Authorization on portal

Similar Messages

• Do we have role which display all the authorizations in portal

  HI,
    Can any body tell me whether is there any role which display all authorizations in the protal.?
  If not can u tell me how to display all authorizations in the portal in detail.
  Thanks in advance
  Krishna.

  Hi,
  There are around 40+ Standard roles in EP7.  If you logon with J2ee_admin you can see all the roles attached to a user under user Management Tab.
  Regards,
  -Vijay

• Problem related to BW (Reports, authorizations)    & SRM portal

  Hi friends,
  problem is that, we created some SRM reports on BW its working fine , we extracted data from R3 properly, and we can able to view on BEx those reports then we created some authorizations for SRM portal,that reports working results fine, but only particulate vendor not abule to see the data.
  Authorizations created on Plant/vendor combination
  That ODS contain Data and BW reports also fine.
  What may be the reason. plz provide some solution for this.
  as of now i am thinking it may be problem with authorization , i am unable to find that, becoz other combinations are working fine
  is any information required i will provide.
  Thanks
  Srinivasa Rao polapala

  Its Ok ,Sampath
  solved that problem in a diff way.
  what i find is problem with updations.
  how to make updation in authorization object.
  when i add new plant/vendor combination , its not updating for that role.
  y it is not happening, is there any way to do that
  Thanks
  Srinivasa Rao polapala

• Authorization in portal to add BI documents

  Dear all,
  I created a BW web template and included the standard web item for single document.
  Our users shall be able to create a new or edit the exitsing document.
  This works with my authorizations - SAP_ALL in ABAP and Super Administration (pcd:portal_content/administrator/super_admin/super_admin_role) in portal.
  My test user also has SAP_ALL in backend but no super admin in portal.
  He is not able to see or edit or create any documents.
  The error message starts with:
  Message: Access denied (Object(s): portal_content/OPD)
  Stack trace: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/OPD)
  We tested with my user, taking away authorizations and so far one needs to have the super admin role to be able to work with the documents.
  Since this is not acceptable for end users, I am searching for a portal role that admits users to work with documents but without them being super admin.
  Has anyone any idea?
  Best regards
  Cornelia

  see
  Hinweis 573725 - Berechtigungen für Dokumente von Bewegungsdaten

• Authorization to Portal resources (i.e., pages, portlets, etc.)

  I was able to create users, a group, a role, an entitlement, and a desktop through the Portal Admin Console to show that when I was logged in as one user I could see a certain portal page/tab, but when I was logged in as another user I could not see that portal page/tab. Does this provide the level of secure authorization needed throughout the Portal to prevent users from seeing Portal resources that they should not be able to see? I know that if I do not go through the Desktop's URL and instead go directly to the Portal's URL I see everything in the portal no matter what my roles and entitlements are. Do I need to investigate the WebLogic server's security realms in order to implement users, groups, and roles in a more secure manner?

  Hello, I've found response, so I detail it here, if somebody encounts the same problem.
  The problem is that a called PL/SQL procedure/funtion/portlet in a database could work in a alone page group with the right access. But when you put a template (+ ui_template or not) you have to create a specific DAD access for the portlets. Here's the step :
  1) Log to Portal > Generator > Administer
  2) Click on the left down corner on "Portal services Control" (sorry, I translate from french) and access to Oracle Enterprise Manager.
  3) Select in the right up corner "HTTP SERVER" and after in the main menu "administration"
  4) On the left, select and click on "PL/SQL properties" > "DADs" (on the upper menu)
  5) Here, click on "Create" > "general"
  6) Fill the blanks (Name was "/pls/my_schema" for me and "default page" was "MY_SCHEMA.MY_PORTLET.MY_PROCEDURE").
  So I thanks all people who take care of these posts, and I hope it could be useful for anyone.
  Best regards,
  Antoine

• Authorization in portal to be able to add BI documents

  Dear all,
  I created a web template and included the standard web item for single document.
  Our users shall be able to create a new or edit the exitsing document.
  This works with my authorizations - SAP_ALL in ABAP and Super Administration (pcd:portal_content/administrator/super_admin/super_admin_role) in portal.
  My test user also has SAP_ALL in backend but no super admin in portal.
  He is not able to see or edit or create any documents.
  The error message starts with:
  Message: Access denied (Object(s): portal_content/OPD)
  Stack trace: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/OPD)
  We tested with my user, taking away authorizations and so far one needs to have the super admin role to be able to work with the documents.
  Since this is not acceptable for end users, I am searching for a portal role that admits users to work with documents but without them being super admin.
  Has anyone any idea?
  Best regards
  Cornelia

  see
  Hinweis 573725 - Berechtigungen für Dokumente von Bewegungsdaten

• DMS Authorizations in portal

  Greetings, SDN members!
  I am looking for a solution of managing DMS documents authorizations in such a way, that several files / folders which reside in the DMS would be accessible globally without any restrictions (for everyone), while resigning in departments sections which are blocked by SAP standard authorizations.
  We were thinking about creating a new folder hierarchy and not maintaining authorizations for it, putting all public content there, but we are looking for a more "elegant" solution which would allow us to "mark" documents and folders as public (not restricted at all).
  Thanks in advance!

  Hi,
  Do the users world wide will be having SAP User ID and Password? If so then through WebDMS this functionality can be achieved.
  Also, Easy DMS can be used if this is installed in individual systems.
  Thank You,
  Manoj

• How to maitain user creation and authorization in Portal from CUA

  Hi ,
  I want to create portal users in CUA i.e. instead of creating users in portal I want to maintain user administration from CUA and also want to assign the required portal roles from CUA
  what configuration I need to perform.
  Please help.
  Sandip

  Hi Sandip,
  Please refer to User Information System  for CUA
  http://help.sap.com/saphelp_nw04/helpdata/en/52/671261439b11d1896f0000e8322d00/frameset.htm
  Hope it helps
  Regards
  Arun

• Outward-facing Portals and R/3 authorizations

  How to use tight R/3 authorizations with Portals?
  Outward Facing Enterprise Portals projects which invoke R/3 transactions have an authorization issue we have not yet resolved. Example: a portals invocation of an R/3 customer balance inquiry should show data of the customer which invoked the transaction, but no others. R/3 authorization concept does not go this deep, it can restrict on the org structure, but customer is not in the org structure. We can see how to accomplish this extra-granular authorization by custom code which makes each transaction custom and then restricts the customer, but we don't want to customize all the R/3 transactions if we can avoid it. In this situation, we can't see how to prevent a portals user from getting into the R/3 transaction, then changing the selection criteria and doing whatever they want, looking at inappropriate data.
  Any guidance welcome

  Doug,
  I agree to what Dominik says. If you are creating an SAP transaction iView with GUI for HTML then you have to rely fully on R/3 authorizations to restrict the user.
  But if you are creating custom iViews, say webdynpro for Java (as we are doing in our project) then you have an option of adding that custom check in RFMs called.
  I asked the user mapping type because if you are using a generic user ID to connect to R/3 then you will have to pass the portal user ID to the RFM manually, if you are using SSO with same user ID in both systems, the R/3 user ID is good enough to be used in custom checks in RFMs.
  Regards,
  Aniket

• Authorization from SAP BW 3.5 in Portal

  Hi Experts,
  i am buidling a scenario in SAP BW 7.0 using the authorization concept from SAP BW 3.5.
  Now i publish the reports in the portal. Everything is working good.
  Now my question:
  That we are using the old authorization concept, will it be a problem to adapt the concept into the portal?
  Could you please provide documents how to deal with BW Roles in Portal or a setps by steps indication?
  Thank you for your input.
  Cheers
  Gilo

  Hi Gilo,
  Below is the thread which has good discussion on the authorizations of BI and BW.
  Re: BI 7 Security
  There should be no issue in executing a BI report which runs on BW authorizations in portal, because the authorizations will be checked in the back end(BI/BW) not in portal.
  Hope this helps !!!
  Thanks,
  Ansar.

• Outlook express integration with R/3 and Portal

  Hi,
      I have seen a new system setup where we can assign security group to a user in Outlook express and it will give some authorization in R/3 and Portal. I am first time seeing this concept .Can anybody pls explain me how to create the security group in outlook express and method of integrating it with both R/3 and Portal.
  I appreciate all your help.
  Thanks in advance

  Hi ,
    Thanks for the link..
  but its not the one I have been looking for ragarding the mentioned scenario.
  !)A User will be present in both outlook express and SAP system ,when we add a security group (SG *) in outlook expressthe user will get authorization on Portal screen.
  2) After assigning a role in R/3 ,we should add the security group to that use for some access permission.
  Could u pls explain me how the concept could be and Integration method.
  Thanks in advance
  I appreciate all your help.

• BADI triggered from Portal for Termination process

  Hi,
  I have the requirement to check for User parameters and verify data while a PERNR is terminated from Portal side.
  To do this I will need a BADI which is triggered from Portal.
  I have got a couple of BADIs but not sure which one to use. Anyone has come across such requirement?
  Also I need to filter values for F4 help depending on the authorization in Portal -> Personal info->Additional details.
  I need to put filter on the Subtypes available.
  I was thinkling of using WD_BADI to implement this.
  but there is very few help available for this BADi. Has anyone ever used this?
  ags.

  put an external break point on CL_EXITHANDLER->GET INSTANCE method.
  now start your portal.
  each time an exit/badi is available, the debugger will start. this way you can check the exact BADI as exact position.

• Difference between Portal Transport and Basis Transport

  Hi Experts,
  I have few questions .
  1. What's the difference between transport in portal and transport in Basis.
  2 . In user admin , we create users and assign them roles. Even Basis people will create
       new userids and assign them roles. Whats the difference between these two.
  3. In useradmin whats the difference between assigned roles and assigned groups.
  Thanks a lot.

  Hi,
  I don't see any differnece in portal and basis transport
  Content transport generally done from one landscape to other landscape. say  from dev to test system
  or test  to production system.
  we create user id using user admin role in portal ume or we can get users externally by using LDAP funtionality.
  Using user admin role we can assingn users to rolese and groups.
  Groups are used for a group of users. IF certain users have similar authorizations in portal then we group them in single user group and then assing this group to the roles. This is called authorization.
  Role is used to display the portal content to the users and is the top level navigation in portal.
  If I miss anything at basis level then someone can help you.
  Raghu

• Error while accessing web service

  I have a web service (EJB).
  After generating clients from wsdl file, while i am trying to access the corresponding function from the client, i am getting the following error.
  javax.xml.ws.soap.SOAPFaultException: Endpoint {http://data.module.bill.company.net/}DataService does not contain operation meta data for: {http://www.w3.org/2001/04/xmlenc#}EncryptedData
  I dont know why it happens.
  Can anyone please help me.
  Thanks in Advance...

  Hi Aseem,
  how are you doing ?
  Authorizations in portal are user specific.
  The current problem is due to the user not having sufficient permissions on the back end to execute the call.
  for this check :-
  1> the current user in portal
  2> mapping to user in the back end
  3> back end user permissions for the RFC / BAPI & it's dependant objects
  with respect,
  amit

• #2170 error calling a webservice from Xcelsius having crossdomain.xml

  Hello together,
  we are facing a #2170 error indicating we don't have a proper policy file in place when executing a published Xcelsius flash in SAP BI application portal.
  We created a WebService that is running an SAP BI System 7.01. The WebService is function module based and was generated following the wizzard. Afterwards we created a Xcelsius app that consumes data from this WebService (via data connection). The resulting flash from Xcelsius was pulished to SAP BI System (portal).
  Since there are many entries in the SDN and the internet in general we finally also created an crossdomain.xml file on the BI system which can be accessed and is visible by using "https://<server>/crossdomain.xml".
  Now the confusion begins: We exported the flash from Xcelsius to local desktop and executed the corresponding HTML-file. It's working and I can receive/see WebService data (after adjusting flash-security-settings). If we upload both exported files (html and swf) to the BI system (as MIME objects) and execute the html again we are also receiving WebServervice data. So far so good. But if we execute the link from the SAP BI Portal (Xcelsius menu > SAP > Start) we still get the error #2170 indicating we don't have a proper domain policy file in place. But for my understanding we do have. So currently I would assume the error message is somehow misleading.
  During all the activities I found out that this error is also raised if the user has insufficient authorization. My user has SAP_ALL authorization for testing purpose.
  In general I would say we are not that wrong with our Xcelsius/WebService if we are not coming from BI portal. So my questions are:
  1.) Are there any authorization on portal side that might not fit and lead to this error? If insufficient authorizations produces such an error ...
  2.) Did we miss any other stuff during our try/fail-operations?
  Many thanks in advance for your hints.
  Steffen

  Hi Rajat,
  This is how the default trace looks
  FATAL: Application Servlet failed to notify devices.
  Caught java.rmi.RemoteException: Service call exception; nested exception is:
       com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
       at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1289)
       at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1298)
       at com.om.ApplicationServlet$NotifyDevices.run(ApplicationServlet.java:86)
  Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:980)
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1430)
       at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1282)
       ... 2 more
  java.lang.NoSuchMethodError
  at java.lang.Thread.destroy(Thread.java:779)
       at com.omApplicationServlet$NotifyDevices.run(ApplicationServlet.java:92)
  Rgds
  Shashank