How reusable is a security role

Can I copy one from one org to another? More specifically, since the set of custom entities don't match, am I creating a problem or opportunity for collision by copying a security role from one org to another? Are custom entities managed by
guid or entityTypeCode within the security role?

I've just done a test and managed to import a role that was controlling access to an entity present on the origin CRM but not present on the destination CRM. the import went though without errors. the role was created on the destination, but the role's
settings for the custom entity disappear. So, even if that may not break the system, it Can cause confusion. Specially if you are moving across DEV, TEAST and PROD systems. Not a good practice.
I Hope I could help. If I have answered please mark as 'Answer'. If was just helpful, please vote. Thanks and happy coding! Bruno Lucas, http://dynamicday.wordpress.com/

Similar Messages

How to get the security-roles ?

Hi,
How can I get the security-roles defined in my web.xml ?
I have looked for a method in the request, and in the context, but I can't find something that would return a String[] with the roles available in the web-app.
Any ideas ?
H.

Just a stab in the dark, but what about getInitParameterNames() ?
It returns an Enumeration of String.
Although, I did not check to see if it returns the <security-roles>
Short of that, I would think you could use SAX, or something like it, to parse web.xml.
Just a thought, feel free to correct me.
S.

How to create a security role to delegate package creation and deployment?

Hi,
I am new to SCCM 2012 and I would like to delegate packaging and deployment based on an AD container and user. For example, I have a US-SCCM-Admin account created in the US OU in Active Directory. I also have computers in the US Computers OU in AD. I am
not sure what settings I need so that the US-SCCM-Admin account only has rights to create and deploy packages to the US OU and no where else? I added US-SCCM-Admin security group from AD to the "Administrative Users" group in SCCM. But now I need
to configure a role for this group but I am not sure which one to copy or import? I tried copying the "Application Deployment Manager" role and renaming it appropriately but when I login to SCCM as this user, they dont have the option to create or
deploy packages? Does anyone have a simple step by step on this or explanation on what to do to delegate package creation and deployment based on the user in an AD group? TIA

The Application Deployment Manager role is only allowed to deploy an already existing application. You would have to use the
Application Administrator role instead.
Torsten Meringer | http://www.mssccmfaq.de

How to get security roles

Hi All,
I want to know how to get the security roles which we configured in adfsecurity.
Regards,
Smaran

Hi,
to get all roles associated with the current user, try
SecurityContext secCtx = ADFContext.getCurrent().getSecurityContext();
String[] roles = secCtx.getUserRoles();
To get access to the roles defined on the system (not user specific) then this requires OPSS access. The JavaDocs are here:
http://download.oracle.com/docs/cd/E17904_01/apirefs.1111/e10686/toc.htm
From the top of my head. this is how get access to the JPS context to query system resources.
JpsContextFactory jpsfact = JpsContextFactory.getContextFactory();
JpsContext jpxCtx = jpdfact.getContext();
IdentityStoreService store = jpxCtx.getServiceInstance(IdentityStoreService.class);
... from here on I have no further hint without trying it myself. However, I hope I go you started
Frank

Need Security Roles Material

Hi Guys,
Can anybody tell how to create & maintain security roles in SAP BW & security role administration in Business Objects 3.x.
Some material with screen shots describing step by step process of creation & maitainence will be helpful.
Thanks,
yogitha

Hi,
Some links which can help you in giving some idea.
http://help.sap.com/bp_bw370/documentation/Authorization_BW_Proj.pdf
http://www.sap.com/germany/about/company/revis/pdf/DS_Leitfaden_BW_en.pdf
http://www.mariewagener.de/files/active/0/Sicherheitsleitfaden_SAP_BW.pdf
http://aninda-gupta.com/sapsecuritypages/topics/sap-bw-security/
Hope it helps

Security roles in the OC4J

Hi.
How do I insert security roles into my ejb, and my application server, and then use it???
Thanks
Oded Hasidi

Your question was not clear. Please look at EJB Developers Guide for more about Roles and Users and how to use this in principal.xml. If you want to use JAAS then please look at the services guide. These are located in the following page http://otn.oracle.com/tech/java/oc4j/documentation_preview.html
regards
Debu Panda
Oracle

How to setup the security based on roles in Organization.

Hi,
How to setup the security based on roles in Organization.
For example:Few users are Manager and a few user are Non Manager .Manager should have access to all work data including Non Manager and Non Manager should access based role.How to setup this? How OBI server identify the user role?
kindly let me know.
Regards.,
CHR

Hi,
You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
Hope this will solve your problem.
Regards
MuRam

How to use security roles in Weblogic server?

Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.

You should read the security information in the Servlet 2.2 specification
that WL 5.1 implements:
http://java.sun.com/products/servlet/download.html
Chapter 11 deals with declarative and programmatic security, and includes a
section on roles:
11.4 Roles
A role is an abstract logical grouping of users that is defined by the
Application Developer or
Assembler. When the application is deployed, these roles are mapped by a
Deployer to security
identities, such as principals or groups, in the runtime environment.
A servlet container enforces declarative or programmatic security for the
principal associated with
an incoming request based on the security attributes of that calling
principal. For example,
1. When a deployer has mapped a security role to a user group in the
operational environment. The
user group to which the calling principal belongs is retrieved from its
security attributes. If the
principal's user group matches the user group in the operational environment
that the security
role has been mapped to, the principal is in the security role.
2. When a deployer has mapped a security role to a principal name in a
security policy domain, the
principal name of the calling principal is retrieved from its security
attributes. If the principal is
the same as the principal to which the security role was mapped, the calling
principal is in the
security role.
Cameron Purdy
http://www.tangosol.com
"Hari" <[email protected]> wrote in message
news:[email protected]..
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.

How can I know the security role of the logged in user

When you design an enterprise bean or Web component, you should always think about the kinds of users who will access the component. For example, an Account enterprise bean might be accessed by customers, bank tellers, and branch managers. Each of these user categories is called a security role, an abstract logical grouping of users that is defined by the person who assembles the application. When an application is deployed, the deployer will map the roles to security identities in the operational environment.
But wondering when I log into my application with some user name and password (specified in my Oracle database),wondering how this works with the security role I created .How does J2EE know the security role of the logged in user.
Thanks
Manohar

shet wrote:
role at run time.
When I login say as "manju" and password as "money" then how does it know that this user belongs to this security role.Is that the j2ee administrator has to say that user manju has this this security role.Programmitically how does it really work.I am confusedThe j2ee implementation assigns the roles using the JAAS module you have configured for your application on your application server. different JAAS modules get roles in different ways. many allow a single static role to be assigned using a config file. if using a database, often there will be configuration to specify additional database fields which specify the role for a given username.
At runtime, a developer can test roles using methods like EJBContext.isCallerInRole().

How to assign possible agents at security role / CAG level?

Hi Experts, How to assign possible agents at security role / CAG level?

Yes, that's exactly what I'm talking about. In your task maintenance, goto additional data -> agent assignment -> Maintain
Click on th task, click on the assign button. Choose object type 'Role', enter role.
Cheers,
Mike

How to list principals in the security role?

Does anybody know how to list principals assigned to a security role programmatically?
The role assigment is specified in weblogic.xml files for web applications and
weblogic-ejb-jar.xml files for EJBs.
Any help would be much appreciated,
Margaret

I think it's not possible. However, what you can do is to assign a role to a
group (this relationship being statically defined in weblogic.xml) and then
manipulate the group membership in order to assign users to the role on the
fly.
"Margaret Oberc" <[email protected]> wrote in message
news:3b127763$[email protected]..
>
Does anybody know how to list principals assigned to a security roleprogrammatically?
The role assigment is specified in weblogic.xml files for webapplications and
weblogic-ejb-jar.xml files for EJBs.
Any help would be much appreciated,
Margaret

How do I map declared security role to an actual operational one?

Hello,
Suppose I have created few security roles at the ejb-jar.xml file of my J2EE application using:
<security-role>
<role-name> managers <role-name>
</security-role>
Our portal is connected to our LDAP server so the WAS contains all the groups it has over there.
My question is: How do I actualy map the security role I declared at the deployment descriptor (manager) to an actual group in our organization?

Hi Roy,
Are you familiar with thishttp://help.sap.com/saphelp_nw04/helpdata/en/1a/733e401b21e801e10000000a155106/frameset.htm ?
Best regards, Maksim Rashchynski.

How Does The security-role Mapping Work?

          I am studying the security part of the deployment descriptor. I am confused about
          how the mapping works.
          Suppose we have
          <security-role>
          <role-name>manager</role-name>
          </security-role>
          and
          <security-role-ref>
          <role-name>FOO</role-name>
          <role-link>manager</role-link>
          </security-role-ref>
          My first question is when a client of the servlet supplies a name for authentication,
          the name supplied should be FOO or can be, say, John Smith?
          Then, according to the Servlet Specification, a security role is a logical grouping
          of users defined by the Application Developer
          or Assembler. When the application is deployed, roles are mapped by a Deployer
          to principals or groups in the runtime environment.
          My second question is how deployer maps the role, say, manager, to principals
          or groups in the runtime environment?
          Thanks in advance.


          Thanks a lot, Udit.
          "Udit Singh" <[email protected]> wrote:
          >
          >Hello,
          >The role-name is mapped to principals or gruops based on the security-role-assignment
          >entrires in weblogic.xml. Let us say you have a role-name FOO and you
          >want to
          >assing this role to users John and Mark. You need to make this entry
          >in weblogic.xml-
          ><security_role_assignment>
          > <role-name>FOO</role-name>
          > <principal-name>John</principal-name>
          > <principal-name>Mark</principal-name>
          > </security_role_assignment>
          >
          >so now actually the user need to supply John or Mark as user name at
          >the time
          >of authentication . Hope it helps.
          >
          >Udit
          >
          >
          >"[email protected]" entrance wrote:
          >>
          >>I am studying the security part of the deployment descriptor. I am confused
          >>about
          >>how the mapping works.
          >>Suppose we have
          >><security-role>
          >><role-name>manager</role-name>
          >></security-role>
          >>
          >>and
          >>
          >><security-role-ref>
          >><role-name>FOO</role-name>
          >><role-link>manager</role-link>
          >></security-role-ref>
          >>
          >>My first question is when a client of the servlet supplies a name for
          >>authentication,
          >>the name supplied should be FOO or can be, say, John Smith?
          >>
          >>Then, according to the Servlet Specification, a security role is a logical
          >>grouping
          >>of users defined by the Application Developer
          >>or Assembler. When the application is deployed, roles are mapped by
          >a
          >>Deployer
          >>to principals or groups in the runtime environment.
          >>
          >>My second question is how deployer maps the role, say, manager, to principals
          >>or groups in the runtime environment?
          >>
          >>Thanks in advance.
          >>
          >>
          >>
          >

How to get security roles in a JSF portlet

I need to get the LDAP user-roles available in the Sun Portal Server 7 in my JSF-168 portlet.
I've added the mapping file, updated the portlet.xml and web.xml, deployed the portlet (psconsole). But the portlet shows the "content not available" error with javax....title title.
I've probably messed up the descriptors, but I don't see what is wrong. Here they are:
roleMaps.properties
cn\=VSM.Administrator,dc\=neco,dc\=cz=Administrator
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4">
<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>server</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.CONFIG_FILES</param-name>
    <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.validateXml</param-name>
    <param-value>true</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.verifyObjects</param-name>
    <param-value>false</param-value>
</context-param>
<filter>
    <filter-name>UploadFilter</filter-name>
    <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
    <init-param>
      <description>
          The maximum allowed upload size in bytes. If this is set
          to a negative value, there is no maximum. The default
          value is 1000000.
        </description>
      <param-name>maxSize</param-name>
      <param-value>1000000</param-value>
    </init-param>
    <init-param>
      <description>
          The size (in bytes) of an uploaded file which, if it is
          exceeded, will cause the file to be written directly to
          disk instead of stored in memory. Files smaller than or
          equal to this size will be stored in memory. The default
          value is 4096.
        </description>
      <param-name>sizeThreshold</param-name>
      <param-value>4096</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>UploadFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet>
    <servlet-name>ExceptionHandlerServlet</servlet-name>
    <servlet-class>com.sun.errorhandler.ExceptionHandler</servlet-class>
    <init-param>
      <param-name>errorHost</param-name>
      <param-value>localhost</param-value>
    </init-param>
    <init-param>
      <param-name>errorPort</param-name>
      <param-value>25444</param-value>
    </init-param>
</servlet>
<servlet>
    <servlet-name>ThemeServlet</servlet-name>
    <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
</servlet>
<servlet>
    <description>Generated By Sun Java Studio Creator</description>
    <display-name>CreatorPortlet Wrapper</display-name>
    <servlet-name>VSMPortal</servlet-name>
    <servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
    <init-param>
      <param-name>portlet-class</param-name>
      <param-value>com.sun.faces.portlet.FacesPortlet</param-value>
    </init-param>
    <init-param>
      <param-name>portlet-guid</param-name>
      <param-value>VSMPortal.VSMPortal</param-value>
    </init-param>
</servlet>
<servlet-mapping>
    <servlet-name>ExceptionHandlerServlet</servlet-name>
    <url-pattern>/error/ExceptionHandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>ThemeServlet</servlet-name>
    <url-pattern>/theme/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>VSMPortal</servlet-name>
    <url-pattern>/VSMPortal/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file>faces/null</welcome-file>
</welcome-file-list>
<error-page>
    <exception-type>javax.servlet.ServletException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<error-page>
    <exception-type>java.io.IOException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<error-page>
    <exception-type>javax.faces.FacesException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<error-page>
    <exception-type>com.sun.rave.web.ui.appbase.ApplicationException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<jsp-config>
    <jsp-property-group>
      <url-pattern>*.jspf</url-pattern>
      <is-xml>true</is-xml>
    </jsp-property-group>
</jsp-config>
     <security-role>
          <role-name>Administrator</role-name>
     </security-role>
</web-app>
portlet.xml
<?xml version='1.0' encoding='UTF-8' ?>
<portlet-app xmlns='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd                         http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' version='1.0'>
     <portlet>
          <description>Created By Java Studio Creator</description>
          <portlet-name>VSMPortal</portlet-name>
          <display-name>VSMPortal Portlet</display-name>
          <portlet-class>com.sun.faces.portlet.FacesPortlet</portlet-class>
          <init-param>
               <name>com.sun.faces.portlet.INIT_VIEW</name>
               <value>/Uctarna.jsp</value>
          </init-param>
          <expiration-cache>0</expiration-cache>
          <supports>
               <mime-type>text/html</mime-type>
               <portlet-mode>VIEW</portlet-mode>
          </supports>
          <supported-locale>en</supported-locale>
          <portlet-info>
               <title>VSMPortal</title>
               <short-title>VSMPortal</short-title>
               <keywords>Creator</keywords>
          </portlet-info>
          <security-role-ref>
               <role-name>Administrator</role-name>
               <role-link>Administrator</role-link>
          </security-role-ref>
     </portlet>
</portlet-app>If I don't use the security-role and security-role-ref tags, the portlet works, and the isUserInRole method obviously doesn't.

Nobody uses the LDAP roles in a portlet? Anybody knows other thread discussing similar issue (I can't find anything)?

How can I limit/control the addition of auth. objects to security roles?

Checking the authorization object S_USER_VAL it seemed that it grants the ability to limit the addition of authorization objects, but I tried using a test ID in sandbox along with a test role, removing the object, creating ranges in order to limit to a certaing type of auth. objects and didn't work. S_USER_AGR will give me access to limit which type of roles I can modify, but I'm looking to restrict the addition of specific security objects to security roles. If anyone knows the answer to this please share! Thanks in advance for your help!!!!
Edited by: Armando Salas on Nov 29, 2011 7:41 PM

Hi Armando,
Try with auth.obj. S_USER_AUT. A suggestion. Search this objects with tcode SU24, for instance, for tcode PFCG and it gives a list with objects.
I hope this helps you
Regards
Eduardo

How reusable is a security role

Similar Messages

Maybe you are looking for