Administrator and End user Permission

Similar Messages

• End user permission ignored

  Hello,
  I have a problem with an end user permission that seems to get ignored: I wanted to demonstrate the usage of the end user permission and assigned a role to a User (for simplicity's sake as an entry point, no worksets, pages etc. involved) and enabled end user permission on the role for that particular user.
  Now when that user logs in he gets to see the according entry in the navigation bar as expected. However if I disable the end user permission, log out and again log in the user, he stills sees the link. The end user permission setting is simply ignored. Can someone shed light onto this, could there be something wrong with the installation)?
  I don't think this is an issue of permission inheritance (the role permissions are set explicitly anyway) or overlapping permissions due to membership in several groups - the user is only member of the single standard  group 'authenticated users'.
  Regards,
  Sebastian
  P.S. What's the use of a role assignment to a user without end user permission anyway (I mean why the option)? What happens if you don't add permissions on a Role for a certain user at all (I tried it, but the effect is the same as described above - end user permission seem to be irrelevant)?

  Hi Robert,
  thanks for your answer and for the link (and I thought I had read everything). I am not so sure however if I really understand the term 'runtime environment' for a user. I thought runtime vs. design-time meant the difference between the content a user sees when he is actually using the portal and the content an administrator has access to in the portal content catalog, i.e. a meta-environment accessible only through certain tools like the permission editor or similar.
  I don't understand what you want to express with "<i>It's used to restrict ... end user runtime environment</i>" and why the "Page Personalization" is an example.
  I realize that for roles the availability for a user is solely defined by the assignment of that role to the user - end user permissions have no effect on this. Confusing, because I tought this availability (i.e. showing links in the toplevel or detailed navigation) was what was meant by 'runtime environment' but I seem to be wrong here.
  The docu says "<i>for roles the end user permission setting does enable you to define which users/groups/roles are able to preview the role content using the portal design-time tools</i>". Again, I am confused, I thought this was exactly the meaning of design-time environment.
  Great if you or someone else could comment on this..
  Regards,
  Sebastian

• FPN - End user permission

  Namaste all,
  I have followed
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/70191d1e-2bd1-2a10-d9b7-ba19500da527
  for setting up FPN. But I didn't understand how to assign end-user permission for a person at the consumer portal. Can somebody guide me how to search for a consumer portal user in the producer portal?
  Regards,
  Krishna Murthy

  You should just be able to navigate to User Administration tab in either portal to see the user. You can assign permissions via the PCD explorer. Locate the PCD object you wish to assign permissions to and right click and choose open --> permissions.
  This [help guide|http://help.sap.com/saphelp_nw70/helpdata/EN/f6/2604f005fd11d7b84200047582c9f7/frameset.htm] explains it in more details.
  Hope this answers your question.
  BRgds,
  Simon

• Appraisal - tcode access to core and end users

  Hi Experts,
  Please let me know which transaction code access is to be given to Super Users, Core Users and End users from the list below.
  And also, Please let me know if I have missed out any transaction codes related to Appraisals.
  T codes for PMS Basic Setting
  OOHAP_BASIC           Basic Appraisal Template Settings
  OOHAP_CATEGORY           Appraisal Category Settings
  OOHAP_CAT_GROUP     Category Group Settings
  OOHAP_SETTINGS_PA    PA: Settings
  OOHAP_VALUE_TYPE     Standard Value Lists
  T codes for PMS Process
  PHAP_ADMIN     Administrator - Appraisal Document
  PHAP_CATALOG     Appraisal Template Catalog
  PHAP_CHANGE     Change Appraisal Document
  PHAP_CREATE     Create Appraisal
  PHAP_PREPARE     Prepare Appraisal Documents
  PHAP_SEARCH     Evaluate Appraisal Document
  This is very urgent..Your immediate response is highly appreciated.
  Thanks!

  Hi,
  End users are authorized with
  PHAP_CHANGE Change Appraisal Document
  PHAP_CREATE Create Appraisal
  PHAP_PREPARE Prepare Appraisal Documents
  the T.codes
  where they can prepare appraisals, if mistakenly entered wrong appraiser or appraisee they can edit
  For other activities administrators must have autorization
  Regards
  Ratan Puli

• How to set End User Permission to an iView?

  Hi experts,
  can someone tell me how I can set End User Permission to enabled to an iView?

  Hi there,
  From what I have read you want a user to access an iView without an account. To do this you need to configure the J2EE engine for an anonymous user access and set the iView property for authentication to anonymous.
  Because the user has no account you have to assign any roles you want to use for permissions to the anonymous user account configured for anonymous access.
  There is documentation on help.sap.com on how to configure anonymous access.
  Hope this helps.
  Regards
  Christiaan

• Regarding end user permission

  Hi Gurus,
  I have three iviews (v1,v2,v3)assigned to a role(RoleAll) which will be assigned to user. The requirement is: certain user can only see certain iviews.
  my notion is:
  another three roles(role1, role2, role3) created, and set the iviews' end user permission enabed to respective role(v1--->role1, v2>role2, v3--->role3), what I expected is : the user with role RoleAll and role1 will see v1.
  user with role RoleAll, role1 and rol2 will see v1 and v2.
  when I implement  like this, the behavior is not as expected.
  Can anyone body guide me?
  Best regards,
  John

  >
  John Wu wrote:
  > I have three iviews (v1,v2,v3)assigned to a role(RoleAll) which will be assigned to user.
  >The requirement is: certain user can only see certain iviews.
  > my notion is:
  > another three roles(role1, role2, role3) created, and set the iviews' end user permission
  >enabed to respective role(v1--->role1, v2>role2, v3--->role3), what I expected is :
  >the user with role RoleAll and role1 will see v1.
  > user with role RoleAll, role1 and rol2 will see v1 and v2.
  >
  Hello,
  Assign iView 1 to Role1, iView2 to Role2 & iView3 to Role3.
  Assign RoleAll to those users who should see atleast one of these iViews.
  Then Assign Role1 to the users who should see iView1. Similarly assign
  Role2 and Role3 to respective users.
  Now use Role Merging concept. Give same merge IDs to all the roles. For
  the user having  two of these roles (for e.g, RoleAll + Role1), will see
  only one merged role...and one iView.
  refer:
  http://help.sap.com/saphelp_nw70/helpdata/EN/53/89503ede925441e10000000a114084/content.htm
  May be you could give it a shot.
  Regards,
  Anagha

• Purchased MacBook Air...I am administrator and only user.  Forgot the admin ID and password.  Would like to start over and reboot

  JJust purchased a MacBook Air.
  i Am the administrator and only user.    It somehow lost the Admin ID and password... Hint does not work. 
  would ould like to to reset everything or just reboot and start the registration and setup from the beginning.  No saved items so nothing would be lost in a total reboot
  what is the best option please.  Migrating from a PC so everything is a bit confusing

  i know how to reset it....
  check this... http://www.tomsguide.com/faq/id-2330386/restore-macbook-air-factory-settings.htm l
  i have done it two time well it will ask you to download OS X again..
  Aayush

• Need of SAP Equipment and Tooling Managemt Config and End user documents

  Hi
  I am in implementation project of SAP PM - ETM (Equipment and Tooling Managemt )
  Can any body please send Config and end user documents if any?
  I am in urgent need of those documents
  Thanks in Advance.
  SR

  Hello Jackie,
  The new features are outlined in the Installation Guide (page 10.)
  The most noticable to the end-users would be the security settings and the different views such as Hierarchial and Tree views
  which can be customised.
  Best Regards,
  Jude Bradley

• Background Administration Setup - End Users

  Hello
  We want to put in some restrictions from Transaction SM37 to our end-users
  We only want end-users to have access to display , delete , release their OWN Jobs and not have access to the other users’ from SM37
  From the Roles in PFCG that have access to SM37 I have done the following:
  •Deactivated S_BTCH_ADM          (I don’t want them to have access to Manage Background Administration)
  •Deactivated S_BTCH_NAM          (I only want the user to view himself and not other users with entry “ *” or username )
  •S_BTCH_JOB                             (Gave the values RELE , DEL , List , Prot ) – I excluded Show as for reason not to have access to display others jobs
  With the above done I can still view the other end users’ background jobs.
  Any idea on how I can setup correct security measures for SM37?
  Thanks & Regards
  Marlon

  As far as I am aware, unless you want to modify SM37 then you should use SMX to restrict users to displaying (and managing) only their jobs.
  If you leave S_BTCH_ADM, S_BTCH_JOB & S_BTCH_NAM blank, users will still be able to see all the batch jobs but only manage their own.
  The screens are very similar between SM37 & SMX so your users shouldn't have too much trouble (though nothing would surprise me.......)

• User Administration  for End User

  Hello Everyone,
  I needing that a end-user can only insert other users in the user group where it is administrator.
  Somebody to know as if makes this?
  Thanks.

  Lucas,
  As far as I now, there is no possibility to differenciate users in a group.
  This means that if you can't differenciate users belonging to a group, you will not be able to identify if he is administrator or not of the group. So it will not be possible to assign him a specific role that will allow him to populate users in that group only.
  For your information, you can use the role "pcd:portal_content/administrator/user_admin/delegated_user_admin_role" to allow user to :
    - create other users
    - top grant roles for with they have the "Role Assigment" permissions
    - but not to populate groups (what could lead to security problem, ie you can make your self member of Administrators group, and so have the SuperAdmin role)
  Hope this help
  Vincent

• Windows 7 OS with an Administrator and Standard User Functions

     While using this system I have noticed that when some other similar machine with this system seems to want an uneven non match. All mine are updated. I personalized the power scheme and desktop and not sure that the other wants it to be
  its subordinate. Does the administrator administrate over other administrators. He or she would set the restore point instead of the standard user. While the both somehow believe their personal documents are at least somewhat private. Sure there is not
  equal power on both sides.
     Could the other administrator please leave our administrator to do his own non dirty work?
   

  Unfortunately your post is off topic here, in the TechNet Site Feedback forum, because it is not Feedback about the TechNet Website or Subscription.  This is a standard response I’ve written up in advance to help many people (thousands, really.)
  who post their question in this forum in error, but please don’t ignore it.  The links I share below I’ve collected to help you get right where you need to go with your issue.
  For technical issues with Microsoft products that you would run into as an
  end user of those products, one great source of info and help is
  http://answers.microsoft.com, which has sections for Windows, Hotmail, Office, IE, and other products. Office related forums are also here:
  http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx
  For Technical issues with Microsoft products that you might have as an
  IT professional (like technical installation issues, or other IT issues), you should head to the TechNet Discussion forums at
  http://social.technet.microsoft.com/forums/en-us, and search for your product name.
  For issues with products you might have as a Developer (like how to talk to APIs, what version of software do what, or other developer issues), you should head to the MSDN discussion forums at
  http://social.msdn.microsoft.com/forums/en-us, and search for your product or issue.
  If you’re asking a question particularly about one of the Microsoft Dynamics products, a great place to start is here:
  http://community.dynamics.com/
  If you really think your issue is related to the subscription or the TechNet Website, and I screwed up, I apologize!  Please repost your question to the discussion forum and include much more detail about your problem, that could include screenshots
  of the issue (do not include subscription information or product keys in your screenshots!), and/or links to the problem you’re seeing. 
  If you really had no idea where to post this question but you still posted it here, you still shouldn’t have because we have a forum just for you!  It’s called the Where is the forum for…? forum and it’s here:
  http://social.msdn.microsoft.com/forums/en-us/whatforum/
  Moving to off topic. 
  Thanks, Mike
  MSDN and TechNet Subscriptions Support <br/> Read the Subscriptions <a href="http://blogs.msdn.com/msdnsubscriptions">Blog! </a>

• SharePoint 2013 - What are all requirement components for People Pickers to list, search, display, and assign users permission

  Hi All
  the past few months, I have been working with permission issues related to SharePoint 2013 site permission settings using People Pickers to list, search, display users to assign or check permission.
  Our environment include multiple domains and few forests. Our SharePoint farm is installed on one domain but the good thing is our AD structure are configured to have all other domains and forests with 2 ways trusts with this domain so domain
  users are authenticated and can access SharePoint just fine. Also SharePoint use default claim authentication.
  The problem is People Picker is not display all domains user accounts when site owners need to assign permission. So to resolve the problem, I had provisioned
  SA - User profile service and Import AD domain user accounts (one way) into Sharepoint.
  I configured stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv
  for all domains and forests (eventhough, as mentioned we do have 2 ways trust)
  and sometime tried different query (user last name, domain\logonname, email address) if one is not showing.
  With all that added, People Pickers seem to find and display user account for all domains now.
  My question now is do UPS and all AD domains users need to be imported into SharePoint and STSadm configuration are required in order to have all domains user accounts to display in People Pickers so the site owners can
  find them and assign permission when needed?
  Please share your advices, comments as they are really valuable to me.
  Thanks
  Swanl

  UPS and people pickers are virtually unrelated. The only connection between them is to do with caching and updating user names and emails if they change over time, or in other words not relevant to your situation.
  To answer your question directly; Nope, you do not need to set up synchronisation connections to a domain to be able to pick up a person in a people picker. As you've seen you may need to run some STSADM commands to make sure they are checking the right
  places.

• ABAP Development and "End User License"

  Hi all,
  I'm happy to join to SDN!!!
  I newbe in the forum, and therefore I don't know if I post in the right section.
  I'm a Netweaver Architect and ABAP Developer.
  In the past I worked as java developer, and with other programming languages.
  I have a doubt: is it possible (or forbidden by SAP AG??) to develop an ABAP package (which, obiousvly, contains Z / Y Abap objects) and apply an "End User License" on it, i.e. on the ABAP code written? (I mean that the copryrights are mine, and I give an "End User License" to my customers (that buy the license), in order to get and run my abap code). I would avoid to sell my Abap package, but, if possibile, I would only give it according a "Use License".
  May I do this thing without any problems, or have I to consider other aspects, like ask to SAP to reserve a namespace, or obtain SAP Netweaver certification for my ABAP solution, or other things?
  (Infact the "End User License" that I mean is different from "SAP End User License")
  Please, let me know your opinion and how or who could solve my matter.
  Many thanks to all.
  Best Regards,
  Albert

  Hello,
  Can you point us there in this thread please?
  Kind regards
  Ash Thomas
  Sap Consultant
  <a href=http://www.ashpeople.com>Sap Consultancy</a>
  <a href=http://www.ashpeople.com>www.ashpeople.com</a>

• ABAP application and "End User License"

  Hi all,
  I'm happy to join to SDN!!!
  I newbe in the forum, and therefore I don't know if I post in the right section.
  I'm a Netweaver Architect and ABAP Developer.
  In the past I worked as java developer, and with other programming languages.
  I have a doubt: is it possible (or forbidden by SAP AG??) to develop an ABAP package (Z / Y Abap objects)  and apply an "End User License" on it? (I mean that the copryrights are mine, and I give an "End User License" to my customers (that buy the license), in order to get and run my abap code). I would avoid to sell my Abap package, but, if possibile, I would only give it according a "Use License".
  May I do this thing without any problems, or have I to consider other aspects, like ask to SAP to reserve a namespace, or obtain SAP Netweaver certification for my ABAP solution, or other things?
  (Infact the "End User License" that I mean is different from "SAP End User License")
  Please, let me know your opinion and how or who could solve my matter.
  Many thanks to all.
  Best Regards,
  Albert

  Hi Albert,
  I thing you are doing some mistaken, please read carefully SAP licence agreement or send query to SAP they will reply accordingly.
  Regards,
  Anil

• Dimension administration by end-users

  Dear colleagues,
  I am designing BPC solution for Headcount planning. End users should be able to change properties for employee dimension. This would be done by approx. 40 users (Fund Centre managers). Is this possible to be done within BPC admininstation, what are the challenges and risks? Has anyone done it with so many users? As far as I know it is not possible to customize or limit dimensions, which can be changed by a user. So it would be very risky that someone changes property, which he should not.
  Thank you!
  Kind regards
  Ivan

  Hi Ivan,
  If the user activity will be limited to member property change (not creating of new members) then the risk is moderate. It can be done by modified code of Master Data on the Fly http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2020b522-cdb9-2e10-a1b1-873309454fce?QuickLink=index&…
  Using this badi you can add required restrictions. You will need to change code to allow update of properties only.
  Vadim