Context based assignment - context filter to display roles

Similar Messages

• Hiding Options in Context Menu for Specific Roles

  Hi SDN,
  We have navigation iview assigned to some of the users. There appears context menu and the items in it. We need to remove some of the options like copy, move for the specific users.
  How to achieve this specific requirement of hiding few of the items in context menu of KM Folders and files for specific users or roles?
  Thanks in advance
  Regards,
  Ganesh N

  Hello!
  In Portal KM, set Permissions on folders for this users (Group of users) - Read.
  Other way - you can edit Ui Commands of Layoutset - which is used in iView,then create copy of iView (not delta link) and delete commands you don't want to show, then assigne iView to your specific role
  Best regards, Ivan
  Edited by: Ivan Kalahryu on Dec 16, 2008 10:05 AM

• Is there any way to edit the standard Firefox context menu for displayed Web pages?

  Is there any way to edit the standard Firefox context menu for displayed Web pages? I frequently want to save a picture appearing on a page. Sometimes I "slip" and hit "Send Image" when I want "Save Image As", and have to sit and wait for a default send-mail page to come up, then close it, fiddling with its "are you sure" dialogs. This is a painful way to handle a slip-up. I basically NEVER want to e-mail an element directly from a page. Is there any way I can just delete "Send Image" from the context menu?

  You can remove entries in the context menu with code in the userChrome.css file
  *http://kb.mozillazine.org/userChrome.css
  Some IDs are listed in this MozillaZine Knowledge Base article:
  *http://kb.mozillazine.org/Chrome_element_names_and_IDs
  To find the ID of others you will have to use the DOM Inspector.
  * https://support.mozilla.org/kb/DOM+Inspector
  * https://developer.mozilla.org/En/DOM_Inspector
  * https://developer.mozilla.org/en/Introduction_to_DOM_Inspector
  * DOM Inspector: https://addons.mozilla.org/firefox/addon/dom-inspector-6622/

• OBIEE 11g issue - same user assigned to the multiple application role

  Hi All,
  We are facing an issue when assigning a user to the multiple application role and applying the data level filter on the different column of the same table.
  For example, we have a table Department with three columns Department No, Department name, Department location.
  Application Role A1 and A2 are created.
  Data Level security Applied on the application role A1: Department Name='Finance'
  Data Level Security Applied on the application role A2: Department location='US'
  The user "User1" is created in LDAP and is assigned to both the Application roles A1 and A2.
  When logged in with "User1", none of the filters of Role A1 or A2 is applied in the report. If this user is assigned to only one role, either A1 or A2, then the filter is applied. It seems the filter will not be applied if a user belongs to multiple roles with data filter applied on the same table across these roles.
  Please reply if anyone has faced similar issue.

  Hi All,
  Regarding the above issue to update the analysis we came up that the user if assigned to the multiple group with the data filter applied on the same column of the table is getting an *"OR"* join.
  We had a requirement to get an "AND" in the query condition. Please let us know if any one faced the issue and the resolution of the same.
  Regards,
  Jyotshna

• Communicaton error in Shared Services when assigning a filter

  Hi,
  one of my customers encountered the following problem:
  when trying to assign a filter to a group or a user in Shared Services, this message is displayed: "There was some communication error. Response is: http://12.238.204.24/interop/hyperion/hub/cas/web/eas/app/Adf.jsp <!DOCTYPE HTML PUBLIC ... bla bla HTML ..."
  I don't understand this message.
  Note that there are 3 environments, the dev server works, all services (EAS, EIS, SSH, Essbase server) are on the same virtual machine. Both test and production servers encounter that problem. For those 2 servers, the services are distributed on different VM. I suppose this is a clue...
  Thanks for you help.
  Cyril

  Hi, got the same error message. I have 3 environments, one works, but not the other two. Did you reloved that problem?
  Thanks

• Standard Display Roles For Queries in BW

  Dear All,
  Could you Please share the Standard Display Roles For Queries in BW.
  Thanks
  Regards,
  Sai

  Hi Sai,
  You can find query specific roles in metadata repository.
  Also try this table in
  SE16. AGR_OBJ
  Other useful tables might be:
  AGR_DEFINE -      Role definition
  AGR_USERS -      Assignment of roles to users
  AGR_HIERT           Role menu texts
  AGR_AGRS           Roles in Composite Roles
  If you need to find user specific roles, check Tcode SUIM.
  Hope this helps.
  Thanks

• Display role for all transactions

  Hi,
  We want to create a role with all transactions, but display only. (Same as SAP_ALL with display access only)
  I have read previously posted messages in this forum, but didn't find the solution.
  The SAP_ALL_DISPLAY role was available prior to 4.7. But we want to create role on WAS 6.4 onwards.
  Does anyone has solution for this?
  Regards,
  Prasad
  Message was edited by:
          Prasad Musale

  > Hi Alex,
  >
  > >>I fail to see a valid situation where users that
  > need to process transactions in production >>should
  > have access to execute every transaction, even if in
  > display mode.
  >
  > We have the development system. We are separating the
  > responsibility based on business functions such as
  > FI, MM etc. it may possible that FI consultant may
  > require a display access to transaction from MM. In
  > this case MM consultant will have MM roles only, but
  > will have the display all role. So that he can
  > perform his functions smoothly.
  >
  >
  > The solution you gave is working, but it does not
  > serve the purpose.
  > Any other solution?
  >
  >
  > Thanks,
  > Prasad
  Hi Prasad,
  My response was to Rajeswari's question rather than your situation which I appreciate is different to the one he was talking about.
  Creating a display role based on SAP_ALL with all activities set to display mode takes around 2 hours, it sounds like it would be worth your while creating it from scratch, though I appreciate that it is a tedious task!
  By using a display role in this manner you will still have the potential for access to functions that are controlled by shared objects, however the risk is reduced unless you give them access to debug & replace.

• Bulk assignment from Queries to a role

  Hey folks,
  we would like to transport more than 100 queries (not Workbooks) - from an Excel-list.
  Unfortunantely, it is not possible to filter queries in Transport Connenction, compared to Workbooks.
  Therefore we created a temp-Role, assigned all Queries to this role, selected that role in the transport connecntion and we had our 100 queries selected by selecting only the temprole - this is much faster.
  As we´d like to improve this, I would like to know, what is the fastest way, to assign 100 reports to a temp-role? Any suggestions on that?
  Best regards,
  Christian Röttgers

  Any suggestions?

• OES MAPI problem of "Assigning Principals to an Administration Role"

  Hi,
  I meet the problem of programmatically Assigning Principals to an Administration Role using Oracle Entitlement Server Management API. I can successfully run the sample code following the <Developer Guide>, Chapter 5.4.3 Assigning Principals to an Administration Role
  My code snippet is like this:
  List<PrincipalEntry> principals = new ArrayList<PrincipalEntry>();
       principals.add(new BasicPrincipalEntry
         ("weblogic.security.principal.WLSUserImpl", "Lisa"));
       //Grant the users in the list the role
       admManager.grantAdminRole(adminRole, principals);
  And no error or exception occurs in java app side or oes_admin side. But when login to http://vmware.localdomain:7001/apm admin GUI, I could not login with Lisa.
  I also tried manually assign app1 with delegated admin role, and then Lisa can successfully login to admin GUI.
  Then I run the app program to programmatically assign app2 with delegated admin role to Lisa. Login with Lisa could not see app2.
  I have checked the system admin "weblogic" login to admin GUI and it can see that app2 already have Lisa listed on the external user of delegated admin of app2.
  I even checked the DEV_APM.JPS_CHANGELOG in the oracle database schema for oes. I can see the changelog of java app assiging operation.
  Can anyone tell me the reason why programmatically assign user to an delegated admin not work correct? Is there some mistake steps in my java app code or there is a bug in OES product?
  I use the OES 11.1.1.5 version with Oracle Database 11.2.0, Weblogic 10.3.5 on Oracle Enterprise Linux 6 32bit.
  Thanks very much.

  Thanks very much for all the reply posts. With the suggestions from yours, I tried distribute the policy and finally it works!
  The code snippet is from 4-8 Using the distributePolicy() Method  , listed below:
  //get the PolicyDistributionManager
  PolicyDistributionManager pdm =
    app.getPolicyDistributionManager();
  //distribute policies
  String distID = pdm.distributePolicy(true);
  DistributionStatusEntry status = pdm.getDistributionStatus(distID);
  System.out.println("Start distribute policy");
  while (status.getPercentComplete() != 100) {
    Thread.currentThread().sleep(200);
    System.out.print(".");
    status = pdm.getDistributionStatus(distID);
  System.out.println("Finish distribute policy");
  There is another trick that I discovered from DEV_APM.JPS_CHANGEBLOG:
  If this is the first time that user be assigned as a delegated admin, you should also grant user with applicaionRole "APMViewer" to the application "oracle.security.apm"
  You can refer to the sample code from 2-9 Assigning Principals to an Application Role  , also listed below:
  ApplicationPolicy app = ps.getApplicationPolicy("oracle.security.apm");
  AppRoleManager roleMgr = app.getAppRoleManager();
  //Construct the list of users to be granted
  List<PrincipalEntry> principals = new ArrayList<PrincipalEntry>();
  principals.add(new BasicPrincipalEntry
    ("weblogic.security.principal.WLSUserImpl", "Nick"));
  //Grant the users in the list the role
  //admManager.grantAdminRole(adminRole, principals);
  AppRoleEntry appviewerRole = roleMgr.getAppRole("APMViewer");
  roleMgr.grantAppRole(appviewerRole, principals);

• How do you display Roles?

  In the old Enterprise Console, it was possible to display Roles, and see what privileges had been granted to each, and what users had been linked to an individual role. Is it possible to do something similar in SQL Developer? I can write my own queries, but not if the system already provides this functionality.
  In the individual database objects, it is possible to grant and revoke privileges to individual users, which are displayed in the pulldown. One can also write in the users ID. I would also like to suggest that this screen be modified to include roles in the pulldown, or to include a separate pulldown for roles.

  Vin,
  I did find a Role Privs report under Data Dictionary Reports->Security->Grants and Privs but only goes by current user.
  If you want to suggest a new feature, go to url below and check that no one else has asked for it. If so, go vote on it. If it's not there, create it and VOTE. I see features requested but no votes. Creating it doesn't give a request a vote.
  Hope this helps some
  http://apex.oracle.com/pls/otn/f?p=42626:46:173082856735668::NO:::
  Evita

• "Filter Before Display" Erroring out in ARXRWRCT.fmb

  Hi All,
  We had a performance issue with the Reciepts screen in AR Superuser responsibility and according to the metalink note 418873.1, we made changes to the form ARXRWRCT.fmd. The change is given below:
  ON-SITE Fix instructions: ARXRWRCT.fmb
  1.Open the form.
  2.Navigate to LOV's.
  3.Select the LOV "RGW_BILLING_NUMBER". Open up the property palette. Change the property "filter before
  display" from "NO" to "YES".
  4.Save the changes, compile the form ARXRWRCT.fmb and ARXRWMAI.fmb to pickup these changes. Test the issue.
  Now, when we compile the above mentioned forms after making changes, we are encountering the below errors.
  For Form ARXRWRCT
  FRM-30048: Unable to find record group .
  LOV RGW_EXCHANGE_RATE_TYPE
  Form: ARXRWRCT
  FRM-30085: Unable to adjust form for output.
  For Form ARXRWMAI
  FRM-30048: Unable to find record group .
  LOV RGW_EXCHANGE_RATE_TYPE
  Form: ARXRWMAI
  FRM-30085: Unable to adjust form for output.
  I have tried copying all the standard libraries and referencing them, but it did not help.
  Any help in this regard is appreciated.
  Jithin

  We never figured this out and are waiting for the EBS upgrade to fix this. hence closing this thread.
  Thanks,
  Jithin

• How to assign possible agents at security role / CAG level?

  Hi Experts, How to assign possible agents at security role / CAG level?

  Yes, that's exactly what I'm talking about. In your task maintenance, goto additional data -> agent assignment -> Maintain
  Click on th task, click on the assign button. Choose object type 'Role', enter role.
  Cheers,
  Mike

• Which authorizations are required for assigning a query to a role?

  Hi everybody,
  we try to set up some roles for "reporting power users". These guys should be alble to define new queries using BEx (works fine) and also should be able to assign these new defined queries to a role, so other users can use these roles.
  The idea is simple, but we're searching for the right authorization object (or - as i suppose - set of authorization objects) that enables the user to assign a query to a role (using that "enter to a role" button in the open / save dialog).
  At the moment, the user can user that button, and the role, he should the query assigned to is shown. After selecting the role and clicking button "create" it take some seconds and a message "error when saving. entry has not been created" is shown.
  Obviously, there is a problem with writing the role (or adding the new information to that role).
  So, could anyone help me and provide me with a list of authorization objects that are required.
  Thanks in advance,
    Alfred

  S_RFC
  S_TCODE
  S_USER_GRP
  S_BDS_D
  S_OD_SEND
  S_RS_AUTH
  S_RS_BCS
  S_RS_COMP
  S_RS_COMP1
  S_RS_FOLD
  S_RS_ICUBE
  S_RS_MPRO
  The above mentioned authorization objects are enough to add in the role and required for the accessing a query.
  particularly, S_RS_COMP, S_RS_COMP1, S_RS_MPRO, S_RS_ICUBE are the most important auth objects which are directly getting involved in authorization of a query in a role.
  SO, you have to assign the respective info area, info cube and info providers names in these auth objects.
  The same scenario , i am using in my project to give access to the queries in all the areas for my end users.
  The values and access/authorizations restrictions is up to your project requirement.
  Hope this would help you.

• Assigning Group(of users)  to Role when starting a process programmatically

  Hi All,
  I m starting a process programmatically(using startProcess()).
  Process initiation is working fine, but i need to assign a 'Group' to the role, and not a user. It is a portal group, available at portal end only. How can this be done?
  Please guide.
  Thanks and Regards,
  Sakshi

  you can use the following code
  import com.sap.caf.eu.gp.process.api.GPProcessFactory;
  import com.sap.caf.eu.gp.process.api.IGPProcess;
  import com.sap.caf.eu.gp.process.rt.api.IGPProcessRoleInstanceList;
  import com.sap.caf.eu.gp.process.rt.api.IGPRuntimeManager;
  import com.sap.security.api.IUser;
  public void startProcess( java.lang.String processId )
     // retrieve the Runtime Manager
     IGPRuntimeManager rtm = GPProcessFactory.getRuntimeManager();
     // create an empty role assignment list
     IGPProcessRoleInstanceList roles = rtm.createProcessRoleInstanceList();
     // get the process role number
     int rolenum = process.getRoleInfoCount();
     // iterate over the required roles
     for (int i = 0; i < rolenum; i++) {
        // create a new role instance by specifying the role's unique name
        IGPProcessRoleInstance roleInstance = roles. createProcessRoleInstance(process.getRoleInfo(i).getRoleName());
        // add a user to the role instance
        roleInstance.addUser(roleUser);
        // add the new role to the assignment list
        roles.addProcessRoleInstance(roleInstance);    
  Thanks and Regards
  shanto aloor

• The security-role-assignment references an invalid security-role: Certifica

  In Oracle Enterprise Pack for Eclipse, I failed to deploy an application in debug mode. The error I noticed in my domain log is:
  weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: Certificate.
       at weblogic.servlet.security.internal.WebAppSecurity.setRoleMapping(WebAppSecurity.java:180)
       at weblogic.servlet.security.internal.WebAppSecurity.registerSecurityRoles(WebAppSecurity.java:155)
       at weblogic.servlet.internal.WebAppServletContext.prepareFromDescriptors(WebAppServletContext.java:1181)
       at weblogic.servlet.internal.WebAppServletContext.prepare(WebAppServletContext.java:1120)
       at weblogic.servlet.internal.HttpServer.doPostContextInit(HttpServer.java:449)
       at weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:424)
       at weblogic.servlet.internal.WebAppModule.registerWebApp(WebAppModule.java:910)
       at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:364)
       at weblogic.application.internal.flow.ScopedModuleDriver.prepare(ScopedModuleDriver.java:176)
       at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:93)
       at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:387)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
       at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:58)
       at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:42)
       at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:615)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
       at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
       at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:16)
       at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:155)
       at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
       at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:197)
       at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:89)
       at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
       at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:723)
       at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1190)
       at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:248)
       at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:159)
       at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:157)
       at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:12)
       at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:45)
       at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  What I do not understand is that this error remains even though I modified weblogic.xml to remove the following lines:
  <wls:security-role-assignment>
  <wls:role-name>Certificate</wls:role-name>
  <wls:externally-defined/>
  </wls:security-role-assignment>
  I also deleted <MYDOMAIN_HOME>/servers/AdminServer/cache and <MYDOMAIN_HOME>/servers/AdminServer/tmp but this error still showed up when I attempted to deploy the application in Eclipse.
  If I exported the EAR file and deployed it using Admin Console, the application was deployed successfully. But when I deleted it in Admin Console and attempted to deploy it in Eclipse again, the same error occurred and the deployment failed. What could be the reason for this behavior? Is there anything cached somewhere when deploying it in Eclipse? Thanks in advance for your help.

  Hi,
  I know that is an old thread, but just in case... Maybe you could try setting up the DEBUG_OPTIONS in your startManagedWeblogic script and configure a remote debug in Eclipse:
  DEBUG_OPTIONS="-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=8003,server=y,suspend=n"
  Hope it helps,
  Luis