Assigning Role Assigner Permission
Hi,
I've been going through the Enterprise Portal APIs for a way to assign Role Assigner Permission on a Role to a User, but i haven't been able to find one.
Can someone please guide me on how to do it?
Thanks,
Mayank
Thanks Michael,
I tried with the following code:
initPcdCtx = new InitialContext(env);
initPcdCtx = BRUtil.GetPCDContext(csc.Persistence);
IPcdContext myPcdContext =(IPcdContext)
initPcdCtx.lookup(Role); // Loading the context with the Role
IAclHandle myHandle = myPcdContext.getAclHandle();
IAcl ownAcl = myHandle.getOwnAcl();
if (ownAcl == null)
msg = "Currently no ACL - attempting to create it";
myHandle.createAcl(LoginID,myHandle.getParentAclHandle().getOwnAcl());
ownAcl = myHandle.getOwnAcl();
ownAcl.createAclEntry(LoginID, Role, "allow");
But it's failing in the createAcl statement. I get a java.lang.ClassCastException.
If I load the myPcdContext object with the user loginID instead of the role, then I get an exception saying "Child not found" .
Am I missing something here? Thanks for all your help.
- Mayank
Similar Messages
-
I am trying to check programmatically if a user has Role assign permission for a Role. The below code returns false even if the user has Role assign permission.
IAclManager mgr = UMFactory.getAclManager();
mgr.hasPermission(iRole.getUniqueID(),iUser, "com.sap.portal.pcd.roleservice.roles.Assign")
Also, using getPermissionStatus() returns an undefined permission status.
In addition to the above if the user is an administrator then the above methods return true always.
Any help is appreciated.
Thanks.Hi Raghav,
Thanks for your response.
The target user is a demand planner and would require to change alpha, beta and gamma factors based on changing sales trends.
In production system, it will be risky to give model configuration permission to such users.
Regards,
Aditya G -
Assigning permission to SharePoint 2013 group using REST API
Hi All,
I was trying to assign permission to a group using REST but it failing with error message "Bad Request". Below is my REST code to assign Contribute permission to group with ID 95, It would great help if someone can help me to fix this.
// Set permission on a specific group
$.ajax({
url: "<Site URL>/_api/web/roleassignments/addroleassignment(principalid=95, roledefid=1073741827)",
type: "POST",
contentType: "application/json;odata=verbose",
headers: { "Accept": "application/json; odata=verbose","X-RequestDigest": $("#__REQUESTDIGEST").val(),"X-HTTP-Method": "POST" },
success: function (data) {
// Returning the results
alert('Contribute permission set on group');
alert("Error: " + JSON.stringify(data));
error: function (data) {
alert("Error: " + JSON.stringify(data));
~HarishHi Harish,
I have same problem and I just find solution for this error.
You must set body/data to null value --> It's work for me !!! :)
See my code with RequestExecutor (I develop an SharePoint App)
// Set the new role assignment for the group on the list.
this.setNewRoleForGroup = function (listTitle, newRoleDefId, groupId) {
var deferred = $.Deferred();
//First we must call the EnsureSetup method
JSRequest.EnsureSetup();
var hostweburl = decodeURIComponent(JSRequest.QueryString["SPHostUrl"]);
var appweburl = decodeURIComponent(JSRequest.QueryString["SPAppWebUrl"]);
//Tip to have a title formated to REST call
var arrayTitle = decodeURIComponent(listTitle).split("'");
var restQueryUrl = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/GetByTitle('" + arrayTitle.join("''") + "')/roleassignments/addroleassignment(principalid=" + groupId + ",roledefid=" + newRoleDefId + ")?@target='" + hostweburl + "'";
var executor = new SP.RequestExecutor(appweburl);
executor.executeAsync({
url: restQueryUrl,
body: null,
method: "POST",
headers: {
"Content-Type": "application/json;odata=verbose",
"Accept": "application/json; odata=verbose",
"X-HTTP-Method": "POST"
success: function (data, textStatus, xhr) {
deferred.resolve({ updated: true });
error: function (xhr, textStatus, errorThrown) {
deferred.reject(JSON.parse(xhr.body).error.message.value);
return deferred; -
Regarding assigning permission to dashboard to a catalog group in obiee 11g
Hi All,
i have a dashboard : trainee .
i have created one catalog group that is: GroupA
now i have assign some user to it.
now i want to assign permission to the trainee dashboard to the groupA.
i tried to do that but when i am doing login obieee by using any user that has assigned to group A.
but i am not able to see trainee dashboard.
can anyone tell me the steps for doing it.Hi,
http://www.varanasisaichand.com/2011/03/obiee-11g-security-creating-users-and.html
hope it helps
Thanks,
satya -
We can assign permission to the users in Secure Zone?
Hi BC Partners
I have a qestion about Secure Zone
For Secure Zone users we can assign permission to them, such as assign them upload or edit content in Secure Zone?
Regard
TYHey there,
It does not work like that.
A seurezone gains access to a zone area, and thus the landing page and content assigned to that zone. Nothing more nothing less. They can not upload or edit content to your site through the securezone. The only thing they can edit and update are their details or if they have submitted web app items and you have allowed them to edit these or submit them. -
BI Publisher - SuperUser not able to acces Roles and Permission Page
I have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
But
1. SuperUser is not able to access Roles and Permission.
2. I'm not able to access the BI Answers Catalog.
I also have a doubt about the BI Server Admin. Is it the RPD Admin?
Kindly HelpI have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
But
1. SuperUser is not able to access Roles and Permission.
2. I'm not able to access the BI Answers Catalog.
I also have a doubt about the BI Server Admin. Is it the RPD Admin?
Kindly Help -
User Profiles, Roles and Permission folder empty
Hi,
We installed Peoplesoft 8.49 Apps 9.0, and 10G Oracle on Windows 2003, everything working perfectly except User profiles and Roles and Permission Folders
I have ran AE scripts well, even then we are not able to browse those sections
Any help much appreciated
Thanks>
We installed Peoplesoft 8.49 Apps 9.0, and 10G Oracle on Windows 2003, everything working perfectly except User profiles and Roles and Permission Folders
>
What do you mean by this? What is not working? What are you expecting and what is happening? -
Windows 2008 R2 Folder assign permission "Read and Write" problem with *.doc file
Hello All,
I am a new one here,
I am sorry for any mistakes and also my english is so poor.
M Brother company runing Windows 2008 R2 as Active Directory...
We have folder Name: Admin
and in this folder, there are alot documents files as : *.doc, *.dwg, *.txt etc.....
All user accesing to these files and they can open to edit and save...
One day my brother want me to set Admin folder for all users just"Read and Write.." mean they still can open files to edit and save... but can't delete..
I did success with this..
But only one thing happen.. when they open *.doc file to edit and attempting to save, the message alert" access denide " and they can only "SAVE AS"...We don't want "Save as"
Could you show me how can we fix error with *.doc file while they trying to save? because it allow only save as.. but other files as *.text file or *.dwg they can save without problem..
Could expert here ever face this issues and fix by yourself, please share me with this..
Please help me..
Best regards,Hi,
Office programs are specific. They will create a temp file when edit, then the temp file will be deleted when close. So Delete permission is needed for users to saving Office files like Excel/Word.
For more detaile information, please refer to the thread below:
Special Permissions - User cannot save files
http://social.technet.microsoft.com/Forums/windowsserver/en-US/721fb2f1-205b-46e5-a3dc-3029e5df9b5b/special-permissions-user-cannot-save-files
Best Regards,
Mandy
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Help Desk Assign permission on mailboxes script
Exchange sp3
Outlook 2010 sp1
I've come up with a script to give to the help desk that will save me from having to do lots of remedial work. The script gives the full access permission and send-as on a mailbox.
This script works but for some reason I cannot get the input window to appear on my screen
Here it is.
[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
$Identity = Read-Host "= [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name of the Mailbox", "Username")"
$user = read-Host "Enter the name that will have full access rights"
$AccessRights = read-host [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name that will have full access rights", "Name")
$ExtendedRights = Read-Host [Microsoft.VisualBasic.Interaction]::InputBox ("Enter the Extended Rights")
[System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”)
[system.Windows.Forms.MessageBox]::show("$Identity $user", "MyTitle")
Add-MailboxPermission -Identity $Identity -User $user -AccessRights $AccessRights
Add-ADPermission -Identity (Get-Mailbox $Identity).DistinguishedName -User $user -ExtendedRights $ExtendedRights
Help please,
alexisThe following worked for me
[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
#$Identity = Read-Host "= [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name of the Mailbox", "Username")"
$Identity = [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name of the Mailbox", "Username")
#$user = read-Host "Enter the name that will have full access rights"
$user = [Microsoft.VisualBasic.Interaction]::InputBox("Enter the name that will have full access rights", "Name")
#$AccessRights = read-host [Microsoft.VisualBasic.Interaction]::InputBox ("Enter the name that will have full access rights", "Name")
$AccessRights = [Microsoft.VisualBasic.Interaction]::InputBox("Enter the permissions", "Name")
#$ExtendedRights = Read-Host [Microsoft.VisualBasic.Interaction]::InputBox ("Enter the Extended Rights")
$ExtendedRights = [Microsoft.VisualBasic.Interaction]::InputBox("Enter the Extended Rights")
[System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”)
[system.Windows.Forms.MessageBox]::show("$Identity $user","MyTitle")
Add-MailboxPermission -Identity $Identity -User $user -AccessRights $AccessRights
Add-ADPermission -Identity (Get-Mailbox $Identity).DistinguishedName -User $user -ExtendedRights $ExtendedRights -
Oracle BI Groups, Roles and permission through external Table
Hi,
We are using SSo integration with Oracle BI 10g. We need to fetch the roles , permission and groups through an external table to our Oracle BI Dashboard. Please let me know if this is possible.
Thanks,
Aditya AryaThanks a lot shru.
I have achieved this User authentication through external table but the roles, groups and permissions are assigned inside Oracle BI only. I need to get the roles from an external database table and map the users in that database only. I do not want to use the administration screen in Oracle BI to achieve this.
Also, I need to know what is the OBIEE variable i can use to override roles, as we use USER for adding a new user and the values that can be used to map the permissions.
Thanks,
Aditya Arya -
Hi,
I would like to understand the concept of permission a little better.
I have create a Role and assigned it to the a newly creeated test user. The User has only one other role 'eu_role' ( SAP's Standard user role).
When I look into the permission editor for the custom role the only user that have end user box as checked is system_admin_role.
My point is since the user ( to whom this role is assigned) doesn't belong to the super_admin category, he should not see the Role when he logs in. However the role is appearing as the user logs in.
In that circumstances , I am failing to understand the function of the permision provided in the permission editor,
Can any bosy help?
Thanks
ArunHi,
I am sorry if I confused both of you.
Here is my point.
I created an user( say usr01) and by default this user is already assigned the eu_role( actually by default the user is assigned to group 'Everyone' which inturn is assigned to this role 'eu_role') . Now I have created another Role ( SAY role1) and assigned it the user usr01.
Now when the user usr01 logs in the menus related to role1 appears. please look at the permission editor set up as shown below
Name Administrator end user
Administrator none Not checked
content_admin_role Read Not checked
Everyone Read Everyone
super_admin_role Owner checked
system_admin_role Full control Not checked
user_admin_role none Not checked
Dose any of the above setting influence whether the usr01 will be able to see the role after loging to the portal. Can we change the permission in such a way so that despite being asigned to the role role1 the user usr01 IS NOT ABLE to access/see the menu items for the role
In otherword what are the significance of the settings above in th epermision editor for the role.
Thanks
Arun -
How to create a report of users in ucm about their roles and permission
Hi All ,
I need to create a report and it should contain all the users in ucm as well as their roles and permissions. Basically the report would be for the admin who can see all the users in a single report and can know about the roles and access of each and every users.
How to create such report ?? I have tried from web layuot editor but the default report template i.e stdUserReport in user datasource does not contain more than three fields..Is there any method to get such kind of report???
Please suggest!!There was an example component to demonstrate this kind of function. Under Stellent in version 7.5
I do not know if they hand it out anymore but it is not on the standard samples page for Oracle. You may want to open a Support SR to ask for it. It should still be around in their servers if they can get permission to hand it out as a sample again.
Sample CustomReports component to demonstrate how to create customized reports
CustomReportsBundle.zip
Date: October 30, 2006
Sample Version: version=2006_10_20 (build 1)
Product and Version: Content Server
Sample Status: This is a Stellent Sample. Stellent Samples are free and include non-supported add-ons, utilities, tutorials or programming examples. It may require additional configuration or security auditing for maximum effect. It is not supported by Stellent without a consulting engagement. -
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
Assign Group permission to list item using client object model
Hi,
I am trying to add the list item and assign the permission to the list item by using SP 2010 client object model. The problem which i am facing that when i assign the group as a permission to the item, by automatically the limited access permission
is added to the group. Please find the steps which i have followed,
Step-1: Break role inheritance.
foreach (var item in _listItemCollection)
if (item["FileLeafRef"].ToString().ToLower() == "xxx")
item.BreakRoleInheritance(true, false);
_clientContext.Load(item.RoleAssignments);
_folderItem = item;
_clientContext.ExecuteQuery();
Step 2: Remove all permissions of the list item.
foreach (var assignment in _folderItem.RoleAssignments)
assignment.RoleDefinitionBindings.RemoveAll();
assignment.Update();
_clientContext.ExecuteQuery();
Step 3:
Add Group as a permission to the list item.
var role = _web.RoleDefinitions.GetByType(RoleType.Contributor);
var collRdb = new RoleDefinitionBindingCollection(_clientContext) { role };
Principal principal = _grp;
_folderItem.RoleAssignments.Add(principal, collRdb);
_folderItem.Update();
_clientContext.ExecuteQuery();
After adding the group successfully to the list item, i checked the group permission and it contains the value as "Contribute,Limited Access" to the site level and "Contribute" to the list item. Please guide me how to avoid to create Contribute,Limited
Access role.
BalajiHi Dmitry,
When I create the group and assign contribute permission, the group has the permission at the site level(to see the permission, click group and click view Group Permission). I have added the list item and break the role inheritance permission
and given the unique permission by providing group as a permission to the list item. After providing the permission, the group permission at the site level changed to "Contribute, Limited Access". I dont know how contribute permission changed to contribute,
limited access.
I found the workaround to fix this issue. I created the group and create the folder in the shared document library by using client object model. Due to facing some issue by providing the permission using client object model, i have created the event receiver
to the document library and using server object model, i can able to assign the approprate group permission.
Balaji -
Where do I assign what permissions a role admin person has on the portal server?
Hi,
The Portal server admin or Domain administrator of that role can assign permission to a role admin as follows.
Goto: Adminconsole > Managedomains > Domain name > Role > role admin > policy
In the "Policy Module" you can specify whatever permissions you wants to assign to the role admin.
Thanks,
Raj_indts
Developer Technical Support
Sun Microsystems
http://www.sun.com/developers/support
Maybe you are looking for
-
IPhoto freezes upon photo deletion
I just updated iPhoto 09 when prompted this morning. The program now freezes when I attempt to move or delete photos. I have had to force quit several times. Some photos I can delete and others I cannot; it is then the program freezes. Any suggestion
-
Lost serial number and hadn't registered
i bought elements 11 last year.. didn't get around to using it. didn't register it. now i need to use it i only have the disc not the box as the kids opened it and threw it away. i bought it from amazon. i can't get any help on the adobe chat support
-
Views in Project administration !!
Dear Friends, I am trying to find what's the use of views in System landscape tabon solar_project_admin. I understand u all might be busy. plz if possible refer me some documents that would give me details of it. trnx in advance.
-
Como puedo descargar el software
Buenas tardes,tengo problemas para descargar Adobe
-
Since upgrading to LIon, my computers will not recognize my camera. iPhoto does not open up when the camera is connected, but I can open iPhoto and any library that I have saved on an external hard drive. Any ideas on how to get the computer to see