Assigning roles to users by code without SecurityAdministration permission

Hello!
I'm a begginer working with VS Lightswitch and all the ASP.NET stuff. 
Here is my problem:
I have an application where users follow a certain hierarchy: we have employees, Area Managers, Department Managers, ...
When creating a new employee he will be assigned a role automatically according to his level on the hierarchy: employee role, area manager role, and so on...
None of the application users is going to have the SecurityAdministration privilege, so how could I handle this by code?
The only thing that I've tried until now is trying to access this data through SecurityData, but it's not possible without the SecurityAdministration permission...
I have read a little about creating custom membership, role and profile providers but I'm not sure if this is gonna work in my case, and if it's neccesary to do it this way.
Any help will be appreciated! :) 

It was just as simple as addind this code into a method that runs on the server side (_deleted, _deleting, _inserted, _inserting, ...):
if (!Application.Current.User.HasPermission(Permissions.SecurityAdministration))
Application.Current.User.AddPermissions(Permissions.SecurityAdministration);
And then do whatever that needed the SecurityAdministration permission to get done.
Once the method finishes, the permissions return to their original values.
The article where I get the info:
http://blogs.msdn.com/b/lightswitch/archive/2011/04/07/how-to-elevate-permissions-in-server-code-ravi-eda.aspx

Similar Messages

  • How to assign ROle to user

    Hello All,
      I need to programmatically assign roles to user and want to give some authorization at runtime..
    please suggest me which function module to use ..
    please help me asap
    thanks,
    jigs
    helpful answers wil lbe rewarded

    Hi all,
    Thanks for the reply.
      But i want to add one role to user not profile.
      i got one bapi BAPI_USER_ACTGROUPS_ASSIGN, this bapi does work...
    but actually deletes previous roles and then assign new one.
    is there any fm which will add role to user without deleting existing role.
    thanks,
    jigs

  • How To Assign Role To User Programatically?

    Hi,
    We Need Code to Assign Role To User In JSPDynapage.
    Thanks
    SubbaRao Chinta

    Hi SubbaRao Chinta,
    See http://help.sap.com/saphelp_nw70/helpdata/EN/7d/003c41325fa831e10000000a1550b0/frameset.htm and the corresponding JavaDoc: http://help.sap.com/javadocs/nw04/current/um/com/sap/security/api/IRoleFactory.html
    Hope it helps
    Detlev

  • Assigning roles to users programmatically

    Hi,
    I want to programmatically create roles, assign roles to users etc.
    I saw at this thread
    ADF Security Policy Store
    the folowing scriptlet by Frank Nimphius
    try {
    IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore();
    try {
    UserManager userManager = idstore.getUserManager();
    RoleManager roleManager = idstore.getRoleManager();
    Role adminRole = idstore.searchRole(Role.SCOPE_APPLICATION,"admin");
    // create user
    //TODO check for empty username and password
    User newUser = userManager.createUser(this.username,this.password.toCharArray());
    roleManager.grantRole(adminRole,newUser.getPrincipal());
    } catch (IMException e) {
    // TODO
    } catch (JpsException e) {
    // TODO
    return null;
    this is a TP3 scriptlet, is it still working on the 11g production?
    I try it and i get a JpsException
    oracle.security.jps.JpsException
         at oracle.security.jps.internal.common.util.JpsCommonUtil.getValidIdStore(JpsCommonUtil.java:1004)
    do I have to replace "idstore.xml.provider" with something else depending on my configuration?
    thanks
    Tilemahos

    Hi Frank thanks for the answer,
    I check this functionality at WLS embeded LDAP and I shaw your "How-to configure OID for authentication in WebLogic Server" post.
    I manage to add users and assign them roles that i created at my application.
    But what if I want to have a super user that can create new roles and assign them member roles?
    eg.
    Developer created roles (policy store):
    accessPage1 ( granted all the necesery principals to access page1 )
    accessPage2 ( granted all the necesery principals to access page2 )
    Super user created roles
    Role1 member roles :accessPage1,accessPage2
    If i want my application to have that functionallity i must create roles programmatically wont I?
    If there another way?
    By the way I followed the advices at the following useful links
    Chris Muir: http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html
    Frank Nimphius's How-to configure OID for authentication in WebLogic Server
    Edwin Biemond's Using OpenLDAP as security provider in WebLogic
    Andrejus Baranovskis: Practical ADF Security Deployment on WebLogic Server
    And I manage to add users of the Microsoft LDAP at the WLS
    but I could't mekae them group members of my application groups (roles)
    is this possible?
    Thanks

  • SECATT for assigning roles to users

    Hi All,
    How do we make the ECATT to work for the below scenario:
    Users already have roles assigned to them. We need to add a new roles to the users which can vary in number based on the users job.
    A simple ECATT script that was developed to add a single role to a new user does not work in the above case and gives an error of invalid batch input. How do I create a ECATT to assign role to user who already has a set of roles assigned (number of roles assigned to users differ, so I cannot assume to train the ECATT to assign a role on line X). Is there something I am missing while the ECATT script creation?
    We are doing this from a CUA and its very difficult to assume how many roles a user could have.
    Thanks,
    Jay

    Thanks Alex for the insight. For some reason SU10 is slow in the CUA environment and I wanted to avoid it but yes I finally had to use SU10. Talking to one of our ABAPer I came to know that even in their BDC recordings they get the error which I receeived, but he changes his program to skip all the lines with data and then fill the empty line.
    In CUA environment, how do we create ECATT to delete a role from many users?
    Thanks,
    Jay

  • Assigned Role in user Group

    Dear All
      Please help me assigned Role in user Group  . I create user Group  (  SURG ) . But i can't assigned Role ?
    Regards , Thanks
      Lannguyen

    Hello,
    You cannot assign user groups directly to Roles, however you can do the following.
    Use PFCG transaction
    1. Select the role and switch to change mode.
    2. Switch to user tab.
    3. Put the cursor in the blank line and hit F4
    4. You should get a popup window which asks you to provide search criteria for the user.
    5. Switch to 2nd tab Users by Logon criteria, here you should be able to find the selection field User group.
    6. Select the group you created and hit the green tick.
    7. All the users in that group will be listed in the User list tab on the main screen.
    8. Now to complete the user assignment hit the User comparisor button ( it should turn green once done).
    Regards,
    Siddhesh

  • E Portal User Administran--Automatic loss of assigned roles of users

    Hi All,
       Some users are losing assigned roles automatically without anybody modifying User administration part.This is happening frequently.
      My senior told me that
         "<b>roles are based on Active Directories. When Users move from one location to another there is change in the Active Directories.
    If Active directories do not get refreshed properly roles will be not come up.</b>"
    Please guide me.
    Thanks in advance,
    Gangadharayya.

    Hi Gangadharayya,
    Check the Unique ID of the user(whose role has lost) in the system Administration --> support -->support Desk -->
    User Management >Test component for UME objects
    Enter the user ID of the user(whose role has lost)in the Get User table. And click the 'Get' .
    And in the bottom of that screen you ll get the 'UME User toString' table. In that get the unique ID of the user and check this unique ID with the LDAP.
    Try the same steps from the role. Give the Role ID search in the 'Get Role ' column and click get. Now compare the unique IDs of the user.
    Regards,
    Birla.

  • How to assign roles to users using WL api?

    Hi,
    We have a requirement to allow creation of new users through application screens and assign groups and roles to those users.
    My users will exist in external LDAP server while my groups and roles will exist in embedded LDAP server. Using WL APIs i am able to create users and add them to groups using the code peices given below:
    ========================================
              userProviderControl.createUserSimple(form.userID, form.password);
              groupProviderControl.addUserToGroup(ocnGroup, form.userID);
    ========================================
    How do i assign roles to this new user programatically?
    If i add a role from console (Home > Realm Roles > Summary of Security Realms > myrealm > Realm Roles -> Global Roles) and edit role condition to add this newly created user then i it works fine. I want to achieve the same i.e. edit role condition programatically.
    Any help will be greatly appreciated.
    Thanks,

    Problem Solved !!!
    The data-type conversion needs to be performed in the SPML2 Person Form. Add a Field called waveset.roles and map it to the SPML2 attribute name being used in ur client. It's best done through a rule.....
    If anybody is facing similar problem and need more details....please email me @ [email protected]

  • Assigning Roles to Users and Groups

    Hi,
    We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
    it is an urgent assignment for me..help can be appreciated...
    sudhir

    Sudhir,
    You can assign the roles to users and groups as below.
    1. Select the System Administration in the top level navigtion
    2. Select user administration
    3. You can search for a specific user or a group from this iView.
    4. Use the edit button to edit the profie of the user or group.
    5. Search for the role in the search iView.
    6. Add the role to the user of group and save.

  • Problem in assigning roles to users

    Hi
    I created Role in EP, which i want to assign to the users. i assigned that role to user. the user i not able to access the particular iviews. i attached some R/3 transactions iviews to that role. it says unable to lookup the system or system alias. when i assign that role to me, i'm able to access that iviews(R/3).
    i have superadmin role permissions.
    what default roles and permissions need to assign for users.
    suggest me
    thx
    pradeep

    Hi Pradeep,
    In SP9 apart form creating a System, we need to assign permissions for users.
    Follow this path:
    System Administration -> Permissions -> <select your System in Portal Content> -> Open Permissions <on right click>. This would take you to the Permission Editor.
    Here you need to add the user and assign permissions.
    Please check this and let me know if its working.
    Awaiting Reply.
    Warm Regards,
    Ritu

  • BAPI/FM to assign roles to User

    Hi all,
    I need to find a BAPI/ FM to assign roles to various sap users.
    I don't know whether this can be done. If yes, please let me know the required BAPI/ FM.
    Thanks and regards,
    Ridhima

    Hi,
    you can use
    <b>BAPI_USER_ACTGROUPS_ASSIGN</b>
    regards,
    pankaj singh
    reward if helpful

  • Assigning Roles to Users

    Hello,
    I have created a Role in Portal Content named "TestUser" but when i'm trying to assign this role to a user, Role is not displayed in search list. I have tried "T*" in search option then click on start button but role "TestUser" is not visible. Can any body tell me what is problem behind this asap.
    Regards,
    Amey Potale

    Hi Amey,
    Probably did you give any ROLE ID Prefixes while creating the role.Then search with that prefix.Also the search result will be case sensitive. Anyway try just clicking the start button without giving any search term. It will list you down all the existing roles .This is just for you to verify whether ur role is there or not.
    Else I dont see any reasons why the role is not available .
    Hope this helps,
    Regards,
    Uma.

  • Assigning roles to users dynamically

    Hi
    I need to assign manager role to the user if he has any users under him and usassign the role if he has no users under him. when ever a users manager is changed OIM has to check no of users under the manager and if it 0 then manager role has to be unassigned to him and when the user is placed under another manager OIM has to check whether manager role is assigned to him if not and then assign manager role to new manager
    please suggest
    Regards
    A Abhinay

    Create a trigger on manager field. Whenever manager changes for any user just grab the USER ID of manager and validate whether he has any direct reports or not. If yes then do nothing, else remove from Manager Role.

  • Assign Role to Users

    Hi,
    I am trying to give the user access to limited profit centers in a particular Business Area
    Suppose Bus Area ABCD and profit center AB0001 to AB0099 when there are profit center till AB0501.I Defined the same in the SU01 and assigned the role to the user.
    And when I entered the Business Area and Profit center range in the Change Role Authorization i tried to save the same and generate profile but i get a message Authorization is full.Please enter fewer values.
    I tried to post a document with the Users ID with profit center AB0199 and i was able to post the transaction even when i was defined the Profit Center range 0001 to 0099.
    Can some one please advice a detailed solution for the issue
    Thanks 
    Rahul

    yes,
    unfortuantely the automatic splitting of authorizations does not work for authorization objects with more than one field (see last paragraph of note 410993), so unfortunately the splitting has to be done manually...
    b.rgds, Bernhard

  • Is it possible to automate creation of roles,users & assign roles to users

    Respected Guru's,
    Is it possible to automate creation of roles according to our functional requierment with the help of SAP IDM.
    Futher, i would like to know whether creation and deletion of users along with assigning created roles to the user's can be automated.
    Please help me....
    Thank you.

    Hi Dayananadan,
    SAP NW IdM is compatible with your system and uses SAP Java Connector (JCo).
    My colleague Steffen Baumann wrote a blog with three parts, where you get some hints and screenshots how to create similar objects to business roles and automatically assign them. Have a look at the last two parts How To synchronize data from SAP HCM to SAP NetWeaver Identity Center using SAP PI (Part II) and
    https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/8868. [original link is broken] [original link is broken] [original link is broken] Especially the last topic in the last part shows how to implement dynamic groups. It's not everything covered you will need to automatically create business roles and assign them. To explain this in detail is like writing another blog... If you go through the last two parts of the blog you will know how to modify the jobs my colleage has used for importing HCM data to create business roles similar to org. units.
    You can also have a look at /docs/DOC-8983#section6. There you find "Identity Management for SAP System Landscapes: Configuration Guide" and other documents. They help to get familar with the possibilites of SAP NW IdM, but don't mention how to implement your case in detail.
    Best regards,
    Nils

Maybe you are looking for

  • Gallery style photo view in iweb

    Ok.  I want to have a the look for my web page as in the following link.  small photos lined up in colum and rows, with one BIG photo next to it.  As you click on the smaller pics, it shows on the larger one.  I do not want to export mobil me, tried

  • My Mac keeps freezing and is very slow

    I have a 2.8GhZ 24" iMac. I've had it for about a year and a half, without a problem. Then about a week ago it crashed for the first time. Ever since, it has been very slow and freezes regularly. Programs crash a lot. Any ideas? Reasons? Solutions?

  • Game center id log ins

    We have multiple users on iphone and ipads that log in to game centre. I want to log in to my own account but keep picking up my daughters account. I have loged out and set up a seperate account, logged back in but continue to pick up the standard ac

  • WRT120N - how to proper set mixed network at home

    Hi, I have bought WRT120N by linksys because I wanted to use maximum speed of line. My answer is how do I need to set up my router to get max what I could ?  When I put ethernet cable directly to my PC speedmeter is showing me 65-70 MBit bandwith rat

  • DR - SQL Server - VM's

    Hi All: We have an discussion with VM team and DB team. Requirement: Configure DR for all the SQL Servers hosted on Virtual Machines. VM Team: They are asking us to configure Mirroring or Logshipping with out extra license. DB Team: We are asking the