J2ee_admin no roles assigned.
Hi Gurus
I have instlled new SAP system with ABAP+java stack(AS ABAP, AS Java , EP) installation completed successfully. later i was able to login to the ABAP and Portal system to /irj/potal also. After that i did client copy for my working client .later i rebooted the system after shutting down the SAP. now i could not able to login to the JAVA system for J2ee_admin
the error it showing No portal roles are assigned to the user..unfortunately i dont have other users to login.
pl suyggest . how to assign the roles to the use
Thanks in advance
Regards
Balaji
Hi,
After installation,by default java will take all users from 001 client.
If you want to change it ..login to the config toll>go to offline configuration editor>cluster-data ->server -> cfg -> services -> dobule click propertysheet com.sap.security.core.ume.service
then change the parameter ume.r3.connection.master.client =<Client number>
If you don't have any users and if you want to activate super user in java...then chane the following parameters and restart the instance.
ume.superadmin.activated=true
ume.superadmin.password=<password>
Thanks & Regards,
Nagarjun.
Similar Messages
-
Need procedure for creation of BW Roles, Assigning Queries,Publishing Roles
Hi Experts,
Could you please let me know the procedure for creation of BW Roles, Assigning Queries,Publishing Roles in Business Explorer (BEx - BW 3.5)
Thanks in advance,
AndyHi,
Creating BW Roles
http://help.sap.com/saphelp_nw04/helpdata/en/52/6714b6439b11d1896f0000e8322d00/frameset.htm
Assigning Queries
After creating the query, save the query to a role from the query designer.
Publishing Roles in Business Explorer
https://websmp101.sap-ag.de/~sapdownload/011000358700002894802003E/HowToBIPortal1.pdf
Hope this helps you..!
-Pradnya -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
Role Assignment Discovery Issue for Files and Folders through Sharepoint REST services
To preface, I am a decided Sharepoint newbie in every sense. I am trying to use the Sharepoint REST services (Sharepoint 2013) to walk the folder and file structure of my Sharepoint server and, determine as I go, the Role Assignments (and subsequently
Permissions) on those folders and files. I'm using an Administrator credentials and I'm actually able to successfully do it but I've run into some caveats. All the caveats begin with this; when I'm examining a folder, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/ListItemAllFields
I receive either an empty list or an error response doc when following the link supplied for ListItemAllFields. When following that kind of link for folders, I either get:
<d:ListItemAllFields
m:null="true"
/>
or an error response document that says "The object specified does not belong to a list." When I hit the /ListItemAllFields endpoint for files, I receive a response with a link for Role Assignments which subsequently also works and I get the
info I need. So, is this a bug? Why does the link returned from Sharepoint work for files and not folders? So, google, google, google, and I discover that there is another possible way to get at the Role Assignments (and that the object does, indeed, belong
to a list!).
If I know the Title (or the guid) of the folder in question, I can use the following endpoint:
/_api/Web/Lists/GetByTitle('Development')
If I use that endpoint, I get the information I would have expected to get from following /ListItemAllFields and the subsequent Role Assignments links all work and I get what I need. If there's a bug and this is how I have to work around it, that's fine
but I have yet to discover how to dynamically determine the Title of a given folder nor am I sure if all Titles are supposed to be unique within a given Sharepoint server. I'm assuming that the folder name as represented in the server relative URL and the
Title may be different and this is where my newbishness may start to shine if I'm misunderstanding what a "List" is supposed to be in Sharepoint. Anyway, I did find that I could use the Properties endpoint to perhaps get the Title, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/Properties
gives me:
<d:vti_x005f_listtitle>Development</d:vti_x005f_listtitle>
whose value I assume I could then supply to the /GetByTitle endpoint and be golden. However, "vti_x005f_listtitle" just sounds a little too deep to be something I should be relying on but maybe that's kosher. That's part of what I'm trying to
find out. Also, if there is a way to use the Sharepoint REST API to discover the guid of a given object, then I could look it up in that way.
So, in summary:
1. Am I going about getting folder Role Assignment information in the wrong way? Based on the CSOM examples I've seen, I believe I'm doing it correctly and that the answer to #2 below is a resounding "Yes!" :)
2. Is it a bug if I'm not able to use /ListItemAllFields on folders using the server relative url?
3. If I'm supposed to use GetByTitle as a workaround, am I discovering that Title correctly through /Properties? Seems quite circuitous and awkward. Are Titles required to be unique throughout a given Sharepoint server?
4. If I'm supposed to use the guid, how can I use the REST interface to discover an object's guid? Once we get down to the Role Assignments and other links, the guid appears in those links but I don't know how to discover it independently if that's the
path I should use to get the data I described above.Upon further research, I'll answer my own question for the benefit of some other potential future newbie. The answer to question number 1 above is "Not exactly.". The server relative URLs I was using corresponded to lists (which are
returned as a collection through /_api/web/lists). I was treating them mentally like regular folders. That, coupled with the fact that accessing their data as I showed above returns a ListItemAllFields link, made me think that was the way to get
the Role Assignments just as I would for files and, as it turns out, "real" folders and sub-folders created under these lists. That was the other problem with thinking of these lists as regular folders. So, ListItemAllFields works on
all files and folders in a list. However, if you want Role Assignments for the lists themselves, you can keep track of the Titles and\or Guids from the /_api/web/lists that you're interested in (in my case, all non-hidden "document library"
type lists) and then access those Role Assignments as I discussed in questions 3 and 4 above. For example, from the /_api/web/lists collection from my test server, the "Development" document library Role Assignments are accessable via /_api/Web/Lists(guid'cd242eeb-aafa-4efa-aecc-9bbdf8e3d459')/RoleAssignments
or /_api/Web/Lists/GetByTitle('Development')/RoleAssignments. -
FPN - error trying to lookup object - remote role assignment not working
Hello everyone,
We have implemented a Federated Portal Network connection in our landscape between our portals.
We use only remote role assignment functionality.
Everything was working fine, but since 2 days we encounter the following error in the Default trace.
Error trying to lookup object: alias: <role name>
It is possible to open the producer portal in the Portal Content Administration and also searching for the Producer portal roles is possible in User administration. But when we assign the remote role the tab is not displayed in the portal only the above mentioned error is shown in the default trace. Our portals run SP 12 and BI Java SP14.
Is there a solution or workaround for this issue ?
MartinHi,
I have the same issue as you, I cannot see role tabs in Consumer portal and I get the same error in the defaulttrace as you.
What did you do to resolve this issue?
Many thanks
Gordon -
Report to see user type and roles assigned to users in EP?
Hi,
a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
b) If the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.By default Portal UME comes along with the installation of portal.
Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories. But you can also create users in the portal UME. The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
You can check them in user administration->identity management and search for the users.
THere you can see some users will be from UME and some from LDAP.
User Admin tool is nothing but User Administration only.
Raghu -
Mass Change for Indirect Role Assignment
Hi all,
I am in the process of changing the companys authorisations from a standard SU01 role assignment to a position based indirect role assignment.
At the moment I am using PFCG going to the Org Mg button under the User tab then attaching the position that way. Is there a way of assigning more than one role to a position at the same time?
Is there a Mass Assignment option in PFCG or is there a separate transaction available to make this process quicker??
Thanks for your help
Ianyou can mass-assign people and roles if you go to transaction PPOME instead of PFCG. to make role assignments from PPOME please apply note 578271 first. be careful whilst implementing this <insert nasty word here> note because some of those view-clusters tend to refuse to load your changes = you can see them, but they don't work - might be you will have to flush table buffers for the changes to take effect.
-
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
How to get the list of roles assigned to a user in all the child systems
how to get the list of roles assigned to a user in all the child systems from CUA SYSTEM
Try transaction SUIM in your CUA system. Go to user, cross-system information, users by roles. If you run it wide open, you'll get all users and all roles assigned for all systems managed in your CUA.
Krysta -
Role info not appearing once role assignment request is submitted from UI
Hi Everyone,
We have a strange problem in our project in IDM 7.2 SP8 where IDM role concept is used which contains privileges (could be role/profile) of backend systems.
Usually when ever a role (i.e IDM role) assignment request is submitted from UI, the activity with the associated info (like user details, role details, audit ID) should be stored in MXI_LINK table from where the info will be fetched and used in next stages of the processing
Even though the information is getting available for most of the cases for all users but some times for few users once the role assignment request is initiated from UI there is no info is getting available in MXI_LINK table corresponding to this activity which is strange.
Because of this problem even though user submits role assignment request no role info getting passed to IDM, set to pending state for the user which is getting meaning of user not submitted any role assignment request at all.
Can any one suggest what are the things that gets involved between these two steps and any troubleshooting hints are highly appreciable.
Regards,
Venkata BavirisettyIs this a situation you recreate at will? In other words, is it always happening on the same users? If so, you could put a trace on that user's account then try to add the role and see what that trace log shows. Additionally, you could just follow the links in the chain of the various tasks that kick off when you do a role assignment and check each task / job's job log and see what that tells you. There's got to be an error somewhere along the way that's preventing this from executing properly.
-
Hi everyone,
I am trying to assign different roles to different users for GRC - Risk Management 10.0; however it seems like standard roles don't have any affect on type of activity. I have maintained various levels of roles (e.g. risk owner, risk expert, risk manager, etc) using PFCG and assigned almost every role to the users; but it doesn't give them the authorization to create or edit anything, they can only display.
The only workaround for this was assigning a role with the authorization object GRFN_USER (with 02 Change value enabled) or assigning SAP_GRC_FN_ALL (Power user role which also contains object GRFN_USER). However this would allow users to do "anything" they want which obviously isn't what I seek.
I have tried changing customization options such as Maintain Custom Agent Determination Rules and Maintain Entity Role Assignment, it hasn't solved anything so far.
I urgently require your assistance on this issue. Thank you.
Regards,
SeckinHi,
I 'm facing same kind of problem.
Case 1:
I tried with:
Assigning users to group (abap role) which didn't worked.
Assigning UME Role to group (abap role) which worked. Then i assigned the user to the UME Role, but the user is not getting the backend authorizations.
Assigning the portal role to the group (abap role), then when i assiged a user to the abap role from R/3 automatically the user is getting the portal role.
How can i do the same from portal?
Case2:
While distributing the portal roles to the ABAP system (System Administrator -> Permissions -> SAP Authorizations), the status is showing as "Role transfer compleated". but when i checked from the R/3 transaction WP3R, there are no portal roles.
Why are the portal roles not getting transfered even though the status is green?
Mr.Chowdary -
How to Disply the List of Roles assigned to a selected user ?
Hi all,
I have a specific requirement to develope using Webdynpro. I want to programically display the list of roles assigned to a selected user. Could some one help me . I promise to award points for the solution.
Thank you in advance
Regards
MarutiHi Maruti,
Iterator rit = null;
try
IWDClientUser clientUser = WDClientUser.getCurrentUser();
IUser user = clientUser.getSAPUser();
rit = user.getRoles(true);
IRoleFactory rfact = UMFactory.getRoleFactory();
while (rit.hasNext()) {
String roleName = (String) rit.next();
IRole role = rfact.getRole(roleName);
}catch(Exception e)
e.getLocalizedMessage();
check this thread too
/message/1565111#1565111 [original link is broken]
Regards, Suresh KB -
OBPM 10gR3 Dynamic Role Assignment at user login
Hi,
For all the great integration with LDAP in 10gR3, unfortunately, the system is unable to deal with dynamically-defined LDAP groups.
Our goal is to apply a BPM Role to ALL humans defined in our LDAP.
All humans happen to already be defined by a dynamically-defined LDAP group called 'AllPeople'.
It would have been perfect if we could simply assign our BPM Role, 'Employee', to the LDAP group, 'AllPeople'. Sadly you can't (one for the next release pls).
So as a workaround, what we want to do instead is assign the BPM Role 'Employee' to each individual user dynamically when they first login.
Since the FDI library is useless outside of a BPM context (you'll find that some of the familiar methods of RoleAssignment are missing), We opted to create an actual BPM process to conduct role assignments, and we would then trigger it via PAPI.
The question then was, where/when do we invoke the process such that it does the role assignment quickly and soon enough for the appropriate views and applications to appear in their workspace straight after login?
We opted for a customised implementation of the SSOWorkspaceLoginInterface class.
However, we tried making the invocation in the setupAuthenticatedSession() and the processRequest() methods but, although the role assignment was successfully done in either case, sadly the user's session was loaded without the new changes - perhaps loaded quicker than the role assignment could be fed back through the directory.
Therefore, we dumped the invocation in the actual constuctor - and this seems to work for the most part. Yet on the odd ocassion, the role assignment is not quick enough to be realised in the user's workspace session - the user has to logout and back in before the changes are realised.
We've even tried to get the execution to sleep for a second or two, while the PAPI thread goes about doing the role assignment - again not much success.
So I really have 2 questions:
1. Where during login can we make a PAPI call to do a role assignment so that it should be picked up by the time the session is created? perhaps we already are doing it in the right place.
2. How could we refresh/request a new session cookie without explicitly logging out and back in again? Note, page refresh is not enough.
Thanks for reading.Sorry for the belated response - I don't get notified of replies.
The code for my custom SSOLoginModule class is:-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Properties;
import fuego.workspace.security.SSOWorkspaceLoginInterface;
import fuego.papi.Arguments;
import fuego.papi.CommunicationException;
import fuego.papi.InstanceInfo;
import fuego.papi.OperationException;
import fuego.papi.ProcessService;
import fuego.papi.ProcessServiceSession;
import fuego.sso.SSOLoginException;
import fuego.sso.SSOUserLogin;
import fuego.jsfcomponents.Util;
import fuego.workspace.model.common.WorkspaceApplicationBean;
public class CustomSSOWorkspaceLogin extends SSOUserLogin implements SSOWorkspaceLoginInterface {
private ProcessService pService;
private ProcessServiceSession pServiceSession;
private Properties properties;
public SSOWorkspaceDBLogin() {
//Do the role assignment here because it works, and does not work in the ideal location of setupAuthenticatedSession method
pService = createProcessService();
pServiceSession = createProcessServiceSession();
assignDefaultRole(Util.getHttpServletRequest().getRemoteUser());
private ProcessService createProcessService() {
return WorkspaceApplicationBean.getCurrent().getProcessService();
private ProcessServiceSession createProcessServiceSession() {
return pService.createSession("yourdirectoryusername","yourdirectorypassword",null);
//This method is used to remotely invoke a BPM process to do the role assignment - no external API to do this directly!
private void assignDefaultRole(String email) {
try {
String processId = "myRoleAssignmentProcessId";
String argumentName = "argumentName"; //the name of the input argument to feed in the participant
String argumentValue = email;
Arguments arguments = Arguments.create();
arguments.putArgument(argumentName, argumentValue);
InstanceInfo instance = pServiceSession.processCreateInstance(processId, arguments);
Long waitTime = new Long(1000);
Long timeLimit = new Long(5000);
boolean roleAssigned = false;
boolean timeLimitExceeded = false;
Long startTime = System.currentTimeMillis();
//Allow role assignment thread to complete
while (!roleAssigned && !timeLimitExceeded) {
try {
Thread.sleep(waitTime);
if (pServiceSession.processGetInstance(instance.getId()).isCompleted()) {
roleAssigned = true;
if (System.currentTimeMillis() - startTime > timeLimit) {
timeLimitExceeded = true;
} catch (InterruptedException e) {
e.printStackTrace();
//close process service session
pServiceSession.close();
//Do not close the service itself as it is shared with the Workspace itself!
//pService.close();
} catch (Exception e) {
e.printStackTrace();
public void setupAuthenticatedSession(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws SSOLoginException {
//Unfortunately, the below does not work here because the role assignment is not fast enough
//The result is that the user logs in but cannot see any applications because the role assignment has not been made in time.
//Therefore, we run the below statements from the constructor - ugly but functions.
//pService = createProcessService();
//pServiceSession = createProcessServiceSession();
//assignDefaultRole(httpservletrequest.getRemoteUser());
public void processRequest(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws SSOLoginException {
} -
Role Assignment date is not reflected properly
Hi All,
I have OIM 11.1.1.5.0 version installed on my machine. In it, whenever I create a new user and assign some role to him, the role assignment date is coming as the date on which the role was created in OIM setup and not the day on which the role was assigned to the user. I think there's something wrong here. Can someone please help me with the same? Not understanding what to check or how to proceed.
Thanks,
$idHi Nishith,
I checked the values of the usg_create in the usg table as suggested by you. And surprisingly it has the correct value in it. 20-DEC which was today. However in the self service profile page of the same user in the My Roles tab, the Role Assignment date is shown as 09 November. Can you please help me with whatever is wrong here?
Thanks a lot,
$id -
Another FPN Thread: Remote role assignment not working
Hi all,
We have successfully implemented FPN for use in our ESS and BW environment and we are experiencing very little problems with it. We now want to start implementing it for our eRecruitment and SRM systems (as producers). For some reason we are not able to use the Remote Role Assignement functionality.
We have set up trust for the systems and use SSO.
Connection test for the producer is successfull.
We can see the Producer content in the pcd on the consumer.
Server times are the same.
As far as I know I have correctly set permissions on producer and consumer.
Possible cause: We are in the process of upgrading our consumer Portal to NW 7.0 SPS15 and have encountered some problems. The system is partially upgraded, so some components are SP15 and some others are still SP13. This is currently under investigation by SAP. Can this be an issue as our producer portals all are still on SP13?
I hope to hear from you soon. Please ask if you need any screenshots. Thanks in advance.
Best regards,
Jan LarosHi Jan,
if remote role assignment not works, you can also use remote delta links. I only work with remote delta links because i have more options and a better performance.
If your connection works you can go to Content Administration ->Portal Content-> NetWeaver-Content-Producer. Hier you can see your remote system. Now you can copy the role and add it to your portal-content.
If you can not see the content make sure that you have the same user on both sides also check the premissions on the portal-content of your remote system. To test the connection it is easier to add Everyone group to the content of your remote system.
regards,
Sharam
Maybe you are looking for
-
How to copy files from a color classic w/broken floppy drive to an i-book ?
How to copy files from a color classic w/broken floppy drive to an i-book ? I have a Coplor Classic with a system 7. There is no ethernet on color classic. The floppy drive is dead. I need some important files I have on the color classic... How do I
-
Report takes long time to loadq
Hello, I am a developer and have to analyse the behaviour of CR concerning a certain report: It takes about 7 seconds to load this report into the designer and I am wondering, what could cause this delay. Just to make sure: I am not talking about ren
-
RowSetIterator not returning all the rows
Hi, We have a use-case where we need to create a new row iterator to insert rows(values) in it. Immediately after insertRow(), we are reading the values by creating a secondary row set iterator (createRowSetIterator) but it is not returning all the i
-
Fix for cannot connect to iTunes store
I have been working on this problem (iTunes for Windows) since April 2012 and finally got it working. I have gone through all the suggested "advanced" trouble shooting procedures with no luck. I even tried opening a work order with them which was a w
-
I need to change the "from" address (the "add to addressbook" address) in the first line of emails that I send so that people reply to my email alias not the address where my emails originate. How do I do this?