A question about role

Similar Messages

• Question about role query

  Hi all,
  I have created a rolequery and i made it as PUBLIC.
  But when i go to fieldmapping and then selected the rolename radio button and when i tried to see the list in drop down box, i could not see my rolequery.
  Did i miss anything?
  Let me know if you do not understand the question.
  Please help me.
  Thank you.

  Hi,
  In order to be able to select the rolequery in the dropdownlist, you have to create a new role. Preferably you copy an existing role, based on another existing rolwquery and name it like your rolequery.
  When the role is created, add your role query to the role on the workflow routing page of the role. When this is done the role query will appear in the drop down list.
  Kind regards,
  Joris Verdonschot

• Question about Roles And priviledges

  I have designed my database and i have generated the ddl script. Now I want to design or somehow to create the system roles and system priviledges for every role.
  for example:
  CREATE ROLE DOCTOR;
  GRANT SELECT ON DOCTOR TO DOCTOR;
  So is there any way to do that from Enterprise manager or jdevelopper gui? Can I generate the dcl script somehow?

  aa8a14cf-4c39-4940-8315-e35d47cccb28 wrote:
  I know which roles and system privileges should be created. How am i gonna create them and generate the dcl script?
  You've been shown two variants on how to have "sql write sql" to create a script.  We assumed you know how to use sqlplus to run a script, and in this case to spool the output of the script we showed to create the script you want. (That was covered in my commend "I leave the details as an exercise for the student")
  Since you wanted a script we also assumed NOT using a GUI.  Live by the GUI, die by the GUI.
  But since it seems our assumptions were false ...
  Log on with sqlplus and do the following:
  set echo off feedback off verify off head off trimsp on tab off lines 512 pages 0
  spool doit.sql
  select 'grant '||privilege||' on '||owner||'.'||table_name||' to '|| role||';'  from ROLE_TAB_PRIVS WHERE ROLE='DOCTOR';
  spool off
  edit doit.sql
  After examining and doing a sanity check on 'doit.sql', you just execute it in sqlplus ..
  sql> @doit

• Question about Role.

  Hi
  I create a Role A. and add some pages to it.
  structure like this:
  RoleA
  .......FolderA
  ..............PageA
  ..............PageA1
  ..............PageA2
  .......FolderB
  ..............PageB1
  ..............PageB2
  I hava two user A,user B
  now i want userA can only access RoleA and FolderA(include pages),
  userB can  only  access RoleB and FolderB(include pages).
  How i config permissions ?Please help me.
  Thansk.
  Fan

  Hi Fan,
  In your structure there is no Role-B. You have not created the Role-B. If You have create the structure like below then you can give the access the way you want.
  Role-A
    |.......FolderA
               |..............PageA
               |..............PageA1
               |..............PageA2
  Role-B
    |.......FolderB
               |..............PageB1
               |..............PageB2
  Assign the Role-A to User-A and
                   Role-B to User-B
  I hope this will fulfill your requirement.
  Thanks,
  Satya

• Question About Roles for the viewonly user

  Hi I am trying to configure user with viewonly permissions to WLI 10.3 worklistconsole (worklist console-> view tasks). i did add the following groups to the user.
  Monitors
  Operators
  Integration Monitors
  Integration Operators
  Integration users
  i am able to start/stop servers (Admin Server,ms1 and ms2) but unable to view worklist console tasks.
  Any help will be appriciate
  Thanks
  Ksr
  Edited by: ksr11 on May 24, 2010 3:01 PM

  Recycle domain fix the problem

• A question about users assigned roles extraction

  Dear all,
  I have a question about users assigned roles list extraction. I need the list of the users who have already been created along with their assigned roles. According to what I found on Google, there is a table named AGR_USERS which provides the roles assigned to each user. Yet, this table provides only the SAP ID of each user along with the assigned roles. What I need more is to have also the first name and second name of each user.
  So, do you know any table providing at least the following information:
  1) First name of each user
  2) Second name of each user
  3) SAP ID of each user
  4) All assigned roles to each user.
  NOTE: I really need to have first name and second name in separate columns
  Thanks in advance,
  Dariyoosh

  >
  Shekar.J wrote:
  > Agr_users for the user ID and role assignments
  > USR02 to check the validity of the User ID
  > and USER_ADDR for the first name and last name
  >
  > You can create a Table join of the above 3 tables to retrieve the data you require
  Thanks to you and others for your attention to my problem
  I don't know anything about ABAP programming, is there any transaction allowing to create this join? As it seems to me the column "UNAME" in the table "AGR_USERS" and the column "BNAME" in the table "USER_ADDR", both refer to the SAP ID of the user. As a result the condition of the join would be "WHERE (UNAME = BNAME)", is there  any transaction/programme allowing to create this join?
  Thanks in advance,
  Dariyoosh

• Question about the order to creating Account, Contact, Contact Role

  Hi, my friends,
  I have some questions about the order of creating Account, Contact, Contact Role, etc in Web Service 1.0. I could create them in the following case:
  1. Insert Contact object and get contactId (now new contact exists in CRMOD)
  2. Insert Account object with Contact Role child associated with contactId
  My questions are:
  1. Do we have the following order? Insert new Account with new Contact child and Contact Role child (Contact is new and does not exist in CRMOD).
  2. Looks like system need accountId, contactId, etc to make the objects relationship. Is there other field having the same function?
  Thanks
  Ray

  Hi Ray,
  In response to your questions:
  1. Do we have the following order? Insert new Account with new Contact child and Contact Role child (Contact is new and does not exist in CRMOD).No. Both the Account and Contact must already exist. The Role value is an attribute on the Account Contact relationship, this relationship must exist in order to assign a role value to it. This is consistent with the behaviour of the UI, when you press the New button on the Contact child applet, you are taken to the Contact New page where you can create a Contact record. Once you save, the relationship is created but you cannot assign a role value unless you click the Edit Roles link next to the new Contact.
  2. Looks like system need accountId, contactId, etc to make the objects relationship. Is there other field having the same function?Correct, the system needs to know which Account/Contact pair is being assigned a role value. To do this the Account and Contact values must be uniquely identified using the Id values for each.
  I hope this helps.
  Thanks,
  Sean
  Edited by: Sean Duffy on Jan 25, 2010 10:11 AM

• Follow-up question about forms and SharePoint Online

  I asked a question about life after InfoPath earlier, and got a good answer:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/fb23b3d9-8a09-4267-aab5-09929f6a3082/life-after-infopath-seeking-advice
  After looking at all of the limitations of SharePoint Online, I'm wondering how developers are dealing with the limitations. Lets say you are asked to develop something that has complex logic, including fetching data from external web services, dynamically
  displaying parts of a process to people depending on role, and ending up with a printable document. In our on-premises environment, InfoPath is well suited to this task, with some code behind for some things. Or, if not using InfoPath, we would use application
  pages and workflow.
  Neither of those are available in SharePoint Online, so what would you do?

  Some things, such as the conditional display of content, can be done via JavaScript. More advanced items, such as integrating external web services would likely require a SharePoint "app". A SharePoint app is essentially a link to a separate site
  that is running an asp.net web app (or PHP, or whatever). This asp.net site can do anything it needs with any web services, or conditional formatting, or anything. Because it's registered as a SharePoint app, it can also call back into the SharePoint site
  and work with data. So, a SharePoint App could present the user with a robust form that simply sends the data back to a SharePoint list. The SharePoint app can also be surfaced on the SharePoint site itself in an iframe, so the user won't know that the form
  is hosted by another server.
  By the way, the ideas behind the app model permeate the entire SharePoint environment: instead of having the SharePoint server itself run all kinds of custom business logic, that workload is handled by other servers, so the SharePoint servers can be focused
  on running the core bits of SharePoint. InfoPath puts a large load on the servers, so it's out.  XSLT list views also put a load on the server, so they're also out. SSRS is an amazingly fantastic tool, but is not supported in the cloud (and there's no
  alternative). Timer jobs, event handlers, workflow, and many other things have been re-architected to take the load off the SharePoint servers.
  Mike G.

• Question about Kurts comments discussing the seperation of AIA & CDP - Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy - Kurt L Hudson MSFT

  Question about the sentence in bold. What is the meaning behind this comment?
  How would you separate the role of the AIA and CDP from a CA subordinate server? I can see where I add a CES and CEP server which has those as well, but I don't completely understand his comment. Because in this second step, (http://technet.microsoft.com/en-us/library/tlg-key-based-renewal.aspx)
  he shows how to implement CES and CEP.
  This is from the guide located at: http://technet.microsoft.com/library/hh831348.aspx
  Step 3: Configure APP1 to distribute certificates and CRLs
  In the extensions of the root CA, it was stated that the CRL from the root CA would be available via http://www.contoso.com/pki. Currently, there is not a PKI virtual directory on APP1, so one must be created.
  In a production environment, you would typically separate the issuing CA role from the role of hosting the AIA and CDP.
  However, this lab combines both in order to reduce the number of resources needed to complete the lab.
  Thanks,
  James

  My concern is, they have a 2-3k base of xp systems, over this year they are migrating them to Windows 7. During this time they will also be upgrading hardware for the existing windows 7 machines. The turnover of certificates are going to be high, which
  from what I've read here, it worries me.
  http://blogs.technet.com/b/askds/archive/2009/06/24/implementing-an-ocsp-responder-part-i-introducing-ocsp.aspx
  The application then can go to those locations to download the CRL. There are, however, some potential issues with this scenario. CRLs over time can get rather large
  depending on the number of certificates issued and revoked. If CRLs grow to a large size, and many clients have to download CRLs, this can have a negative impact on network performance. More importantly, by
  default Windows clients will timeout after 15 seconds while trying to download a CRL. Additionally,
  CRLs have information about every currently valid certificate that has been revoked, which is an excessive amount of data given the fact that an application may only need the revocation status for a few certificates. So,
  aside from downloading the CRL, the application or the OS has to parse the CRL and find a match for the serial number of the certificate that has been revoked.
  With the above limitations, which mostly revolve around scalability, it is clear that there are some drawbacks to using CRLs. Hence, the introduction of Online Certificate
  Status Protocol (OCSP). OCSP reduces the overhead associated with CRLs. There are server/client components to OCSP: The OCSP responder, which is the server component, and the OCSP Client. The OCSP Responder accepts status
  requests from OCSP Clients. When the OCSP Responder receives the request from the client it then needs to determine the status of the certificate using the serial number presented by the client. First the OCSP Responder determines if it has any cached responses
  for the same request. If it does, it can then send that response to the client. If there is no cached response, the OCSP Responder then checks to see if it has the CRL issued by the CA cached locally on the OCSP. If it does, it can check the revocation status
  locally, and send a response to the client stating whether the certificate is valid or revoked. The response is signed by the OCSP Signing Certificate that is selected during installation. If the OCSP does not have the CRL cached locally, the OCSP Responder
  can retrieve the CRL from the CDP locations listed in the certificate. The OCSP Responder then can parse the CRL to determine the revocation status, and send the appropriate response to the client.

• Question about ERMS push

  Hi Guru,
  I am prototyping the ERMS push solution in CRM7 and have some questions about the solution SAP help provided.
  Below is the detail about ERMS push:
  Here the e-mail is first handled by the e-mail pull mechanism: it is converted into a
  SAPoffice mail and analyzed by ERMS to find out more details about the mail (like language and certain keywords).
  Then the mail (including the additional information from the ERMS analysis) is transferred to the
  CMS (Communication Management Software). The CMS determines the appropriate agent team and
  dispatches the mail via the push process to an available agent of that team.
  Below is the sap help link:
  http://help.sap.com/saphelp_crm70/helpdata/EN/0e/6a22b86821468691bd5abb51dfd81e/content.htm
  I have below questions about the solution in the help link:
  1. It mentioned about the email profile (set the agent inbox as email provider) and I changed the u201Cdefaultu201D profile delivered by sap. I setup the rule policy according to the help and assigned it in the service manager profile. The purpose of ERMS push is to push email to CMS instead of sending to agent inbox using ERMS. Which business role should this email profile be assigned to? Is it IC_agent?
  2. The help also mentioned about setup u201CERMS_ACTIONu201D as communication system ID in CRMM_BCB_ADM. Does this ID need to be added in the CMS profile? If so, which business role should this CMS profile be assigned to? Is it IC_Agent?
  3. The ERMS uses workflow WS00200001. After the email is pushed to CMS, what status should the workflow be, in progress or complete? Also does it suppose to have agent assigned in the workflow task?
  4. After the CMS pushes the email back to CRM, it will be a pop up for agent to accept or reject. Will it create an interaction record once the agent clicks the accept?
  It would be great if you could shed some light on this.
  Thanks in advance!
  Zhi Jie Kong
  Edited by: Zhijie Kong on Apr 28, 2011 4:32 PM
  Edited by: Zhijie Kong on Apr 28, 2011 4:47 PM

  Hello Zhijie,
  Let me see if I can help address some of your questions.
  1) It doesn't matter which business role you use. You can copy IC_AGENT for example. The important thing is, as Mariusz mentions in this thread, [ERMS email push: problem with CAD and transfer;,your E-Mail profile must be set for E-Mail Provider = 2 (Agent Inbox).
  2) No, this ID itself does not need to be added to any business role (as I assume it is hardcoded in the SAP workflow as Mariusz mentions).
  3) From what I remember, the ERMS Push emails are not set to complete by the system, and therefore can still get inadvertantly routed to agents! I recommend to have a second rule in your Rule Modeler policy to route the ERMS Push emails to a special, separate queue where you can close them out easily without worrying about them getting assigned to any agents!
  4) Yes, the email will arrive like a phone call with the accept/reject buttons flashing (though it will show as an email, not a phone call). And yes, when the agent accepts an Interaction Record will be created by the system automatically.
  I hope this helps you!
  Regards,
  John

• Questions about Access Manager tutorials available in netbeans site

  Hi
  Thank you for reading my post
  I have some questions about two tutoral which i find in :
  http://www.netbeans.org/kb/55/amsecurity.html and
  http://www.netbeans.org/kb/55/amsecurity-liberty.html
  here is my problem :
  we have some web services, now we want to have authentication applied for consumer who try to access our web services.
  we need to have most possible flexibility because we may deploy the server for a customer with an already established Identity database ( Database Table with user details)
  Also we need to have Transport level security using SSL.
  I read and studied both of them and now i have some questions :
  -I think Securing Web Services Using the SAML or UserNameToken is what we need for authentication and autorization of web service consumers?
  is that right?
  -Does Sun Java System Access Manager provide flexibility to authenticate user/password with a database table content?
  -How we can apply roles in Sun Java System Access Manager when we authenticate users ?
  Thanks

  Imagine that we want to have an end to end security for our web services
  we thought that we could use message level encryption to protect the soap message and also we should protect our web services from un-authenticated acess,
  we will use userName token for this.
  Our customer has large database which contains many user/password and role of those users.
  some of web services should be available to higher role (manager) and not for all users.
  so we should check a user role before we allows him/her to access a web service.
  my question is whether Sun Access manager can help us with this? or there are other configuration or packages that we should apply to have this feature.
  to explain more :
  our client side is a swing application, users enter username/password to login into system. after they loged in, we send user/pass every time user want to request some data from some services. (is it good to send user/pass every time?)
  We want Sun Access Manager to handle users authentication .
  We also need to handle role related authorization, can Sun access manager handle this?
  Thanks

• 2 question about GPU and Lens correction ,cs5

  Hi
  i have 2 questions about Gpu and lens correction in Cs5
  1)Filter->lens correction->search online
  i get often and almost every connection time out at the first click on search online , at the second click i get no online profile
  is it normal?
  2) question is about Gpu
  it run faster , but talking about ajustament layer
  like saturation or vibrance for example
  i found with the gpu on , a light slow refresh compared with gpu off
  i have set cache  levels 6 ,history 20
  i guess are the defaul
  well i add a saturation layer and move the saturation slide ,increase o decrease saturation
  with Gpu Off , the changes are immedially , i mean i can see in real time the increase o decrease of saturation
  with Gpu On it takes a few(very few) time more
  again is normal ?
  don't be angry , i'm going to buy cs5 and i'm unsecure ... the price make a big role
  thanks

  For what it's worth, I also see a timeout on the first [ Search Online ] click, after about half a minute delay.  Second click turns up results immediately.  This happens each time Lens Correction is started, even without restarting Photoshop, and in both 32 and 64 bit versions.  Also note that I started with one profile listed by default (though from the wrong camera) for my 40D with 28-135 zoom.
  I alsow noticed that I was seeing progress bar activity in the Lens Correction dialog while I was typing this (even though Lens Correction was NOT the active window) every time I hit the 'L' key.  Strange.
  Windows 7 x64.
  -Noel

• Question about permissions in portal content

  Hi all,
  I'd like to ask you guys a question about permissions given to pages in the portal content (EP 6.0).
  When a user accesses a page that contains an iView (for example one for a Web Dynpro, or for a BSP), and the page permissions are correctly set for the user (or a group the user is member of), everything works fine and the user can see and use the application contained in the iView.
  If the Page has no permissions set and the user tries to access this page, an empty page appears instead and the "Detailed Navigation" column appears on the left.
  I know I should not let the user see the link to the page he is not authorized to use (this is done managing the roles given to the user), but I'd like to know from you if it is possible to show a message like "unauthorized user" instead of the empty page that appears.
  Can you also tell me how to keep the "Detailed Navigation" column hidden on the extreme left?
  Thank you for any hint you can give to me.
  Lorenzo

  Hi Lorenzo,
  a way how you might go ahead and hide or show content for specific user groups is via roles merging (see documentation <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/53/89503ede925441e10000000a114084/content.htm">http://help.sap.com/saphelp_nw2004s/helpdata/en/53/89503ede925441e10000000a114084/content.htm</a>
  In essence, this means that you create for example 2 roles (A and B): A contains some content everyone can see, B more secure content for another group. You merge those 2 roles via a merge ID - and if a user has both roles, he sees the content in this workset with all the navigation options. If somebody only has role A, he will only see this content.
  Maybe this is someting that could help with you considerations (always depending on the number of items that are affected, this might be a useful way, or leading to too much confusion, because you have too much different roles).
  Best regards
  Jana

• Several questions about Application Security

  Hello,
  I have several questions about Application Security and perhaps I need a few tips...
  I have a lot of users in a few groups which have access to my application! And the different groups should have only access to their pages.
  In my application I use trees to navigate through the application.
  So my idea is that i display different trees for the different user groups and restrict the user to access the URL....so the user can only see and contact "their" pages.
  I know how to create the logic behind the trees, but how can I create the restricted URL access...
  The "No URL Access" in the Session State Protection can not be used, because I use a lot of links in reports and HTML regions.
  Is there another way to solve that?
  But I am unsure if that is a "good" solution for my problem!
  What do you think about that?
  Am I going to do that too complicated?
  Could that be done by authentication or authorization?
  (By the way, I do not understand the differences between authentication and authorization. Can anyone help?)
  I would be glad for any reply!
  Thank you,
  Tim

  Hey Arie and Scott,
  thank you for your quick reply!
  Now I understand the context around authorization and authentication...
  I try the Access Control List and I think that is a very nice feature! Really good!
  But now I am wondering, how I can create more privileges?
  So that I have a few "end-user-roles" and then I can choose who have access to a page and who not!
  Does anybody know how to do that?
  Thank you,
  Tim

• Less dumb follow-up question about super/sub classes in WDJ?

  This is a follow-up question to the question which Maksim answered in this thread:
  Dumb question about super/sub classes in WDJ
  Question:
  Is there any kind of weird C++-like statement that you can put at the top of a WDJ module to force the module to interpret any reference to superclass A as a reference to some specific subclass B of A ???

  David,
  1. Java has no preprocessor, so C++ tricks are not available. Also I would not recommend such tricks even in C++ if you don't want to turn your colleagues working with same code into personal enemies.
  2. The phrase "easier to create a WDJ custom class loader " makes me smile. First, it's not that simple to interfere WDJ class loading scheme. Plus custom class loaders is not trivial Java topic per se.
  3. The problem "replace all A-s with B-s" is typically solved using one or another GoF creation patterns, like <a href="http://en.wikipedia.org/wiki/Abstract_factory_pattern">Abstract Factory</a> or <a href="http://en.wikipedia.org/wiki/Factory_method_pattern">Factory Method</a>. You may use them with custom class loader, if you really want to
  By the way, all UI controls in WD are created using Abstract Factory (role played by view). So you may use this as good example.
  Valery Silaev
  SaM Solutions
  http://www.sam-solutions.net