Dynamic user/role management
I'm currently working with WebLogic 6.1 and looking into doing what seems to be
a standard piece of development work, specifically dynamic user management. I
need the ability to create/modify a user and define them as members of security
role(s) from within my application, and not through the Weblogic adminstrative
console. From what I've read the only option is to create a custom RDBMS
security realm. Does anyone know of any other available options or is this it?
If anyone has implemented a custom RDBMS security realm I'd be interested in any
feedback about your experience doing so. Such as performance issues or
deficiencies of this security model. Thanks in advance.
- Rich
Cameron -
Thanks for your input. Clearly LDAP will not cut it for what I'm trying to do.
I really need the ability to manage these user accounts from within the
application not from a separate administrative tool. A custom RDBMS realm seems
the only option at this point. I looked at some of the vendors you mentioned,
but they do not seem to offer the type of solution I'm looking for. These
vendors seem to manage authorization policies which will keep programatic
security out of your business logic. I did not see where they would allow you to
create and manage user accounts/groups/ACL's. If there is one that does I'd
definitely like to take a look at it. Thanks again.
- Rich
Cameron Purdy wrote:
First, if you are using LDAP then you typically use directory management
tools, not an application, to manage security.
Second, there are security products that work with J2EE from vendors such as
Entegrity, IBM, Netegrity, et al. Basically all of them provide advanced
features like what you describe.
Third, if you must manage stuff from within the app, you need to use a
ManageableRealm implementation. See the Weblogic docs to see what I mean.
Peace,
Cameron Purdy
Tangosol, Inc.
Clustering Weblogic? You're either using Coherence, or you should be!
Download a Tangosol Coherence eval today at http://www.tangosol.com/
"Rich Naylor" <[email protected]> wrote in message
news:[email protected]...
I'm currently working with WebLogic 6.1 and looking into doing what seemsto be
a standard piece of development work, specifically dynamic usermanagement. I
need the ability to create/modify a user and define them as members ofsecurity
role(s) from within my application, and not through the Weblogicadminstrative
console. From what I've read the only option is to create a custom RDBMS
security realm. Does anyone know of any other available options or is thisit?
If anyone has implemented a custom RDBMS security realm I'd be interestedin any
feedback about your experience doing so. Such as performance issues or
deficiencies of this security model. Thanks in advance.
- Rich
Similar Messages
-
Hi All,
I'm currently performing a setup in User Role Managment around roles for a department. We've identified 11 roles we need to create and the responsibilities that need to be assigned to the roles.
We've created a Role Category so all our setups can be easily identified and reported on.
Then we've created 11 roles in Role & Role Inheritence, then assigned the responsibilities. And from there, assigned the role(s) to the users.
Is this the general way of creating roles etc? I haven't been able to find a BR100 that i can compare our setup to. I don't want to start progressing the setup into our UAT environment if my setup is fundamentally flawed.
Cheers,
Russell H.
Origin Energy.Hi,
Please refer to "Oracle Applications System Administrator's Guide - Security" manual for the steps and the guidelines you need to follow.
Oracle Applications Documentation
http://www.oracle.com/technology/documentation/applications.html
Regards,
Hussein -
Dynamic User,Role,Group rather than use jazn.xml
Hi everyone
For Jdev 11..
can anybody tell me how to make application wich can make user,group,role dynamically...
rather than use jazn.xml...
I thought if i use jazn.xml for register user and group its very static...
I cannot make it dinamycally....
I read OPSS and I cannot found the idea behind it...
thanks...Hi,
You can achieve this by using a sql authentication provider. It gets the users and their roles & credentials from the db tables which you can configure in WLS. In JSF, you can create a creation form based on the table (which you configured for authentication), which can be used for the users to register.
Check out this doc for more information.
Regards,
Arun -
UMX - Enabling the Remove button on User Role Management screen
Hi,
I tried looking everywhere on how to enable the Remove Button on the UMX Role Screen. Please advice me if anyone knows about this. Appreciate it.
Navigation
1 User Management Responsibility
2. Users tab -> look for any user -> click on update button on the search result
3. on the Roles tab , you will see a list of role assigned to the user , on the far right , there will be a Remove column with all the icon grey out. (How do i enable this???)Laurent wrote:
Hi,
I tried looking everywhere on how to enable the Remove Button on the UMX Role Screen. Please advice me if anyone knows about this. Appreciate it.
Navigation
1 User Management Responsibility
2. Users tab -> look for any user -> click on update button on the search result
3. on the Roles tab , you will see a list of role assigned to the user , on the far right , there will be a Remove column with all the icon grey out. (How do i enable this???)You cannot remove a role and you will have to end-date it (click on the plus sign with the "Show" text > Set "Active To").
To revoke a role from the user, you must end-date the role. If the role is an inherited role, you can only remove it by removing the role from which it originates in the role inheritance hierarchy. You can view a role's inheritance hierarchy by clicking on the Show hyperlink next to the role.
Assigning Roles to or Revoking Roles from Users
http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156460.htm#366082
Thanks,
Hussein -
Error opening the entities in the user role management
I am trying the assign the models to the user in the user management page. But when I try to expand the + symbol next to the model and open the entities, I get the error that the object reference is not set for a object server instance.Can you
please guide me on thisHi Vincent,
Thanks a lot. it works now.
Regards
Ganesh -
Hi
In the portal that I am developing has about 5 roles which primarily have web dynpro iview attached to it.
Now there are cetain user groups who can see all the iviews and few user groups and users who can see only some of those iViews/roles.
How should I acheive this in the portal. If i create a group and assign it roles A,B,C,D and E. There are few users who can access just A and C and few user who can access A, C, D and E. and likewise.
Could anyone please suggest me the how to go about this if you have any documentation on such issues please send it to me.
Thanks
Regards
PriyaHi !!
Thanks for your responses.
Harini.. could you please give me more details on the program that can do this. If you have any example can you send it to me please. (email: [email protected])
Subathra..I did put the users to groups and assigned them roles. But there are certain users who belong to more than one group and also these particular users have an additional role, so when I proceed this way, it is changing the number of roles that was originally assigned to the group...
thanks for you suggestion...
Thanks
Regards
Priya -
What is the best approach to store "dynamic" user accessibility ?
Hi all,
We are implemennting security in our ADF BC + Faces application. There is always requirement to hide/disable functionalities that a user is not allowed / authorized to access.
Usually we do this during development time, based on what role the user is in. Using this approach, there is no way to change that , or give access to new role during runtime (after the deployment). This is what I call "static accessibility".
In our apps, we need the give / revoke access to some functionalities during runtime. This is what I call "dynamic accessibility".
One approach that comes to my mind is :
We define the accessibility to each function that we want to protect (hide/unhide) in database tables. Then every time a use enter a page, read these tables through JDBC calls then store tha data in Managed Bean.
Has anybody here implement this "dynamic accessibility" ?
Is there a better approach ?
Thank you very much,
xtantoSaeed,
SRDemo uses a managed bean that checks is user in role when called and returns true or false. Another approach - more elegant - is the use of a security property resolver as available
http://jsf-security.sourceforge.net
Regarding dynamic permissions, the use of JAAS seems to be a good solution. ADF Security uses JAAS permissions to assign component access to users.
E.g. if the user role manager has access to edit the salary column, then the security constraint added to the update button could be
#{!bindings.<attribute binding>.updateable}
Note that ADF Security sets the updateable flag on an attribute.
Or you use
#{bindings.<iterator binding>.permissionInfo.create}
#{bindings.<attribute binding>.permissionInfo.update}
#{bindings.permissionInfo['pageDefName'].view}
etc. to determine what a user can do or can't.
Note that I haven't tested if the permissions are cached for a specific application or if they are checked each time again. If they are checked each time then this would be a performance penalty but allows to dynamically set permissions to user groups as obviously needed in your applications.
No, we don't have tutorial for this. But a Oracle By Example for end-to-end security implementation is on my collateral plan for JDeveloper 11 (just need to write a doc writer ;-) )
Frank -
User Lockout Manager in Authentication Provider (WLP 9.2)
Does anyone know how to get User Lockout Manager working in WLP 9.2 ? Some advise was in version 7, but I cannot get it work in 9.2...
You may want to ask in the weblogic.developer.interest.portal forum.
I don't believe that group and user/role management can be application
scoped.
<Tanja Puurula> wrote in message news:[email protected]..
We have domain where one portal application is in production now and other
portal application have to deploy in the same domain.
The first one is using global scoped DataSources and the new one is using
application scoped because they have to use own schemas in the database.
Also Group and User/role management have to work application scoped, meaning
that in one's portal admin console shows only users/groups/roles to that
portal.
How do I do this and what is the optional/best practises to do this kind of
configuration, configure and deploy multiple portals in the same domain ?
I get so far that I make new SQLAuthenticator and XCAMLRoleMapper to the new
portal but when the LDAP and database goes out of sync and I delete
P13N -tables and LDAP, server start creates only to the first portal
database the needed rows and delegated admin management doesn't work in the
new one at all.
I have read all bea's documents related to JDBC - application scoping,
deploying, security P13N and I can't get enough information from it to make
this work.
Thanks ! -
Solution Manager 4.0 Solution Monitoring User -Roles-Profiles for Satellite
Hi All,
I have installed Solution Manager 4.0 (OS -Linux ,Database - DB2) .
Now i need to connect solution manager to the R/3 4.6C
Satellite Systems (DEV, QAS ,PRD) for Solution Monitoring
and Service level Reporting .
I have read the configuration guide , but unable to get clear idea .
1) what users (alos type of user -Dialog , Service, Communication etc) do i need create in DEV , and Test in QAS for solution Monitoring .
2) what exact roles /profiles need to be assigned to these users in satellite systems .
3) what users/roles /profiles needs to be done in SOLMAN system
i have applied all the required plug ins and support packs
in satellite systems and solman 40 ..
Please advice . Your response will be a great help for me .
SatishHello Satish,
Just clarify, if u have meant connecting the satellite systems for EWA reports to be precise. Early watch Reports. If its is the case, then repond so that i can putin my inputs which may be helpful for you in this config.
Rgds,
Sri -
Pull User Role from identity manager in BPM process
Hi,
How can I pull user name, user role from different identity manager in order to configure hierarchy workflow in BPM process? can any one guide me on that??
Regards,
AmikI'm having the same problem on WebLogic 10.3
-
User role to access configuration management in NWA
Hi,
What USER role is required to create the destination information in configuration management in NWA. When I access NWA, I only have access to SOA management which has only Monitoring tools with role SOA technical ADmin.
I need this to convert IDOC XML to flat file.
thanks
PrashanthHi Prasanth,
I am not sure about the exact role but, the ABAP role "SAP_NWA_FULL" & Java role "NWA_SUPERADMIN" will certainly help. This is the role that i had when i was trying a similar scenario.
Please take a look at the following link which might be helpful:
http://help.sap.com/saphelp_nwpi71/helpdata/en/45/c7ca8e89e45592e10000000a1553f7/content.htm
You can infact ask your Basis team to help you out with this.
I hope this helps.
Regards, Gaurav.
Edited by: Kumar Gaurav on Nov 9, 2010 5:57 AM -
Assigning the End User Role for E learning management in Solution Manager
Hello Team,
In the E Learning Management in Solution Manager, I have to a assign the End User Role for each Bussiness Process. While assigning the role, I couldn't able to assign the role of type " JOB ". What have I do to get the type as JOB instead of "Organizational Unit" and "User"?
Regards,
Shyjith.KHi,
Have you maintained your Organizational data? Did you assign any job to any user in the organizational hierarchy. You need to maintain you PPOMA_CRM first in order to assign any roles there.
Hope this helps
Rajeev -
Cisco Security Manager Local RBAC Authentication Radius assign user role
Is it possible to use Cisco Security Manager with local RBAC, authenticate the user to Radius and retrieve it's role from Radius. Getting the authentication to work isn't the problem, but is it also possible to return the role the user has (i.e. Super Admin) via Radius, without having to create all the users one-by-one in the local CSM database with the correct role.
Can i use a certain Cisco-AV-Pair attribute to return the user role via Radius?I just got asked to look at the same situation by one of our security people.
We have exactly the same problem but it reports a username of "*****" and we are running CSM 4.7 (upgraded last week) -
User Role and Profile Managment
Hi All,
I have task on role management , i have a profile assigned to like 20 users , but one of the user is asking me to have special authorization on particular Z Table he want to have modify rights.
in order to give the rights to this guy fro that table , i have to make this profile modified so that it will apply for all of them, so i wan to have this rights to this particular user with the same profile , does any body ahs idea how to achieve this??
Or can any one suggest me where can i put this question in the forums??
Thanks in advance
Regards,
SundarDear Sundar,
To create new Role, use T. Code: PFCG
Now, Provide Role's name, and Click tab: Create (in 4.6 X) or Tab: Single Role or Composite Role (In ECC 6.0). Give Description.
Now, click Tab: Menu --> Transaction (T. Codes etc.),
Tab: Authorization --> Change Authorization Data (Auhorization to Profile i.e. change/ Display/reate etc.)
Tab: User (user to which Role assignment is reqd) and then click: User comparison.
Thats it....
Rewards accordingly.
Best regards,
Amit -
Can MDM users & roles be managed by IDM
Hello,
Can IDM be used to connect to & manage MDM users & roles using provisioning mechanism or otherwise?
Regards,
VishalHello,
we have implemented an adapter to connect the MDM to the IdM. The adapter handles roles and users of an MDM repository and allows the roles to be provisioned to MDM users and vice versa.
I developed the adapter originally for MDM 5.5 SP5/SP6 and IdM 7.0 last year. As there are not that much differences between IdM 7.0 and 7.1 and the Java API of MDM 5.5 and 7.1 an update to MDM 7.1 and IdM 7.1 is a smaller to mid-sized task for me.
If you want more information feel free to contact me. Just have a look in my user profile.
Sorry for the late answer, but I had some holiday since June started.
Best regards
Dominik Trui
Solution Consultant
IBSolution GmbH
Maybe you are looking for
-
So I'm having the old 32-bit/64-bit compatibility issues with Windows SIM. I have a Windows 7 64-bit PC (actually a virtual machine) that I intend to use to run Windows SIM and make answer files for 32-bit Windows 7 unattended installations. I've ins
-
I am receiving e.mails for my gmail account on my ipad but they are not coming to my iPhone 4s
I Am getting e.mails on my ipad to my gmail but they are not coming to my iPhone 4s
-
Trade in 4th gen to get a 5th gen?
my home button on my ipod broke so apple told me that i could get a new one and only pay 99.00. but would i be able to get a 5th gen instead and just pay extra?
-
Hello, Adobe Edge Inspect CC doesn't work properly (see the pic below): My System: Chrome: Nexus 5: What can I do for the solution of this situation?
-
1. I created a text area box in CS6 at 18pt and it seems to have automatically set the leading to 21.6. Does AI set the leading for all text automatically based on the font size and the font selected? Does the font designer set this so that the leadi