1788588 - SAP Roles deleted when attempting Update

SAP Knowledge Base Articles - public

1788588 - SAP Roles deleted when attempting Update


All or some SAP Roles have been deleted from the SAP Authentication plugin.

SAP Roles (Users and Groups) have been deleted from CMC and may have lost all Personal Inbox documents, Favorites and Security Rights assignments. 


SAP Business Objects Enterprise XI 3.1

All Service Packs (SP), Fix Packs (FP), and minor versions patches and Limited Availability (LA) Fixes

Reproducing the Issue

  1. Login to the CMC
  2. Browse to Authentication > SAP
  3. Browse to Role Import tab
  4. Select your source SAP system
  5. Either select Available Roles from the left column to add to XIR3.1 or select Imported Roles from the right column to remove.
  6. Click the update button (some variations of this workflow may produce the problem as well)


This problem has been reported to development in Problem Report ADAPT01669336.

A Fix Request is currently under review, ADAPT01669337, and is slated for fix in Fix Pack 4.5.

This is basically the same problem and workflow documented in SAP KB '1755220 - Can LDAP or AD groups get deleted by network communication issues with AD/LDAP? '

What we believe happens is the CMS query to the SAP system to retrieve SAP Roles must allow the Web/application server and client browser to draw the screen (list) of SAP roles completely before the User clicks the Update button.  If the screen does not draw completely, and the User clicks the Update button, whichever SAP Roles were drawn on the screen at that time, are updated in the CMS DB (possibly causing some SAP Roles or groups to be deleted).



Development Milestone set for Fix Pack 4.5 (Fix Request ADAPT01669337)

See Also

Some customers have elected to create enterprise aliases to protect users from deletion in case this accident occurs.

See KBA 1401058 - How to create Enterprise aliases for LDAP or AD accounts

There was a bug on XIR2 CMC where updates could occur and a browser code problem would cause the wrong group information to be sent to the CMS DB, this issue has not been reproduced in XI 3.1 or BI 4.0 at this point

See KBA 1347065 - LDAP or Active Directory AD groups are deleted


KBA , BI-BIP-ADM , BI Servers, security & CrystalReports viewing in BI platform , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Bug Filed


Crystal Reports 2008 V1