Assigning users to role using Security API

Hi,
I am trying to assign portal users to portal role using the IRoleFactory and IRole class of Secutiy API from my web dynpro application.
For getting the role , i can use either the uniqueId of the role or the uniqueName of the role.(Using methods of IRole class, getRole(uid) or getRoleByUniqueName(uname)).
The UniqueId of roles contains some hash values and cannot be used. For example ROLE.PCD_ROLE_PERSISTENCE.6dT95vZpyNWQHm59z7B9FxAM/fg=.
And the for getting the role using the uniqueName, i need to give like pcd:portal_content/other_vendors/<folder name>/<my prefix>.<rolename>. Which is also not feasible.
Is there any way to get the role only using the role name that we give while creating it?
Thanks and Regards,
Venkat

Hi,
     Check if this helps.
try  {
     IRoleFactory rfact = UMFactory.getRoleFactory();
     IRoleSearchFilter isf = rfact.getRoleSearchFilter();
     isf.setDisplayName ("*",ISearchAttribute.LIKE_OPERATOR,false);
     ISearchResult rit = rfact.searchRoles(isf);
     while(rit.next()!=null){
         String roleName = (String) rit.next();
         IRole role = rfact.getRole(roleName);
         response.write("nRole:" + role.getUniqueName());
  }catch(Exception e){
       response.write("exception");
U will get list of roles. U can pass these directly or use String tokenizer to separate the role name alone using '.' as separator.
Regards,
Vijai

Similar Messages

  • Error -5002 when adding linked user defined field using DI API

    Hello,
    When I try to add a linked user defined field using DI API I get the error number -5002 with description:
    "The field 'Related Table' should consist of 8 alphanumeric characters with no valid or default values"
    I Get the error when I use the Add method.
    What is the solution for this problem? I use SBO 2005 A SP1 Patch 18
    The code I use is (.NET C# 2.0):
    SAPbobsCOM.IUserFieldsMD uf = (SAPbobsCOM.IUserFieldsMD)company.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oUserFields);
    uf.Name = "S_BUCO";
    uf.TableName = "OPOR";
    uf.Type = SAPbobsCOM.BoFieldTypes.db_Memo;
    uf.SubType = SAPbobsCOM.BoFldSubTypes.st_Link;
    uf.LinkedTable = "S_BU";
    uf.Description = "Description";
    uf.Add()
    Regards,
    Jeffrey

    Hi Jeffrey,
    Your code above does not match the settings you are using in the UI. In particular, the type and subtype you are setting in code are not correct.
    To create the UDF via code, set the field types as follows:
    SAPbobsCOM.IUserFieldsMD uf = (SAPbobsCOM.IUserFieldsMD)company.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oUserFields);
    uf.Name = "S_BUCO";
    uf.TableName = "OPOR";
    uf.Type = SAPbobsCOM.BoFieldTypes.db_Alpha;
    uf.EditSize = 8;
    uf.LinkedTable = "S_BU";
    uf.Description = "Description";
    uf.Add()
    There's no need to set the SubType property as you require a regular alphanumeric field.
    Kind Regards,
    Owen

  • Create User in OID using Java API

    I read the documentation, read javadoc for Java API for OID, but still am not clear "how can I create a user in OID using Java API for OID."
    It tells us how to create a java object User, but then how do we write this object to OID ?
    I searched every where, metalink, forums, google...and am still looking for answere...
    Thanks in Advance
    Cheers
    Puneet

    I did it using the Novell LDAP java api:
    import com.novell.ldap.*;
    public class LdapAdmin {
    public static final String ldap_base = "dc=your,dc=company,dc=com";
    public static final String ldap_user_base = "cn=Users," + ldap_base;
    public static final String ldap_portal_base = "cn=PORTAL_GROUPS,cn=Groups," + ldap_base;
    public static final String ldap_extended_base = "cn=Extended Properties,cn=OracleContext," + ldap_base;
    public static final String ldap_dbdomain_base = "cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext," + ldap_base;
    public static final String ldap_context_base = "cn=COMMON,cn=OracleDBAppContext," + ldap_dbdomain_base;
    private static final String default_ldap_host = "infrastructure.your.company.com";
    private static final int default_ldap_port = 4032;
    private static final String default_ldap_login = "cn=orcladmin," + ldap_user_base;
    private static final String default_ldap_pwd = "welcome1";
    private static final String default_user_pwd = "secret";
    private static final String[] personclass_values = { "top", "person", "organizationalPerson", "inetOrgPerson", "orcluser", "orcluserv2" };
    public static LDAPConnection getConnection (String host, int port, String user, String pwd) {
    LDAPConnection lc = new LDAPConnection();
    try {
    lc.connect(host,port);
    lc.bind(user,pwd);
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in getConnection: "+lex.getResultCode()+"-"+lex.getLDAPErrorMessage());
         return lc;
    public static LDAPConnection getConnection (String host, int port) {
    LDAPConnection lc = new LDAPConnection();
    try {
    lc.connect(host,port);
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in getConnection: "+lex.getResultCode()+"-"+lex.getLDAPErrorMessage());
         return lc;
    public static LDAPConnection getConnection (String user, String pwd) {
    LDAPConnection lc = new LDAPConnection();
    try {
    lc.connect(default_ldap_host,default_ldap_port);
    lc.bind(user,pwd);
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in getConnection: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
    lex.printStackTrace();
         return lc;
    public static LDAPConnection getConnection () {
    return getConnection(default_ldap_host,default_ldap_port);
    public static void bind (LDAPConnection conn, String user, String pwd) {
    try {
    conn.bind(user,pwd);
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in bind: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
    lex.printStackTrace();
    private static void bind (LDAPConnection conn) {
    bind(conn,default_ldap_login,default_user_pwd);
    public static void modifyAttribute (LDAPConnection conn, String dn, String attr, String val, int mod) {
    LDAPAttribute attribute = new LDAPAttribute(attr,val);
    LDAPModification[] modification = new LDAPModification[] { new LDAPModification(mod,attribute) };
    try {
    conn.modify(dn,modification);
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in modifyAttribute: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
    public static void modifyAttribute (LDAPConnection conn, String dn, String attr, String val) {
    modifyAttribute(conn,dn,attr,val,LDAPModification.REPLACE);
    public static void addAttribute (LDAPConnection conn, String dn, String attr, String val) {
    modifyAttribute(conn,dn,attr,val,LDAPModification.ADD);
    public static void deleteAttribute (LDAPConnection conn, String dn, String attr, String val) {
    modifyAttribute(conn,dn,attr,val,LDAPModification.DELETE);
    public static void deleteEntry (LDAPConnection conn, String dn) {
    try {
    conn.delete(dn);
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in deleteEntry: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
    public static boolean isValidDn(LDAPConnection conn, String dn) {
    try {
    LDAPSearchResults res = conn.search(dn);
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in deleteEntry: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
    return false;
    public static void createPerson (LDAPConnection conn, String net_id, String lname, String fname, String office, String email, String id, String fullname) {
         LDAPAttributeSet attributeSet = new LDAPAttributeSet();
    attributeSet.add(new LDAPAttribute("cn", net_id));
    attributeSet.add(new LDAPAttribute("sn", lname));
    attributeSet.add(new LDAPAttribute("objectclass", personclass_values));
    attributeSet.add(new LDAPAttribute("l", office));
    attributeSet.add(new LDAPAttribute("mail", email));
    attributeSet.add(new LDAPAttribute("employeeNumber", id));
    attributeSet.add(new LDAPAttribute("givenName", fname));
    attributeSet.add(new LDAPAttribute("uid", net_id));
    // attributeSet.add(new LDAPAttribute("fullName", fullname));
    attributeSet.add(new LDAPAttribute("orclpkcs12hint", default_user_pwd));
    attributeSet.add(new LDAPAttribute("orclpassword", VerifyPassword.getHash(net_id,default_user_pwd)));
    attributeSet.add(new LDAPAttribute("userpassword", default_user_pwd));
    attributeSet.add(new LDAPAttribute("orcldefaultprofilegroup", "cn=DEFAULT,"+ldap_portal_base));
    LDAPEntry entry = new LDAPEntry("cn="+net_id+","+ldap_user_base,attributeSet);
    try {
    conn.add(entry);
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in createPerson: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
    public static void updatePerson (LDAPConnection conn, String net_id, String lname, String fname, String office, String email, String id, String fullname) {
    LDAPModification[] mod = new LDAPModification[8];
    mod[0] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("cn", net_id));
    mod[1] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("sn", lname));
    mod[2] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("l", office));
    mod[3] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("mail", email));
    mod[4] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("employeeNumber", id));
    mod[5] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("givenname", fname));
    mod[6] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("fullName", fullname));
    mod[7] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("uid", net_id));
    try {
    conn.modify("cn="+net_id+","+ldap_user_base,mod);
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in updatePerson: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
    public static void main (String[] args) {
    try {
    LDAPConnection conn = getConnection(default_ldap_login,default_ldap_pwd);
    // updatePerson(conn,"ID1","Somebody","Joe","CLE","[email protected]","1","Joe Somebody 2");
    // modifyAttribute(conn,"cn=ID1,"+ldap_user_base,"fullName","Joe Somebody",LDAPModification.REPLACE);
    // modifyAttribute(conn,"cn=ID1,"+ldap_user_base,"displayName","Joe Somebody");
    createPerson(conn,"ID1","Somebody","Joe","CLE","[email protected]","1","Joe Somebody");
    // deleteEntry(conn,"cn=ID1,"+ldap_user_base);
    conn.disconnect();
    } catch (LDAPException lex) {
    System.out.println("LDAP Error in main: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
    }

  • AppServer: problems trying to add users to roles in security dialog

    I'm trying to learn J2EE using AppServer. My current example has a client accessing
    an entity bean. I want two classes of user - Reader, and Updater. Most methods
    of Home and Remote are accessible to both classes, a few are restricted to users
    in Updater role. I'm currently having problems adding users to roles in deploytool.
    I have defined users using the Admin client.
    I have implemented and test run client and entity bean without security restrictions, it works.
    I have defined roles associated with the application.
    I have allocated roles to every method in Home and Remote interface of bean.
    I have extracted the generated XML file and checked the <assembly-descriptor> section and
    it appears that all roles and role descriptions are defined as required.
    deploytool lets me use the "Security Role Mapping" dialog, I can select either of my roles and
    try "Add user to role" - subsequent dialog shows my users and allows me to "Map user to role" -
    but selected user does NOT appear in the user names panel.
    What am I doing wrong or what am I omitting? Hints please!

    Thanks for suggestions. (I'm using Windows so file-protections pretty
    non-existent).
    I looked in the Sun file you mentioned and found the users were defined.
    When I restarted AppServer and deploytool, the users were shown in the appropriate
    panel.
    There is probably some minor bug in deploytool that causes the User Panel not
    to be updated as it should be after a user has been added to a role.

  • About assigning users to role

    Hi all.
    Could I assign users to a role by web dynpro callable object?
    I mean , there is a inputfield in web dynpro view,if I enter a name ,will call some methods to assign the name to a role.

    Hi
    Ya it is possible through IRole and IUser API, take help form following thread and code
    1.[GP|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e3f07a7a-0601-0010-ebbd-b9cfb445b814]
    2.[example how to Call to IUSer and IRole|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e0957cb6-5103-2a10-6d9d-a0a4d68c8bf1]
    3. In second thread the user data is populated here you have to put your code
              example IRole  role;
                         role.addUserMember(arg0)
                            role.removeUserMember(arg0)
    Hope you will come to the solution.
    Best Regards
    Satish Kumar

  • Reg:Assigning users to roles dynamically

    Hi all,
       i've different set of users for whom i can assign the roles based on their functionality. But the thing is that i can create them  and add delta links in the portal. But i don't want to do this  as manually .. and let me know in detail UME...
    Can we assign roles to users based on some logic or conditions.If yes ...Please direct me how to do it..
    Reply awaited....
    Regards,
    sitara
    Edited by: sitara kola on Mar 8, 2008 2:47 PM

    I do not know if this works for you but you can use virtual groups to automatically assign users to groups. Say you want to group users by department. Create virtual groups for the department attribute. Then assign the roles you want to assign to the marketing virtual group and the sales virtual group. When you create a new user and assign them to the marketing department, the user is automatically assigned to the marketing group as recieves the required roles.
    See the documentation: http://help.sap.com/saphelp_nw04s/helpdata/en/43/fcfa2942ed7067e10000000a1553f6/frameset.htm
    -Michael

  • Reseeding cache for users with role based security

    I have role based security and trying to set up cache by purging all cache and later seeding cache by query. The query would be different for different users. What is the best way to purge all cache and reseed cache for administrator as well as all users. The EPT would purge cache based on updated tables. But how do I next go about reseeding cache for better performance to all the users. Thanks.

    I have created an ibot with the following:
    General - Normal Priority, Personalized (recipient's data visibility)
    Conditional Request - example_report
    Schedule - some schedule
    Recipients - Me(administrator) and User1
    Destinations - Oracle BI Server cache
    when the ibot runs 2 cache entries are created (for the 2 recipients).
    I have the report (example_report) on the dashboard (1 dashboard, 1 page, 1 report).
    After the ibot runs:
    When the administrator logs in first, there is a cache hit on the report. Followed by when the User1 logs in there is NO cache hit.
    On the other hand when the User1 logs in first, there is a cache hit on the report. Followed by when the administrator logs in there is no cache hit. The query log creates a Query issued to the database instead of cache hit on query.
    The User1 has a data level security.
    Please let me know where was I making an error in setting the ibot and how to get the cache seeding work for the different users with different role based security.
    Thanks for your inputs.

  • Users are not removed from role using UME API

    Hello,
    I am using this code to remove users from a batch of roles that I have.
    Everything is running OK, no exception is thrown and at the System.out I see all the actions that needs to be taken correctly. The problem is that if I'll go later to one of the roles the users are still assigned to it. Any idea what I'm doing wrong here?
    try
    IRoleFactory roles = UMFactory.getRoleFactory();
    IUserFactory users = UMFactory.getUserFactory();
    IRoleSearchFilter filter = roles.getRoleSearchFilter();
    filter.setUniqueName("<My_filter>", ISearchAttribute.LIKE_OPERATOR, false);
    ISearchResult sresult = roles.searchRoles(filter);
    if ( sresult.getState() == ISearchResult.SEARCH_RESULT_OK )
         while(sresult.hasNext())
         String id = (String)sresult.next();
         IRole role = UMFactory.getRoleFactory().getMutableRole(id);
         Iterator i = role.getUserMembers(false);
         while (i.hasNext())
                         String uid = (String)i.next();
              IUser user = users.getUser(uid);
              role.removeUserMember(user.getUniqueName());
              System.out.println("Removed user: " + user.getUniqueName() + " from role: " + role.getDisplayName());
         role.save();
         role.commit();
    catch (Exception e)
         manager.reportException(new WDNonFatalException(e), false);

    Solved it!
    It needs the FQDN User ID...

  • Dinamicaly assign Worksets, Pages, iViews to a Role using the APIs ?

    Hi,
    Has someone built a Role via Webdynpro coding?
    Hope someone has done it and could help.
    Thanx in advanced!
    Kind Regards,
    Gerardo J

    Hi Shanti,
    thanx alot for the help! actually folowing documentation in the help.sap.com I found this:
    "PCD Roles: These are semantic objects that represent collections of content that can be assigned to a user.
    There is no public API for accessing these roles."
    here I paste the link
    http://help.sap.com/saphelp_nw70/helpdata/en/44/43863b2e641193e10000000a155369/frameset.htm
    I Guess then is no way to modify the Role via API to achieve this, or this is only on 7.0 and now it is posible on 7.1?
    Thanx in Advanced!
    Kind Regards,
    Gerardo J
    Edited by: Gerardo Jiménez on Jan 31, 2011 11:58 AM

  • How to create users in Weblogic using an API

    Hi All,
    I have a requirement where i need to add the users in security realm without using Weblogic Console.Is there any API or program which lets us to create the users and set it in realm.
    Please suggest!!
    Thanks.

    Hi,
    You can follow the blog written by Middleware magic team
    Creating Users And Groups
    http://middlewaremagic.com/weblogic/?p=4981
    Deleting Users And Groups
    http://middlewaremagic.com/weblogic/?p=5234
    Users List from Security Realm
    http://middlewaremagic.com/weblogic/?p=6678
    Hope this will be helpful
    Regards
    FAbian

  • How do I copy User Properties from one user to another using Server API

    Portal Version is 10GR3
    I have two Users in the portal and I want to copy all the properties of user1 to user2.
    the IPTProfileManager interface allows me to get all the properties of user 1. Accomplished through the use of
    IPTObjectProperties user1Props = profileManager.GetUserProperties(userId, false);
    IPTQueryResult qr = user1Props.GetPropertyData(PT_PROPIDS.PT_PROPID_OBJECTID |
                   PT_PROPIDS.PT_PROPID_NAME |
                   PT_PROPIDS.PT_PROPID_PROP_VALUE);
    I beleive this is correct...
    We now have all the properties in a Query Result. I'm lost as to how to get these values into user2's profile...
    -Or- is there a easier way????
    Any suggestions?
    Phil Orion
    Orion like the constellation, not the Irish guy.

    Every object in the Server API extends the PTObject, which has function calls GetObjectProperties().
    If you have the PTUser object you have to do the following:
    IPTObjectProperties props = getObjectProperties(); // in your case this should be something like PTUser.GetObjectProperties();
    Object[][] propData = new Object[PT_EDIT_PROPDATA_COLUMNS.PT_EDIT_PROPDATA_INVALID][1];
    propData[PT_EDIT_PROPDATA_COLUMNS.PT_EDIT_PROPDATA_PROPERTYID][0] = new Integer(#PropertyID#);
    propData[PT_EDIT_PROPDATA_COLUMNS.PT_EDIT_PROPDATA_VALUE][0] = "Property Value";
    props.SetPropertyData(propData);
    I don't forget on the end you have to call PTUser.Store() function
    cheers
    Edited by: Pelov on 14.07.2010 12:31

  • Assign users to role

    Hi experts,
    How can i assign new users to a role?
    Thank you

    Just go to PFCG and then open the role and go to users tab and add the users to the role and then save
    hope that helps
    with regards
    ashwin

  • Assign user external dir to group using MaxL

    Hi
    I have my essbase security sync with Shared services.
    Now i want to assign user to groups using Maxl
    Groups exist as Essbase native Groups
    Users exist as corporate directory and are NOT native users
    Now when i try to execute the following statement i get error saying 'user does not exist'
    Alter user 'username@corporatedir' add to group 'nativegroup';
    Is it not possible to assign users from external directory to native groups using Maxl?

    Not specifed your version.
    For 9.3.1 refer to page 103 for details. http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/hyp_security_guide.pdf
    The file looks like
    #group_children          
    id,user_id,user_provider
    myNativeGroup,User1,myProvider
    myNativeGroup,USer2,myProvider
    myNativeGroup,nativeUser3,Native Directory
    For better understanding, add one external user to a native group manually in shared services and then export using the utility.
    Then the exported file format can be used for your import.
    Hope it helps.

  • Shared Services 11.1.2 Unable to remove assigned user from a security group

    In Shared Services 11.1.2 - trying to remove a user from the assigned users list of a security group. Initially, I am able to remove the user and the assigned users total decreases by one - but when I relaunch the group properties - this user is still in there? The change does not hold. Any suggestions would be appreciated - thanks,
    Paul

    Hello Paul,
    Not sure if this is related to yours, but it might be worth having a look at the following articles on Oracle support --
    External users in EPM Shared Services (e.g. MSAD users) cannot be removed from Native groups if they have multiple IDs in the external user directory. [ID 1526569.1]
    Users from External User Directories Cannot be Removed from Native Groups [ID 1272309.1]
    Thanks,
    hyperionEPM
    Please mark answers as correct or helpful for others to find them easily.

  • Mapping of users with roles in BPM

    Hi, in oracle BPM there is a mapping of user with the roles.I have search the BPM database tables in dev_soainfra schema but no tables consists of mapping of these tables.I have a urgent requirement of it so that i can use it on adf form.
    Can anyone plz tell me where to get it.
    =>I got the Organization.XML file in BPM which consists of the mapping of these two.But i am not able to create datacontrol from xml file so that it can be used on adf form.Anyone plz help me out.
    Thanks

    BPM Roles are in turned mapped to Application Roles and the users are added to these application roles. So I don't think it is available in DB. You might need to get it from Application Roles using OPSS API if available or system-jazn-data.xml (if you policy store is file based) or from your LDAP.

Maybe you are looking for

  • Is it possible to rplace the ralink rt 5390 network adaptor for a better one

    I have just bought a compaq presario cq57 ,the problem is that the wireless network adapter is rubbish .I have reset the Bt home hub in every configuration possible ,different channels and different security and i am sitting right next to the router

  • Down Payment (partial Payment) calculating commision on Down Payment

    I have created a report to calculate the commission payable to a sales rep, based on cleared invoices, the invoices are created in SD or FI, doc types RV or DR. The Sales rep is assigned to the Sold to as a personnel number in the partner function. B

  • Remember icon locations on external monitor

    Despite stetting finder preferences to None for ow to arrange Icons on my desktop, the icoons on the exprernal monitor always snap to grid upon restarting my computer.  Any thoughts to get them to rememner their postiion? they are where I put them on

  • F-47 amt field change

    hi gurus Can we change the amount field in T- F-47 ( Advance payment againt a PO)  after the request has been created, if not how to delete such request. Thanx Vivek

  • Publice Sector, prompt pay during testing

    Hai Team, I have three issues; 01) When I post invoices marked for Prompt pay N30, small amouts are immediately turned as Accelerated pay. 02) When i post invoices, it is pickingup invoice date to calculate due dates. Instead it should be doing Invoi