Adding employees to Global roles

Similar Messages

• Global Roles

  Hi Experts,
  I am currently facing an issue where I am unable to see any roles when I "Browse Global Scoped Roles" under "Search for Roles Entitled to this Resource
  ". I have defined all the global roles under "Home >Summary of Security Realms >myrealm >Realm Roles" on the weblogic server 10.3.0.0.
  Even the default roles defined under Visitor Roles
  - Visitor Entitlement RoleAnonymousVisitor
  - Visitor Entitlement RoleAuthenticatedVisitor
  are missing in this environment.
  Any help will be highly appreciated.
  Cheers
  Edited by: user551247 on 25-May-2011 01:37
  Just to add, I tried to look into the table P13N_ENTITLEMENT_ROLE and could see that all the roles defined are already present. I tried to create a new role and this role is being added to this table.
  But I am not able to view any of these roles on the portal.

  Have you tried this ?
  http://weblogic-wonders.com/weblogic/2010/06/04/how-to-modify-weblogic-default-roles-and-policies/

• How to retrieve Global Roles in a the current security realm?

  Is there a WLS API available that obtains a list of mapped global roles (defined in a security realm) from an application?
  I want to be able to do a getRoles call against an authenticated user. So far, I'm only able to use isUserInRole. What I need is a list of all global roles mapped to a user's group.
  Thanks all...
  Message was edited by:
  raymondng

  You can refer to the api
  http://e-docs.bea.com/wls/docs81/javadocs/weblogic/management/security/authorization/RoleReaderMBean.html#getRoleExpression
  -Ramkumar

• Configure global roles in weblogic express

  Weblogic Express 8.1 sp2 does not allow you to configure global roles using the
  Admin console.
  I know this is the expected functionality. How do you configure these global
  roles without the use of the Admin Console.

  As far as i know you could never create roles via WLST offline, only via WLST online.
  Thanks,
  -satya
  BEA Blog: http://dev2dev.bea.com/blog/sghattu/

• Enable the Shop on Behalf functionality for Employee Self Service Role (Requisitioner) in SRM 7 EHP 3

  Dear All,
  We are in SRM 7.0 EHP 3 and we are planning to add the shop on behalf functionality for our requisitioner (Employee Self Service Role). As per the standard, we are aware that it can be implemented in SC professional.
  Is there a way to add the SOB functionality in SC Wizard as well. We have tried the below suggestion.
  Enhance the BBP_SC_MODIFY_UI BADI. But it hasn't helped us where the link is not at all appearing. Could you please advise if there is any enhancement needs to be done in Web Dynpro level or the changes need to be done in BADI and also in Web Dynpro level.
  Thanks in advance for your help.
  Best Regards,
  Bharathi

  You observation is correct and it is the standard design of such portal roles as SRM Administrator, SRM Strategic Purchaser, or SRM Operational Purchaser to not have "personalization", but only Employee Self Service role.

• When Tcode and Object added to the particular role

  Dear Gurus,
  My question is that, how we can able to know that who (user ID) / when this tcode or object (with particular activities) has added to this particular roles/profiles.
  Regards,
  Sanjay

  Hi Sanjay,
  Goto SUIM->Change Documents->For Profile and select the profile of the role for which you would like to see the changes.
  After running the report, you will see the Objects added/removed. Click on each Object & it will show all the details, as in: who did, at what date, time, values entries etc
  Similarly, you can see the same for Roles also, if you want to see for Transaction codes

• Creating a Global Role using weblogic.Admin command

  Hi,
  Does anyone have an example of creating a global role using the weblogic.Admin commands? I think I have to use the INVOKE command with the DefaultRoleMapper and createRole method, but I'm not quite sure what the rest of the syntax is.
  Thanks,
  Gabriel

  Gabriel,
  The following works for me:
  weblogic.Admin -url t3://localhost:80 -username weblogic -password weblogic INVOKE -mbean "Security:Name=myrealmDefaultRoleMapper" -method createRole "" "MyGlobalRole" "Grp(Administrators)" ""
  The null first parameter identifies this role as a global role.
  The second param is the name of the role.
  The third parameter is the policy expression. Here, I've mapped the role to the Administrators group. You can also map it to users or a combo of the two. For example, to map it to the "weblogic" user, use "Usr(weblogic)" as the policy expression. If you leave this parameter empty, the role will be created but will not be mapped to anything.
  I'm not sure what the fourth parameter is for. It's not defined in the RoleEditorMBean docs but not including it causes an error. I suspect it's a description field because WLS does not seem to care what you put there.
  HTH,
  Mike

• Migrate 8.1 Global roles include Role Conditions

  Hi all,
  have one question. I want migrate Global Role conditions from one WebLogic 8.1 server to another. When I export DefaultRoleMapper provider, I can see in exported file list of Global Roles only. I cannot see any mapping item in this file. Please, know someone how migrate Global Roles including mapping ?
  TY very much,
  Lada

  Hi,
  I export DefaultRoleMapper through Security-Realms-myrealm-Providers-Role Mapping-DefaultRoleMapper/Migration-Export in WL console.
  In exported file I can see only list of defined Global Roles, for example:
  dn: cn=::AbortTaskRole,ou=ERole,ou=@realm@,dc=@domain@
  objectclass: top
  objectclass: ERole
  cn: ::AbortTaskRole
  createTimestamp: 201000261052Z
  creatorsName: cn=admin
  EExpr:: fALDp01DQWRtaW5Hcm91cArDp01DU3BBZG1pbkdyb3VwCg==
  wlsCreatorInfo: mbean
  modifyTimeStamp: 201000261147Z
  modifiersName: cn=admin
  dn: cn=::CancelTaskRole,ou=ERole,ou=@realm@,dc=@domain@
  objectclass: top
  objectclass: ERole
  cn: ::CancelTaskRole
  createTimestamp: 201000261053Z
  creatorsName: cn=admin
  EExpr:: fALDp01DQWRtaW5Hcm91cArDp01DU3BBZG1pbkdyb3VwCg==
  wlsCreatorInfo: mbean
  modifyTimeStamp: 201000261148Z
  modifiersName: cn=admin
  But in this file I dont see any conditions which are bound to these Roles (myrealm-Global Roles-<concrete role>-Conditions). I cannot find these conditions in any other files generated through export wholes security realm.
  TY for your help,
  Lada

• Creating Global Roles in 9.1 using WLST

  Hi,
  Did anyone try creating Global Roles in Weblogic 9.1 ?
  Since in Weblogic 9.1, the Authorizer and Role Mapper providers are XACML based, I am not sure if we can use WLST offline to create global roles.
  Can someone please shed some light on this.
  Thanks -agreddy

  As far as i know you could never create roles via WLST offline, only via WLST online.
  Thanks,
  -satya
  BEA Blog: http://dev2dev.bea.com/blog/sghattu/

• Set global roles

  Hi,
  Is there a way to set global roles through weblogic ant tasks or command line utilities ?
  I am using weblogic 8.1SP5
  Thanks,
  Manish
  Edited by manish25 at 02/02/2007 1:24 PM

  Hi,
  There certain things you need to check
  1. Did you do user comparsion?
  2. Did you check the SCUL log?
  SCUL  ->choose (error,unconfirmed & warning)  user / roles / profiles execute -> you will get list of users
  Priority of resolving would be the same order   1. Error (red) 2. Unconfirmed (Gray) and 3. Warnings.(Yellow).
  based on the error you can re distrubute the idoc.
  Procedure :
  Select the user which you would like to re-distribute for a particular system -> it will display user  / roles / profile ->
  Let stay roles  are Grayed -> highlight on the role -> click on F7 button or  cross mark(Distrbution)  . You will receive new window with selection of IDOC type. Select appropriate IDOC type -> choose roles -> continue.
  3. Text comparsion
  To get a newly created role to a system quickly avoiding  Text Comparison to all systems i.e from CUA. Instead you can do text comparsion from child systems.
  Finallly your SCUM settings are correct.
  Thanks,
  Sri

• Granting Global Roles

  I'm trying to assign global roles to enterprise users via the ESM but it doesn't seem to work. I'm able to connect to the database and I can see that I'm correctly authenticated using sys_context('userenv','external_name'),sys_context('userenv','session_user'), but I don't get any global roles associated with the enterprise role I'm assigned to.
  Ideas? Anyone has an idea how can I debug this or set a trace to see if I'm even really associated with the Enterprise Role?
  Edited by: [email protected] on Dec 9, 2008 10:53 PM

  You can't unless you use a DDL event trigger
  http://www.psoug.org/reference/ddl_trigger.html
  or write a stored procedure that allows the user to grant privileges presented as input parameters and contains a hard coded list of those privs that can be granted.
  Personally I find the idea of giving anyone, other than a DBA or trusted security officer, the ability to grant privs a violation of governance and security practices and would discourage you from doing so except within the context of a procedure as described above.

• Employee Self-Service Role

  Hello,
  I have NW2004s, EP 7.0, ECC 5.0 (ERP 2004), ESS BP 60.2 and MSS BP 60.1.
  A member of our team accidentally deleted the original Employee Self-Service role, which was the one we use (this is a demo portal). This was a screwed up Copy/Paste, still figuring out how this happen...
  Does anyone know if it's possible to import just the original ESS Role? Or how can I look at it's definition in case I have to create a new one, based on the original ESS Role, so that we can maintain the Standard Homepage Framework looks?
  Thanks a lot
  Antonio

  If you manually unpack the ESS BP (it;s just a ZIP file with a different extension) you <b>might</b> find an EPA file and the low level EPT file for the role. If you make a dummy transport wiht a role in it and export it and keep the same structure with the original ESS role, you may be able to reimport.
  Cheers

• WLST 92 - How to Create Global Role and Role Condition?

  I'm currently using WLS 9.2 and trying to use WLST to create a global role and defining a role condition. Anyone know how to do so using WLST for WLS 9.2?
  Trying to:
  - create Global Role, testRole
  - create condition where 'username = testuser'
  thanks!

  Did you find out a solution for this?

• Setting global roles via command line

  I have lots of global roles defined. today I use the admin console to create them
  leaving room for typo errors, missing one or more roles. Is there a way to use
  a command line tool to accomplish this just like I can set the autheticator provider
  parameters ?
  please help
  premS

  "Satya Ghattu" <[email protected]> wrote in message
  news:[email protected]..
  Cross posting to security newsgroup.
  premS wrote:
  I have lots of global roles defined. today I use the admin console to
  create them
  leaving room for typo errors, missing one or more roles. Is there a wayto use
  a command line tool to accomplish this just like I can set theautheticator provider
  parameters ?
  Unfortunately, the expression language is not public so that makes it
  difficult. There have
  been a fair amount of requests for this functionality. We will probably look
  to do something
  with XACML in the long term.

• Restricting an administrator to only adding or removing Business Roles

  Hi:
  Is there an out of the box rule or form in IDM that can restrict an administrator to only adding or removing business roles from accounts?
  Thanks.

  Hi Dwayne,
  This BU ruling is somewhat of a newer function with OIA. For mass alteration, the old-school way would be to execute a SQL script directly towards the DB.
  Simply change the last line on what correlation you wish (in this situation, it's looking at the BU Name and the GU office name)
  delete from BU_GLOBALUSERS where businessunitkey > 0;
  insert into BU_GLOBALUSERS(BusinessUnitKey,GlobalUserKey)
  select BU.BusinessUnitKey, GU.GlobalUserKey from BUSINESSUNITS BU, GLOBALUSERS GU
  where BU.BusinessUnitName = GU.officename;
  Regards,
  Daniel Redfern
  Technicalconfessions.com