Add UME Role to LDAP User

Similar Messages

• Assigning roles to LDAP users through BIP API

  Hi.
  My customer has BIP 11g and OIM 9.1.0.2 running on the same weblogic server (11g). Both authenticate against the same LDAP server.
  One of our desired next steps is to provision from OIM the BIP roles to each LDAP user so every user gets the correct roles (and access to the correct reports) according to the groups he has on OIM.
  I've been searching for info regarding this without success. The BIP API doc does not show any info about assigning roles to users.
  We don't need to manage LDAP users, BIP roles, etc... through OIM. We only need to assign BIP roles to LDAP users.
  Is it possible to make that assignments through BIP API?
  If not, any other ideas? New ideas or different approaches are welcome.
  Thanks in advance.

  In OBIEE 11g which includes BIP the application roles are applied to LDAP users and groups using the Enterprise Manager Fusion Control.
  During the upgrade process from OBIEE 10g to OBIEE 11g the groups do get assigned to these roles transparently so there must be some API to leverage this functionality.
  I would start there, http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10541/admin_api.htm
  There are no specific instructions on accomplishing what you seek but if you have some WLST or Java Skills you should be able to get something prototyped.
  Let me know if that helps.

• In 11i CRM add the role 'csi normal user error

  Hi,
  i am trying to add the role 'csi normal user' , for that i have some procedure below
  To add this role to a user, you need CRM HTML Administration responsibility:
  1. In the Navigator, click the CRM HTML Administration responsibility.
  2. Under “Setup : Users : Registration”, click User Maintenance
  3. Enter full or partial username and click Go.
  4. Select the applicable username from the list
  5. Click Roles
  6. Select the CSI Normal User role from the left pane.
  7. Click Move to put it in the right pane.
  8. Click Update.
  i have already added crm html administrator to myself,i have sysadmin privilege,i have crm html administrator under that i have user maintanence
  if i click that its showing error that i dont have privilege to view that page
  error says i dont have the privilege
  Please let me know ,

  Hi,
  Have a look at the following documents.
  Note: 261174.1 - Insufficient Privileges to Access the User Maintenance Page
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=261174.1
  Note: 232373.1 - Insufficient Privileges when Accessing User Maintenance
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=232373.1
  Note: 299795.1 - Error In Granting Any Roles To A User - "Error granting role"
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=299795.1
  Note: 299186.1 - Administration Privilege Is Required To Access This Page
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=299186.1
  Regards,
  Hussein

• How to Automate to Add a Role for 250+ Users in One Shot ?

  Hi all,
    How can I add a Role 'X' for 250+ User in one shot. I could go to SU01 for each User and add a Role 'X' manually, but it will take at least more than two hours. Is there any automation to accomplish this task, PLEASE ?
  Thanks.

  Look at the How To paper on maintaining authorizations through flat file...
  <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1d8ea990-0201-0010-43b3-d13b83e2bf20">How to maintain authorizations through flat file</a>
  Hope this helps.

• Portal Runtime error in assigning a role to a user by UME

  Hi ALL,
  I am assigning a role to a user through UME using this piece of code:
  String uids = userFactory.getUserByUniqueName("Shilpa").getUniqueID();
  String roleid = roleFact.getRoleByUniqueName("pcd:portal_content/administrator/content_admin/content_admin_role").getUniqueID();
  roleFact.addUserToRole(uids,roleid);
  The userid and role is beinf fetched successfully but at the assignment of the role to the user , I am gettign Portal runtime error.
  The error log is following.
  <b> java.lang.NoClassDefFoundError: com/sap/abc/network/util/InfEPLog
       at UserListeners.userAssigned(UserListeners.java:27)</b>
       at com.sap.security.core.imp.RoleFactory.assignUserPerformed(RoleFactory.java:1466)
       at com.sap.security.core.persistence.imp.DistributedTransaction.doCacheUpdateAndNotificationForMembers(DistributedTransaction.java:565)
       at com.sap.security.core.persistence.imp.DistributedTransaction.doCacheUpdateAndNotificationForMembers(DistributedTransaction.java:815)
       at com.sap.security.core.persistence.imp.DistributedTransaction.doCacheUpdateAndNotification(DistributedTransaction.java:465)
       at com.sap.security.core.persistence.imp.DistributedTransaction.afterCompletion(DistributedTransaction.java:252)
       at com.sap.engine.services.ts.jta.impl.TransactionImpl.commit(TransactionImpl.java:414)
       at com.sap.engine.services.ts.jta.impl.TransactionManagerImpl.commit(TransactionManagerImpl.java:316)
       at com.sap.engine.services.ts.transaction.TxManager.commitLevel(TxManager.java:581)
       at com.sap.engine.services.ts.transaction.TxManagerImpl.commitLevel(TxManagerImpl.java:63)
       at com.sap.transaction.TxManager.commitLevel(TxManager.java:237)
       at com.sap.security.core.persistence.imp.DistributedTransaction.commit(DistributedTransaction.java:2742)
       at com.sap.security.core.imp.Role.commit(Role.java:337)
       at com.sap.security.core.imp.RoleFactory.addUserToRole(RoleFactory.java:1338)
       at com.sap.user.UserAdded.doContent(UserAdded.java:63)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.doPreview(AbstractPortalComponent.java:240)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:168)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
       at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
       at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:645)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
       at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:524)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:407)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Please tell me where I am wrong.
  Regards,
  Shilpa.

  Hi Shilpa,
  The error "java.lang.NoClassDefFoundError" means that your classpath is not set correctly. This is likely due to a missing reference. The class file may be in the jar, but at runtime the component (your component) needs to have access to the jar file which contains the class.
  Try adding the servlet.jar, activation.jar file in your project and also through your ADd external libraries at 'java build path'. also please ensure tht WAS and NWDS at the same SP level.
  Hope this might help you.
  Regards,
  Shaila

• LDAP user to application role mapping

  Hi All,
  OBIEE 11.1.1.5
  I have a table with ldap username and role. I have also configured external LDAP server in RPD. Users are able to login to portal.
  Can some one guide me, how to make sure that when user login to OBIEE automatically by table the role will be fetched and mapped with application role created?
  Or, In simple words,
  How can I assign an external ldap user to be mapped to application role? One by one?? or Via table as mentioned above?
  Anyone can help? All documents are not giving this simple picture to me.
  It was easy in 10g, In 11g is it rocket science so that my company can loose the hope to go ahead with 11g?

  Hi,
  1. Create block to initialize USER variable with user name from LDAP
  2. Create block to initialize GROUP variable with role name from external table
  3. In initializtion block for GROUP variable add precedence with User init block to make sure that USER variable have value
  4. If one user can have few roles you should check row-wise-initialization oprion
  Hope it's helpful

• Adding LDAP User store to UME

  We need to authenticate users against an LDAP server.  This works fine from the workbench where the UME ContentSource is database_only.  However, the central WebAs (Netweaver 2004) was installed with ContentSource of r3_rw.  According to the documentation, a prerequisite to adding an LDAP user store is: "You have installed a SAP Web Application Server Java where the UME is configured to use the database of the J2EE Engine as data source."  Since our WebAS Java is not configured this way, is there any way, short of re-installing the server, to add an LDAP user store?  TIA,
  Steve

  Hi Steve,
  Once you choose an ABAP data source, there is no going back.
  You can however synchronize the ABAP with the LDAP server. Have the ABAP user management periodically import users from the LDAP server.
  -Michael

• LDAP user role Assignment

  Hello All,
  I have integrated the Corporate LDAP with EP 7.0 ,and then assigned portal roles to the LDAP users. The users still exist in the LDAP and we are not importing them , but then how's the role assignment done on the portal and where is the information for each user's assigned roles stored int he UME Database, is there any specific table for that ,some profile or what?
  Any help would be really appreciated
  Thanks

  Hi,
  I have not tried this, but there are logical attributes with which you can also store
  User-->Role assignment into LDAP.
  PRINCIPAL_RELATION_MEMBER_ATTRIBUTE
  PRINCIPAL_RELATION_PARENT_ATTRIBUTE
  Check this:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/e6/d75d3760735b41be930f2dddae3126/frameset.htm
  <nameSpace name="com.sap.security.core.usermanagement.relation">
                <attributes>
                  <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
                </attributes>
  </nameSpace>
  So it depends on your UME datasource configuration, where this assignment information is saved.
  Greetings,
  Praveen Gudapati

• How to add a role so user can do Export, Copy & paste Master Data?

  How to add a role so user can do Export, Copy & paste Master Data? Thanks!

  Add S_GUI to the user role.

• Creation of user and roles in ldap using jldap api

  Please help me in creating user and roles in ldap through java api.
  I am able to manupulate the existing user and role in ldap. Please give
  me some steps or some sample code for creating user
  satyanandasahu
  satyanandasahu's Profile: http://forums.novell.com/member.php?userid=89095
  View this thread: http://forums.novell.com/showthread.php?t=414763

  Thanks Jim..
  this is doing the work. Here we have a custimised class with customised
  attributes I am looking how to do that.
  Can you give your mail id.
  thanks again
  Jim Willeke;1995096 Wrote:
  > Have you seen these samples:
  > 'Novell Documentation'
  > (http://developer.novell.com/document...mple/index.htm)
  >
  > See the AddEntry.java
  > -jim
  >
  > On 7/2/2010 9:36 AM, satyanandasahu wrote:
  > >
  > > Please help me in creating user and roles in ldap through java api.
  > > I am able to manupulate the existing user and role in ldap. Please
  > give
  > > me some steps or some sample code for creating user
  > >
  > >
  satyanandasahu
  satyanandasahu's Profile: http://forums.novell.com/member.php?userid=89095
  View this thread: http://forums.novell.com/showthread.php?t=414763

• BAPI to add role to a user.

  Hi,
  Is there any BAPI available to assign role to a user?.
  I got one bapi BAPI_USER_ACTGROUPS_ASSIGN, this bapi does work.
  But the problem is it deletes the previous roles assigned to the user and then assign new one.
  I would like to know if there is any BAPI to just add a new role to the user without deleting the previous roles assigned to it.
  Thanks & Regards,
  Subin.

  Hi John,
  Bapi BAPI_USER_ACTGROUPS_ASSIGN does delete all the existing roles and appends new ones.
  If you wish to keep the existing roles then use BAPI_USER_GET_DETAIL along with BAPI_USER_ACTGROUPS_ASSIGN .
  example :  assuming it_new_activity is table of new activities you wish to assign.
  CALL FUNCTION 'BAPI_USER_GET_DETAIL'
    EXPORTING
      username       = 'TESTUSER'
    TABLES
      activitygroups = it_old_activity
      return         = return.
  APPEND LINES OF it_old_activity TO it_new_activity
  call function 'BAPI_USER_ACTGROUPS_ASSIGN'
    exporting
      username       = 'TESTUSER'
    tables
      activitygroups = it_new_activity
      return         = return.
  Hope this helps.
  Regards,
  Jovito.

• How to create Users/Roles for ldap in weblogic without using admin console

  Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
  or is there any ant script for creating USers/Roles?
  Regards,
  Raghu.
  Edited by: user9942600 on Jul 2, 2009 1:00 AM
  Edited by: user9942600 on Jul 2, 2009 1:58 AM

  Hi..
  You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
  .e.g. wlst create user
  ..after connecting to admin server
  serverConfig()
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
  cmo.createUser("userName","Password","UserDesc")
  ..for adding/configuring a role
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
  cmo.createRole('','roleName', 'userName')
  ...see the mbean docs for all the different attributes, operations etc..
  ..Mark.

• Editing LDAP User attributes from UME interface

  Hi Gurus,
  We want to develop a solution with user management screens in WD. These screens will provide password reset and unlock functionality for users. Our users are stored in LDAP. Current connection to LDAP is in Read Only manner.
  I want to know
  1. How to enable the connection from UME to LDAP in read/write manner?
  2. What certificates need to be exchanged for write access? if any?
  3. What changes needs to be done in config file of UME?
  4. Which permissions should be granted for communication user to edit LDAP user attributes?
  Even after performing the change to read LDAP in read/write manner, will it be sure: If we lock user from UME, it will lock LDAP user? please comment.
  regards
  Kedar Kulkarni

  Hi,
  We are half way into our application between UME and LDAP. We have developed screens and tested in our internal server. In internal landscape, UME is connected to LDAP in read only fashion. So when we try to create User, it gets created in UME.
  But when we deploy same application into client landscape, we receive error as below:
  No data source feels responsible for principal. Please check the data source configuration
  Now we are not sure why this error is getting displayed.
  In client landscape there are 2 LDAPs connected to UME, with only one LDAP in read/ write access.
  Is there any way we can check which LDAP is being accessed by our code? Is there any concept of Default LDAP?
  Any code to access LDAP details will help us lot.
  regards
  Kedar Kulkarni

• OIM 11g add custom role on user creation

  Hi,
  I when i create a user in OIM11g by default it gets added to "ALL USERS" role.
  I have created a new role and want to add user to this custom role while creating users. How can i do this in OIM11g
  Regards,
  Ab
  Edited by: 824473 on Jan 18, 2011 2:33 AM

  set Auto submit true. you can't set the value for ValueChangedListener property in current release of R2. This is bug and you can raise SR for same. But, this won't cause saving data into USR table. ValueChandedListener property for Modify User page only.
  As you said, data is not being saved in the USR table then verify your steps again:
  create sandbox->users->create user/edit user/view user details page->click customize->leftTopcorner->View->Source->select area->edit->Click Add Content (on left top)->Data Component catalog->scroll down and select User VO->Refresh dialogue box->select the field and click 'Add'->on dropdown select 'ADF Input test w/label/for view user page it should be output test w/label->close that window->Check if it added to create user form->save and close customization
  for user detail page select "Managed User->UserVo1 " as datacomponent
  Re: UDF creation on User form in 11gR2
  for valuechangedlistener the fixes all ready available. you have to do some workaround as other poster has given in above link:
  1.Create a sandbox and activate it. Open the page that contains the UDF, and click Customize.
  2.Select View, Source.
  3.Note the value of the valueChangeListener property of a predefined field. To do so:
  a.Click the predefined field, and then click Edit to open the Component Properties dialog box.
  b.Copy the value of the valueChangeListener property.
  4.Export the sandbox as a ZIP file.
  5.Extract the ZIP file and edit the jsff.xml file for the specific screen.
  6.Add the following attributes to the ADF tag, for example af:inputText, for the UDF:
  ◦valueChangeListener=VALUE_COPIED_IN_STEP3
  ◦autoSubmit="true"
  7.Create the ZIP file for the sandbox.
  8.Import the sandbox.
  9.Publish the sandbox.
  Edited by: Nishith Nayan on Sep 21, 2012 1:04 PM

• Difference between UME and LDAP users

  Hi,
  I am facing a strange problem. In my Webdynpro application, I am accessing the portal user properties using the normal user management APIs. IUser object. On my local server, all the users are UME users and it runs fine.
  When I deployed my application on the central server which creates LDAP users by default, the code bombs saying the user is not authorized. When I recreate the user in UME, it is fine again. Are there APIs which I can use which work for both the user stores?
  Thanks in advance,
  Kiran

  Hi Kiran,
  I User object works for both the cases. Just try the below code.
  <%@ page import = "com.sap.security.api.IUser" %>
       private void getUser() {
            user = compRequest.getUser();
            userId = user.getUniqueID();
            userName = user.getUniqueName();
  It worked for me for getting the users from LDAP.
  Regards,
  Santhosh