncing the role from the source tenant to the target tenant failed |
the role sync is successful. However, a warning message appears because the permission which is not available is not synced from the source tenant to the target tenant. |
Completed with Warnings |
You can fix the issue by manually unselecting the permissions in the source instance or enabling the permissions in the target instance of the role. |
7. |
target instance doesn't have the same data blocking as the source instance. |
syncing the role from the source tenant to the target tenant failed |
the role sync is successful. However, a warning message appears because the data blocking permission which is not available is not synced from the source tenant to the target tenant. |
Completed with Warnings |
You can fix the issue by manually unselecting the permissions in the source instance or enabling the permissions in the target instance of the role. |
8. |
there’re technical issues. |
syncing the role from the source tenant to the target tenant failed |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
You can contact your system admin or SAP Cloud Support to fix the issue. |
9. |
there's no matching permission group in the target instance. |
syncing the role from the source tenant to the target tenant failed |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
Ensure that the permission group sync is successful before running the permission role sync. |
10. |
the effective dating type of object definition is different between the source and the target instances. |
syncing the role from the source tenant to the target tenant failed. |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
If you want the same permission settings of the object definition as the source instance, make sure the effective dating type of the object definition is the same between the source and the target instance and then sync the role. If not, remove all the permission settings of the object definition in the permission role in the source instance and sync again.
|
11. |
the RBP subject user field of object definition has different values between the source and the target instances. |
syncing the role from the source tenant to the target tenant failed. |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
If you want the same permission settings of the object definition as the source instance, make sure the RBP subject user field has the same value between the source and the target instance and then sync the role. If not, remove all the permission settings of the object definition in the permission role in the source instance and sync again.
|
12. |
the Base Date Field For Blocking of object definition has different values between the source and the target instances. |
syncing the role from the source tenant to the target tenant failed. |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
If you want the same permission settings of the object definition as the source instance, make sure the Base Date Field For Blocking of the object definition has the same value between the source and the target instance and then sync the role. If not, remove all the permission settings of the object definition in the permission role in the source instance and sync again.
|
13. |
association or field of object definition doesn't exist or is inactive in the target instance. |
syncing the role from the source tenant to the target tenant failed |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
If you want the same permission settings of the object definition as the source instance, make sure the association or field configuration of the object definition is the same between the source and the target instance and then sync the role. If not, remove all the permission settings of the object definition in the permission role in the source instance and sync again. |
14. |
the data type or valid values source of the field of object definition has different values between the source and the target instances. |
syncing the role from the source tenant to the target tenant failed |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
If you want the same permission settings of the object definition as the source instance, make sure the data type or valid values source of the object definition's field has the same value between the source and the target instance and then sync the role. If not, remove all the permission settings of the object definition in the permission role in the source instance and sync again.
|
15. |
the restriction value set to the field of object definition in the source instance doesn't exist in the target instance. |
syncing the role from the source tenant to the target tenant failed |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
If you want the same permission settings of the object definition as the source instance, make sure the restriction value of the object definition field exists in the target instance and then sync the role. If not, remove all the permission settings of the object definition in the permission role in the source instance and sync again.
|
16. |
the Data Access Period Settings function of object definition isn't enabled in the target instance |
syncing the role from the source tenant to the target tenant failed |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
If you want the same permission settings of the object definition as the source instance, make sure the Data Access Period Settings of the object definition is enabled in the target instance and then sync the role. If not, remove all the permission settings of the object definition in the permission role in the source instance and sync again.
|
17. |
the object definition in the target instance doesn’t support more restrictions in the Data Access Period Settings of Manage Permission Roles. |
syncing the role from the source tenant to the target tenant failed |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
If you want the same permission settings of the object definition as the source instance, make sure the object definition supports more restrictions in Data Access Period Settings in the target instance and then sync the role. If not, remove all the permission settings of the object definition in the permission role in the source instance and sync again.
|
18. |
the Access restriction based on specified types of hierarchy is not enabled in the target instance. |
syncing the role from the source tenant to the target tenant failed |
an error occurs and syncing the role from the source tenant to the target tenant fails. |
Completed with Errors |
If you want the same settings of the object definition as the source instance, select "Enable Position Management" in provisioning and set the visibility of association “positionMatrixRelationship” of object definition “Position” as editable in Configure Object Definition. If not, remove access restriction to "Position" based on specified types of hierarchy in the permission role in the source instance and sync again.
|
See Also
Keywords
Instance Sync, sync tool, synchronization, IST, Role based permission,syncing rbp roles, RBP , KBA , LOD-SF-PLT-IST , Instance Sync Tool , LOD-SF-PLT-RBP , Role Based Permissions , How To