BI admin role

Hi experts.
I need to setup a BI ADMINISTRATOR role and i am wondering what level of access they should have? What are SAP recommendations and Best practices? Any input will be highly appreciated.
Thanks

Hi,
The BW Administrator is responsible for customizing and maintaining a BW
system. All the authorizations a user requires to execute the Customizing and
maintenance transactions are incorporated into this role.
You can customise and use the SAP standard role SAP_BW_ADMINISTRATOR_BW or SAP NetWeaver BI Administrator role SAP_BW_BI_ADMINISTRATOR.
for more details refer to the following links.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c0005dd1-fcf7-2a10-fe8a-ddf36cc70b2a
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/90080703-4331-2a10-cd98-9c1e95acdea0
~Praveen.

Similar Messages

  • In Portal Content admin Role "Portal content" folder is not displaying

    Hi,
          I created a user in EP and assign Only Content admin Role. But in portal content area "Portal content "folder is not displaying.
    Can someone help me the process steps to achieve it?
    Thanks,
    kundan

    It is because the user has no proper permissions  to the porta content folder.
    you should give atleast read permission to the portal content folder to the content_admin role or to the users who have content admin role.
    also make sure the end user check box is checked at the time of giving permissions.
    Otherwise give eevryone group as read permisisons to the portal content folder. then you can see the portal content folder with read permissiosn only.
    Raghu
    Edited by: Raghavendranath Garlapati on Sep 1, 2009 9:32 AM

  • Is there any way to create admin role only for one resource.

    Hi all,
    I am trying to create an admin role with 'update user' capability. But I want to restrict the user(with the admin role) to be able to update a user's attribute only for one resource, The user(with the admin role) should not be able to update the attributes of the other resources which a user have.
    Is there any way to create admin role only for one resource?
    I customized the tabbed user form to show only one resource attribute (deleting the missing fields and adding my tab for the resource) and then assigned this new User Form to the user(with the admin role) in security tab.
    It works fine. But the problem is that if any user(with the admin role) is also admin of some other resource then he/she will not be able to view the other resource attributes.
    Please suggest,
    thanks

    The loop function always repeats the same region so of course the fade is also copied. So option+drag the original region to make a (non clone) copy, fade the first region and loop the second one (which you just copied).

  • Pictures not loaded in a Web Page Composer site without admin role

    Hello!
    I have got an new problem concerning SAP Web Page Composer.
    I have created an new site with some paragraphs and some pictures. The problem is when I, with admin role, access this site I am able to see everything. When another user, without admin role, is trying to access this site he is able to see everything but the pictures. All paragraphs or linklists are displayed but the pictures are not available. When giving the user the admin role he also become able to see the pictures.
    I know it is a permisson problem but not know where I forgot to set the permissions to "every user". But I do not understand why this is only concerning the pictures and every other Web Page Composer element is displayed properly, although the pictures permissions set to the same as the other elements. When trying to access the pictures by the user without admin role NetWeaver is throwing following exception:
    "com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/every_user/general/eu_role/com.sap.km.home_ws/com.sap.km.hidden/com.sap.km.urlaccess/com.sap.km.docs)"
    Thanks for your help in advance!
    Regards
    Georg

    The whole exception:
    [EXCEPTION]
    com.sapportals.portal.prt.runtime.PortalRuntimeException: Access is denied: pcd:portal_content/every_user/general/eu_role/com.sap.km.home_ws/com.sap.km.hidden/com.sap.km.urlaccess/com.sap.km.docs - user: Manager,
    at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1932)
    at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:234)
    at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:316)
    at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:387)
    at com.sapportals.portal.prt.connection.PortalRequest.getRootContext(PortalRequest.java:488)
    at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:607)
    at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
    at com.sapportals.wcm.portal.connection.KmConnection.handleRequest(KmConnection.java:52)
    at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:524)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:407)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
    at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
    at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
    at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
    at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
    at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
    at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
    at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Caused by: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/every_user/general/eu_role/com.sap.km.home_ws/com.sap.km.hidden/com.sap.km.urlaccess/com.sap.km.docs)
    at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:422)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookupLink(PcdProxyContext.java:1353)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookup(PcdProxyContext.java:1300)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.lookup(PcdProxyContext.java:1067)
    at com.sapportals.portal.pcd.gl.PcdGlContext.lookup(PcdGlContext.java:68)
    at com.sapportals.portal.pcd.gl.PcdURLContext.lookup(PcdURLContext.java:238)
    at javax.naming.InitialContext.lookup(InitialContext.java:347)
    at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1919

  • OIM Read only Admin Role

    Hello Everyone
    Is there something like read-only OIM Admin role?. My manager wants to just see everything done by a system administrator or xelsysadmin . He doesn't want to modify any date, but he just wants to access everything added by the administrator.
    Thank You

    Hi,
    I hope you are using OIM 11g R2.
    If yes, then OOTB OIM provides many Admin Roles under organization section. For example: User Viewer, HelpDesk, Org Admin etc.
    You can use any of the OOTB admin roles to fulfill your requirement.
    HTH
    J

  • Creation of new admin role in Exchange Online Protecion

    HI,
    I am brand new with the Exchange Online Protection solution.
    I want to create a new admin role since the default one do not offer teh specific rights that we need for a group.
    I went in Exchange admin Center > Permissions > Admin role and we can only edit the actual default groups.
    I need to be able to create new one.
    I did read somewere some powershell command but, since this is cloud base solution, i have hard time to believe that there is no option to create a custom role on the actual web interface of EOP.
    Anybody have a solution for that ?
    Thx

    Hi,
    as far as I can see you can't create roles in EOP because there is access necessary to Exchange Online. EOP has only limited access to Exchange Online or no access. It seems to me that managing roles is not part of EOP.
    To be sure you should open a support case in the admin center.
    Greetings
    Christian
    Christian Groebner MVP Forefront

  • Help required for linking Organization Admin Roles to User Profile in R2

    Hi,
    We are using OIM 11.1.2.0 (Without any patch).
    Current Requirement:
    We have requirement to provide search capability to end users to search/see users of other Organizations in OIM.
    For example: I belong to Org1: UK, So OOTB OIM just support searching/viewing profile of UK Organization users. I can not search/view user info of Org2: Italy.
    To overcome this issue,Oracle has suggested us to add both the following roles in order to see user information of other organization.
    • User Viewer
    • Organization Viewer
    After just logged in using xelsysadm, I can able to assign Admin Roles of each organization to end users.
    We want some API info/ how to automate this assignment to Admin Roles(Which are available to Organization) to end users?
    We went through the APIs available for OIM 11.1.2.0, but could not find any API related to Admin Roles of OIM.
    Please suggest.
    Regards,
    J

    Hi,
    Has any one implemented this method?
    addAdminRoleMembership(oracle.iam.platform.authopss.vo.AdminRoleMembership membership) Add a admin role membership.
    Regards,
    J

  • How to give amadmin the role:Top-level Admin Role?

    hi,
    To the user amAdmin , i cancel the role:Top-level Admin Role,as a result, amadmin becomes a common user without the priveleges such as creating users!how to restore the role for amAdmin?thanks in advace

    HI,
      Check if this can help you.
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/dae78be4-0601-0010-c9ab-c0b8d86fac07
    Regards,
    Harini S

  • XPRESS code to find all users with a specific Admin Role

    I've been playing around for a while with a way to get a list of all users that have been assigned a particular Admin Role. I have a role for which I want a specific subset of users to be approvers on it, and I want to greate a Rule that will check for people with a particular Admin Role and then return that list as people to be approvers on the role.
    I haven't been able to find an easy way to write this code. Anyone run across this before or have another suggestion???
    Thanks.

    Below is the code to find user based on condition.
    <set name='adminList'>
    <invoke name='getObjectNames' class='com.waveset.ui.FormUtil'>
    <ref>:display.session</ref>
    <s>User</s>
    <map>
    <s>conditions</s>
    <list>
    <new class='com.waveset.object.AttributeCondition'>
    <s>AdminRoles</s>
    <s>contains</s>
    <s>adminRoleName</s>
    </new>
    </list>
    </map>
    </invoke>
    </set>
    Edited by: Jay on Mar 7, 2012 4:03 AM

  • OBIEE 11g  - Not able to see existing reports which are created by specific owner but I could able to see Admin role user reports.

    OBIEE 11g  - Not able to see existing reports which are created by specific owner but I could able to see Admin role user reports.
    Appreciated if you could able to help as soon as possible as I don' have back up for these disappeared reports.
    Pleas let me know if any additional information needed.

    Hi
    Thank you for the reply.
    Here one thing I would need to mention that those are created by me on last week, but when I check those today, I could not able to see or even admin also not able to see those. For sure no migration and updations happend over the week end, really not able to debug whats the issue around. Unfortunately I haven't taken back up as well.
    Please could you help and let me know whats the root cause and how I could able to restore.
    Best regards,
    Kumar

  • Dynamic Admin Role Problems - IDM7.1

    Hi Everyone. I'm having problems getting a dynamic admin role to work correctly. No matter what I do I always get the error at logon that the user controls no organizations and has no capabilities. Here is how the admin role is configured.
    General:
    Type = Identity Objects
    Assigners = blank (I have also tried configurator)
    Organizations = Top
    Scope of Control:
    Controlled Organizations = Top
    None for everything else.
    Capabilities:
    All caps assigned, no cap rule.
    Assign to users:
    Has the rule below assigned to it. If I check a user that is in the AD group mentioned in the rule, it gives me a '1', if I check one that doesn't have the group, a '0'
    Rule:
    <?xml version='1.0' encoding='UTF-8'?>
    <!DOCTYPE Rule PUBLIC 'waveset.dtd' 'waveset.dtd'>
    <!--  MemberObjectGroups="#ID#Top" authType="UserIsAssignedAdminRoleRule" id="#ID#Rule:IAM Admin Admin Role Rule" lastMod="26" lastModifier="Configurator" name="IAM Admin Admin Role Rule"-->
    <Rule authType='UserIsAssignedAdminRoleRule' id='#ID#Rule:IAM Admin Admin Role Rule' name='IAM Admin Admin Role Rule' createDate='1239044336520' lastModifier='Configurator' lastModDate='1248287397906' lastMod='26'>
      <RuleArgument name='context'/>
      <RuleArgument name='runAsUser'/>
      <isTrue>
        <contains>
          <rule name='my_rulelibrary:get_DownCaseList'>
            <argument name='dnlist' value='$(runAsUser.accounts[AD].groups)'/>
          </rule>
          <downcase>
            <rule name='my_Configuration:IAM Admin Group Name'/>
          </downcase>
        </contains>
      </isTrue>
      <MemberObjectGroups>
        <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
      </MemberObjectGroups>
    </Rule>I have also added the item below to the system configuration and reset the app server
    <Attribute name='authz'>
                <Object>
                  <Attribute name='checkDynamicallyAssignedAdminRolesAtLoginTo'>
                    <Object>
                      <Attribute name='Administrator Interface'>
                        <Boolean>true</Boolean>
                      </Attribute>
                      <Attribute name='Service Provider User Interface'>
                        <Boolean>false</Boolean>
                      </Attribute>
                      <Attribute name='User Interface'>
                        <Boolean>true</Boolean>
                      </Attribute>
                    </Object>
                  </Attribute>
                </Object>
              </Attribute>Any ideas?

    Hi,
    the view handed to these kind of rules is created with the noFetch option set to true. As a result the AD groups of the user are not available during rule evaluation.
    You could solve your task by doing a search using the FormUtil class.
    I would however advise you to only do this in a small or demo environment as the usage of usermember rules does not scale at all. This is a pure sales feature that will quickly bring down a production environment with high CPU utilization and horrible response times. Unlike what one might guess these rules are not only evaluated during login but almost all the time, often multiple times for each click. Even if the rule as such only performs cheap operations the AuthCache class hogs more and more CPU time with each rule of this kind you add to the system.
    Regards,
    Patrick

  • How to Add Active Directory user to Admin Role

    Hi All,
    I am trying to figure out how to add a AD user to the Admin Role..
    I am connected to AD and can see the user (myself), however, when I try to add myself to the admin role, it says user not found.
    I go to Security Realms > myreals > Roles and Policies > Global Roles > Roles > Admin > View Role Condition.
    I see that the Administrators Group is already added. Now I click "add Conditions" and select "User" from the Predicate List and type in the user " Doe' John".
    On the next screen I get "user: John or Dow" does not exist.
    Another option could be to add the user to the Administrator group, but I couldnt figure out how to do that as well. When I navigate to the user under Users or Groups, I dont see an option to add that user to the Administrator group.
    Is it that you can only add users created in Weblogic to the Admin group?
    Any help on this will be very appreciated.
    Thanks in advance.

    I think I got it. I had to add the AD group the user is part of to the Admin role.

  • Exclude a Resource from scope of control of a Admin role??????

    Hi,
    I need to exclude a resource from the scope of ADMINROLE for a particular form. This i m able to achive by Admin role form. but i need to do this in backed .(not through that form). I am able to create Admin Role in a workflow .I m even able to addign controlled Sub organisatons,member organisations,capabilities.But can anyone tell me how to limit the scope of control of a Resource of a particular organisation under his control.i.e Exclude or Include Resources for this child organisation from a workflow.
    Any help will be highly appriciated.......
    Thanks and Regards,
    Ashi

    The site swallowed my first reply to this. Attempt 2.
    nantucket wrote:
    AndrewThompson64 wrote:
    nantucket wrote:
    ..Where the method getCodeBase() of the Applet instance returns the url of the directory from which the applet originated.No. It is the URL of the codebase. ......I made my response based upon what I saw in the API
    http://java.sun.com/j2se/1.5.0/docs/api/java/applet/Applet.html#getCodeBase()
    public URL getCodeBase()
    "Gets the base URL. This is the URL of the directory which contains this applet."So try the experiment. See where it leads you..
    [http://pscode.org/test/codebase/applet.html] - two different (in the codebase) calls to the same applet.
    import javax.swing.*;
    public class CodeBaseApplet extends JApplet {
         public void init() {
              add(new JLabel(getCodeBase().toString()));
    My wording may have been confusing. But I thought "which contains this applet" and "from where the applet originated" referred to the same thing.This is not the first time I have discovered JavaDocs that are misleading.
    I generally don't work with the applet tag when I do develop applets as the tag has been deprecated for a number of years.Same difference with <object> (or <embed>). The codebase is the codebase, not the directory of any Jar (necessarily).
    Think about it this way. An applet loads one Jar from my site, one Jar from yours, and another from any other site. What is the codebase then? (Answer: the codebase defined in the applet element.)
    *OTOH it is quite typical to have the codebase point to the single directory that contains all the applet Jars - so often that advice is true. But the devil is in the details.*

  • How to copy and remove admin Role from SAP_ALL profile

    Hi SDN Experts,
    I need to copy SAP_ALL profile to another in CRM 5.0 system, thereafter i need to remove admin Role from SAP_ALL profile. Can any help regarding this point..
    regds
    gcp

    Chandra,
    I saw ur post in this forum regarding configuring sap intergration with genesys gplus adapter. We are in need of the same configuration. Can you please help me in configuring sap phone for gplus adapter. Reply me on [email protected]
    Thanks in Advance

  • XI and SLD Admin Roles

    Hi,
    Can you help me with identifying the Admin Roles for XI and SLD.
    Thank you.
    Joe Vellaiparambil
    [email protected]

    Hi,
    This url will help u-
    http://help.sap.com/saphelp_nw04/helpdata/en/89/05793c05f0807be10000000a11405a/content.htm
    Also refer Installation Guide-
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/95d7d490-0301-0010-ce93-c58f9a3cde0b
    Regards,
    Moorthy

  • Weblogic Console Access Denied - Admin Role group question

    I need to grant access to a user that is authenticated via OAM.
    My authentication is succeeding and I am getting the following back as my Principal:
    <weblogic.security.service.internal.WLSIdentityServiceImpl.getIdentityFromSubject Subject: 3
         Principal = class weblogic.security.principal.WLSUserImpl("IdentityGuardAppID")
         Principal = class weblogic.security.principal.WLSGroupImpl("cn=FUNC-LDAP-Browse,ou=secure,o=admin")
         Principal = class weblogic.security.principal.WLSGroupImpl("cn=FUNC-IDV-APP,ou=secure,o=admin")
    My authorization is failing and I think it's because I cannot figure out how to add the groups returned above to the Admin role in WLS.
    Normally, this is a breeze - I simply add it from the Realm Role under the Roles and Policies tab in myrealm.
    In this case, my group looks like a subject DN (i.e., it contains commas).
    Does anyone know how to add a group that contains a comma to the Admin Role?

    Hi Sameer Gawde,
    Would you please let me know complete error messages when use RSAT and PowerShell?
    In addition, the RSAT is based on MMC console. Please check if you have enabled group policy setting to restrict
    MMC snap-ins? In GPME, please refer to the path: User Configuration-> Policies-> Administrative Templates-> Windows Components-> Microsoft Management Console-> Restrict users to the explicitly permitted list of snap-ins. Meanwhile, please check
    if you configure the Don't run specified Windows applications setting (path:
    User Configuration-> Policies-> Administrative Templates-> System-> configure) to limit RSAT and apply to the domain admin group. This issue is really strange. Just please check and confirm. Thanks for understanding.
    Please logon DC via Admin account, then navigate to: ADUC-> Users. Please select and right click Domain
    Admins group and select Properties. Please select Member Of tab and check which did this group member of.
    Meanwhile, please open Component Services and expand “Component Services-> Computers-> My Computer”. 
    Then right click My Computer and select Properties. In COM Security tab, under Access Permissions, please check how configure the “Edit Limit”.
    By the way, please navigate to Event Viewer and check if can find some related clues.
    Hope this helps.
    Best regards,
    Justin Gu

Maybe you are looking for