Assigning users to role using Security API
Hi,
I am trying to assign portal users to portal role using the IRoleFactory and IRole class of Secutiy API from my web dynpro application.
For getting the role , i can use either the uniqueId of the role or the uniqueName of the role.(Using methods of IRole class, getRole(uid) or getRoleByUniqueName(uname)).
The UniqueId of roles contains some hash values and cannot be used. For example ROLE.PCD_ROLE_PERSISTENCE.6dT95vZpyNWQHm59z7B9FxAM/fg=.
And the for getting the role using the uniqueName, i need to give like pcd:portal_content/other_vendors/<folder name>/<my prefix>.<rolename>. Which is also not feasible.
Is there any way to get the role only using the role name that we give while creating it?
Thanks and Regards,
Venkat
Hi,
Check if this helps.
try {
IRoleFactory rfact = UMFactory.getRoleFactory();
IRoleSearchFilter isf = rfact.getRoleSearchFilter();
isf.setDisplayName ("*",ISearchAttribute.LIKE_OPERATOR,false);
ISearchResult rit = rfact.searchRoles(isf);
while(rit.next()!=null){
String roleName = (String) rit.next();
IRole role = rfact.getRole(roleName);
response.write("nRole:" + role.getUniqueName());
}catch(Exception e){
response.write("exception");
U will get list of roles. U can pass these directly or use String tokenizer to separate the role name alone using '.' as separator.
Regards,
Vijai
Similar Messages
-
Error -5002 when adding linked user defined field using DI API
Hello,
When I try to add a linked user defined field using DI API I get the error number -5002 with description:
"The field 'Related Table' should consist of 8 alphanumeric characters with no valid or default values"
I Get the error when I use the Add method.
What is the solution for this problem? I use SBO 2005 A SP1 Patch 18
The code I use is (.NET C# 2.0):
SAPbobsCOM.IUserFieldsMD uf = (SAPbobsCOM.IUserFieldsMD)company.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oUserFields);
uf.Name = "S_BUCO";
uf.TableName = "OPOR";
uf.Type = SAPbobsCOM.BoFieldTypes.db_Memo;
uf.SubType = SAPbobsCOM.BoFldSubTypes.st_Link;
uf.LinkedTable = "S_BU";
uf.Description = "Description";
uf.Add()
Regards,
JeffreyHi Jeffrey,
Your code above does not match the settings you are using in the UI. In particular, the type and subtype you are setting in code are not correct.
To create the UDF via code, set the field types as follows:
SAPbobsCOM.IUserFieldsMD uf = (SAPbobsCOM.IUserFieldsMD)company.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oUserFields);
uf.Name = "S_BUCO";
uf.TableName = "OPOR";
uf.Type = SAPbobsCOM.BoFieldTypes.db_Alpha;
uf.EditSize = 8;
uf.LinkedTable = "S_BU";
uf.Description = "Description";
uf.Add()
There's no need to set the SubType property as you require a regular alphanumeric field.
Kind Regards,
Owen -
Create User in OID using Java API
I read the documentation, read javadoc for Java API for OID, but still am not clear "how can I create a user in OID using Java API for OID."
It tells us how to create a java object User, but then how do we write this object to OID ?
I searched every where, metalink, forums, google...and am still looking for answere...
Thanks in Advance
Cheers
PuneetI did it using the Novell LDAP java api:
import com.novell.ldap.*;
public class LdapAdmin {
public static final String ldap_base = "dc=your,dc=company,dc=com";
public static final String ldap_user_base = "cn=Users," + ldap_base;
public static final String ldap_portal_base = "cn=PORTAL_GROUPS,cn=Groups," + ldap_base;
public static final String ldap_extended_base = "cn=Extended Properties,cn=OracleContext," + ldap_base;
public static final String ldap_dbdomain_base = "cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext," + ldap_base;
public static final String ldap_context_base = "cn=COMMON,cn=OracleDBAppContext," + ldap_dbdomain_base;
private static final String default_ldap_host = "infrastructure.your.company.com";
private static final int default_ldap_port = 4032;
private static final String default_ldap_login = "cn=orcladmin," + ldap_user_base;
private static final String default_ldap_pwd = "welcome1";
private static final String default_user_pwd = "secret";
private static final String[] personclass_values = { "top", "person", "organizationalPerson", "inetOrgPerson", "orcluser", "orcluserv2" };
public static LDAPConnection getConnection (String host, int port, String user, String pwd) {
LDAPConnection lc = new LDAPConnection();
try {
lc.connect(host,port);
lc.bind(user,pwd);
} catch (LDAPException lex) {
System.out.println("LDAP Error in getConnection: "+lex.getResultCode()+"-"+lex.getLDAPErrorMessage());
return lc;
public static LDAPConnection getConnection (String host, int port) {
LDAPConnection lc = new LDAPConnection();
try {
lc.connect(host,port);
} catch (LDAPException lex) {
System.out.println("LDAP Error in getConnection: "+lex.getResultCode()+"-"+lex.getLDAPErrorMessage());
return lc;
public static LDAPConnection getConnection (String user, String pwd) {
LDAPConnection lc = new LDAPConnection();
try {
lc.connect(default_ldap_host,default_ldap_port);
lc.bind(user,pwd);
} catch (LDAPException lex) {
System.out.println("LDAP Error in getConnection: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
lex.printStackTrace();
return lc;
public static LDAPConnection getConnection () {
return getConnection(default_ldap_host,default_ldap_port);
public static void bind (LDAPConnection conn, String user, String pwd) {
try {
conn.bind(user,pwd);
} catch (LDAPException lex) {
System.out.println("LDAP Error in bind: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
lex.printStackTrace();
private static void bind (LDAPConnection conn) {
bind(conn,default_ldap_login,default_user_pwd);
public static void modifyAttribute (LDAPConnection conn, String dn, String attr, String val, int mod) {
LDAPAttribute attribute = new LDAPAttribute(attr,val);
LDAPModification[] modification = new LDAPModification[] { new LDAPModification(mod,attribute) };
try {
conn.modify(dn,modification);
} catch (LDAPException lex) {
System.out.println("LDAP Error in modifyAttribute: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
public static void modifyAttribute (LDAPConnection conn, String dn, String attr, String val) {
modifyAttribute(conn,dn,attr,val,LDAPModification.REPLACE);
public static void addAttribute (LDAPConnection conn, String dn, String attr, String val) {
modifyAttribute(conn,dn,attr,val,LDAPModification.ADD);
public static void deleteAttribute (LDAPConnection conn, String dn, String attr, String val) {
modifyAttribute(conn,dn,attr,val,LDAPModification.DELETE);
public static void deleteEntry (LDAPConnection conn, String dn) {
try {
conn.delete(dn);
} catch (LDAPException lex) {
System.out.println("LDAP Error in deleteEntry: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
public static boolean isValidDn(LDAPConnection conn, String dn) {
try {
LDAPSearchResults res = conn.search(dn);
} catch (LDAPException lex) {
System.out.println("LDAP Error in deleteEntry: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
return false;
public static void createPerson (LDAPConnection conn, String net_id, String lname, String fname, String office, String email, String id, String fullname) {
LDAPAttributeSet attributeSet = new LDAPAttributeSet();
attributeSet.add(new LDAPAttribute("cn", net_id));
attributeSet.add(new LDAPAttribute("sn", lname));
attributeSet.add(new LDAPAttribute("objectclass", personclass_values));
attributeSet.add(new LDAPAttribute("l", office));
attributeSet.add(new LDAPAttribute("mail", email));
attributeSet.add(new LDAPAttribute("employeeNumber", id));
attributeSet.add(new LDAPAttribute("givenName", fname));
attributeSet.add(new LDAPAttribute("uid", net_id));
// attributeSet.add(new LDAPAttribute("fullName", fullname));
attributeSet.add(new LDAPAttribute("orclpkcs12hint", default_user_pwd));
attributeSet.add(new LDAPAttribute("orclpassword", VerifyPassword.getHash(net_id,default_user_pwd)));
attributeSet.add(new LDAPAttribute("userpassword", default_user_pwd));
attributeSet.add(new LDAPAttribute("orcldefaultprofilegroup", "cn=DEFAULT,"+ldap_portal_base));
LDAPEntry entry = new LDAPEntry("cn="+net_id+","+ldap_user_base,attributeSet);
try {
conn.add(entry);
} catch (LDAPException lex) {
System.out.println("LDAP Error in createPerson: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
public static void updatePerson (LDAPConnection conn, String net_id, String lname, String fname, String office, String email, String id, String fullname) {
LDAPModification[] mod = new LDAPModification[8];
mod[0] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("cn", net_id));
mod[1] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("sn", lname));
mod[2] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("l", office));
mod[3] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("mail", email));
mod[4] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("employeeNumber", id));
mod[5] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("givenname", fname));
mod[6] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("fullName", fullname));
mod[7] = new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute("uid", net_id));
try {
conn.modify("cn="+net_id+","+ldap_user_base,mod);
} catch (LDAPException lex) {
System.out.println("LDAP Error in updatePerson: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
public static void main (String[] args) {
try {
LDAPConnection conn = getConnection(default_ldap_login,default_ldap_pwd);
// updatePerson(conn,"ID1","Somebody","Joe","CLE","[email protected]","1","Joe Somebody 2");
// modifyAttribute(conn,"cn=ID1,"+ldap_user_base,"fullName","Joe Somebody",LDAPModification.REPLACE);
// modifyAttribute(conn,"cn=ID1,"+ldap_user_base,"displayName","Joe Somebody");
createPerson(conn,"ID1","Somebody","Joe","CLE","[email protected]","1","Joe Somebody");
// deleteEntry(conn,"cn=ID1,"+ldap_user_base);
conn.disconnect();
} catch (LDAPException lex) {
System.out.println("LDAP Error in main: ("+lex.getResultCode()+") - "+lex.getLDAPErrorMessage());
} -
AppServer: problems trying to add users to roles in security dialog
I'm trying to learn J2EE using AppServer. My current example has a client accessing
an entity bean. I want two classes of user - Reader, and Updater. Most methods
of Home and Remote are accessible to both classes, a few are restricted to users
in Updater role. I'm currently having problems adding users to roles in deploytool.
I have defined users using the Admin client.
I have implemented and test run client and entity bean without security restrictions, it works.
I have defined roles associated with the application.
I have allocated roles to every method in Home and Remote interface of bean.
I have extracted the generated XML file and checked the <assembly-descriptor> section and
it appears that all roles and role descriptions are defined as required.
deploytool lets me use the "Security Role Mapping" dialog, I can select either of my roles and
try "Add user to role" - subsequent dialog shows my users and allows me to "Map user to role" -
but selected user does NOT appear in the user names panel.
What am I doing wrong or what am I omitting? Hints please!Thanks for suggestions. (I'm using Windows so file-protections pretty
non-existent).
I looked in the Sun file you mentioned and found the users were defined.
When I restarted AppServer and deploytool, the users were shown in the appropriate
panel.
There is probably some minor bug in deploytool that causes the User Panel not
to be updated as it should be after a user has been added to a role. -
Hi all.
Could I assign users to a role by web dynpro callable object?
I mean , there is a inputfield in web dynpro view,if I enter a name ,will call some methods to assign the name to a role.Hi
Ya it is possible through IRole and IUser API, take help form following thread and code
1.[GP|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e3f07a7a-0601-0010-ebbd-b9cfb445b814]
2.[example how to Call to IUSer and IRole|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e0957cb6-5103-2a10-6d9d-a0a4d68c8bf1]
3. In second thread the user data is populated here you have to put your code
example IRole role;
role.addUserMember(arg0)
role.removeUserMember(arg0)
Hope you will come to the solution.
Best Regards
Satish Kumar -
Reg:Assigning users to roles dynamically
Hi all,
i've different set of users for whom i can assign the roles based on their functionality. But the thing is that i can create them and add delta links in the portal. But i don't want to do this as manually .. and let me know in detail UME...
Can we assign roles to users based on some logic or conditions.If yes ...Please direct me how to do it..
Reply awaited....
Regards,
sitara
Edited by: sitara kola on Mar 8, 2008 2:47 PMI do not know if this works for you but you can use virtual groups to automatically assign users to groups. Say you want to group users by department. Create virtual groups for the department attribute. Then assign the roles you want to assign to the marketing virtual group and the sales virtual group. When you create a new user and assign them to the marketing department, the user is automatically assigned to the marketing group as recieves the required roles.
See the documentation: http://help.sap.com/saphelp_nw04s/helpdata/en/43/fcfa2942ed7067e10000000a1553f6/frameset.htm
-Michael -
Reseeding cache for users with role based security
I have role based security and trying to set up cache by purging all cache and later seeding cache by query. The query would be different for different users. What is the best way to purge all cache and reseed cache for administrator as well as all users. The EPT would purge cache based on updated tables. But how do I next go about reseeding cache for better performance to all the users. Thanks.
I have created an ibot with the following:
General - Normal Priority, Personalized (recipient's data visibility)
Conditional Request - example_report
Schedule - some schedule
Recipients - Me(administrator) and User1
Destinations - Oracle BI Server cache
when the ibot runs 2 cache entries are created (for the 2 recipients).
I have the report (example_report) on the dashboard (1 dashboard, 1 page, 1 report).
After the ibot runs:
When the administrator logs in first, there is a cache hit on the report. Followed by when the User1 logs in there is NO cache hit.
On the other hand when the User1 logs in first, there is a cache hit on the report. Followed by when the administrator logs in there is no cache hit. The query log creates a Query issued to the database instead of cache hit on query.
The User1 has a data level security.
Please let me know where was I making an error in setting the ibot and how to get the cache seeding work for the different users with different role based security.
Thanks for your inputs. -
Users are not removed from role using UME API
Hello,
I am using this code to remove users from a batch of roles that I have.
Everything is running OK, no exception is thrown and at the System.out I see all the actions that needs to be taken correctly. The problem is that if I'll go later to one of the roles the users are still assigned to it. Any idea what I'm doing wrong here?
try
IRoleFactory roles = UMFactory.getRoleFactory();
IUserFactory users = UMFactory.getUserFactory();
IRoleSearchFilter filter = roles.getRoleSearchFilter();
filter.setUniqueName("<My_filter>", ISearchAttribute.LIKE_OPERATOR, false);
ISearchResult sresult = roles.searchRoles(filter);
if ( sresult.getState() == ISearchResult.SEARCH_RESULT_OK )
while(sresult.hasNext())
String id = (String)sresult.next();
IRole role = UMFactory.getRoleFactory().getMutableRole(id);
Iterator i = role.getUserMembers(false);
while (i.hasNext())
String uid = (String)i.next();
IUser user = users.getUser(uid);
role.removeUserMember(user.getUniqueName());
System.out.println("Removed user: " + user.getUniqueName() + " from role: " + role.getDisplayName());
role.save();
role.commit();
catch (Exception e)
manager.reportException(new WDNonFatalException(e), false);Solved it!
It needs the FQDN User ID... -
Dinamicaly assign Worksets, Pages, iViews to a Role using the APIs ?
Hi,
Has someone built a Role via Webdynpro coding?
Hope someone has done it and could help.
Thanx in advanced!
Kind Regards,
Gerardo JHi Shanti,
thanx alot for the help! actually folowing documentation in the help.sap.com I found this:
"PCD Roles: These are semantic objects that represent collections of content that can be assigned to a user.
There is no public API for accessing these roles."
here I paste the link
http://help.sap.com/saphelp_nw70/helpdata/en/44/43863b2e641193e10000000a155369/frameset.htm
I Guess then is no way to modify the Role via API to achieve this, or this is only on 7.0 and now it is posible on 7.1?
Thanx in Advanced!
Kind Regards,
Gerardo J
Edited by: Gerardo Jiménez on Jan 31, 2011 11:58 AM -
How to create users in Weblogic using an API
Hi All,
I have a requirement where i need to add the users in security realm without using Weblogic Console.Is there any API or program which lets us to create the users and set it in realm.
Please suggest!!
Thanks.Hi,
You can follow the blog written by Middleware magic team
Creating Users And Groups
http://middlewaremagic.com/weblogic/?p=4981
Deleting Users And Groups
http://middlewaremagic.com/weblogic/?p=5234
Users List from Security Realm
http://middlewaremagic.com/weblogic/?p=6678
Hope this will be helpful
Regards
FAbian -
How do I copy User Properties from one user to another using Server API
Portal Version is 10GR3
I have two Users in the portal and I want to copy all the properties of user1 to user2.
the IPTProfileManager interface allows me to get all the properties of user 1. Accomplished through the use of
IPTObjectProperties user1Props = profileManager.GetUserProperties(userId, false);
IPTQueryResult qr = user1Props.GetPropertyData(PT_PROPIDS.PT_PROPID_OBJECTID |
PT_PROPIDS.PT_PROPID_NAME |
PT_PROPIDS.PT_PROPID_PROP_VALUE);
I beleive this is correct...
We now have all the properties in a Query Result. I'm lost as to how to get these values into user2's profile...
-Or- is there a easier way????
Any suggestions?
Phil Orion
Orion like the constellation, not the Irish guy.Every object in the Server API extends the PTObject, which has function calls GetObjectProperties().
If you have the PTUser object you have to do the following:
IPTObjectProperties props = getObjectProperties(); // in your case this should be something like PTUser.GetObjectProperties();
Object[][] propData = new Object[PT_EDIT_PROPDATA_COLUMNS.PT_EDIT_PROPDATA_INVALID][1];
propData[PT_EDIT_PROPDATA_COLUMNS.PT_EDIT_PROPDATA_PROPERTYID][0] = new Integer(#PropertyID#);
propData[PT_EDIT_PROPDATA_COLUMNS.PT_EDIT_PROPDATA_VALUE][0] = "Property Value";
props.SetPropertyData(propData);
I don't forget on the end you have to call PTUser.Store() function
cheers
Edited by: Pelov on 14.07.2010 12:31 -
Hi experts,
How can i assign new users to a role?
Thank youJust go to PFCG and then open the role and go to users tab and add the users to the role and then save
hope that helps
with regards
ashwin -
Assign user external dir to group using MaxL
Hi
I have my essbase security sync with Shared services.
Now i want to assign user to groups using Maxl
Groups exist as Essbase native Groups
Users exist as corporate directory and are NOT native users
Now when i try to execute the following statement i get error saying 'user does not exist'
Alter user 'username@corporatedir' add to group 'nativegroup';
Is it not possible to assign users from external directory to native groups using Maxl?Not specifed your version.
For 9.3.1 refer to page 103 for details. http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/hyp_security_guide.pdf
The file looks like
#group_children
id,user_id,user_provider
myNativeGroup,User1,myProvider
myNativeGroup,USer2,myProvider
myNativeGroup,nativeUser3,Native Directory
For better understanding, add one external user to a native group manually in shared services and then export using the utility.
Then the exported file format can be used for your import.
Hope it helps. -
Shared Services 11.1.2 Unable to remove assigned user from a security group
In Shared Services 11.1.2 - trying to remove a user from the assigned users list of a security group. Initially, I am able to remove the user and the assigned users total decreases by one - but when I relaunch the group properties - this user is still in there? The change does not hold. Any suggestions would be appreciated - thanks,
PaulHello Paul,
Not sure if this is related to yours, but it might be worth having a look at the following articles on Oracle support --
External users in EPM Shared Services (e.g. MSAD users) cannot be removed from Native groups if they have multiple IDs in the external user directory. [ID 1526569.1]
Users from External User Directories Cannot be Removed from Native Groups [ID 1272309.1]
Thanks,
hyperionEPM
Please mark answers as correct or helpful for others to find them easily. -
Mapping of users with roles in BPM
Hi, in oracle BPM there is a mapping of user with the roles.I have search the BPM database tables in dev_soainfra schema but no tables consists of mapping of these tables.I have a urgent requirement of it so that i can use it on adf form.
Can anyone plz tell me where to get it.
=>I got the Organization.XML file in BPM which consists of the mapping of these two.But i am not able to create datacontrol from xml file so that it can be used on adf form.Anyone plz help me out.
ThanksBPM Roles are in turned mapped to Application Roles and the users are added to these application roles. So I don't think it is available in DB. You might need to get it from Application Roles using OPSS API if available or system-jazn-data.xml (if you policy store is file based) or from your LDAP.
Maybe you are looking for
-
Is it possible to rplace the ralink rt 5390 network adaptor for a better one
I have just bought a compaq presario cq57 ,the problem is that the wireless network adapter is rubbish .I have reset the Bt home hub in every configuration possible ,different channels and different security and i am sitting right next to the router
-
Down Payment (partial Payment) calculating commision on Down Payment
I have created a report to calculate the commission payable to a sales rep, based on cleared invoices, the invoices are created in SD or FI, doc types RV or DR. The Sales rep is assigned to the Sold to as a personnel number in the partner function. B
-
Remember icon locations on external monitor
Despite stetting finder preferences to None for ow to arrange Icons on my desktop, the icoons on the exprernal monitor always snap to grid upon restarting my computer. Any thoughts to get them to rememner their postiion? they are where I put them on
-
hi gurus Can we change the amount field in T- F-47 ( Advance payment againt a PO) after the request has been created, if not how to delete such request. Thanx Vivek
-
Publice Sector, prompt pay during testing
Hai Team, I have three issues; 01) When I post invoices marked for Prompt pay N30, small amouts are immediately turned as Accelerated pay. 02) When i post invoices, it is pickingup invoice date to calculate due dates. Instead it should be doing Invoi