Are Visitor Entitlement Roles == Scoped Roles

Similar Messages

• Weblogic 10.3.2 visitor entitlements roles issue

  1)I am upgrading my weblogic portal application from Weblogic 8.1SP4 to Weblogic 10.3.2 version. I found that roles that created under visitor entitlements thru weblogic portal administration portal are not visible to assigned user.For example I created testRole for my application and added user testuser to this user.When I login to my portal application this user should able to see the portal page that related to testRole.But currently this is not working.
  To fix the above issue I created one new group under User and groups management and added the above user to that group and added that group to testRole. Now the user is able to see the portal pages
  My question is why the user is not able to access the roles when he is not part of any group.Because My portal application have different business users with different entitlement setups for which I cannot categorize under groups.
  The above functionality is working fine in Weblogic8.1SP4 production environment.
  Regards,
  Satya

  Hi Satya
  Post on the WebLogic forum....
  WebLogic Server - General
  Cheers
  David

• Weblogic 10.3.2 - Visitor entitlements role issue

  1)I am upgrading my weblogic portal application from Weblogic 8.1SP4 to Weblogic 10.3.2 version. I found that roles that created under visitor entitlements thru weblogic portal administration portal are not visible to assigned user.For example I created testRole for my application and added user testuser to this user.When I login to my portal application this user should able to see the portal page that related to testRole.But currently this is not working.
  To fix the above issue I created one new group under User and groups management and added the above user to that group and added that group to testRole. Now the user is able to see the portal pages
  My question is why the user is not able to access the roles when he is not part of any group.Because My portal application have different business users with different entitlement setups which I cannot categorize under groups.
  The above functionality is working fine in Weblogic8.1SP4 production environment.
  Regards,
  Satya

  I think the rolemappings in the application are mapped to groups.
  The rolemappings are defined through deployment overrides, such as for example, weblogic.xml (which is located in the WEB-INF/lib directory of a WAR file).
  An example of such a role mapping is the following:
  <weblogic-web-app ...>
       <security-role-assignment>
            <role-name>EMPLOYEE</role-name>
            <principal-name>employees</principal-name>
       </security-role-assignment>
       <security-role-assignment>
            <role-name>MANAGER</role-name>
            <principal-name>managers</principal-name>
       </security-role-assignment>
  </weblogic-web-app>The role-name(s) are set in the web.xml of the application, through a security constraint. The principle names are the user or group names
  configured in the admin console.
  When you edit the weblogic.xml to included a security role assignment and add role-name - principle-name mapping, for example
  <security-role-assignment>
       <role-name>visitor</role-name>
       <principal-name>testuser</principal-name>
  </security-role-assignment>now the testuser has visitor rights.

• Visitor entitlements have disappeared in Web Logic Portal console

  Hi all,
  Please help! We have an issue whereby our users no longer have permission to access parts of our web application. Upon further investigation, when looking in the Portal console under visitor entitlements, we see the following message:
  There are no visitor entitlement roles to display.
  We have checked the portal database, and can see the roles are still in there, but aren't being retrieved by the application. We can also add new roles through the console, which are persisted in the database, but these too do not show in the console.
  This had previously been working, and we are not sure what has changed.
  Please advise what further information I can provide to help resolve this!
  Kind regards,
  Mike

  Hi,
  I was able to find a white paper which discusses this topic.
  http://edocs.bea.com/wlp/docs81/whitepapers/vcr/index.html
  If this isn't helpful, please post this question to the portal newsgroup at http://newsgroups.bea.com/bea/forum.jspa?forumID=2044
  cheers
  Raj

• Access Visitor entitlements programmatically

  Hi,
  I wonder if it is possible to access (create, manage, delete) Visitor Entitlements programmatically by a Beehive control/Helper ...
  It is possible to do this for Delegated Admin roles with the DelegationRoleManagerControl control provided by Oracle. But I didn't find an equivalent to manage the Visitor Entitlements roles.
  I'm using Weblogic Portal 10.2 (Weblogic Server 10) on a JRockit R27.6.0 1.5.0_15
  Best.
  Edited by: user11804594 on 19 août 2009 02:54

  Hi
  if you want to get the list of roles for the currently logged in user thats possible.
  If you want to get the roles for any logged in user, its possible if you know what the entitlement definition is before hand. if the entitlement is based on directly assigning users to the role or groups to the role, then its fine and can be done without needing the code to know which role is which group, it can be done programmatically.
  if you have a more complicated and or clauses in the role definitiob or do not know the entitlement definition before hand then I dont think it is.
  Which scenario applies to you?

• How to configure a form based login page with entitlement role

  We need to have login page to our portal app.
  When using "form based" authentication is it possible to map the security on a
  "entitlement role" ?
  Our need is to be abled to give direct url acces to some pages of the portal (for
  exemple by sending urls like "http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_pageLabel=mypage")"
  by email to portal users) and need a simple mecanism of authentication before
  redirecting to the portal page.
  Inste

  Olivier,
  You can't reference WLP visitor roles in weblogic.xml, but you can
  reference global roles (created using the WLS console):
  - <security-role-assignment>
  <role-name>PortalSystemAdministrator</role-name>
  <externally-defined />
  </security-role-assignment>
  -Phil
  "Olivier" <[email protected]> wrote in message
  news:[email protected]..
  >
  We need to have login page to our portal app.
  When using "form based" authentication is it possible to map the securityon a
  "entitlement role" ?
  Our need is to be abled to give direct url acces to some pages of theportal (for
  exemple by sending urls like"http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_page
  Label=mypage")"
  by email to portal users) and need a simple mecanism of authenticationbefore
  redirecting to the portal page.
  Inste

• Which are the required roles/privs for viewing all scheduler jobs in OEM?

  Platform: Oracle 11.1.0.6 Enterprise Edition (64) Windows 2008 R2 Server
  - I've created a new Admin user in "OEM>Setup>Adminstrators>Create"
  - I checked the user in "OEM>Server>Users":
  CREATE USER "SA_ADMIN"
  PROFILE "DEFAULT"
  INDENTIFIED BY "saadminsa"
  DEFAULT TABLESPACE "SYSAUX"
  TEMPORARY TABLESPACE "TEMP"
  ACCOUNT UNLOCK;
  GRANT SELECT ANY DICTIONARY TO "SA_ADMIN";
  GRANT "MGMT_USER" TO "SA_ADMIN"
  - "SA_ADMIN" was granted only the permissions above.
  - I can log in OEM as "SA_ADMIN"
  - I can see OEM backup jobs and the history
  - But I cannot see any "scheduler" jobs in "OEM>Server>Jobs"
  - I get a lists of the jobs in "OEM>Scheduler Central" but I cannot display any more information of "scheduler jobs"
  - I logged off from OEM
  - I granted SCHEDULER_ADMIN role to "SA_ADMIN"
  GRANT SCHEDULER_ADMIN TO "SA_ADMIN";
  - I logged back in OEM as "SA_ADMIN
  - I can now see some scheduler jobs, but not all of the jobs, I still cannot see any of the new jobs I created logged in OEM as SYS.
  Which are the required roles/privs for viewing all scheduler jobs in OEM?

  if you grant "SYSDBA" to the new Admin user then you can see the "scheduler" jobs.
  GRANT SYSDBA TO "SA_ADMIN";
  I wanted to grant "read" access in OEM for the new user.
  This behaviour is strange.
  Without the "SYSDBA" role the new user can see the OEM backup jobs that were create in as SYS, but it cannot see the "scheduler" jobs.

• How to get entitlement role list

  How can I get the portal entitlement role list by API?
  If I use
  RolePolicyManager.listRolesForResource(String anEntAppName,
  String aWebAppName,
  String aResourceId)
  How can I specified the aResourceId such that the roles of entire portal will
  be retreived?
  Or it is just a wrong approach? Thx a lot!!
  Ken

  I can get it by calling
  String str[] = RolePolicyManager.listRolesForResource(
  ApplicationHelper.getApplicationName(),
  ApplicationHelper.getWebAppName(getRequest()),
  EntitlementConstants.P13N_ROLE_POLICY_POOL
  "Ken" <[email protected]> wrote:
  >
  How can I get the portal entitlement role list by API?
  If I use
  RolePolicyManager.listRolesForResource(String anEntAppName,
  String aWebAppName,
  String aResourceId)
  How can I specified the aResourceId such that the roles of entire portal
  will
  be retreived?
  Or it is just a wrong approach? Thx a lot!!
  Ken

• I am running Acrobat Pro 9 (9.5.5).  Do we have to purchase the new version if we  have never upgraded?  Or are we entitled to an upgrade to the latest version.

  I am running Acrobat Pro 9 (9.5.5).  Do we have to purchase the new version if we  have never upgraded?  Or are we entitled to an upgrade to the latest version.

  I am not really clear on the intention of your question.  If you are going to get the latest version you are going to purchase it.  When you go to purchase it you should be able to see if there is an option to purchase it as an upgrade from the version you currently have.  I cannot find the purchase page to check myself... I can only find the subscription option.

• Visitor entitlements in a admin extension

  Hi,
  i want to extend my portal administration console.
  Is there a way to get a list of all visitor entitlements?
  Thanks!
  Markus

  look at RolePolicyManager
  e.g.
  import com.bea.p13n.management.ApplicationHelper;
  import com.bea.p13n.entitlements.common.EntitlementConstants;
  import com.bea.p13n.entitlements.management.RolePolicyManager;
  String entAppName=ApplicationHelper.getApplicationName();
  String webAppName = ApplicationHelper.getWebAppName(request);
  String[] policies = RolePolicyManager.listRolesForResource(entAppName, webAppName, EntitlementConstants.P13N_ROLE_POLICY_POOL);

• What are the consultant roles in Upgradation or migration project

  Hello ,
  Would you please any dody help me to provide the role & responsibilities of consultant in SAP upgradation or migration project.Thanks.
  Regards,
  Sampally

  Dear Sampally,
  SAP defined a roadmap for upgrade.
  1) Project Preparation
  Analyze the actual situation
  Define the objectives
  Create the project plan
  Carry out organizational preparation for example identify the project team
  2)Upgrade Blueprint
  The system and components affected
  The mapped business processes
  The requirements regarding business data
  3)Upgrade Realization -- In this phase the solution described in the design phase is implemented in a test environment. This creates a pilot system landscape, in which the processes and all their interfaces can be mapped individually and tested on the functional basis.
  4)Final Preparation for Cutover -- Testing, Training, Minimizing upgrade risks, Detailed upgrade planning
  5)Production Cutover and Support
  The production solution upgrade
  Startup of the solutions in the new release
  Post processing activities
  Solving typical problems during the initial operation phase.
  SAP expects at least 2 to 3 months for Upgrade and that again depends on project scope and complexity and various other factors.
  STEPS IN TECHNICAL UPGRADE
  • Basis Team will do the prepare activities. (UNIX, BASIS, DBA).
  • Developer need to run the Transaction SPDD which provides the details of SAP Standard Dictionary objects that have been modified by the client. Users need to take a decision to keep the changes or revert back to the SAP Standard Structure. More often decision is to keep the change. This is mandatory activity in upgrade and avoids data loses in new system.
  • After completing SPDD transaction, we need to run SPAU Transaction to get the list of Standard SAP programs that have been modified. This activity can be done in phases even after the upgrade. Generally this will be done in same go so that your testing results are consistent and have more confident in upgrade.
  • Run SPUMG Transaction for Unicode Conversion in non-Unicode system. SPUM4 in 4.6c.
  • Then we need to move Z/Y Objects. Need to do Extended programming check, SQL trace, Unit testing, Integration testing, Final testing, Regression Testing, Acceptance Testing etc.,
  The main Category of Objects that needs to be Upgraded is –
  • Includes
  • Function Groups / Function Modules
  • Programs / Reports
  • OSS Notes
  • SAP Repository Objects
  • SAP Data Dictionary Objects
  • Domains, Data Elements
  • Tables, Structures and Views
  • Module Pools, Sub Routine pools
  • BDC Programs
  • Print Programs
  • SAP Scripts, Screens
  • User Exits
  Also refer to the links -
  http://service.sap.com
  http://solutionbrowser.erp.sap.fmpmedia.com/
  http://help.sap.com/saphelp_nw2004s/helpdata/en/60/d6ba7bceda11d1953a0000e82de14a/content.htm
  http://www.id.unizh.ch/dl/sw/sap/upgrade/Master_Guide_Enh_Package_2005_1.pdf
  Hope this helps you. Please let me know in case of any specific queries.
  Regards,
  Rakesh

• TFS 2013 TfsReports on SQL Server 2014 - rsAccessDenied Error even though all users are granted ALL Roles

  We have granted everyone all roles on our TfsReports site. However, all users (except for 2 who are TFS Admins) still get the following errors when attempting to manage the reports:
  The permissions granted to user Domain\UserName are insufficient for performing this operation. (rsAccessDenied)
  These are the roles we've granted to all "Domain Users": Browser, Content Manager, My Reports, Publisher, Report Builder, Team Foundation Content Manager.
  We can't seem to figure out what else might be missing.
  Please help.

  The issue was reported by one of the Application Support team stating that they have problems with accessing reports in Reporting Services from Team Foundation Server (TFS)
  side. By default certain users are part of local domain group having LOCAL ADMINISTRATOR privileges on TFS server, which is by default no issues for those users. Somehow there was a change in the role of certain users where ADMIN access was revoked. However
  the users are still part of SYSADMIN group, they were reported the error as follows:
  “The
  permissions granted to user ''DOMAIN\UserName'' are insufficient for performing this operation. (rsAccessDenied)”
  By default the text clarifies that no permission to access the reports and further we have set of roles defined on the Reporting
  Services, as follows: 
  http ://servername/Reports/
  Root
  BUILTIN\Administrators                  No
  access
  DOMAIN\TfsAdmins                        Content
  Manager
  DOMAIN\ReportAdmins
       Content Manager
  More
  details
  Ahsan Kabir Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread. http://www.aktechforum.blogspot.com/

• Users are created but Roles are not Provisioned in the Target System

  Hi,
  It would be great if somebody would provided solution to my problem. The problem is when I try to create the Users in Identity Managment UI then the Users are created in the Target systems but the Roles are not provisioned to the Users.
  In the provisioning job SetABAPRole&ProfileForUser,
  It is says In the Error putNextEntry failed storing
  Exception from Modify operation:com.sap.idm.ic.ToPassException: User does not exist
  MSKEY 58437
  Please note the When we create the User, the user is created however the Roles is not provisioned to the user.
  Regards,
  Hakim

  Hello Nits,
  since this thread is from 2010 and the OP was logged on last in 2012 (as you can see in the profile), I don't think you'll get an answer here.
  Please create a new thread to explain your problem (with version and SP numbers, logs etc). You can add a link to this thread to show, that the problem is similar.
  Regards,
  Steffi.

• Are Pre-defined roles available for Customizing Synchronization?

  Hello Guys,
  In the SAP Help for Solution Manager: <<http://help.sap.com/saphelp_sm40/helpdata/en/48/647e3ddf01910fe10000000a114084/content.htm>>
  it's mentioned that certain authorizations needs to be given for the involved people (admin & customizer), in both the SOLMAN & the component systems.
  Also, its said that the role Application Consultant has all authorizations which are needed to set-up the Customizing Distribution in the SAP Solution Manager system & the authorization profile S_CUS_CMP can be used in the component systems.
  But the AC role "SAP_SOL_AC_COMP" & "S_CUS_CMP" profile donot have all the necessary authorizations specified.
  E.g: Role SAP_SOL_AC_COMP doesnot have project creation authority, whereas S_CUS_CMP has only some authorizations.
  So my question is:
  Along with these two, are there any other roles/profiles which complete the gaps & are readily available for usage ?
  Last option would be to manually create & include the mentioned auth. objects.
  Thanks & Regards
  Chaitu

  Hello Chait,
  Regarding your two questions:
  1) There are seperate roles available for customizing purposes, please check note 803142 <i>Roles for satellite systems</i>. The note administration list an xls with the respective roles for customizing distribution and comparison, namely
  SAP_BC_CUS_ADMIN
  SAP_BC_CUS_CUSTOMIZER
  S_CUS_CMP
  2) What I can recommend is the quick reference for setting up Customizing Distribution which is also part of the help documentation
  http://help.sap.com/saphelp_sm40/helpdata/en/c4/533d4050d89523e10000000a1550b0/content.htm
  Regards,
  Doreen

• SRM RFC users for ERP , what are the profile/roles should be used?

  Hi All,
  I have integrated SRM and ERP systems using config wizard. Multiple rfc accounts were created automatically by the wizard but what i did was i skipped on the profile and role field because i don't know what to put. Now, I am battling on what profiles and roles should i put there since the wizard didn't do the automatic placing of authorizations and roles for me.
  here are the users that have been created automatically by the config wizard.
  ERP System:
  SRM2ERP
  SRM2ERPD
  ERPLOCAL
  SRM System:
  ERP2SRM
  ERP2SRMD
  SRMLOCAL
  Please help on what ABAP Roles and Profiles should i place to it.
  Regards,
  Tony
  Edited by: Tony on Jun 9, 2011 12:34 PM

  Hi ,
  The user should have profile SAP_ALL assigned automatically when you run the CTC script.
  Else please assign manually.
  Regards
  Sam