ACE: Read users under a particular User Group
Hi Experts,
We have a requirement, in which we want a particular view to be displayed only to few particular users, who are present in some Custom Defined ACE User Groups.
Can someone please provide me with the Function modules/ Coding part, by which i can get all the users of a particular User Group of ACE (say 'ZCRMADMIN' in our case), that we define in SPRO->Basic Functions -> ACE.
Thanks in advance,
Rohit
Hello, Rohit!
First of all read these blogs:
The concept and implementation of CRM-ACE
Configuration & Implementation of CRM Access Control Engine (ACE)-Part 1
Then in this blog there are code samples:
Configuration & Implementation of CRM Access Control Engine (ACE)-Part 2
If you will steel have any questions, post it here, I'll try to help you.
Best regards,
Artur Litvinov.
Similar Messages
-
Create User under a particular organization
Hi,
After running reconciliation i need to create the UNMATCHED users in IDM under a particular organization.
I have configured the reconciliation policy to create the user in IDM.
By default it is creating the user under Top organization. But i need to create it under a particular
organizantion without using a custom post reconciliation workflow.
Can anyone of you experts suggest?
Edited by: jjIDM on Feb 4, 2009 11:15 PMHi,
You have to set proxy administrator in Reconcillation Policy and assign a form to that proxy admin.
u have to write this code in that form which you have assigned to proxy admin.
<Field name='waveset.backgroundSave'>
<Display class='Hidden'/>
</Field>
<Field name='waveset.organization'>
<Expansion>
<block trace='true' name='kkkkkkkkkk'>
<s>Organization Name</s>
</block>
</Expansion>
</Field>
Then run your reconcillation Process from the Proxy Admin.
Edited by: negiqueries on Feb 5, 2009 7:49 AM -
How to find out the cost of SAP user for a particular user id
Dear All,
I got one issue like how to find out the cost of SAP user, i mean for a particular user id.
Could you please advice me regarding this.
RaghuHello Raghu,
I got one issue like how to find out the cost of SAP user, i mean for a particular user id.
Could you please advice me regarding this.
I think you need to reach out to BASIS consultant to check out the Cost involved for User ID for the SAP application.
Regards,
Sarthak -
Making a transaction read-only for a particular user status
Hello,
I have a requirement wherein I need to make an opportunity read-only if it is saved with the user status set to 'Lost'. I tried setting the 'Forbidden' flag for 'Change Document' for this status but the problem is that the transaction gets locked even before saving it.
I have a 'Reason' field where I have dropdown values for the 'Lost' status. But when I try to select a reason, error message appears as: 'no changes possible in document'.
Is it possible via configuration to have the transaction locked only after it is saved with user status 'Lost' and not immediately on setting the status?
Regards,
Aditya Mishra2 ways to achieve it...
1. the document editing can be controlled based on its status i.e. standard auth objects exist to control so that user is not able to make changes with this status.
2. implement BADI CRM_ORDER_AUTH_CHECK
put your logic to check the document status and accordingly reutrn FALSE if you do not want user to open it in edit mode.
hope this helps.
rgds -
How to get list of Users under an Auth Group (for executable Programs)?
Hi experts. I have a requirement to get a list of all users under a particular Auth Group for Program Objects.
Goal of this requirement is to identify the users allowed to use/access a program - we're doing some sort of Program Inventory and we'd like to identify the users per program, via the Auth Group.
So question is: Which tables hold data about Program <-> Auth Group <-> Users, and how are they linked?
I know this is Basis/Security stuff, but I was thinking of developing a report program to output the information needed.
Thanks in advance.
Edited by: George Esquerra on Nov 17, 2011 10:24 AMThis is available in the standard via tx SUIM - user - users by complex selection criteria - by authorization values.
If you enter auth object = S_PROGRAM and value = auth group, you will get the list of users.
You can analyse how this program finds the information and incorporate it into your own logic.
Thomas -
How to get all users under an organizations?
Hello everyone.
Just want to know if anyone knows how to get all users under a particular organization.
From the Search User form, I found they may kind of user such attribute conditions:
MemberObjectGroup
is in
XXXX(organization)
But unfortunately, the "is in" is not a valid AttributeConditionOperator, so besides using "recursive" self-written function, anyone knows any possible buit-in trick?Here is my solution:
<Rule'>
<RuleArgument name='organization'/>
<RuleArgument name='context'/>
<block>
<defvar name='orgs'>
<new class='java.util.ArrayList'/>
</defvar>
<invoke name='getChildObjectGroupNames'>
<invoke name='getObject' class='com.waveset.ui.FormUtil'>
<ref>context</ref>
<s>ObjectGroup</s>
<ref>organization</ref>
</invoke>
<ref>orgs</ref>
</invoke>
<append name='orgs'>
<ref>organization</ref>
</append>
<invoke name='getUsers' class='com.waveset.ui.FormUtil'>
<ref>context</ref>
<map>
<s>conditions</s>
<list>
<new class='com.waveset.object.AttributeCondition'>
<s>MemberObjectGroups</s>
<s>in</s>
<ref>orgs</ref>
</new>
</list>
</map>
</invoke>
</block>
<MemberObjectGroups>
<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</Rule> -
Create users under Administration Server Create user and Refresh users options are disabled
We have installed and configured 11.1.2.2 successfully, Essbase in standalone mode.
When we try to create users under Administration Server Create user and Refresh users options are disabled. Please let me know how to create EAS users?
Thanks,
Satheesh.Please find below response.
1.You can create users from EAS console using maxl, if you have not externalized the users .
When we create using Maxl it will create for 'ESSBASE Servers' users but we want to create additional administrator users under 'Administrator Services' --> 'Users'. At the moment default 'Admin' users is created under 'Administrator Services' --> 'Users'.
2. you have installed your essbase in a stand -alone mode , then the option of creating users will be enabled and you can give appropriate provision to applications.
Yes. But the create users is disable for Admin.
3. Through which url are you accessing EAS console is it http://Servername:19000/workspace/index.jsp ?
http://prod-server:10080/easconsole/console.html
Please suggest. -
UI elements not being displayed for a particular user
Hi,
I designed two i/p fields and text view for the same in a view. All are static UI elements and no visibility property is set.
This view is displayed as a popup when i press the button in the main view.
This is working fine for all the users in production except for one user.
This particular user is able to see only one input field and the corresponding text view.The other i/p element is missed here.
The whole component is displayed in a portal as a tab with other components in the adjacent tabs.
Please help me out to resolve this issue.
Is this problem is related to webdynpro abap? or
Is this a portal issue?
Regards,
Bala.Hi balamurugan ,
may be check the user setting for the User id .
right click on the view click user setting . and check whether he hide that button .
look at the pic.
http://i46.tinypic.com/x3cyf9.jpg
If any UI element is made invisible it will show the option invisible elements .
you can restore it .
http://i46.tinypic.com/2vjpraf.jpg
Regards
Chinnaiya P
Edited by: chinnaiya pandiyan on May 28, 2010 4:59 PM -
Group name in which a particular user is member
Hi all,
I would like to be able to get the group name in which a particular user is a member.
I have created 2 groups: CHEFS and EMPLOYEES.
The Chefs are members of both groups. The "normal" Employee is the member only of EMPLOYEE group.
I have the navigation plsql portlet. And I would like to enable any links of this portlet only for chefs. At default these are disabled.
Now I make it with the function get_user_group:
=========================================
create or replace function get_user_group
v_username IN VARCHAR2,
v_groupname IN VARCHAR2
return boolean
as
var_groupname varchar2(50);
begin
select upper(name)
into var_groupname
from portal.wwsec_group
where id in (select group_id from portal.wwsec_flat
where person_id in (select id from portal.wwsec_person
where user_name=upper(v_username)))
and name=v_groupname;
return true;
exception
when no_data_found then
return false;
end;
=====================================
But the user needs DBA privileges to select on the tables of PORTAL-User.
I don't want to give this privileges to user.
Is there any other way to get the usergroup?
Regards
Leonid PavlovThere are portal API's that look like they would do exactly what you are asking for. Take a look at the wwsec_api functions, specifically, is_user_in_direct_group or is_user_in_group in http://portalstudio.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/PDK/PLSQL/DOC/PLDOC_9026/D:/PDK/pdkjuly/pdk/plsql/doc/pldoc_9026/index.html.
These API's are specific to 9.0.2.6. You'll have to ask someone who knows other versions if you are running something else. -
Check user belongs to a particular sharepoint group in sharepoint 2013 designer workflow
Hello, How to validate a user belongs to a particular sharepoint group in sharepoint designer 2013 workflow.
You can make a REST call from workflow to determine if a user belongs to a group.
REST API reference and samples
Calling the SharePoint 2013 Rest
API from a SharePoint Designer Workflow
This post is my own opinion and does not necessarily reflect the opinion or view of Slalom. -
Authority Check at the T.Code level for the user in particular User Group
Hi Friends,
I have created a ZREPORT and assigned this report to a ZTRANSACTION CODE.
Need to give Authority Check at the T.Code level for the user in particular User Group.
I have searched in SCN, but not get suitable pages.
How to solve this?
Regards,
Viji.Hi Viji.
Saha way is actual way for authority tcode but user authority in TCODE:- SE38 he/she can run report(ZREPORT) wise program is run is no authority check.
Another way is you have also check authority in program level.
DATA: T_ROLE_USERS TYPE STR_AGRS OCCURS 0 WITH HEADER LINE.
INITIALIZATION.
CALL FUNCTION 'ESS_USERS_OF_ROLE_GET'
EXPORTING
ROLE = 'ZROLE'' " Role define
TABLES
ROLE_USERS = T_ROLE_USERS.
READ TABLE T_ROLE_USERS WITH KEY UNAME = SY-UNAME.
IF SY-SUBRC NE 0.
RETURN.
ENDIF.
Thanks & Regards
Rahul -
Migration Assit , PC to MAC - The migration was successful, but I don't know where the files are. It says they're under a different user, 'owner' . I tried to access via sys pref/system/users&groups, but it asks for a password for owner which I don't have. What must I do to access my files?
My experience is with MS PC's I'm new with the MAC Book Pro.Then, see if this works:
Mac OS X 10.6 Help- If you forget your administrator password
If you are running Lion or Mountain Lion you may need to do the following to access the same utility:
Boot to the Recovery HD:
Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.
When the menubar appears select Terminal from the Utilities menu. Enter resetpassword at the prompt and press RETURN. Follow instructions in the dialog window that will appear.
Or see Reset a Mac OS X 10.7 Lion Password and OS X Lion- Apple ID can be used to reset your user account password. -
Need to query on all enabled computer accounts that have a particular user account present in the local Administrators group.
Ldap query is best, because not all our machines have SCCM client
Thanks for any help you can provide. LisaYa, I have 41800+ computer accounts in my directory. I think that option is not feasible :) Thanks for your reply.
I can use SCCM to do this too, but only for those that the client is running on and which are online. Thanks again.
Hope is not all lost; a scripting solution is still possible. The difference is instead of running a central script to pull info from all computers, you let the computers report back to you with the info.
If I were you, I'd do the following:
1) Create a file share and adjust the permissions so that "Domain Computers" have "Modify" Permissions.
2) Create a script similar to the 2nd link I posted above, with a bit of adjustment: at the end of the script, write the information to the file share created in (1), and name the file
ComputerName.txt
3) Use Group Policy Preference Scheduled Task to deploy the script, and make sure it only runs once.
4) Happily wait for the results to come back :)
The main benefit of this approach is you're not restricted by the computer connectivity at the moment you run the script. This is especially true if you have many mobile computers in your environment. Just wait for a reasonable time (they all need
to come back to the mother ship once a while don't they?) and the results will show up in the file share you created.
Cheers. -
IS IT POSSIBLE TO RESTRICT A PARTICULAR MATERIAL GROUP FOR A USER
Hi Gurus,
I want to know whether it is possible to restrict a particular material group for a particular user.
e.g Material Group : 101
User : ADMIN
Our requirement is that the user should not be able to select material group 101 in
any stock related transactions. e.g MB5B, MB51, etc.
Thanks
AmolHi Amol
You ca try Tcode OMT3E where in u can maintain settings relatesd to Users.
Regards -
How to make available certain features available to a particular user group in APEX.
Hi
I am trying to make available certain features like (updating/viewing some fields) to a particular set of users. Our requirement is to use SSO for signing in. So when a particular user logs in she/he will be allowed to update or view only certain fields depending on the job role or designation.
E.g If an analyst logs in she/he would not be able to edit certain fields. Those should appear to her/him as read only.
I would appreciate if a step-by-step guide is provided using APEX since I haven't done any such things earlier.
Regards
Saumyadip Sarkar.Powershell (or vbscript if you want to be old school).
You can trigger a powershell script which will remove the offending user(s) easily enough with out resorting to a TOLDAP pass. Nearly any script type thing would work but powershell is preferred. It can be triggered separately from the TO AD stuff and will take multiple objects to run in one pass if you can construct the command line (or create a text file and feed it in).
Otherwise, TOLDAP is the way to write to AD...
Peter
Maybe you are looking for
-
[b]Fill a DataGrid with the returned data of a Stored Procedure[/b]
Hi I'm trying to use a stored procedure that returns data from the table tab_proc1 and a DataGrid that will display the results. Any help would be appreciated. bebop created the following in MS SQL Server: a table: create table tab_proc1 (col1 char(1
-
My iTunes keeps freezing whe I try to sync it with my ipad
On my first attempt at synching my iPad with iTunes - after upgrading to iO5 - my iTunes freezes and continues to freeze on each attempt at synching. It works just fine alone and when I sync my iPod. Additionally, many of my subscribed apps on my iPa
-
Assign Logical file name for the physical file path through Program
Hi all, I am having a physical file which is getting generated dynamically. It is having the date and time stamp in its name which is added at runtime. Now I need to assign a logical file name for the physical file path through the program. Is there
-
ALE clients in single R/3 system.
Hi Experts, I am having a single R/3 system for which i have set different clients. But if i want to exchange data between these clients through ALE under single R/3 system ,then i am unable to create 2 clients with the same key i.e. '800'. Is it pos
-
Unable to extract to temp Directory
Hi there I tried installing a trial version of InDesign and I keep getting an error message that says "Unable to extract to temp Directory. Please contact customer support (EX11). Has anyone else encountered this issue? Than ks