Assigning Role Assigner Permission

Similar Messages

• Role Assign Permission

  I am trying to check programmatically if a user has Role assign permission for a Role. The below code returns false even if the user has Role assign permission.
  IAclManager mgr = UMFactory.getAclManager();
  mgr.hasPermission(iRole.getUniqueID(),iUser, "com.sap.portal.pcd.roleservice.roles.Assign")
  Also, using getPermissionStatus() returns an undefined permission status.
  In addition to the above if the user is an administrator then the above methods return true always.
  Any help is appreciated.
  Thanks.

  Hi Raghav,
  Thanks for your response.
  The target user is a demand planner and would require to change alpha, beta and gamma factors based on changing sales trends.
  In production system, it will be risky to give model configuration permission to such users.
  Regards,
  Aditya G

• Assigning permission to SharePoint 2013 group using REST API

  Hi All,
  I was trying to assign permission to a group using REST but it failing with error message "Bad Request". Below is my REST code to assign Contribute permission to group with ID 95, It would great help if someone can help me to fix this.
  // Set permission on a specific group
  $.ajax({
  url: "<Site URL>/_api/web/roleassignments/addroleassignment(principalid=95, roledefid=1073741827)",
  type: "POST",
  contentType: "application/json;odata=verbose",
  headers: { "Accept": "application/json; odata=verbose","X-RequestDigest": $("#__REQUESTDIGEST").val(),"X-HTTP-Method": "POST" },
  success: function (data) {
  // Returning the results
  alert('Contribute permission set on group');
  alert("Error: " + JSON.stringify(data));
  error: function (data) {
  alert("Error: " + JSON.stringify(data));
  ~Harish

  Hi Harish,
  I have same problem and I just find solution for this error.
  You must set body/data to null value --> It's work for me  !!! :)
  See my code with RequestExecutor (I develop an SharePoint App)
  // Set the new role assignment for the group on the list.
          this.setNewRoleForGroup = function (listTitle, newRoleDefId, groupId) {
              var deferred = $.Deferred();
              //First we must call the EnsureSetup method
              JSRequest.EnsureSetup();
              var hostweburl = decodeURIComponent(JSRequest.QueryString["SPHostUrl"]);
              var appweburl = decodeURIComponent(JSRequest.QueryString["SPAppWebUrl"]);
              //Tip to have a title formated to REST call
              var arrayTitle = decodeURIComponent(listTitle).split("'");
              var restQueryUrl = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/GetByTitle('" + arrayTitle.join("''") + "')/roleassignments/addroleassignment(principalid=" + groupId + ",roledefid=" + newRoleDefId + ")?@target='" + hostweburl + "'";
              var executor = new SP.RequestExecutor(appweburl);
              executor.executeAsync({
                  url: restQueryUrl,
                  body: null,
                  method: "POST",
                  headers: {
                      "Content-Type": "application/json;odata=verbose",
                      "Accept": "application/json; odata=verbose",
                      "X-HTTP-Method": "POST"
                  success: function (data, textStatus, xhr) {
                      deferred.resolve({ updated: true });
                  error: function (xhr, textStatus, errorThrown) {
                      deferred.reject(JSON.parse(xhr.body).error.message.value);
              return deferred;

• Regarding assigning permission to dashboard to a catalog group in obiee 11g

  Hi All,
  i have a dashboard : trainee .
  i have created one catalog group that is: GroupA
  now i have assign some user to it.
  now i want to assign permission to the trainee dashboard to the groupA.
  i tried to do that but when i am doing login obieee by using any user that has assigned to group A.
  but i am not able to see trainee dashboard.
  can anyone tell me the steps for doing it.

  Hi,
  http://www.varanasisaichand.com/2011/03/obiee-11g-security-creating-users-and.html
  hope it helps
  Thanks,
  satya

• We can assign permission to the users in Secure Zone?

  Hi BC Partners
  I have a qestion about Secure Zone
  For Secure Zone users we can assign permission to them, such as assign them upload or edit content in Secure Zone?
  Regard
  TY

  Hey there,
  It does not work like that.
  A seurezone gains access to a zone area, and thus the landing page and content assigned to that zone. Nothing more nothing less. They can not upload or edit content to your site through the securezone. The only thing they can edit and update are their details or if they have submitted web app items and you have allowed them to edit these or submit them.

• BI Publisher - SuperUser not able to acces Roles and Permission Page

  I have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
  But
  1. SuperUser is not able to access Roles and Permission.
  2. I'm not able to access the BI Answers Catalog.
  I also have a doubt about the BI Server Admin. Is it the RPD Admin?
  Kindly Help

  I have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
  But
  1. SuperUser is not able to access Roles and Permission.
  2. I'm not able to access the BI Answers Catalog.
  I also have a doubt about the BI Server Admin. Is it the RPD Admin?
  Kindly Help

• User Profiles, Roles and  Permission folder empty

  Hi,
  We installed Peoplesoft 8.49 Apps 9.0, and 10G Oracle on Windows 2003, everything working perfectly except User profiles and Roles and Permission Folders
  I have ran AE scripts well, even then we are not able to browse those sections
  Any help much appreciated
  Thanks

  >
  We installed Peoplesoft 8.49 Apps 9.0, and 10G Oracle on Windows 2003, everything working perfectly except User profiles and Roles and Permission Folders
  >
  What do you mean by this? What is not working? What are you expecting and what is happening?

• Windows 2008 R2 Folder assign permission "Read and Write" problem with *.doc file

  Hello All,
  I am a new one here,
  I am sorry for any mistakes and also my english is so poor.
  M Brother company runing Windows 2008 R2 as Active Directory...
  We have folder Name: Admin
  and in this folder, there are alot documents files as : *.doc, *.dwg, *.txt etc.....
  All user accesing to these files and they can open to edit and save...
  One day my brother want me to set Admin folder for all users just"Read and Write.." mean they still can open files to edit and save... but can't delete..
  I did success with this..
  But only one thing happen.. when they open *.doc file to edit and attempting to save, the message alert" access denide " and they can only "SAVE AS"...We don't want "Save as"
  Could you show me how can we fix error with *.doc file while they trying to save? because it allow only save as.. but other files as *.text file or *.dwg they can save without problem..
  Could expert here ever face this issues and fix by yourself, please share me with this..
  Please help me..
  Best regards,

  Hi,
  Office programs are specific. They will create a temp file when edit, then the temp file will be deleted when close. So Delete permission is needed for users to saving Office files like Excel/Word.
  For more detaile information, please refer to the thread below:
  Special Permissions - User cannot save files
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/721fb2f1-205b-46e5-a3dc-3029e5df9b5b/special-permissions-user-cannot-save-files
  Best Regards,
  Mandy 
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Help Desk Assign permission on mailboxes script

  Exchange sp3
  Outlook 2010 sp1
  I've come up with a script to give to the help desk that will save me from having to do lots of remedial work. The script gives the full access permission and send-as on a mailbox.
  This script works but for some reason I cannot get the input window to appear on my screen
  Here it is.
  [void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
  $Identity = Read-Host "= [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name of the Mailbox", "Username")"
  $user = read-Host "Enter the name that will have full access rights"
  $AccessRights = read-host [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name that will have full access rights", "Name")
  $ExtendedRights = Read-Host [Microsoft.VisualBasic.Interaction]::InputBox ("Enter the Extended Rights")
  [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”)
  [system.Windows.Forms.MessageBox]::show("$Identity $user", "MyTitle")
  Add-MailboxPermission -Identity $Identity -User $user -AccessRights $AccessRights
  Add-ADPermission -Identity (Get-Mailbox $Identity).DistinguishedName -User $user  -ExtendedRights $ExtendedRights
  Help please,
  alexis

  The following worked for me
  [void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
  #$Identity = Read-Host "= [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name of the Mailbox", "Username")"
  $Identity = [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name of the Mailbox", "Username")
  #$user = read-Host "Enter the name that will have full access rights"
  $user = [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name that will have full access rights", "Name")
  #$AccessRights = read-host [Microsoft.VisualBasic.Interaction]::InputBox ("Enter the name that will have full access rights", "Name")
  $AccessRights = [Microsoft.VisualBasic.Interaction]::InputBox("Enter the permissions", "Name")
  #$ExtendedRights = Read-Host [Microsoft.VisualBasic.Interaction]::InputBox ("Enter the Extended Rights")
  $ExtendedRights = [Microsoft.VisualBasic.Interaction]::InputBox("Enter the Extended Rights")
  [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”)
  [system.Windows.Forms.MessageBox]::show("$Identity $user","MyTitle")
  Add-MailboxPermission -Identity $Identity -User $user -AccessRights $AccessRights
  Add-ADPermission -Identity (Get-Mailbox $Identity).DistinguishedName -User $user  -ExtendedRights $ExtendedRights

• Oracle BI Groups, Roles and permission through external Table

  Hi,
  We are using SSo integration with Oracle BI 10g. We need to fetch the roles , permission and groups through an external table to our Oracle BI Dashboard. Please let me know if this is possible.
  Thanks,
  Aditya Arya

  Thanks a lot shru.
  I have achieved this User authentication through external table but the roles, groups and permissions are assigned inside Oracle BI only. I need to get the roles from an external database table and map the users in that database only. I do not want to use the administration screen in Oracle BI to achieve this.
  Also, I need to know what is the OBIEE variable i can use to override roles, as we use USER for adding a new user and the values that can be used to map the permissions.
  Thanks,
  Aditya Arya

• Roles and Permission

  Hi,
    I would like to understand the concept of permission a little better.
    I have create a Role and assigned it to the a newly creeated test user. The User has only one other role 'eu_role' ( SAP's Standard user role).
    When I look into the permission editor for the custom role the only user that have end user box as checked is system_admin_role.
  My point is since the user ( to whom this role is assigned) doesn't belong to the super_admin category, he should not see the Role when he logs in. However the role is appearing as the user logs in.
    In that circumstances , I am failing to understand the function of the permision provided in the permission editor,
  Can any bosy help?
  Thanks
  Arun

  Hi,
  I am sorry if I confused both of you.
  Here is my point.
    I created an user( say usr01) and by default this user is already assigned the eu_role( actually by default the user is assigned to group 'Everyone' which inturn is assigned to this role 'eu_role') . Now I have created another Role ( SAY role1) and assigned it the user usr01.
  Now when the user usr01 logs in the menus related to role1 appears. please look at the permission editor set up as shown below
  Name                 Administrator   end user
  Administrator          none            Not checked
  content_admin_role     Read            Not checked
  Everyone               Read            Everyone
  super_admin_role       Owner           checked
  system_admin_role      Full control    Not checked
  user_admin_role        none            Not checked
  Dose any of the above setting influence whether the usr01 will be able to see the role after loging to the portal. Can we change the permission in such a way so that despite being asigned to the role role1 the user usr01 IS NOT ABLE to access/see the menu items for the role
  In otherword what are the significance of the settings above in th epermision editor for the role.
  Thanks
  Arun

• How to create a report of users in ucm about their roles and permission

  Hi All ,
  I need to create a report and it should contain all the users in ucm as well as their roles and permissions. Basically the report would be for the admin who can see all the users in a single report and can know about the roles and access of each and every users.
  How to create such report ?? I have tried from web layuot editor but the default report template i.e stdUserReport in user datasource does not contain more than three fields..Is there any method to get such kind of report???
  Please suggest!!

  There was an example component to demonstrate this kind of function. Under Stellent in version 7.5
  I do not know if they hand it out anymore but it is not on the standard samples page for Oracle. You may want to open a Support SR to ask for it. It should still be around in their servers if they can get permission to hand it out as a sample again.
  Sample CustomReports component to demonstrate how to create customized reports
  CustomReportsBundle.zip
  Date:     October 30, 2006
  Sample Version:     version=2006_10_20 (build 1)
  Product and Version:     Content Server
  Sample Status:     This is a Stellent Sample. Stellent Samples are free and include non-supported add-ons, utilities, tutorials or programming examples. It may require additional configuration or security auditing for maximum effect. It is not supported by Stellent without a consulting engagement.

• Security-role and security-role-assignment not working in WL7.0

  Hello all..
  Some EJB components that worked fine in WebLogic 6.1 no longer work in
  WL7.0. It has to do with the security-role and security-role-assignment
  descriptor elements no longer allowing anonymous users to be included in the
  authorization for a bean.
  For example, in WL6.1 placing these items in ejb-jar.xml:
  <assembly-descriptor>
  <security-role>
  <role-name>Employees</role-name>
  </security-role>
  <method-permission>
  <role-name>Employees</role-name>
  <method>
  <ejb-name>CustomerEJB</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
  <security-role-assignment>
  <role-name>Employees</role-name>
  <principal-name>guest</principal-name>
  <principal-name>system</principal-name>
  </security-role-assignment>
  worked fine for clients creating their context using a simple
  InitialContext() constructor without specifying SECURITY_PRINCIPAL or
  SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
  the security-role-assignment element above told WebLogic that "guest" was in
  the Employees role for purposes of this EJB archive.
  Worked in WL6.1, no longer works in WL7.0. Client receives typical
  permission exception:
  java.rmi.AccessException: Security violation: insufficient permission to
  access method 'create'
  If I explicity connect as "system" things are fine, or I can create a new
  user in the default realm in WebLogic, put a matching <principal-name>
  element in the section above, and connect as that user. Note that if I leave
  off the <security-role> section completely, or set the required role name to
  "everyone", the anonymous access works fine. Apparently the anonymous user
  is a member of "everyone" behind the scenes even though "everyone" does not
  appear in the realm list of groups or roles.
  So, my question boils down to this: Is there a "magic" username in WL7 like
  "guest" was in WL6.1 that can be mapped to the required role name, or must
  every client connection use a true weblogic-created user with appropriate
  role assignments used to map it to the required role name.
  -Greg
  P.S. Note that none of the EJB examples provided with WL used
  <security-role>..
  Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
  www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

  Below are the screen shots for PFCG:

• Assign Group permission to list item using client object model

  Hi,
     I am trying to add the list item and assign the permission to the list item by using SP 2010 client object model. The problem which i am facing that when i assign the group as a permission to the item, by automatically the limited access permission
  is added to the group. Please find the steps which i have followed,
  Step-1: Break role inheritance.
   foreach (var item in _listItemCollection)
                          if (item["FileLeafRef"].ToString().ToLower() == "xxx")
                              item.BreakRoleInheritance(true, false);
                              _clientContext.Load(item.RoleAssignments);
                              _folderItem = item;
  _clientContext.ExecuteQuery();
  Step 2: Remove all permissions of the list item.
     foreach (var assignment in _folderItem.RoleAssignments)
                      assignment.RoleDefinitionBindings.RemoveAll();
                      assignment.Update();
  _clientContext.ExecuteQuery();
  Step 3:
      Add Group as a permission to the list item.
    var role = _web.RoleDefinitions.GetByType(RoleType.Contributor);
                  var collRdb = new RoleDefinitionBindingCollection(_clientContext) { role };
                  Principal principal = _grp;
                  _folderItem.RoleAssignments.Add(principal, collRdb);
                  _folderItem.Update();
  _clientContext.ExecuteQuery();
      After adding the group successfully to the list item, i checked the group permission and it contains the value as "Contribute,Limited Access" to the site level and "Contribute" to the list item. Please guide me how to avoid to create Contribute,Limited
  Access role.
  Balaji

  Hi Dmitry,
    When I create the group and assign contribute permission, the group has the permission at the site level(to see the permission, click group and click view Group Permission).  I have added the list item and break the role inheritance permission
  and given the unique permission by providing group as a permission to the list item. After providing the permission, the group permission at the site level changed to "Contribute, Limited Access". I dont know how contribute permission changed to contribute,
  limited access.
  I found the workaround to fix this issue. I created the group and create the folder in the shared document library by using client object model. Due to facing some issue by providing the permission using client object model, i have created the event receiver
  to the document library and using server object model, i can able to assign the approprate group permission.
  Balaji

• Where do I assign what permissions a role admin person has on the portal server?

   

  Hi,
  The Portal server admin or Domain administrator of that role can assign permission to a role admin as follows.
  Goto: Adminconsole > Managedomains > Domain name > Role > role admin > policy
  In the "Policy Module" you can specify whatever permissions you wants to assign to the role admin.
  Thanks,
  Raj_indts
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support