BW User Authorisation in Portal

Hi Experts
I am a BW Consultant creating iviews for the queries and assing them to the corresponding portal roles
Could you please update me on how can i restrict data access in portal with analysis authorisations in BW
Thanks in advance

Hi,
all you have to do is configure a System Object for your BW Backend to be used with the BW iViews. The URL iView works fine without additional configuration.
Are you using your portal in intranet or extranet/internet?
What do you mean with central user management?
When I read your thread I thought you had a portal with its own default usermanagement (e.g. Portal Database)
and your BW Backend with its own userstore. So all you have to do is make sure that the usernames used in both systems are equal to use SSO and then configure your backend to accept sso tickets.
As described above the data restriction is handled by BW. So if you have access restrictions assigned on reports or queries the user will not be able to execute these queries from portal.
All you have to do is make sure that the iView used to execute a query or call a report is not visible for these users in portal.
To achieve this procceed as described by Yogesh Varma.
Create roles for your reports and queries and group them somehow so you can assign these roles to all users who should be able to call a particular report. If you already have report or query based permissions in BW you can also upload these roles to portal. The PFCG Roles from your Backend will appear as groups in your portal and you can link these groups to particular Portal Roles as desired.
The following link might be useful:
http://help.sap.com/saphelp_nw70/helpdata/EN/4c/6c0f40763f1e07e10000000a1550b0/frameset.htm
Hope this helps
Cheers

Similar Messages

User Management in Portal

Hi,
I had a ECC system with users with relevant authorisations.
Now how can i setup the User Management in Portal for the users
Thaks

Have you configured UME with Portal?
What is the UME you are using?
Please check the help document
http://help.sap.com/saphelp_nw04/helpdata/en/7e/a2d475e5384335a2b1b2d80e1a3a20/content.htm
Hope this helps.
Cheers-
Pramod

How to restrice ananymous user access to portal link /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default?

Hi experts,
We had an issue with portal access. I wonder if portal is venerable for security threats?
Could you please let me how to restrict the unauthorized users (anonymous user) to the portal URL.
https://HOST:50001//irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default .
Appreciate your help.
Regards
Maruti

Hi Maruti,
Hope you are doing good.
Can't you just amend the portal permissions so that this access is not possible.
The PCD location should be:
com.sap.portal.system/security/sap.com/NetWeaver.Portal/no_safety/com.sap.portal.navigation.portallauncher....
Hope this helps.
Thank you and have a nice day!
Kind Regards,
Hemanth

User Authorisations in Dialog Programming.

Hi Friends,
I have a small requirement, I want to create user authorisations in dialog programming.
Actually client requirement is he want to enter absence details of each and every branch.
For that i have created a cusom table and i also i have developed a dialog program inorder to update the details
and to retrive all the data i have created a report program also.
Now the client requirement is he want user authorisations while updating the data through dialog programming, that means if a user loging in that particular branch he want to enter the absence details pertaining to that branch only, when he tries to enter the details of other employee pertaining to another branch an error should be raised.
Actually in the client place they are using authrisation object as 'Z_WERKS'. The basis person has created this and provided for me.
Actually i have created an Authority check in module pool program.Here iam attaching my prog,
Pls provide me the sample code if at all available.
*& Include ZEMPTOP Module pool
PROGRAM ZEMP.
TABLES : ZABS,PA0001.
DATA : WA_PA0001 LIKE PA0001,
 V_ANS.
DATA: BEGIN OF Z_WERKS OCCURS 0,
 PERSA LIKE T500P-PERSA,
 NAME1 LIKE T500P-NAME1,
 END OF Z_WERKS.
*& Include ZEMPI01
*& Module USER_COMMAND_0100 INPUT
 text
MODULE USER_COMMAND_0100 INPUT.
CASE SY-UCOMM.
WHEN 'DISP'.
SELECT SINGLE * FROM ZABS WHERE PERNR = ZABS-PERNR.
IF SY-DBCNT <> 0.
*MESSAGE I000(Z00) WITH 'Details of' ZABS-PERNR .
else.
MESSAGE I000(Z00) WITH 'No Details Available to Display'.
ENDIF.
WHEN 'EXIT'.
LEAVE PROGRAM.
WHEN 'BACK' OR 'EXIT' OR 'CANCEL'.
LEAVE TO SCREEN 0.
WHEN 'CLS'.
CLEAR ZABS.
WHEN 'INS'.
INSERT ZABS .
ZABS-ABWTG = ZABS-ENDDA - ZABS-BEGDA + 1.
IF SY-DBCNT <> 0.
MESSAGE I000(Z00) WITH 'Personnel No' ZABS-PERNR
'inserted successfully'.
ENDIF.
CLEAR ZABS.
WHEN 'MOD'.
UPDATE ZABS.
ZABS-ABWTG = ZABS-ENDDA - ZABS-BEGDA + 1.
IF SY-DBCNT <> 0.
MESSAGE I000(Z00) WITH 'Personnel No' ZABS-PERNR
'Modified Successfully'.
ENDIF.
CLEAR ZABS.
*WHEN 'DEL'.
*CALL FUNCTION 'POPUP_TO_CONFIRM_LOSS_OF_DATA'
EXPORTING
 TEXTLINE1 = 'ARE YOU SURE'
 TEXTLINE2 = 'YOU WANT TO DELETE'
 TITEL = 'CONFIRMATION'
 START_COLUMN = 25
 START_ROW = 6
 DEFAULTOPTION = 'N'
IMPORTING
 ANSWER = V_ANS.
*IF V_ANS = 'J'.
*DELETE ZABS.
*IF SY-DBCNT <> 0.
*MESSAGE I000(Z00) WITH 'Personnel No' ZABS-PERNR
*'Deleted Successuflly'.
*ELSE.
*MESSAGE I000(Z00) with 'No Record to Delete'.
ENDIF.
*ENDIF.
ENDCASE.
ENDMODULE. " USER_COMMAND_0100 INPUT
*& Module GET_REC INPUT
 text
MODULE GET_REC INPUT.
SELECT SINGLE * FROM PA0001 INTO WA_PA0001
 WHERE PERNR = ZABS-PERNR.
MOVE: WA_PA0001-PERNR TO ZABS-PERNR,
 WA_PA0001-ENAME TO ZABS-ENAME,
 WA_PA0001-GSBER TO ZABS-GSBER,
 WA_PA0001-WERKS TO ZABS-WERKS.
ZABS-ABWTG = ZABS-ENDDA - ZABS-BEGDA + 1.
ENDMODULE. " GET_REC INPUT
*& Module CHECK_AUTH_WERKS INPUT
 text
MODULE CHECK_AUTH_WERKS INPUT.
*SELECT PERSA INTO TABLE _WERKS FROM T500P
 WHERE PERSA = ZABS-WERKS.
AUTHORITY-CHECK OBJECT 'Z_WERKS'
ID 'PERSA' FIELD Z_WERKS-PERSA.

You need to test the sy-subrc after the authority check - that will indicate whether the user has the authorisation or not.. you also often include the activity being tested e.g. generally 03 = Display, 02 = Update etc
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '03'
ID 'CUSTTYPE' FIELD 'B'.
IF not SY-SUBRC is initial.
MESSAGE E... "put your exception here...
ENDIF.
see [Programming Authorization Checks |http://help.sap.com/saphelp_nw04/helpdata/en/52/6712ac439b11d1896f0000e8322d00/content.htm] for more info.
Jonathan

Getting error while creating the user in user administration in portal

Hi folks,
i am unable to create the user in user administration in portal due to the following error,
could you please help regarding this issue
"Current user has user creation permissions in the UME, but cannot create users in the back-end system (data source). The original and possibly untranslated message was: "No active writeable datasource found for user creation, check your Persistence Configuration.".

Hi All,
I am closing this thread as this is not in the correct forum. This should be opened in LDAP or UME. Please open the thread under the correct heading.
Beth Maben
EP - Senior Support Consultant
AGS Primary Support, Business Suite & Technology
Please see the UWL Wiki @
http://www.sdn.sap.com/irj/scn/wiki?path=/display/bpx/uwl+faq ***

Can you restrict creation of user types in Portal?

Hi,
Is it possible to give a group of users the ability to just create 'Vendor' accounts in the Portal?
While another group of users the ability to just create 'Contractor' accounts in the Portal?
...and other group of users to create just another 'type' of users in the Portal?
Thanks,
Sk

Humm, it's seems a bit complex but try to based your drop down over a new object "UserType".
See
http://theidentityguy.blogspot.fr/2011/07/populating-rcdc-dropdownlist-with.html
After that gives the right to view only object UserType "Vendor" for the set "All admins of Vendor"
I never try this, it's only an idea :)
Regards,
Sylvain

Programmatically adding/deleting users to/from portal groups

I am using the following PDK api, to delete an user from a portal group (otp_sales).
I get the following error which doestn make sense. I tested the following api from a
script shown below. In my application, this gets called from a trigger, and fails
because it sees a ROLLBACK getting used in the API.
<<<<<<<<<<<<< delete_from_group.sql >>>>>>>>>>>>>>>>>>>>>>
DECLARE
BEGIN
moc.wwsec_api.delete_user_from_list (p_group_id
=>MOC.wwsec_API.GROUP_ID('OTP_SALES')
,p_member_person_id =>73);
END;
<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
SQL> @delete_from_group.sql
Input truncated to 1 characters
DECLARE
ERROR at line 1:
ORA-01086: savepoint 'DELETEUSERFROMLIST_SAVEPOINT' never established
ORA-06512: at "MOC.WWSEC_API", line 2467
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "MOC.WWCTX_SSO", line 849
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "MOC.WWCTX_SSO", line 669
ORA-06502: PL/SQL: numeric or value error
ORA-06512: at line 3
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Thanks
regards
-Ananth

We had the same problem and it turned out that deleting a portal user(delete_portal_user), removing a portal user from a list (delete_user_from_list) or updating a portal user, the "savepoint xxxx never established message" came up when there was no context set. If the procedure is called from within a portal page (or as user portal30) ,and the context is set and it works. The solution is to check to see if the context was set, and then set it if not.
if not portal30.wwctx_api_private.is_context_set then
portal30.wwctx_api_private.set_context(p_user_name => 'portal30');
end if;
Hope this helps
Tania

User mapping from portal to R/3

Hello everyone,
Our situation is this :
We made some visual composer iviews (charts and tables) that get data from R/3.
Instead of creating users in R/3, we want to use only one public user who can only call RFC's in R/3. So how is the user mapping implemented in this situation?
Please give me detailed explanation for it or links of documentation.
I will be appreciative and all answers will be rewarded with points.
Thanks for help.

In addition and from a maintenance perspective you could do a: Portal Group to R/3 UserMapping.
This will then automatically map all Portal Users in the Portal Group to the one R/3 user in the back-end. This saves effort when new users are created on the portal you don't have to map them all.
This method is also proposed by SAP for mapping to MDM for example.
NOTE: When you choose this you cannot trace the user in the back-end because
this back-end user is shared. If this is not a problem for your scenarion then I would say go for it.
Cheers,
Benjamin Houttuin

How to build in user authorisation in sender soap adapter

HI ,
how can i built the user authorisation in sender soap adapter. either in a url or somewhere on the server .
if anyone has an idea do let me knwo
Thanks
Nikhil

Nikhil,
sender soap adapter is used for ex in the case, u need some data from the DB say of a vendor. U give the name of the vendor in the site, suppose u get the contact address of the vendor from the DB.
Sender soap adapter sends the soap request from the client to XI and from XI the request is passed to DB.
With XI, WSDL file is generated and SOAP request is generated for the WSDL file. When the WSDL is deployed on the client application, the authorization is handled.
For receiver SOAP adapter, it is the otherway round u r getting the data from the DB first and so the authorizations are held in XI.
-Naveen.

How to view a BI query with anonymous user in the portal

Hi Gurus,
Does anybody knows how to view a BI query in the portal with anonymous user?
Cause when i try to view a query the portal always ask for authentification. And i don't want to sign with a user cause my portal is for everybody and if the user logged in it shows the roles that previously were assigned.
I have the Netweaver 2004 with SP9
Thank you Very Much

do you have sso configured between portal and BW server, if yes the authentication pop up should not come.
if you dont want to do sso between portal and bw server and still want to logon to BW query with anonymous user,
in you bw server go to transaction sicf and navigate to DEFAULT_HOST->SAP->BW->BEX and double click on bex node in the resulting window, log on details section provide a default userid/password
Raja

How to retrieve all users in the portal with UME API

Hi everybody,
I would like to know how to retrieve all the users from a portal, which uses LDAP as a source (there are users created in the portal as well)
My code snippet is :
IUserFactory userFactory = UMFactory.getUserFactory();
UserSearchFilter searchFilter = userFactory.getUserSearchFilter();
searchFilter.setDisplayName("*", ISearchAttribute.LIKE_OPERATOR, false);
ISearchResult searchResult = userFactory.searchUsers(searchFilter);
My problem is that with the code above, only the users created in the portal are displayed, and no LDAP users.
Does someone know how to retrieve all the users whatever is the source?
Regards
Renaud

prakash's code should work.
however, mine code below doesn't user a search filter. it retrieves everyuser including users like indexadmin etc. Note:
result.next().toString();
returns a weird uniqueID used in the portal world.
getUniqueName()
gives your the usernames (sAMAccountName in Microsoft AD) people use to logon to the portal.
try {
IUserFactory uf = UMFactory.getUserFactory();
ISearchResult result = uf.getUniqueIDs();
while (result.hasNext()) {
    String uniqueid = result.next().toString();
    IUser user = uf.getUser(uniqueid);
    String userid = user.getUniqueName();
} catch(Exception e) {
//systemout

How to create an orgchart of users created in portal

I need to produce an org chart of our company. As the users are created in portal 902, it would seem the portal hierarchy tool would be perfect to use. However am I right in thinking that a user created in portal is stored in the oid/ldap tool. Anyone have any ideas to access the data via sql.
What comes to mind is
1. there is a dbms_ldap package, could this be used to populate a emp type table
2. A trigger that fires when a user is created that populates the emp table
Anyone done anything like this before.
Regards
Orlando

Thanks for the reply Sharadha ,
I do not have actual users from portal but it comes from the LDAP, i have already used the above method and it does not have the timezone.
Depending on the request from where the portal is being accessed from i need to find there timezone.
Thanks
Deepak

User authorisation check in ABAP-HR program

Hi,
Can anyone please help me on the following query ?
I need to check user authorisation in an ABAP report at Object level, filter only relevant records based on the user's authorisation and display appropriate messages.
The above mentioned report is purely developed by us and is not a copy of any standard report. Hence, kindly help me with your suggestions and opinions.
Thanks and Regards,
Manas Menon

Create an authorisation object (SU21)
Put an authorisation check for this object in your report (AUTHORITY-CHECK)
Create a role that contains this object (PFCG)
Assign this role to all the users who require access to the report (SU01).
<REMOVED BY MODERATOR>
Edited by: Alvaro Tejada Galindo on Feb 27, 2008 2:07 PM

Issue in Step 12-Maintain User Assignment in Portal (RSPOR_SETUP)

Hi,
I had issue with step 12--Maintain User Assignment in Portal when running prog RSPOR_SETUP [to setup BEx Web configuration] with error " System failure during call of function module RSWR_RFC_SERVICE_TEST".
Note: BI certificate was already exported & imported to Portal.
Evaluate Ticket Login Module is done with trustedsys, trustediss & trusteddn.
Evaluate Assertion Ticket Login Module is done with trustedsys, trustediss & trusteddn.
User-id: bex_admin with SAP_ALL in ABAP and mapping is done in Portal as per step 12 intruction.
Error in dev_jrfc.trc:
Exception thrown [Tue Jan 16 09:24:46,102]:Exception thrown by application running in JCo Server
com.sap.engine.services.rfcengine.RFCException: Incoming call is not authorized
 at com.sap.engine.services.rfcengine.RFCDefaultRequestHandler.handleRequest(RFCDefaultRequestHandler.java:74)
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Authentication failed.
Caused by: com.sap.security.core.server.jaas.DetailedLoginException: Authentication failed: Issuer of SAP Logon Ticket is not trusted. Authentication stack: evaluate_assertion_ticket
 at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:167)
It looks like the issue with evaluate_assertion_ticket & somehow Portal is not trusted the BI certificate. I tried SAP note 917950, 888687, 878455, 721815, etc. & many more but cannot resolved the issue.
SAP system: NW04s with Java add-in in the same server.
SP stack 9
I appreciate if someone already resolved the same issue and share the solution. I already opened a ticket with SAP but they have no solution yet.
Thanks.
Mimosa

Hi
Try maintaining the following property values for the SAP BW System:
Authentication Ticket Type = SAP Assertion Ticket
 Logon Method = SAPLOGONTICKET
 User Mapping Type = admin,user
Regards,
Trikanth Basetty

Users based on Portal Group

Hi all,
Is there any table or RFC which contains the Users based on Portal Group in ECC.I need to writa a programme which extracts the users based on poratal group.
Thanks and Regards,
Venkat

Hi Venkat,
To get users of a group:
boolean b =false;
String name = null;
IGroup grp = UMFactory.getGroupFactory().getGroupByUniqueName("GroupName entered by User as a input");
if(grp.equals("<Name of Group>"))
 Iterator i = grp.getUserMembers(true);
 grp.getGroupMembers(true);
 for (int a= 0; i.hasNext(); a++)
 name = i.next().getClass().getName();
 //Print / Store Name
Regards,
Vaibhav

BW User Authorisation in Portal

Similar Messages

Maybe you are looking for