BEA User Broup based portal rendering in WLP 10.3

Hi,
We are connecting to an external LDAP system to get the user group informmation for the loggged in user and these user groups are already configured in portal admin.
How can I make sure for the logged in user with a valid user group, gets a portal with only those portlets that he can view?
Is there any API using which the portal is rendered as per user group privileges?
Thanks,
CA

Visitor entitlements are used to restrict access to portal resources for portal users. Visitor entitlements are based on security roles. Security roles can be based on group membership.
See the docs at:
"Overview of Visitor Entitlements": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/portlets/portlet_org.html#wp1012363
"Security Guide": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/index.html
"Visitor Entitlements": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/intro.html#wp1020050
"Restricting Portal Visitor Access Using Entitlements": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/planning.html#wp1021317
"Creating Visitor Entitlement Roles": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/visitor_entitlemt.html#wp1057731
There are more that you will want to look at but if you start with these docs then you will find the links to the other stuff that you need to see.
Good luck.

Similar Messages

Can you restrict creation of user types in Portal?

Hi,
Is it possible to give a group of users the ability to just create 'Vendor' accounts in the Portal?
While another group of users the ability to just create 'Contractor' accounts in the Portal?
...and other group of users to create just another 'type' of users in the Portal?
Thanks,
Sk

Humm, it's seems a bit complex but try to based your drop down over a new object "UserType".
See
http://theidentityguy.blogspot.fr/2011/07/populating-rcdc-dropdownlist-with.html
After that gives the right to view only object UserType "Vendor" for the set "All admins of Vendor"
I never try this, it's only an idea :)
Regards,
Sylvain

Importing NT User information into Portal

We are using Portal in an NT environment, and we have been able to get through the necessary single sign on issues.
Now, we need to pull our NT user information into Portal's user database, including all the groupings we already have set up so that we can take advantage of Portal's exceptional security features. This is key to our ability to use the product, and to our demo in a week.
The fact is we have 5,000 users to enter, and it is prohibitive for us to do that through the standard Portal APIs. We already have the users' input once in NT, we can get a flat file with all the information we need, we just need a way to get this information
into the appropriate tables within Portal's database.
Is there a script or some more "automated" way you can suggest for us to do this?

Maybe you could try to use an intermediate LDAP export file (ldif), since Active Directory is LDAP-based and you can plug a LDAP to your Portal SSO Login Server.
I only have tried exporting and importing using .ldif files up to now.
I also have heard about techniques to use NT user account info to log on to Portal ; 'could be easier.

How to display active directory users through weblogic portal Application?

Hi,
Does anyone has faced this situation?
I configured the activedirectory and able to see the users and group in the weblogic console at Security->Realms->Myrealm->users. when I run my portal application,I am able to see only the users that are configured in embedded weblogic LDAP ie, I can see only the users weblogic,portaladmin and yahooadmin that are of defaultauthenticator provider.I need to display the active directory users also in our portal.
I have two doubts on this?
1)Is it I need to write custom code to view the active directory users in our portal?
2)Does I need to use any jars that supports active directory authenticator?
I would appreciate if any one can reply on this with helpfull docs/information.
We are using BEA 8.1 SP4.
Windows 2000.
Surendra

Hi,
I too have a similar kind of requirement, i use a jsp to do this activity, but i get an exception, i have shown the entire jsp code below,
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<%@ page import="java.util.Set" %>
<%@ page import="javax.naming.Context" %>
<%@ page import="weblogic.jndi.Environment" %>
<%@ page import="weblogic.management.MBeanHome" %>
<%@ page import="weblogic.management.configuration.DomainMBean" %>
<%@ page import="weblogic.management.configuration.SecurityConfigurationMBean" %>
<%@ page import="weblogic.management.security.RealmMBean" %>
<%@ page import="weblogic.management.security.authentication.AuthenticationProviderMBean" %>
<%@ page import="weblogic.management.security.authentication.UserPasswordEditorMBean" %>
<%@ page import="weblogic.security.providers.authentication.LDAPAuthenticatorMBean" %>
<%@ page import="weblogic.management.configuration.EmbeddedLDAPMBean" %>
<%@ page import="weblogic.management.security.authentication.UserEditorMBean" %>
<%@ page import="weblogic.management.security.authentication.UserReaderMBean" %>
<%@ page import="weblogic.management.security.authentication.GroupReaderMBean" %>
<%@ page import="weblogic.management.utils.ListerMBean" %>
<%@ page import="javax.management.MBeanException" %>
<%@ page import="javax.management.modelmbean.RequiredModelMBean" %>
<%@ page import="examples.security.providers.authentication.manageable.*" %>
<%@ page import="weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean" %>
<%@ page import="weblogic.management.utils.InvalidParameterException" %>
<%@ page import="weblogic.management.utils.NotFoundException" %>
<%@ page import="weblogic.security.SimpleCallbackHandler" %>
<%@ page import="weblogic.servlet.security.ServletAuthentication"%>
<%!
private String makeErrorURL(HttpServletResponse response,
String message)
return response.encodeRedirectURL("welcome.jsp?errormsg=" + message);
%>
<html>
<head>
<title>Password Changed</title>
</head>
<body>
<h1>Password Changed</h1>
<%
// Note that even though we are running as a privileged user,
// response.getRemoteUser() still returns the user who authenticated.
// weblogic.security.Security.getCurrentUser() will return the
// run-as user.
System.out.println("------------------------------------------------------------------");
String username = request.getRemoteUser();
System.out.println("User name -->"+username);
// Get the arguments
String currentpassword = request.getParameter("currentpassword");
System.out.println("Current password -->"+currentpassword);
String newpassword = request.getParameter("newpassword");
System.out.println("New password -->"+newpassword);
String confirmpassword = request.getParameter("confirmpassword");
System.out.println("Confirm password -->"+confirmpassword);
// Validate the arguments
if (currentpassword == null || currentpassword.length() == 0 ||
newpassword == null || newpassword.length() == 0 ||
confirmpassword == null || confirmpassword.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Password must not be null."));
return;
if (!newpassword.equals(confirmpassword)) {
response.sendRedirect(makeErrorURL(response, "New passwords did not match."));
return;
if (username == null || username.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Username must not be null."));
return;
// First get the MBeanHome
String url = request.getScheme() + "://" +
request.getServerName() + ":" +
request.getServerPort();
System.out.println("URL -->"+url);
Environment env = new Environment();
env.setProviderUrl(url);
Context ctx = env.getInitialContext();
MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.LOCAL_JNDI_NAME);
System.out.println("MBean home obtained....");
DomainMBean domain = mbeanHome.getActiveDomain();
SecurityConfigurationMBean secConf = domain.getSecurityConfiguration();
// Sar
EmbeddedLDAPMBean eldapBean = domain.getEmbeddedLDAP();
System.out.println("Embedded LDAP Bean obtained...."+eldapBean );
RealmMBean realm = secConf.findDefaultRealm();
System.out.println("RealmMBean obtained....");
AuthenticationProviderMBean authenticators[] = realm.getAuthenticationProviders();
System.out.println("AuthProvMBean obtained....");
// Now get the UserPasswordEditorMBean
// This code will work with any configuration that has a
// UserPasswordEditorMBean.
// The default authenticator implements these interfaces
// but other providers could work as well.
// We try each one looking for the provider that knows about
// this user.
boolean changed=false;
UserPasswordEditorMBean passwordEditorMBean = null;
System.out.println("UserPwdEdtMBean obtained....");
//System.out.println("Creating MSAI....");
//ManageableSampleAuthenticatorImpl msai =
// new ManageableSampleAuthenticatorImpl(new RequiredModelMBean());
//System.out.println("Done....");
for (int i=0; i<authenticators.length; i++) {
System.out.println("### Authenticator --->"+authenticators);
if (authenticators[i] instanceof ActiveDirectoryAuthenticatorMBean)
ActiveDirectoryAuthenticatorMBean adamb =
(ActiveDirectoryAuthenticatorMBean)authenticators[i];
System.out.println("### ActiveDirectoryAuthenticatorMBean .....");
String listers = adamb.listUsers("*",0);
while(adamb.haveCurrent(listers))
System.out.println("### ActiveDirectoryAuthenticatorMBean user advancement.....");
adamb.advance(listers);
if (authenticators[i] instanceof UserPasswordEditorMBean) {
passwordEditorMBean = (UserPasswordEditorMBean) authenticators[i];
System.out.println("Auth match ...."+passwordEditorMBean);
try {
// Now we change the password
// Sar comment
System.out.println("Password changed....");
//passwordEditorMBean.changeUserPassword(username,
// currentpassword, newpassword);
changed=true;
// Sar Comment
catch (InvalidParameterException e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
catch (NotFoundException e) {
catch (Exception e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
// Sar code
LDAPAuthenticatorMBean ldapBean = null;
UserReaderMBean urMBean = null;
UserEditorMBean ueMBean = null;
GroupReaderMBean gMBean = null;
//ListerMBean lBean = null;
try
if (authenticators[i] instanceof LDAPAuthenticatorMBean)
ldapBean = (LDAPAuthenticatorMBean) authenticators[i];
String userFilter = ldapBean.getAllUsersFilter();
System.out.println("userFilter ="+userFilter);
if (authenticators[i] instanceof UserEditorMBean)
try
System.out.println("UserEditorMBean...");
ueMBean = (UserEditorMBean) authenticators[i];
System.out.println("List users..."+ueMBean);
boolean b = ueMBean.userExists("webuser");
System.out.println("User Exists->>>"+b);
String cursor = ueMBean.listUsers("webuser", 2);
System.out.println("List User ----->"+cursor);
catch(InvalidParameterException e)
response.sendRedirect(makeErrorURL(response, "ERROR InvalidParameterException:" + e));
catch(java.lang.reflect.UndeclaredThrowableException e)
response.sendRedirect(makeErrorURL(response, "ERROR UndeclaredThrowableException :" + e));
e.printStackTrace();
catch(Exception e)
response.sendRedirect(makeErrorURL(response, "ERROR LBean:" + e));
catch(Exception ex)
ex.printStackTrace();
response.sendRedirect(makeErrorURL(response, "ERROR:" + ex));
return;
if (passwordEditorMBean == null) {
response.sendRedirect(makeErrorURL(response, "Internal error: Can't get UserPasswordEditorMBean."));
return;
System.out.println("pwd changed ->"+changed);
if (!changed) {
// This happens when the current user is not known to any providers
// that implement UserPasswordEditorMBean
response.sendRedirect(makeErrorURL(response,
"No password editors know about user " + username + "."));
return;
%>
User <%= username %>'s password has been changed!
 
 
</body>
</html>
Here is the console log
User name -->webuser
Current password -->i
New password -->u
Confirm password -->u
URL -->http://localhost:7011
MBean home obtained....
Embedded LDAP Bean obtained....[Caching Stub]Proxy for mydomain:Name=mydomain,Type=EmbeddedLDAP
RealmMBean obtained....
AuthProvMBean obtained....
UserPwdEdtMBean obtained....
### Authenticator --->Security:Name=myrealmDefaultAuthenticator
Auth match ....Security:Name=myrealmDefaultAuthenticator
Password changed....
UserEditorMBean...
List users...Security:Name=myrealmDefaultAuthenticator
User Exists->>>true
java.lang.reflect.UndeclaredThrowableException
at $Proxy1.listUsers(Unknown Source)
at jsp_servlet.__updatepassword._jspService(__updatepassword.java:411)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
a:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
ontext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:37
64)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.management.MBeanException
at weblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:551)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.j
ava:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:365)
... 14 more
### Authenticator --->Security:Name=myrealmDefaultIdentityAsserter
pwd changed ->true
Can u pls let me know how to get all the entries from LDAP.
Thanx
Sar

Stream based portal

Hi
Our developers uses workspace studio to develop portal application and the default portal is file based portal. when we migrate this to sun solaris environment, we want to keep stream based portal. I read stream based portal can be created through weblogic portal admin console only.
In that case, how do I make all other developed components (portlets, skins etc) to be placed on the stream portal? what is the best practice to migrate the portal application from developer workspace studio to solaris deployment servers?
thanks
somerset

Hi Somerset,
the short answer is that the developed components are packaged in the EAR that you create in Workspace Studio. Once you deploy the EAR file to the target server you can create streaming portals out of the components inside the EAR. You can use all the normal tools to deploy the EAR file to the server, see the [deployment guide|http://edocs.bea.com/wls/docs103/deployment.html]
You should also be aware of propagation, which is the way to migrate streaming portals from one environment to another. There is an excellent guide for production operations available here
Hope this helps. Planning a deployment and propagation strategy can be quite a bit of work but you should really pay attention to it. The above documentation should be enough to get you started.
Best regards,
Petri

Using Powershell to delete all users from the Portal

Summary
This script will delete all users from the Portal except for Administrator and the Built-In Sync account.
Based on Markus's "Delete a User" script.
Useful when developing your system if you want to quickly clear out the data and start again.
set-variable -name URI -value "http://localhost:5725/resourcemanagementservice' " -option constant
function DeleteObject
PARAM($objectType, $objectId)
END
$importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
$importObject.ObjectType = $objectType
$importObject.TargetObjectIdentifier = $objectId
$importObject.SourceObjectIdentifier = $objectId
$importObject.State = 2
$importObject | Import-FIMConfig -uri $URI
if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}
$allobjects = export-fimconfig -uri $URI `
–onlyBaseResources `
-customconfig "/Person"
$allobjects | Foreach-Object {
$displayName = $_.ResourceManagementObject.ResourceManagementAttributes | `
Where-Object {$_.AttributeName -eq "DisplayName"}
if([string]::Compare($displayName.Value, "Administrator", $True) -eq 0)
{write-host "Administrator NOT deleted"}
elseif([string]::Compare($displayName.Value, "Built-in Synchronization Account", $True) -eq 0)
{write-host "Built-in Synchronization Account NOT deleted"}
else {
$objectId = (($_.ResourceManagementObject.ObjectIdentifier).split(":"))[2]
DeleteObject -objectType "Person" `
-objectId $objectId
write-host "`nObject deleted`n" $displayName.Value }
Go to the FIM ScriptBox
http://www.wapshere.com/missmiis

The DeleteObject function opens and closes a connection for each object. This approach is faster:
http://social.technet.microsoft.com/wiki/contents/articles/23570.how-to-use-powershell-to-delete-fim-users-that-have-a-null-attribute-name.aspx
Mike Crowley | MVP
My Blog --
Planet Technologies

Unique username generation when creating new user via FIM Portal?

Hi,
Is it possible to create a new user using the FIM Portal, and have FIM create the unique username upon submission of the request in the Portal?
So effectively, when you create a new user in the Portal, the 'accountName' attribute would not be a mandatory field and therefore removed from the GUI using RCDC , and instead be generated based upon the unique AD username rules.
Thank you.

Just my 2 cents worth ... make sure you identify and test the "edge cases" for whatever solution you end up implementing, and don't just assume a solution that works for someone else will automatically work for you in 100% of cases (this is most likely why
this feature is not OOTB, even though most people would want something like this from the get-go).
To be specific, I have implemented option #2 myself with success, after initially implementing option #3 and running into grief with a particular use case (education environment end-of-school year roll-over involving large numbers of concurrent leavers/joiners
in the same import/sync cycle). To be specific, when implementing a workflow-based solution to do this there is a small but nonetheless realistic chance that 2 user requests being processed in parallel calculate exactly the same AccountName value, and
of course one will succeed and the other will fail ... and of course by default this will fail the entire request.
I solved the problem in my case by adoption option #2 using an approach where I reserved a unique accountName in the MV (downside is that in some cases the user may never end up being provisioned to AD if this is in advance of the actual hire date), thereby
avoiding clashes by getting the FIM Sync Service to control integrity rather than the FIM Service where parallelism is a design feature :).
So just make sure you understand the pros and cons of each approach when deciding what is best for you. Note that this discussion has come up many times before on previous posts on this forum, and it will be worth looking through these if you are still
in the early stages of formulating your approach.
Bob Bradley (FIMBob @
TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

Is there way send notifications to portal users within weblogic portal

Is there way send notifications to portal users within weblogic portal or we need
to use Message broker channel or JMS for this purpose

venks wrote:
Is there way send notifications to portal users within weblogic portal or we need
to use Message broker channel or JMS for this purposeI think you could do it using the portal event framework....subscribe
the user to a custom event on login and then just raise the
event...should be examples in the samples app....check the javadocs for
com.bea.p13n.events.Event
Martin

How to restrice ananymous user access to portal link /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default?

Hi experts,
We had an issue with portal access. I wonder if portal is venerable for security threats?
Could you please let me how to restrict the unauthorized users (anonymous user) to the portal URL.
https://HOST:50001//irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default .
Appreciate your help.
Regards
Maruti

Hi Maruti,
Hope you are doing good.
Can't you just amend the portal permissions so that this access is not possible.
The PCD location should be:
com.sap.portal.system/security/sap.com/NetWeaver.Portal/no_safety/com.sap.portal.navigation.portallauncher....
Hope this helps.
Thank you and have a nice day!
Kind Regards,
Hemanth

Getting error while creating the user in user administration in portal

Hi folks,
i am unable to create the user in user administration in portal due to the following error,
could you please help regarding this issue
"Current user has user creation permissions in the UME, but cannot create users in the back-end system (data source). The original and possibly untranslated message was: "No active writeable datasource found for user creation, check your Persistence Configuration.".

Hi All,
I am closing this thread as this is not in the correct forum. This should be opened in LDAP or UME. Please open the thread under the correct heading.
Beth Maben
EP - Senior Support Consultant
AGS Primary Support, Business Suite & Technology
Please see the UWL Wiki @
http://www.sdn.sap.com/irj/scn/wiki?path=/display/bpx/uwl+faq ***

Programmatically adding/deleting users to/from portal groups

I am using the following PDK api, to delete an user from a portal group (otp_sales).
I get the following error which doestn make sense. I tested the following api from a
script shown below. In my application, this gets called from a trigger, and fails
because it sees a ROLLBACK getting used in the API.
<<<<<<<<<<<<< delete_from_group.sql >>>>>>>>>>>>>>>>>>>>>>
DECLARE
BEGIN
moc.wwsec_api.delete_user_from_list (p_group_id
=>MOC.wwsec_API.GROUP_ID('OTP_SALES')
,p_member_person_id =>73);
END;
<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
SQL> @delete_from_group.sql
Input truncated to 1 characters
DECLARE
ERROR at line 1:
ORA-01086: savepoint 'DELETEUSERFROMLIST_SAVEPOINT' never established
ORA-06512: at "MOC.WWSEC_API", line 2467
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "MOC.WWCTX_SSO", line 849
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "MOC.WWCTX_SSO", line 669
ORA-06502: PL/SQL: numeric or value error
ORA-06512: at line 3
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Thanks
regards
-Ananth

We had the same problem and it turned out that deleting a portal user(delete_portal_user), removing a portal user from a list (delete_user_from_list) or updating a portal user, the "savepoint xxxx never established message" came up when there was no context set. If the procedure is called from within a portal page (or as user portal30) ,and the context is set and it works. The solution is to check to see if the context was set, and then set it if not.
if not portal30.wwctx_api_private.is_context_set then
portal30.wwctx_api_private.set_context(p_user_name => 'portal30');
end if;
Hope this helps
Tania

User mapping from portal to R/3

Hello everyone,
Our situation is this :
We made some visual composer iviews (charts and tables) that get data from R/3.
Instead of creating users in R/3, we want to use only one public user who can only call RFC's in R/3. So how is the user mapping implemented in this situation?
Please give me detailed explanation for it or links of documentation.
I will be appreciative and all answers will be rewarded with points.
Thanks for help.

In addition and from a maintenance perspective you could do a: Portal Group to R/3 UserMapping.
This will then automatically map all Portal Users in the Portal Group to the one R/3 user in the back-end. This saves effort when new users are created on the portal you don't have to map them all.
This method is also proposed by SAP for mapping to MDM for example.
NOTE: When you choose this you cannot trace the user in the back-end because
this back-end user is shared. If this is not a problem for your scenarion then I would say go for it.
Cheers,
Benjamin Houttuin

How to activate or deactivate a user-exit based a specific condition

hi all,
i want to activate or deactivate(make it trigger) a particular user-exit based in a condition.
can i do that. if yes please tell me how.
can we use COMMIT in user-exits or BADI's.
Thanks & Regards,
Saroja.

Hello Saroja
The solution provided by Rich should be used for testing purposes only in the the reverted sense:
IF ( syst-uname ne '<specific user>' ).
RETURN.
ENDIF.
" Execute user-exit for specific user
However, for serious programming you should use a a better strategy. In principle, user-exits are either ON or OFF and, if they are ON, they are ON for all user which is usually not intended.
The following example shows a (possible) strategy how to execute user-exits based on specific conditions.
The SAP extension CATS0001 contains the component EXIT_SAPLCATS_001 with the following interface:
FUNCTION EXIT_SAPLCATS_001.
*"*"Lokale Schnittstelle:
*" IMPORTING
*" VALUE(SAP_TCATS) LIKE TCATS STRUCTURE TCATS
*" VALUE(SAP_PERNR) LIKE CATSFIELDS-PERNR
*" VALUE(SAP_DATELEFT) LIKE CATSFIELDS-DATELEFT
*" VALUE(SAP_DATERIGHT) LIKE CATSFIELDS-DATERIGHT
*" VALUE(SAP_DATEFROM) LIKE CATSFIELDS-DATEFROM OPTIONAL
*" VALUE(SAP_DATETO) LIKE CATSFIELDS-DATETO OPTIONAL
*" TABLES
*" SAP_ICATSW STRUCTURE CATSW
*" SAP_ICATSW_FIX STRUCTURE CATSW OPTIONAL
INCLUDE ZXCATU01.
ENDFUNCTION.
The include ZXCATU01 contains only the following coding:
CALL FUNCTION 'Z_EXIT_SAPLCATS_001'
 EXPORTING
 sap_tcats = sap_tcats
 sap_pernr = sap_pernr
 sap_dateleft = sap_dateleft
 sap_dateright = sap_dateright
 SAP_DATEFROM = SAP_DATEFROM
 SAP_DATETO = SAP_DATETO
 tables
 sap_icatsw = sap_icatsw
 SAP_ICATSW_FIX = SAP_ICATSW_FIX.
This function module is just a copy of the exit function module in the customer namespace.
Let us assume that your condition at which the user-exit should be executed is that the employee (SAP_PERNR) belongs to a specific controlling area. Thus, we make another copy of the original exit function module and call this fm within the "general" customer-specific exit function module:
FUNCTION z_exit_saplcats_001.
*"*"Local Interface:
*" IMPORTING
*" VALUE(SAP_TCATS) LIKE TCATS STRUCTURE TCATS
*" VALUE(SAP_PERNR) LIKE CATSFIELDS-PERNR
*" VALUE(SAP_DATELEFT) LIKE CATSFIELDS-DATELEFT
*" VALUE(SAP_DATERIGHT) LIKE CATSFIELDS-DATERIGHT
*" VALUE(SAP_DATEFROM) LIKE CATSFIELDS-DATEFROM OPTIONAL
*" VALUE(SAP_DATETO) LIKE CATSFIELDS-DATETO OPTIONAL
*" TABLES
*" SAP_ICATSW STRUCTURE CATSW
*" SAP_ICATSW_FIX STRUCTURE CATSW OPTIONAL
" User-Exit specific for employees (SAP_PERNR)
" belonging to controlling area 1000
CALL FUNCTION 'Z_EXIT_SAPLCATS_001_1000'
 EXPORTING
 sap_tcats = sap_tcats
 sap_pernr = sap_pernr
 sap_dateleft = sap_dateleft
 sap_dateright = sap_dateright
 sap_datefrom = sap_datefrom
 sap_dateto = sap_dateto
 TABLES
 sap_icatsw = sap_icatsw
 sap_icatsw_fix = sap_icatsw_fix.
" User-Exit specific for employees (SAP_PERNR)
" belonging to controlling area 2000
CALL FUNCTION 'Z_EXIT_SAPLCATS_001_2000'
 EXPORTING
 sap_tcats = sap_tcats
 sap_pernr = sap_pernr
 sap_dateleft = sap_dateleft
 sap_dateright = sap_dateright
 sap_datefrom = sap_datefrom
 sap_dateto = sap_dateto
 TABLES
 sap_icatsw = sap_icatsw
 sap_icatsw_fix = sap_icatsw_fix.
ENDFUNCTION.
Finally, within the specific exit function module we define the condition when the exit should be executed:
FUNCTION z_exit_saplcats_001_1000.
*"*"Local Interface:
*" IMPORTING
*" VALUE(SAP_TCATS) LIKE TCATS STRUCTURE TCATS
*" VALUE(SAP_PERNR) LIKE CATSFIELDS-PERNR
*" VALUE(SAP_DATELEFT) LIKE CATSFIELDS-DATELEFT
*" VALUE(SAP_DATERIGHT) LIKE CATSFIELDS-DATERIGHT
*" VALUE(SAP_DATEFROM) LIKE CATSFIELDS-DATEFROM OPTIONAL
*" VALUE(SAP_DATETO) LIKE CATSFIELDS-DATETO OPTIONAL
*" TABLES
*" SAP_ICATSW STRUCTURE CATSW
*" SAP_ICATSW_FIX STRUCTURE CATSW OPTIONAL
IF ( <user BELONGS to CONTROLLING area 1000> ).
 " execute user-exit
ELSE.
 RETURN.
ENDIF.
ENDFUNCTION.
The alternative would be to place the entire coding including the conditions in the include ZXCATU01. However, in this case you can test the user exit only in the context of the transaction in which the user-exit is passed.
Using the strategy I have devised you are able to test the user-exit in general and the specific user-exits independent of the transaction. For example, if you are already working on 6.40 or higher then you could use ABAP Unit Testing for this purpose.
The same logic can be applied for BAdI where we can have only a single active implementation.
Finally, I hope to convince that it makes sense to spend some time into a reasonable strategy for implementing user-exits.
Regards
Uwe

How to view a BI query with anonymous user in the portal

Hi Gurus,
Does anybody knows how to view a BI query in the portal with anonymous user?
Cause when i try to view a query the portal always ask for authentification. And i don't want to sign with a user cause my portal is for everybody and if the user logged in it shows the roles that previously were assigned.
I have the Netweaver 2004 with SP9
Thank you Very Much

do you have sso configured between portal and BW server, if yes the authentication pop up should not come.
if you dont want to do sso between portal and bw server and still want to logon to BW query with anonymous user,
in you bw server go to transaction sicf and navigate to DEFAULT_HOST->SAP->BW->BEX and double click on bex node in the resulting window, log on details section provide a default userid/password
Raja

How to retrieve all users in the portal with UME API

Hi everybody,
I would like to know how to retrieve all the users from a portal, which uses LDAP as a source (there are users created in the portal as well)
My code snippet is :
IUserFactory userFactory = UMFactory.getUserFactory();
UserSearchFilter searchFilter = userFactory.getUserSearchFilter();
searchFilter.setDisplayName("*", ISearchAttribute.LIKE_OPERATOR, false);
ISearchResult searchResult = userFactory.searchUsers(searchFilter);
My problem is that with the code above, only the users created in the portal are displayed, and no LDAP users.
Does someone know how to retrieve all the users whatever is the source?
Regards
Renaud

prakash's code should work.
however, mine code below doesn't user a search filter. it retrieves everyuser including users like indexadmin etc. Note:
result.next().toString();
returns a weird uniqueID used in the portal world.
getUniqueName()
gives your the usernames (sAMAccountName in Microsoft AD) people use to logon to the portal.
try {
IUserFactory uf = UMFactory.getUserFactory();
ISearchResult result = uf.getUniqueIDs();
while (result.hasNext()) {
    String uniqueid = result.next().toString();
    IUser user = uf.getUser(uniqueid);
    String userid = user.getUniqueName();
} catch(Exception e) {
//systemout

BEA User Broup based portal rendering in WLP 10.3

Similar Messages

Maybe you are looking for