Filtering Role Content by Attributes

Similar Messages

• Filtering role and workset content

  Hi All,
  We have the requirement for filtering role and workset content, for that I have followed one sample example from below sdn blogs link
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/3367e690-0201-0010-d285-c69bd884c9f3
  I want to do the same for the departments also,  can you guys please guide me how it can be done.

  Hello,
  Can you guide me on the same.
  Thanks & Regards,
  Pravin

• Does idm support maintenance of access manager's group/role/filtered role

  The xml of Access Manager Realm Resource Adapter has object types group, role and filtered role with object feature list,create, update and delete. Does that mean with the adapter installed, we can make use the idm to maintain the access manager's group/role/filteredrole? Is there any customization/configuration needed in order to provision these features in idm?
  Thanks,

  1. The AM agent can return ldap attributes after authentication. What you can do is use Sun Directory Server Proxy to provide a virtual view of both LDAP and your DB to AM.
  2. Sun Role Manager is a tool for role mining and attestation, ie it helps with compliancy verifications which is required by many businesses these days. Sun Identity Manager does not need Sun Role Manager if you just want to provision roles for your users, however, as it appears to be the case in your envirionment, the roles created by IDM are exported to SRM for compliance verifications.

• Can I map iwtUser-role to an attribute in external LDAP???

  Hi,
       I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

  Block off the default role if you don't want anyone going into that role but only
  the ones defined. You can do this by setting the filter to a value that will return
  nothing. (example, title=nonexistant), since the search filter will not return
  results, no one will be placed in that role (otherwise have to manually go into that
  role and 'move' users).
  Hope this helps,
  Manon
  Siva kancheti wrote:
  Hi,
  I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

• Distinct count of role-played dimension attribute

  Needed distinct count of AccountGroup attribute of AccountB dimension which is a role played dimension of Account.
  Added measure distinct count of the dimension attribute (AccountGroup). In dimension usage added the main fact table as intermediate for other dimensions with many2many relationships.
  The two role played Account dimensions must be related to the new AccountFact table with fact relationship.
  But then how will I be able to count distinct attribute of
  certain Account dimension (out of the two role played dimensions)???
  Namnami

  Thanks for the links, they are useful. But still they do not explain how to manage a distinct count of
  certain role played dimension attribute. 
  I gave up on this and added that dimension attribute to the fact table so now I do a regular distinct count on a cube fact measure. 
  Thanks
  Namnami

• Policy Subjects: No filtered roles found in sub organisations?

  Hi!
  I just tried to add a filtered role in a suborganisation to a policy's subjects. But to my dismay I found that only filtered roles in the base organisation are shown. A quick look into the ldap logfile shows that a search for filtered roles is indeed done only with scope base.
  Is this by design or a mistake? Is it possible to change this or do I have to create referral roles for all suborganisations??
  Thanks, Chris

  Infos about BRFplus:
  - [BRFplus Book|http://www.sap-press.com/products/BRFplus-%E2%80%94-Business-Rule-Management-for-ABAP-Applications.html]
  - SD[SDN Page|http://www.sdn.sap.com/irj/sdn/nw-rules-management?rid=/webcontent/uuid/90754865-f283-2b10-6d9f-b10f3c28c3a0]
  - [Online Training|http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/media/uuid/50879cee-f9b5-2e10-039e-b2d6c4b10e6b]

• Any Content-Type attribute is interpreted as "charset"

            WL 6.1 sp 2
            I have a servlet that set the Content-Type of the response to something like "application/*;name=blabla".
            According to the http/1.1 spec that should be fine.
            However, WL seems to interpret any Content-Type attribute as if it were "charset".
            In the example the attribute is "name" and the result is an exception saying that
            the encoding "blabla" cannot be found and the default encoding will be used.
            Is that a (known) bug?
            Here is a stack trace:
            <05.06.2002 13:18:24 CEST> <Error> <HTTP> <[WebAppServletContext(7200375,myWebApp,/myWebApp)]
            Unsupported encoding: "null" specified. Using the default encoding.
            java.io.UnsupportedEncodingException: "blabla.txt"
            at sun.io.Converters.getConverterClass(Converters.java:107)
            at sun.io.Converters.newConverter(Converters.java:138)
            at sun.io.CharToByteConverter.getConverter(CharToByteConverter.java:67)
            at weblogic.servlet.internal.ChunkOutput.create(ChunkOutput.java:99)
            at weblogic.servlet.internal.ChunkOutputWrapper.changeToCharset(ChunkOutputWrapper.java:46)
            at weblogic.servlet.internal.ServletResponseImpl.setEncoding(ServletResponseImpl.java:734)
            at weblogic.servlet.internal.ServletResponseImpl.setHeader(ServletResponseImpl.java:581)
            at weblogic.servlet.internal.ServletResponseImpl.setContentType(ServletResponseImpl.java:248)
            at com.bla.MyServlet.handleFileDownLoad(MyServlet.java:219)
            

  This has been fixed for 610sp3 already. One off patches are available for
            610sp1 and 610sp2.
            Contact support if you need one. CR061782 was used to track the CR.
            --Vinod.
            "Dimitri I. Rakitine" <[email protected]> wrote in message
            news:[email protected]...
            > Yup, it looks like a bug, but, thankfully, it appears that WebLogic just
            prints out
            > the exception stacktrace and doesn't consider this as an error - client
            still gets
            > back the correct response:
            >
            >
            > HTTP/1.0 200 OK
            > Date: Thu, 06 Jun 2002 18:47:49 GMT
            > Server: WebLogic WebLogic Server 6.1 SP2 12/18/2001 11:13:46 #154529
            > Content-Length: 7569
            > Content-Type: application/*;name=blabla
            > ...
            >
            > Alexander Bunkenburg <[email protected]> wrote:
            >
            > > WL 6.1 sp 2
            >
            > > I have a servlet that set the Content-Type of the response to something
            like "application/*;name=blabla".
            > > According to the http/1.1 spec that should be fine.
            >
            > > However, WL seems to interpret any Content-Type attribute as if it were
            "charset".
            > > In the example the attribute is "name" and the result is an exception
            saying that
            > > the encoding "blabla" cannot be found and the default encoding will be
            used.
            >
            > > Is that a (known) bug?
            >
            >
            > > Here is a stack trace:
            >
            > > <05.06.2002 13:18:24 CEST> <Error> <HTTP>
            <[WebAppServletContext(7200375,myWebApp,/myWebApp)]
            > > Unsupported encoding: "null" specified. Using the default encoding.
            > > java.io.UnsupportedEncodingException: "blabla.txt"
            > > at sun.io.Converters.getConverterClass(Converters.java:107)
            > > at sun.io.Converters.newConverter(Converters.java:138)
            > > at
            sun.io.CharToByteConverter.getConverter(CharToByteConverter.java:67)
            > > at
            weblogic.servlet.internal.ChunkOutput.create(ChunkOutput.java:99)
            > > at
            weblogic.servlet.internal.ChunkOutputWrapper.changeToCharset(ChunkOutputWrap
            per.java:46)
            > > at
            weblogic.servlet.internal.ServletResponseImpl.setEncoding(ServletResponseImp
            l.java:734)
            > > at
            weblogic.servlet.internal.ServletResponseImpl.setHeader(ServletResponseImpl.
            java:581)
            > > at
            weblogic.servlet.internal.ServletResponseImpl.setContentType(ServletResponse
            Impl.java:248)
            > > at com.bla.MyServlet.handleFileDownLoad(MyServlet.java:219)
            >
            > --
            > Dimitri
            >
            

• Message filters vs Content Filters

  Differences:
  1. Message filters occur earlier in the email pipeline than content filters. Message filters before the email goes into the workqueue. The content filters occur inside the workqueue.
  2. Message filters are currently only administered from the command line. Content filters can be administered from both the CLI and the GUI interface, however, the GUI interface is the recommended mehtod.
  3. Content filters have an inbound and an outbound set of content filters, depending upon the direction of the message. That is, whether it's a relayed email (outgoing content filters) or inbound mail(inbound content filters). Message filters on the other hand, are autmoatically applied to both inbound and outgoing traffic, unless you lock it down to a specific listener. If you only have one listener, you may need to differentiate your flow of traffic by sendergroups or something else.
  4. Message filters and content filters can pretty much have the same conditions and actions. However, message filters allow for if-else conditions, so they are more robust.
  5. You can use message and content filters in unison. For example, use a message filter to insert a custom header that you content filter can key off of. However, this does not work the other way around. You cannot insert a custom header in the content filter and have the message filter key off of that info. Due to the way the email pipeline is set up, message filters come first, then content filters.
  6. Easy of use: content filters are a bit more intuitive and user-friendly. message filters are more advanced, so it has a bigger learning curve.
  7. Content filters used with customized incoming or outgoing mail policies allow you to splinter messages. Splintering messages allow you to split messages up by recipients. Message filters don't allow splintering and are applied to the entire message.
  AsyncOS User Guide: Content Filters Overview
  https://support.ironport.com/docs/c_series/4.6/HTML_4.6_Compilation/AsyncOS_4.6_User_Guide/AsyncOS_4.6_User_Guide-12-3.html
  AsyncOS User Guide: Message Filters
  https://support.ironport.com/docs/c_series/4.6/HTML_4.6_Compilation/AsyncOS_4.6_Adv_User_Guide/AsyncOS_4.6_Adv_User_Guide-09-2.html
  AsyncOS User Guide: Email Pipeline
  https://support.ironport.com/docs/c_series/4.6/HTML_4.6_Compilation/AsyncOS_4.6_User_Guide/AsyncOS_4.6_User_Guide-09-2.html

  Actually, I just did a test on this and your point is half correct.
  It's not the content filter that does the splintering, it's either the incoming or outgoing mail policy that does the splintering.
  For example, if you only have one Default outgoing policy and an outgoing content filter that drops the mail if the destination is @yahoo.com.
  If you sent in a test email with two recipients: [email protected] and [email protected]
  Then the entire message would get dropped since there was only one Default outgoing policy.
  However, you can allow for splintering if you had additional custom policies.
  For example,
  1. gmail-recipients
  2. yahoo-recipients
  3. Default policy
  In that case, your test email would split into two separate emails and then you could have the content filters apply to each separately.
  You are correct that message filters apply to the entire message and does not allow for message splintering.
  However, content filtering, message splintering is only applicable if you have additional custom policy, either inbound or outgoing.
  So, in additional to the requirement of mutliple recipients, you also need multiple policies, otherwise, have multiple recipients and only one Default policy will affect the entire message also.
  Thanks for the attention to detail.
  You've missed one of the biggest differences...
  Message filters act on a _message_. Content filters act on a message/recipient pair.
  If a message is only going to a single person then there's not any difference, but if a message is addresses to multiple people then the message filter will take the same action for all recipients, whilst the content filter will split ("splinter") the one message into multiple messages, with one (or possibly more) recipients each, and then act on each individually.

• Filtered Role

  Can filtered role be used to filter users in the external ldap.
  I hav added another datastore in access manager which is also used for authentication of users. Now i want to create a role for making policies. It is not possible to select individual users as the number of users is very high.
  So i created a filtered role. But this filter role in not filtering users from the external ldap, its applying filter only on users listed in the AM's ldap.
  Any suggestion for doing it?
  Thanks in advance

  Other LDAP just means Sun DS running on a separate machine, other than the Sun DS used by AM for its own DIT.
  The AM is running in realm mode.
  I couldn�t find the Access Manager Patch 1 on sun download site. Can you please provide me the URL?
  I am getting the option of �Filtered Role� in Access manager but as posted in earlier in this thread, the filtered role in unable to filter users from the external ldap. The filter is only applied to the users which are there in AM DIT. I want to apply the filter on the users which are there in the �external ldap� added through data store.
  Hope I am clear with my problem.
  Please advice.
  Thanks

• Exchange 2013 SP1 EDGE role content filtering ?

  Hello,
  Have Exchange 2013 SP1 with CU5 with antispam enabled on mailbox role server. And i wonder if i deploy 2013  Edge role, will i get more granular content filter control, like there is in Office 365? For example: i want to treat empty messages as not
  spam.
  I have read that control of Edge server is done ONLY by powershell. So if edge role is deployed, still there is no content filter control in ECP (like in office365) ??

  Hi,
  The Content Filter agent assigns a spam confidence level (SCL) rating to each message. The SCL rating is a number between 0 and 9. A higher SCL rating indicates that a message is more likely to be spam.
  Based on my knowledge, I'm afraid we can't filter the empty messages and treat them as not spam.
  Here is an article about content filtering in Exchange 2013 for your reference.
  Content Filtering
  http://technet.microsoft.com/en-us/library/bb124739(v=exchg.150).aspx
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Belinda Ma
  TechNet Community Support

• Error in viewing role contents after Business package import

  Hi All,
  We have implemented Business Package for Course Administrator and got the role 'Training Administration' in our portal.
  When we navigate to the role, we get an error -
  Portal runtime error.
  An exception occurred while processing your request. Send the exception ID to your portal administrator.
  Exception ID: 06:48_06/02/09_0061_53421850
  Refer to the log file for details about this exception.
  The log file has following entry for this exception ID:
  06:48_06/02/09_0062_53421850
  [EXCEPTION|https://forums.sdn.sap.com/]
  #1#com.sapportals.portal.prt.runtime.PortalRuntimeException: Exception in
  SAP Application Integrator occured: Unable to parse template [IF_true PROCESS_RECURSIVE|https://forums.sdn.sap.com/]>&<Authentication> &amp;&lt;DynamicParameter[PARAMETER_MAPPING PROCESS_RECURSIVE|https://forums.sdn.sap.com/]>&<ForwardParameters[QUERYSTRING|https://forums.sdn.sap.com/]>&<
  ApplicationParameter[PROCESS_RECURSIVE|https://forums.sdn.sap.com/]>&\#39;;
  the problem occured at position 310. Cannot process expression &lt;System.client&gt;
  because Invalid System Attribute: System:&amp;\#39;SAP_LocalSystem&amp;\#39;,
  Attribute: &amp;\#39;client&amp;\#39;
  Also, we are not able to preview the iView.
  I have checked related SAP Note - 890314 - EP on NW 2004s - Central Note for EP-PIN-AI and I see the entries for these errors. However the note mentions that it has been fixed in higher 04S SPs and we are anyway using NW 701 SP3, which is a higher release.          
  Could anyone give any clue on what configuration in case if we are missing?
  Regards,
  Anagha

  Hi
  For this Role, Check the iViews it Has.
  In those iViews , Check the System Property.
  Make sure the System Mentioned there points to valid Server.
  Regards
  Rajenrda

• Using table filters with transient VO attributes

  Hi,
  I have a the following use case and I cannot seem to find a valid solution on my own without falling into deep depression and/or psychotic delirium. Anyway, I'm sure there's a solution and that it's pretty simple, and hopefully someone here will know it.
  Let say I have a read-only VO with two attributes bound to the SQL query, namely Prefix and Suffix, as well as a transient calculated attribute named Compound formed of both the Prefix and Suffix separated with an hyphen.
  Now I want to bind that VO to an af:table supporting filters, showing only Compound column as Prefix and Suffix alone doesn't make much sense to the end user. I therefore use Compound as the sortProperty. For sorting, I was able to enforce correct logic by overriding the VO's getOrderByClause and setOrderByClause methods. For findMode, an old solution proposed by Steve involving overriding createViewCriteria with a custom class extending ViewCriteria that needs to override createViewCriteriaRow works. However, the filter capability of the table seems to use something different involving ViewCriteriaItemValue. Although I would be able to create a different instance when a criterion is created for the Compound attribute, but even if I do, I don't know how to split that value into two columns afterward. I guess I could create three linked values when the compound filter value is created, but it seems complicated. Best would be to hook the method returning the list of ViewCriteriaItemValue during the where clause creation, but then again, the data binding layer use that to detect what filters are applied and output the table accordingly so I cannot really remove the compound value at that point either. I could also override the getWhereClause I guess. Another solution, the simplest, would be to put the compound value in the SQL query, but I find that option appalling as it shouldn't be the database responsibility. If there's no other option I guess that what I'm going to do however.
  Anyone can shred any light on that issue?
  Regards,
  ~ Simon

  Hi Peter,
  Although it's not exactly what I need, I can indeed build a solution from that. Then again, it wouldn't be my first choice as it doesn't respect a correct separation of concerns (I guess I'm a purist). A listener is a view/controller layer entity and I would have preferred to hide the fact that the VO Attribute is a composition of two others to that layer. I would really have liked a pure model layer solution. That being said, I prefer the queryListener option to the Database one.
  Thanks,
  ~ Simon

• Role content different from one AS to another after a role transport

  Dear all,
  I have a trouble after a simple role transport in the production system. The PROD system is built with one CI and 5 AS. (System ECC 5.0 kernel 6.40)
  After a transport role, the changes are not replicated on all aplication servers in PFCG. For ex. once connected on the Application Server 1, the TC CK11 is well added to the role Z_Role; but when I'm connected on the AS 2, the content of the role Z_Role is different (the TC CK11 is absent).
  Is someone have an idea?
  Thanks,
  Fabrice

  Sounds like a bug, or there are some buffers which are corrupted.
  Is this a very large role, or do the users have other very large roles?
  I will move this to the NW Admin forum first, to see what they think of it - as I suspect that it is a server administration difference between the appservers.
  Cheers,
  Julius

• Role naming PK attributes

  Is there a way to get inherited attributes role named based on either a relationship or a subtype?
  Example: Physician is a subtype of Person. PK (Natural Key) of Person is First Name and Last Name. Physician Patient is a child of Physician and inherits the PK from Physician/Person. Would like it to be Physician First Name and Physician Last Name, rather than just First Name and Last Name (since the Patient will have the same columns for its key).
  Example 2 (relationship based role): Recursive relationship on Employee to Manager. PK of Employee is Emp Id. Want to role name the FK attribute/column to be Manager Emp Id
  Related - is there a way to get the table name (or short name) to prefix all the column names during forward engineering? Thought there was but can't find it.
  Thanks!

  Hi Kent,
  I logged enhancement request on that.
  Related - is there a way to get the table name (or short name) to prefix all the column names during forward engineering? Thought there was but can't find it.There is no such option in forward engineering to relational model. However if you define "Short name" for entity it'll be transferred as table abbreviation. Then you can run one of transformation scripts delivered with the product - "Table abbreviation to column".
  There is also a transformation script that removes table abbreviation from columns.
  Philip

• XSLT : Change element content to attribute

  Hi:
  I'm new to XSLT and am confused.
  I'm trying to place images in InDesign from FileMaker 12 generated XML files.
  I can't export the image containers, so the best I can get out of filemaker is the following XML for images:
  <href>file:///images/A772.pdf</href>
  What I'd like is:
  <a href="file:///images/A772.pdf"></a>
  So I can import them into Indesign.
  How do I convert the <href> content to an href attribute of <a> using XSLT?
  Thanks,
  Cam

  <href> is an element tag within your XML, it is not the same as the HTML attribute for an anchor element tag.
  When XSLT sees the <href> element it will use the value within that element which is as it stands now file:///images/A772.pdf
  This now brings up a question in my mind, What does a .pdf file have in common with an image?
  If it is an image that you are trying to show then the value of the <href> element should show that as in
  <href><img src="/image/A772.pdf" alt="myImage"></href>
  If it is a link that you want to show, then the value should be as follows
  <href><a href="/image/A772.pdf">A772.pdf</a></href>
  Gramps