Assigning roles through procedure

Similar Messages

• Assign Roles through Custom Reconciliation

  Hi Experts,
  I am looking for a way to assign roles to a user through custom reconciliation. This requirement is part of the reconciliation process which also includes updating the application instance account status for the linked user(which I have done successfully). Please suggest some ways to implement this with the help of api methods. There are no child forms involved.
  Thanks,
  Subin

  For API's,
  You can use this in your recon code and call it when needed,
  You can first find the role key for role details from RoleManager's methods.
  Then, use method grantResource of RoleManager to assign the role to the user.
  Finally you can check the status of addition from RoleManagerResult API.
  Please use the following API references to code,
  http://docs.oracle.com/cd/E23549_01/apirefs.1111/e17334/oracle/iam/identity/rolemgmt/api/RoleManager.html
  http://docs.oracle.com/cd/E23549_01/apirefs.1111/e17334/oracle/iam/identity/rolemgmt/vo/Role.html
  http://docs.oracle.com/cd/E23549_01/apirefs.1111/e17334/oracle/iam/identity/rolemgmt/vo/RoleManagerResult.html
  Edited by: Shashi kiran on Apr 19, 2013 3:15 PM

• Assigning roles dynamically through an application

  We have an application being written in PowerBuilder 7.0.3 which accesses an Oracle 8.0.5 database running on OpenVMS. Is there a way to dynamically assign roles through the application to ensure that no modifications are made outside of the application?
  Thanks

  The use of dynamic roles for security is a very bad idea! Even if you set a password on the role, determining the name and the password for the role is trivial. Just open the binary using notepad, and search for "set role" and the password is right there.
  The only way to securely design your application is to place the controls in the database where they can not be manipulated. Use stored procedures, functions, and views!
  HTH,
  Aaron C. Newman
  AppProtect, Inc.

• Assign biz role through CRM -SU01 and display page at portal

  HI, SDN Fellows.
  I am creating some custom portal roles at portal and mapped it to the custom business roles for some PCUI screens at crmc_blueprint_c --> "Assign Portal Role to Single Role" ("Assignment of CRM Role to Portal Role").
  Currently, our portal UME data source is mapped to CRM system.
  Right now, I have to assign both the CRM Role through SU01(to have access the CRM Object Method at CRM-PCUI application) and Portal Role through User Admin of WAS/portal (to access/display the PCUI iView in the portal).
  My goal is to just assign role through CRM-SU01 and achieve the same output as I described above. Meaning can I just do the role assignment for the CRM role (through SU01) and able to access to the CRM-PCUI application through portal (able to see the pcui screen)?
  Thanks,
  Kent

  What I want is when I assign a role (Sales Manager) said user A in CRM system, userA should able to see the related workset/page/iviews in the portal (without the need to assign the same: Sales Manager role in portal).
  Now, what I have to do is assign the related objects into a single/composite roles in CRM (for backend data access), then I have to assign a portal role (through User Admin of Portal, so that they can see the portal content),
  is that a way we can do it in one step?
  Thanks,
  Kent

• Assign role request through code not going to Operational level

  Hi All
  We are trying to assign roles through code using the OIM API's as suggested in the documentation
  "http://docs.oracle.com/cd/E27559_01/doc.1112/e28183/oim_up.htm#autoId40".
  We have 2 Approval policies one is at Request Level (i.e. Auto Approval) and the other is Operational level(Scope=ALL Scope) with workflow, So once the request is getting raised with the code successfully it is getting completed. The expected behavior is that it should go to the approval workflow attached at operational level.
  When we tried to attach a workflow at the request level, the request is going through Approval workflow attached at request level and once we approve at request level it is getting completed and not going to operational level.
  But we will have Request level as auto approved and Operational level with two level of Workflow.
  Thanks in Advance

  Check whether you have configured Request Type in your approval policy properly for operational level approval. In the Rule Components section check whether you have configured everything correctly. Also dont raise the request from system admin login as it will be treated as a direct provisioning request and your approval policies will not be invoked. Login through an end-user and test it

• Assigning roles to LDAP users through BIP API

  Hi.
  My customer has BIP 11g and OIM 9.1.0.2 running on the same weblogic server (11g). Both authenticate against the same LDAP server.
  One of our desired next steps is to provision from OIM the BIP roles to each LDAP user so every user gets the correct roles (and access to the correct reports) according to the groups he has on OIM.
  I've been searching for info regarding this without success. The BIP API doc does not show any info about assigning roles to users.
  We don't need to manage LDAP users, BIP roles, etc... through OIM. We only need to assign BIP roles to LDAP users.
  Is it possible to make that assignments through BIP API?
  If not, any other ideas? New ideas or different approaches are welcome.
  Thanks in advance.

  In OBIEE 11g which includes BIP the application roles are applied to LDAP users and groups using the Enterprise Manager Fusion Control.
  During the upgrade process from OBIEE 10g to OBIEE 11g the groups do get assigned to these roles transparently so there must be some API to leverage this functionality.
  I would start there, http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10541/admin_api.htm
  There are no specific instructions on accomplishing what you seek but if you have some WLST or Java Skills you should be able to get something prototyped.
  Let me know if that helps.

• Problem assigning internet user Role through portal

  Hi All,
  Please could someone help me with the following:
  I am creating a registration process that creates a new CRM Business partner with contact person and internet user roles. When i run the Bapi from with in CRM everything works fine however when i run my jsp dynpage application and call the same bapi, the internet user that i create does not have any of the logon details or roles. Does anyone know why this is? i am using the same user when running in crm and the portal.
  Many thanks in advance
  Calvin

  Hi Sunil,
  Thanks for your reply. answers to your questions:
  1. Yes, all portal users are maintained and have the same roles as CUA users. Portal authenticates against CUA.
  2. Yes the user is created correctly on the backend. i have created a BAPI that creates users, BP's and assigns roles. This Bapi works perfectly when run in CRM but as soon as it is accessed via the portal the internet user role does not have all the required information.
  Many thanks
  Calvin

• UMX- assigning roles

  Has anyone had any experience with oracle's User Management (UMX)? Any examples?
  Specifically calling the procedure to assign roles to users.
  UMX_PUB.assign_role()
  How does this work...is the attribute_name the role name?
  Is there a table with these values out there?
  Any help is much appreciated.

  Hi
  I have had a lot of experience with UMX, but only from the 'front end'.
  UMX integrates with some of the modules in EBS, but not all of them! It also integrates in different ways with the modules which do understand it.
  UMX is all about defining roles, and allocating permissions to users of those roles.
  There are 2 parts to UMX. Function security and Data security.
  Function security grants permissions to menu functions. For example, menu ABC has functions A, B, C, through to Z. You could have 2 users, USER A and USER B. USER A has ROLE 1 and USER B has ROLE 2. You could allocate the same responsibility (and therefore menu) to both users, but allocate permissions to functions A, B and C to USER 1 while allocating functions X, Y and Z to USER 2.
  Data security is about creating objects which are 'sets' of data. So, you could have a data security 'permission' which grants access to records 1-1000 and another permission which grants access to records 1001-2000. By granting different data permissions to roles, you can control what data users can access.
  The problem is that UMX only works with a few modules (OLM, AME and not surprisingly UMX itself). AME uses both function and data security, while OLM only uses function security.
  This is a really powerful tool, but it would take far to long to discuss in any more detail here! I'd be happy to discuss further offline. My email address is available on my user profile.
  Hope this helps (if only a bit).
  Regards
  Tim

• One CUP request for assigning role to multiple users

  Hi,
  We assign roles to users in production only through CUP requests.. We use GRC 5.3
  Here we have a case where we need to assign one role to  60 users in production(each user may have different  roles assigned in the back end) . I can raise one CUP request for all users using " multi-user" option in Copy request . But when we want to make a risk analysis , it will not show risks at user level as each user had different roles and may get different risks by adding new role.
  Instead it will give risks if any for only that new role which want to assign. Our manager is not accepting as this is not giving complete picture of risks for each user when we add new role.
  Please suggest me if there is any other way where I can make a risk analysis for each user when I created a CUP request for multiple users.
  Or the only solution is to create 60 CUP requests ?? this would be too manual
  Regards ,
  jaags

  Raghu,
  thanks for the reply, you are right as per the audit .But suppose if it is for 200 users ,creating 200 CUP requests will be impractical right.
  there should be some solution for this , because there will be many situations practically where we have to assign roles to N number of users.
  Is this possible in GRC 10 ? any idea ?
  Regards,
  Jaags

• Assign roles to Org. Structure elements

  Hello Experts
  I,m trying to assign roles to elements of the Organizational Structure (positions, organizational units) so, when we assing a Business Partner with employee role (with a specific user) to a position, it gets all the roles of that position automatically.
  In a previous thread I have seen the following procedure:
  PFCG > Edit a rol > user tab > Org. Management button > Create assignment > Position > Select a position from combo > Create
  But in my case the Org. Management button looks not active.
  Is there some preliminary activity to do?
  Thanks in advance.
  Ceers,
  Alan

  Resolved.
  The system only displays this pushbutton if you have defined an
  active plan variant in the current client, the prerequisite fir
  using Organization Management. If you have not defined this
  active plan variant, you cannot see Org. Management .
  Otherwise, you should choose "Full view" at the start of the transaction.
  Bye,
  Alan

• Assigning roles to Queries

  I have created a query which is a look alike of a similar query. I need to assign it the same roles as the original one.
  My questions:
  1. How do I see that to what roles the original queries are assigned?
  2.How do I assign the same roles to my query now?
  3. I have created the query and right now it is in Favorites folder. I want to know whether I need to remove it from there ?
  4. Also, I have not placed the query in a workbook. Is it mandatory to place it in a workbook before assigning it the concerned roles ? If yes, then how do I place it in a workbook ?
  Please guide me stepwise. I will be very thankful to you all.
  Sufficient points will be assigned.
  Regards,
  Srinivas

  Dear Srinivas D Rao  ,
  1)Go to Metadata Repository and select "Query". Find your query with CTRL+F and click on it. Assigned roles are displayed at the bottom of the page.
  if you cannot find with that way or you need to know more than one query in 'one go', you can try
  table RSRREPDIR type in queries technical name to field COMPID (use arrow icon 'multiple selection) to get COMPUID, then go to table AGR_HIER SAP_GUID = COMPUID, AGR_NAME is the role name
  2)To assign the roles to queries you will have to query designer open query-> select the query which you want to assign and in the top there is option for the roles....it's third or 2nd from left.
  once you click it will take you to the roles already existing in your system.
  just chose the role to which you want to assign and click OK.
  Before that... if you have no roles in your system...then you will have to create through t-code PFCG.
  3)Favourite folder is your own place and it will be shown only to your groups.. so i think its not necessary to remove from favourities folder..
  4)If you place the query in Workbook,then it will be easy to assign roles and authorization to it...
  Note:
  Suppose you have to test and validate the queries that are created then , for example you can have a role named test and validation and you can assign the queries to that role and you can add the users who can access these queries in that role.
  Broadcast roles
  we can broadcast to the roles.When u do like that all the users who are in that role will receive that.In the information broadcasting screen, under receipents u have to select the value for USER IN ROLE.
  [Data Protection guide|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4b1f472a-0a01-0010-76a3-8f7b81d95c59]

• How to trigger approval request for resources after assigning role

  Hi,
  We have a use case where we need to assign resources to user via assigning roles.
  In order to achive this use case
  1. we have created a role and assigned the access policy to it which contain the resources to be provisioned once the role is assigned to the user.
  2. Created a SOA composite having manager approval and assigned this composite to a approval policy of type 'Assign Role'.
  3. I am already having the approval policy for the resources which are present in roles. The approval policy of resources is of type "Provision Resource".
  4. Also the SOA composite for resource apporal is deployed in OIM and assigned to the approval policy.
  5. Now when I am raising the request from OIM of type "Assign Role" the approval defined in the SOA composite for Role approval gets triggered. After approving the role request the role is assigned to the user and also the resources defined in the access policy gets provisioned to teh user account.
  Now I want to trigger the resource approval process after the role approval instead of directly provisioning the resources. So that once the role is approved the individual Approval Process of resources part of roles should also gets invoked. Based on the approval or rejection of resources approval, the resource gets assigned to the user.
  Please let me know how to achieve the above use case.
  Thanks in advance

  Access policy is saying whoever gets xyz role, will get this abc resource. Now once a user gets xyz role, you are stopping to get abc resource? both are contradictory. Don't go through access policy. User is anyway going to request for roles. Modify your flow and make user request for resource. Have your composite and approval policy attached. User will get resource once it is approved.
  regards,
  GP

• API method to Assign Role to an Organisation

  Hi,
  i want to assign role to organisation through API. Is anybody aware which API method should be used for it?

  Christian, currently there is no API option to display a single adapter configuration dialog. Your only option is to create a custom dialog that uses the LabVIEWAdapter API interface to expose the settings of interest.

• How to assign roles to users using WL api?

  Hi,
  We have a requirement to allow creation of new users through application screens and assign groups and roles to those users.
  My users will exist in external LDAP server while my groups and roles will exist in embedded LDAP server. Using WL APIs i am able to create users and add them to groups using the code peices given below:
  ========================================
            userProviderControl.createUserSimple(form.userID, form.password);
            groupProviderControl.addUserToGroup(ocnGroup, form.userID);
  ========================================
  How do i assign roles to this new user programatically?
  If i add a role from console (Home > Realm Roles > Summary of Security Realms > myrealm > Realm Roles -> Global Roles) and edit role condition to add this newly created user then i it works fine. I want to achieve the same i.e. edit role condition programatically.
  Any help will be greatly appreciated.
  Thanks,

  Problem Solved !!!
  The data-type conversion needs to be performed in the SPML2 Person Form. Add a Field called waveset.roles and map it to the SPML2 attribute name being used in ur client. It's best done through a rule.....
  If anybody is facing similar problem and need more details....please email me @ [email protected]

• Assign roles to SSO integrated users

  Hello everyone,
  I'm trying to assign roles to SSO users but I can't. I achieved it with local and LDAP users, but not for SSO users (I want to use my AD users but without LDAP config)
  My platform is vCenter 5.5 U1 for SSO, vCAC appliance + IaaS server, and vCAD appliance. When you register your vCAD with vCAC you can use SSO integrated authentication of vCAC. But, how can I assign roles to SSO users?
  I can access to vCAD with AD users through SSO integrated authentication but all options are read-only.
  Best regards,
  Jose Luis Gomez

  Hello everyone,
  Auto-response.
  When you've registered your vCAD with vCAC, new roles appears in vCAC. This roles are:
  Application Architect
  Application Catalog Administrator
  Application Cloud Administrator
  Application Publisher And Deployer
  Application System Administrator
  You can apply this roles to users or groups but always from vCAC --> Administration --> Groups/Users
  Best regards,
  Jose Luis Gomez