Assign Roles through Custom Reconciliation

Similar Messages

• Assigning roles through procedure

  Dear All ,
  i have a role select_on_all_tables, i want to create a procedure to assign the SELECT previlleges on
  all tables to this role, how to do this?
  Thanks & Regards
  Edited by: Muhammad on Feb 20, 2010 3:10 AM

  Hello,
  You may use the following procedure:
  CREATE OR REPLACE PROCEDURE grant_select (u_granted VARCHAR2) IS
        TYPE RefCurTyp IS REF CURSOR;
        cv   RefCurTyp;
        sql_cv      VARCHAR2(400);
        obj         VARCHAR2(128);     
        sql_stmt    VARCHAR2(200);
        usr_granted VARCHAR2(30);
     BEGIN
        usr_granted:=u_granted;
        sql_cv := 'SELECT A.table_name FROM user_tables A';
        OPEN cv FOR sql_cv;
        LOOP
           FETCH cv INTO obj;
           EXIT WHEN cv%NOTFOUND;
           sql_stmt := 'GRANT SELECT ON '||obj||' TO '||usr_granted;
           EXECUTE IMMEDIATE sql_stmt;
        END LOOP;
        CLOSE cv;
     END;
  /Then, connected on the Oracle User owner of Tables, you issue the following statement:
  EXECUTE grant_select('SELECT_ON_ALL_TABLES');Hope this help.
  Best regards,
  Jean-Valentin
  Edited by: Lubiez Jean-Valentin on Feb 20, 2010 2:24 PM

• Assign biz role through CRM -SU01 and display page at portal

  HI, SDN Fellows.
  I am creating some custom portal roles at portal and mapped it to the custom business roles for some PCUI screens at crmc_blueprint_c --> "Assign Portal Role to Single Role" ("Assignment of CRM Role to Portal Role").
  Currently, our portal UME data source is mapped to CRM system.
  Right now, I have to assign both the CRM Role through SU01(to have access the CRM Object Method at CRM-PCUI application) and Portal Role through User Admin of WAS/portal (to access/display the PCUI iView in the portal).
  My goal is to just assign role through CRM-SU01 and achieve the same output as I described above. Meaning can I just do the role assignment for the CRM role (through SU01) and able to access to the CRM-PCUI application through portal (able to see the pcui screen)?
  Thanks,
  Kent

  What I want is when I assign a role (Sales Manager) said user A in CRM system, userA should able to see the related workset/page/iviews in the portal (without the need to assign the same: Sales Manager role in portal).
  Now, what I have to do is assign the related objects into a single/composite roles in CRM (for backend data access), then I have to assign a portal role (through User Admin of Portal, so that they can see the portal content),
  is that a way we can do it in one step?
  Thanks,
  Kent

• Assigning roles dynamically through an application

  We have an application being written in PowerBuilder 7.0.3 which accesses an Oracle 8.0.5 database running on OpenVMS. Is there a way to dynamically assign roles through the application to ensure that no modifications are made outside of the application?
  Thanks

  The use of dynamic roles for security is a very bad idea! Even if you set a password on the role, determining the name and the password for the role is trivial. Just open the binary using notepad, and search for "set role" and the password is right there.
  The only way to securely design your application is to place the controls in the database where they can not be manipulated. Use stored procedures, functions, and views!
  HTH,
  Aaron C. Newman
  AppProtect, Inc.

• Assign role request through code not going to Operational level

  Hi All
  We are trying to assign roles through code using the OIM API's as suggested in the documentation
  "http://docs.oracle.com/cd/E27559_01/doc.1112/e28183/oim_up.htm#autoId40".
  We have 2 Approval policies one is at Request Level (i.e. Auto Approval) and the other is Operational level(Scope=ALL Scope) with workflow, So once the request is getting raised with the code successfully it is getting completed. The expected behavior is that it should go to the approval workflow attached at operational level.
  When we tried to attach a workflow at the request level, the request is going through Approval workflow attached at request level and once we approve at request level it is getting completed and not going to operational level.
  But we will have Request level as auto approved and Operational level with two level of Workflow.
  Thanks in Advance

  Check whether you have configured Request Type in your approval policy properly for operational level approval. In the Rule Components section check whether you have configured everything correctly. Also dont raise the request from system admin login as it will be treated as a direct provisioning request and your approval policies will not be invoked. Login through an end-user and test it

• Assigning roles to LDAP users through BIP API

  Hi.
  My customer has BIP 11g and OIM 9.1.0.2 running on the same weblogic server (11g). Both authenticate against the same LDAP server.
  One of our desired next steps is to provision from OIM the BIP roles to each LDAP user so every user gets the correct roles (and access to the correct reports) according to the groups he has on OIM.
  I've been searching for info regarding this without success. The BIP API doc does not show any info about assigning roles to users.
  We don't need to manage LDAP users, BIP roles, etc... through OIM. We only need to assign BIP roles to LDAP users.
  Is it possible to make that assignments through BIP API?
  If not, any other ideas? New ideas or different approaches are welcome.
  Thanks in advance.

  In OBIEE 11g which includes BIP the application roles are applied to LDAP users and groups using the Enterprise Manager Fusion Control.
  During the upgrade process from OBIEE 10g to OBIEE 11g the groups do get assigned to these roles transparently so there must be some API to leverage this functionality.
  I would start there, http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10541/admin_api.htm
  There are no specific instructions on accomplishing what you seek but if you have some WLST or Java Skills you should be able to get something prototyped.
  Let me know if that helps.

• Problem assigning internet user Role through portal

  Hi All,
  Please could someone help me with the following:
  I am creating a registration process that creates a new CRM Business partner with contact person and internet user roles. When i run the Bapi from with in CRM everything works fine however when i run my jsp dynpage application and call the same bapi, the internet user that i create does not have any of the logon details or roles. Does anyone know why this is? i am using the same user when running in crm and the portal.
  Many thanks in advance
  Calvin

  Hi Sunil,
  Thanks for your reply. answers to your questions:
  1. Yes, all portal users are maintained and have the same roles as CUA users. Portal authenticates against CUA.
  2. Yes the user is created correctly on the backend. i have created a BAPI that creates users, BP's and assigns roles. This Bapi works perfectly when run in CRM but as soon as it is accessed via the portal the internet user role does not have all the required information.
  Many thanks
  Calvin

• API method to Assign Role to an Organisation

  Hi,
  i want to assign role to organisation through API. Is anybody aware which API method should be used for it?

  Christian, currently there is no API option to display a single adapter configuration dialog. Your only option is to create a custom dialog that uses the LabVIEWAdapter API interface to expose the settings of interest.

• Assignment Field In Customer Line Item While Credit Note - SD

  When Invoice is been Generated through SD , assignment field in Customer Line item is getting SD Invoice number.
  But while Generating Credit Note through SD , it is taking Customer
  Account number in teh same field. What could be the reason ?
  We need Credit memo number in the said field.
  thanks in advance.

  Visu
  These configurations come from the copy controls. In the Copy controls you need to assign the correct requirements, allocation number and the reference number. For the copy controls for your crredit memo document, you need to change it similar to your billing document settings. The transaction code for this is VTFA and VTFL. Hope this helps.
  I found a similar thread for your reference in the SDN.
  Assignment Field - Accounting Document
  Let me know if you need anything else on the same.
  Karthik

• One CUP request for assigning role to multiple users

  Hi,
  We assign roles to users in production only through CUP requests.. We use GRC 5.3
  Here we have a case where we need to assign one role to  60 users in production(each user may have different  roles assigned in the back end) . I can raise one CUP request for all users using " multi-user" option in Copy request . But when we want to make a risk analysis , it will not show risks at user level as each user had different roles and may get different risks by adding new role.
  Instead it will give risks if any for only that new role which want to assign. Our manager is not accepting as this is not giving complete picture of risks for each user when we add new role.
  Please suggest me if there is any other way where I can make a risk analysis for each user when I created a CUP request for multiple users.
  Or the only solution is to create 60 CUP requests ?? this would be too manual
  Regards ,
  jaags

  Raghu,
  thanks for the reply, you are right as per the audit .But suppose if it is for 200 users ,creating 200 CUP requests will be impractical right.
  there should be some solution for this , because there will be many situations practically where we have to assign roles to N number of users.
  Is this possible in GRC 10 ? any idea ?
  Regards,
  Jaags

• UMX- assigning roles

  Has anyone had any experience with oracle's User Management (UMX)? Any examples?
  Specifically calling the procedure to assign roles to users.
  UMX_PUB.assign_role()
  How does this work...is the attribute_name the role name?
  Is there a table with these values out there?
  Any help is much appreciated.

  Hi
  I have had a lot of experience with UMX, but only from the 'front end'.
  UMX integrates with some of the modules in EBS, but not all of them! It also integrates in different ways with the modules which do understand it.
  UMX is all about defining roles, and allocating permissions to users of those roles.
  There are 2 parts to UMX. Function security and Data security.
  Function security grants permissions to menu functions. For example, menu ABC has functions A, B, C, through to Z. You could have 2 users, USER A and USER B. USER A has ROLE 1 and USER B has ROLE 2. You could allocate the same responsibility (and therefore menu) to both users, but allocate permissions to functions A, B and C to USER 1 while allocating functions X, Y and Z to USER 2.
  Data security is about creating objects which are 'sets' of data. So, you could have a data security 'permission' which grants access to records 1-1000 and another permission which grants access to records 1001-2000. By granting different data permissions to roles, you can control what data users can access.
  The problem is that UMX only works with a few modules (OLM, AME and not surprisingly UMX itself). AME uses both function and data security, while OLM only uses function security.
  This is a really powerful tool, but it would take far to long to discuss in any more detail here! I'd be happy to discuss further offline. My email address is available on my user profile.
  Hope this helps (if only a bit).
  Regards
  Tim

• Assign role, group to Human Task when initiated

  Hi all,
  Currently, when user login to BPM and create new task instance, i can get roles and groups of that user by programming. I want to assign roles of user to that task instance dynamically when user click SUBMIT button (Because i want to restrict users belong role are able to do this task, each user belong to a role and group can do it).
  Somebody help?
  Thanks.

  Hi Ming
  1. If you want to intercept any Actions from a Task like Save, Submit, Approve, Reject etc, you can create your own class like MyAppTaskValidationCallback that implements oracle.bpel.services.workflow.task.ITaskValidationCallback and in this overwrite one method named validateTaskOperation(bunch of parameters). See APIs for this.
  In this method, you can get the action performed on the task. Also you can get the complete Payload of the Task including your custom payload and the standard Task Payload stuff like History, Attachments, Comments etc. You can write some simple XML Parser utility methods to get and set attributes in the Payload xsd schema. So in your case, in this method, get Roles, Groups of the logged in user. Check the action performed. If he is not allowed to do that operation, throw the error from this method. Else continue with your logic. To begin with create java class like above, add this code snippet and just explore the data.
  Now, just curious. If your requirement is really to control the actions based on User Role/Groups, did you try to use the out of box functionality and avoid this custom logic. Say for BPM Applications, we have Swimlanes / Roles. Only users belonging to that Role, can work on that Tasks. Try to use out of box stuff as much as possible, unless you really need custom assignment logic.
  Thanks
  Ravi Jegga
  Just giving the code snippet to get an idea. But do refer the online APIs for more information.
  public void validateTaskOperation(ITaskValidationCallback.TaskAction taskAction, IWorkflowContext iWorkflowContext, Task task, Map<String, Object> parameters, Locale locale, List<String> errors) {
  try {
    Element taskPayload = task.getPayloadAsElement();
    String taskTitle;
    String taskOutcome;
    SystemAttributesType taskSystemAttributes = task.getSystemAttributes();         
    taskTitle = task.getTitle();
    System.out.println("MyAppTaskValidationCallback::validateTaskOperation() Begin For TaskTitle: " + taskTitle + " -> TaskAction: " + taskAction + " -> Parameters:\n" + parameters);
    if(taskAction == TaskAction.ACQUIRE) {
        System.out.println("Inside ACQUIRE");
        //parameters.put("AcquiredBy", iWorkflowContext.getUser());
    } else if(taskAction == TaskAction.OUTCOME_UPDATE) {
      System.out.println("Inside OUTCOME_UPDATE");
  } catch (Exception anException) {
    anException.printStackTrace();
  }

• Compensation Specialist Role through MSS

  Hi All,
  We have new requirement to build Compensation Specialist role through MSS instead of using Default ECC Compensation Specialist role and Compensation Specialist business Package role.
  This is My Requirement, if i am login as an MSS Compensation Specialist role in my SAP Portal, i need to able to see all employees in that Organization Structure and i need to able to plan and update for employees instead of planning for only my direct employees as a manager.
  Even though i am in first level, second level or top level manager, that doesn't matter.
  My question is only the thing is how to create the custom evaluation path, Object Selection Rules and Object Selection.
  If any one has been completed this configuration, please help me with step by step.
  Thanks in Advance.
  Regards,
  Abhiram.

  Hi Bala,
  Nice to see your reply, my client wants from MSS itself instead of the Business Package role etc. He wants to Manage Compensation Specialist Role responsibilities through MSS itself.
  Here we are using completely customized OADP for my MSS Components, i did the whole customization, every thing is working fine. Now i have to do this one also. My client is very much interested on this one.
  If you know the solution please share with me.
  Thanks in advance.
  Regards,
  Abhiram

• Assigning roles to Queries

  I have created a query which is a look alike of a similar query. I need to assign it the same roles as the original one.
  My questions:
  1. How do I see that to what roles the original queries are assigned?
  2.How do I assign the same roles to my query now?
  3. I have created the query and right now it is in Favorites folder. I want to know whether I need to remove it from there ?
  4. Also, I have not placed the query in a workbook. Is it mandatory to place it in a workbook before assigning it the concerned roles ? If yes, then how do I place it in a workbook ?
  Please guide me stepwise. I will be very thankful to you all.
  Sufficient points will be assigned.
  Regards,
  Srinivas

  Dear Srinivas D Rao  ,
  1)Go to Metadata Repository and select "Query". Find your query with CTRL+F and click on it. Assigned roles are displayed at the bottom of the page.
  if you cannot find with that way or you need to know more than one query in 'one go', you can try
  table RSRREPDIR type in queries technical name to field COMPID (use arrow icon 'multiple selection) to get COMPUID, then go to table AGR_HIER SAP_GUID = COMPUID, AGR_NAME is the role name
  2)To assign the roles to queries you will have to query designer open query-> select the query which you want to assign and in the top there is option for the roles....it's third or 2nd from left.
  once you click it will take you to the roles already existing in your system.
  just chose the role to which you want to assign and click OK.
  Before that... if you have no roles in your system...then you will have to create through t-code PFCG.
  3)Favourite folder is your own place and it will be shown only to your groups.. so i think its not necessary to remove from favourities folder..
  4)If you place the query in Workbook,then it will be easy to assign roles and authorization to it...
  Note:
  Suppose you have to test and validate the queries that are created then , for example you can have a role named test and validation and you can assign the queries to that role and you can add the users who can access these queries in that role.
  Broadcast roles
  we can broadcast to the roles.When u do like that all the users who are in that role will receive that.In the information broadcasting screen, under receipents u have to select the value for USER IN ROLE.
  [Data Protection guide|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4b1f472a-0a01-0010-76a3-8f7b81d95c59]

• How to trigger approval request for resources after assigning role

  Hi,
  We have a use case where we need to assign resources to user via assigning roles.
  In order to achive this use case
  1. we have created a role and assigned the access policy to it which contain the resources to be provisioned once the role is assigned to the user.
  2. Created a SOA composite having manager approval and assigned this composite to a approval policy of type 'Assign Role'.
  3. I am already having the approval policy for the resources which are present in roles. The approval policy of resources is of type "Provision Resource".
  4. Also the SOA composite for resource apporal is deployed in OIM and assigned to the approval policy.
  5. Now when I am raising the request from OIM of type "Assign Role" the approval defined in the SOA composite for Role approval gets triggered. After approving the role request the role is assigned to the user and also the resources defined in the access policy gets provisioned to teh user account.
  Now I want to trigger the resource approval process after the role approval instead of directly provisioning the resources. So that once the role is approved the individual Approval Process of resources part of roles should also gets invoked. Based on the approval or rejection of resources approval, the resource gets assigned to the user.
  Please let me know how to achieve the above use case.
  Thanks in advance

  Access policy is saying whoever gets xyz role, will get this abc resource. Now once a user gets xyz role, you are stopping to get abc resource? both are contradictory. Don't go through access policy. User is anyway going to request for roles. Modify your flow and make user request for resource. Have your composite and approval policy attached. User will get resource once it is approved.
  regards,
  GP