BI : Portal User roles & groups
Hi Experts,
I have below doubt.
when we login into the SAP - NetWeaver portal , in the portal management screen. under the tab user administartion, when we enter the user say maxis , we actually see the various tabs which describes the respective details reg the user. There are are two tabs under the detail section of it ; Assigned Roles and Assigned Groups.
say for user Maxis , under the assigned roles , want to know that there is below assigned role :
pcd:portal_content/com.sap.zttcbi/com.sap.zroles/com.sap.zsalesreports
and under the assigned groups , there is below assigned group :
SAP_BW_SBO_SM
Want to know how and where to create this assigned roles and groups.
Kindly advise ,
Thanks & regards,
M.S
Hi,
The groups are created as mentioned above, it is basically to group the users from a department or to group them with respect to permissions etc.
Refer to the help document to learn more on the same.
http://help.sap.com/saphelp_nw04/helpdata/en/70/9be23d44d48e5be10000000a114084/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/90/6a2d8f54efdc46a865e1b05599bafa/content.htm
Good Luck!
Sandeep Tudumu
Similar Messages
-
Assigning Portal Users to Groups
Hi,
Is there a way we can assign portal users to portal groups through a sql or through a form interface? Right now, it is only possible to create users and go into individual groups and assign users to them. If a user should belong to multiple groups, then we need to go into each and every group and assign the user. Instead of this, is it possible to write a query or create a form interface and assign the user to all groups that he belongs to?
Thanks for your response.Dear Hassan,
Need a clarification. If users are assigned to a group in LDAP, Can you see the same thing reflecting in portal?
I have configured LDAP as UME and I am able to see a group of LDAP appearing in Portal. But when I see the list of users assigned to this group, its empty.
Any clues or suggestions.
Regards,
Sreeram -
Dynamic User,Role,Group rather than use jazn.xml
Hi everyone
For Jdev 11..
can anybody tell me how to make application wich can make user,group,role dynamically...
rather than use jazn.xml...
I thought if i use jazn.xml for register user and group its very static...
I cannot make it dinamycally....
I read OPSS and I cannot found the idea behind it...
thanks...Hi,
You can achieve this by using a sql authentication provider. It gets the users and their roles & credentials from the db tables which you can configure in WLS. In JSF, you can create a creation form based on the table (which you configured for authentication), which can be used for the users to register.
Check out this doc for more information.
Regards,
Arun -
Obtaining url patterns for a user Role/Group
I am looking for a way to find out how to obtain a the list of accessible urls (url
patterns) for a role/group defined in weblogic.
I have gotton as far as if checking if a user is in a group using: javax.ejb.SessionContext
isCallerInRole(java.lang.String roleName)
After checking if a user is in a role/group I want to access the url pattern authorised
for a particular role under weblogic.
Can this be done.I am looking for a way to find out how to obtain a the list of accessible urls (url
patterns) for a role/group defined in weblogic.
I have gotton as far as if checking if a user is in a group using: javax.ejb.SessionContext
isCallerInRole(java.lang.String roleName)
After checking if a user is in a role/group I want to access the url pattern authorised
for a particular role under weblogic.
Can this be done. -
Administration Portal user and group managent performace issue
Hi
I have implemented a custom IPlanet LDAP authentication provider which provides
a realization for the needed authentication, group and user management interfaces
(UserReader, UserEditor, GroupReader, GroupEditor).
The authentication provider itself seems to work fine, but I think I found a possible
performance problem in the WebLogic Administration Portal, when I studied the
authentication framework by remote debugging. Response times (with just one simultaneous
user) are quite long (over 8 seconds) with 40 groups on the same hierarchy level
on the Users, Groups and Roles tree. I'm developing with P4 processor and 1 Gb
ram (512 Mb allocated for WLS)
After little debugging I found out that every time a node in the group tree is
dlicked isMember() method of the authentication provider gets called n * (n -1)
times, where n is the number of visible groups in the hierachy tree. '
What happens is that for each group, the membership of all the other visible groups
is checked by the isMember(group, member, recursive), method call. Even the usage
of a membership cache in this point didn't speed up the rendering noticeably.
By placing a break point in the isMember() method and studying the call stack,
one can see that all the isMember() calls are made during the rendering performed
by the ControlTreeWalker. For example if there is 40 groups visible in the tree,
the isMember() method gets called 1600 times. This seems quite heavy. With a
small number of groups per hierarchy level this problem might not be serious,
but in case where there would be over 30 000 customer companies using the portal
and each having their own user groups, it could be an issue.
The problem does not occur with WebLogic console and browsing of groups and users
(using the same authentication provider) is fast with it. When a user is selected
from the user list and the Groups tab is checked, the Possible Groups and Current
Groups list boxes will get populated. When debugging this sequence, one can see
that only the listGroups() method of the authentication provider is called once
per list box and the order of method calls is of order n (rather than n^2 which
is the case with the Administrator Portal).
Has anyone had similar problems with Administrator Portal's performance?
VilleVille,
You're correct about the performance degradation issue. This is being
addressed in SP2.
Thanks,
Phil
"Ville" <[email protected]> wrote in message
news:[email protected]...
>
Hi
I have implemented a custom IPlanet LDAP authentication provider whichprovides
a realization for the needed authentication, group and user managementinterfaces
(UserReader, UserEditor, GroupReader, GroupEditor).
The authentication provider itself seems to work fine, but I think I founda possible
performance problem in the WebLogic Administration Portal, when I studiedthe
authentication framework by remote debugging. Response times (with justone simultaneous
user) are quite long (over 8 seconds) with 40 groups on the same hierarchylevel
on the Users, Groups and Roles tree. I'm developing with P4 processor and1 Gb
ram (512 Mb allocated for WLS)
After little debugging I found out that every time a node in the grouptree is
dlicked isMember() method of the authentication provider gets called n *(n -1)
times, where n is the number of visible groups in the hierachy tree. '
What happens is that for each group, the membership of all the othervisible groups
is checked by the isMember(group, member, recursive), method call. Eventhe usage
of a membership cache in this point didn't speed up the renderingnoticeably.
>
By placing a break point in the isMember() method and studying the callstack,
one can see that all the isMember() calls are made during the renderingperformed
by the ControlTreeWalker. For example if there is 40 groups visible inthe tree,
the isMember() method gets called 1600 times. This seems quite heavy.With a
small number of groups per hierarchy level this problem might not beserious,
but in case where there would be over 30 000 customer companies using theportal
and each having their own user groups, it could be an issue.
The problem does not occur with WebLogic console and browsing of groupsand users
(using the same authentication provider) is fast with it. When a user isselected
from the user list and the Groups tab is checked, the Possible Groups andCurrent
Groups list boxes will get populated. When debugging this sequence, onecan see
that only the listGroups() method of the authentication provider is calledonce
per list box and the order of method calls is of order n (rather than n^2which
is the case with the Administrator Portal).
Has anyone had similar problems with Administrator Portal's performance?
Ville -
Creation of Portal users and group assignments
Hi, everyone. My company just completed a load of some 2000 E-Business suite users into our new portal and have given them group assignments according to payroll. I had gathered a number of routines into a PL/SQL package in order to do this. These came from several sources in these forums, on Metalink, and other places on the internet. I was wondering if anyone would be interested in having it. A lot of it was rewritten on the fly, and I should probably clean it up a bit, but it would have saved me some time if someone had offered it to me. Is there a good place to post things like this? I'm sure that better ways exist to do some of these things than what I used, and I would be interested in some of the experts' comments.
Anyway, let me know if you are interested.
--Davehi Dave,
i am trying to study a problem with group assignments in a proper branch in OID. it would probably be helpful to clear some pieces in this problem from your notes.
would you be kind to send a copy to [email protected]
with kind regards,
AMN -
Example of creating a valid LDAP user and group in the Portal tree
I need to create (via bulk LDIP or API) fresh users AND groups into OID that can be used by Portal. In theory it sounds easy - just create an appropriate LDIF file.
What is the best way to achieve this?
I don't the know the structure that should be used in the LDIF file that would create the correct structure held for all the Portal users and groups in OID.
I've looked through the OID admin and dev guides but am still confused as to what exactly I have to do. It seems that Portal accounts are synchronised by a method called Provisioning.
All I want to do is bulk upload Portal compatible users into the repository.
Can somebody please assist.
Cheers,
JohnI have below changes in files
1] In jps-config.xml
-- Added identity store and selected it from drop down in Security Context tab.
2] In weblogic-application.xml
In Security tab --> Role assignment mapped valid-users to principle name.
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>DERDev</principal-name>
</security-role-assignment>
</security>
3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
4] Added security role "DERDev" along with the default/automatically added role "valid users"
<security-role>
<role-name>DERDev</role-name>
</security-role>
Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
Mukesh -
Exporting and Importing Portal users from Source system to Target system
Hi All,
I have exported all portal users from source portal in to file Users.txt do i need to convert this file in to some other format so that i can import these users in Target portal.
any links documents
Regards,
MuraliHi,
If you look in to User.txt
I have role also i have deleted role in User.txt uploded file with rest of the otherdata including group it it able to create users.
so in Nut shell let's say
1. UID-Murali
Role- Manager
Group- HRGroup
user existing in DEV and i want to trnasfer data to PRD
Role:Manger should exist in PRD, and group is not mandatory optional
but the link http://help.sap.com/saphelp_nw70/helpdata/EN/ae/7cdf3dffadd95ee10000000a114084/frameset.htm
says while uploading users role is optional it throws waring but i got error.
i am bit confused.
Now let's sau there are 10 users, 10 roles and 2 groups in source system if i want to export all users,roles,groups to target system what sequnce i have to follow without getting any error , warining is there any restriction on number of users, roles, groups i know file size should be less than 1MB.
Points are on the way.
Regards,
Murali -
Assign role, group to Human Task when initiated
Hi all,
Currently, when user login to BPM and create new task instance, i can get roles and groups of that user by programming. I want to assign roles of user to that task instance dynamically when user click SUBMIT button (Because i want to restrict users belong role are able to do this task, each user belong to a role and group can do it).
Somebody help?
Thanks.Hi Ming
1. If you want to intercept any Actions from a Task like Save, Submit, Approve, Reject etc, you can create your own class like MyAppTaskValidationCallback that implements oracle.bpel.services.workflow.task.ITaskValidationCallback and in this overwrite one method named validateTaskOperation(bunch of parameters). See APIs for this.
In this method, you can get the action performed on the task. Also you can get the complete Payload of the Task including your custom payload and the standard Task Payload stuff like History, Attachments, Comments etc. You can write some simple XML Parser utility methods to get and set attributes in the Payload xsd schema. So in your case, in this method, get Roles, Groups of the logged in user. Check the action performed. If he is not allowed to do that operation, throw the error from this method. Else continue with your logic. To begin with create java class like above, add this code snippet and just explore the data.
Now, just curious. If your requirement is really to control the actions based on User Role/Groups, did you try to use the out of box functionality and avoid this custom logic. Say for BPM Applications, we have Swimlanes / Roles. Only users belonging to that Role, can work on that Tasks. Try to use out of box stuff as much as possible, unless you really need custom assignment logic.
Thanks
Ravi Jegga
Just giving the code snippet to get an idea. But do refer the online APIs for more information.
public void validateTaskOperation(ITaskValidationCallback.TaskAction taskAction, IWorkflowContext iWorkflowContext, Task task, Map<String, Object> parameters, Locale locale, List<String> errors) {
try {
Element taskPayload = task.getPayloadAsElement();
String taskTitle;
String taskOutcome;
SystemAttributesType taskSystemAttributes = task.getSystemAttributes();
taskTitle = task.getTitle();
System.out.println("MyAppTaskValidationCallback::validateTaskOperation() Begin For TaskTitle: " + taskTitle + " -> TaskAction: " + taskAction + " -> Parameters:\n" + parameters);
if(taskAction == TaskAction.ACQUIRE) {
System.out.println("Inside ACQUIRE");
//parameters.put("AcquiredBy", iWorkflowContext.getUser());
} else if(taskAction == TaskAction.OUTCOME_UPDATE) {
System.out.println("Inside OUTCOME_UPDATE");
} catch (Exception anException) {
anException.printStackTrace();
} -
Hi,
I would like to know how to obtain the list of users and groups from the database of portal in the SQL PLUS application.
Thx Bye
PhilippeHi,
I assume you are talking about the portal users and groups. If so you can find them in wwsec_person$ and
wwsec_group$.
thanks,
Sharmila -
New Request/Service Offerings not displaying on Portal via Catalog Group/ User Role
I have created some new service offerings and request offerings which I have published and are visible on the portal when logged in as an administrator.
I have then added these new items into a catalog group which is tied to a pre-existing user role to target our IT department ( this user role is currently working fine and shows all the other IT related offerings)
The new published items do are not showing up on the portal.
AD sync completed with no errors.
I have done the following to troubleshoot to no avail:
- created a new catalog group and user role to target the new SO RO's to
- targeted directly to a test user rather than the AD group
Some other weird things that I believe to be related to this is that the contents of catalog groups appear empty on local console but when logging on to the SM server to launch console all catalog group items are visible.
we are seeing a lot of error and warning event logs 26319 & 3333
Any suggestions?
Thanks
Petedid you try to restart the Microsoft Monitoring Agent?
Antoine AL Ibry -
Changing the sequence of roles/groups for Portal users after Login
Hi
We are at EP 7.0 SP11.
We have developed custom role for ESS, MSS, EIC and Reports etc.
Now when all the 3 roles are assigned to any user, the sequence of the display is generally
Employee Self Service, Manager Self Service and then EIC.
We need to change this sequence in Dev QA and production environment for some users preferably (or for all portal users), so that the 1st page which loads in portal after user logs in , is not necessary ESS.
The requirement can also be considered as, we need to change the default page which displays after user logs in.
Does someone have any idea how can we achieve this ?
Looking forward for your response.
Thanks
NehaHi Neha,
Add custom Welcome page/Home page(eu_role) and Sort Priority property as per Koti Reddy.
Hope it helps
Regards
Arun -
Assigning Roles to Users and Groups
Hi,
We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
it is an urgent assignment for me..help can be appreciated...
sudhirSudhir,
You can assign the roles to users and groups as below.
1. Select the System Administration in the top level navigtion
2. Select user administration
3. You can search for a specific user or a group from this iView.
4. Use the edit button to edit the profie of the user or group.
5. Search for the role in the search iView.
6. Add the role to the user of group and save. -
How to map Portal User groups to a MDM System?
Hi,
Have anyone tried mapping portal user group to a MDM System?
The idea is to avoid each user to do user mapping for MDM of their own.
When i look into the usermapping section of a portal user group, it shows me a message -
"There are no systems available for user mapping for the selected principal"
Thanks and best regards,
Arun prabhu SHi All,
Got it!
1. Create portal users,
2. Create a portal user group,
3. Assign Users to User group,
4. Go to System Administration, edit permission of the MDM system, add the user group to the MDM system permission list and save
5. Go to User Management, modify the user grooup, go to the User mapping of the user group and do mapping for MDM system and user group using a valid MDM User name and password and Save
6. In User Management, modify the Portal role for MDM , add the user group to the role and save
7. Edit permission of the role object, add the user group to the permission list and save
Result:
All the users assigned to the user group will be able to access MDM information on the portal correspond to the MDM mapping done at the user group level. This avoids self user mapping in personalization link.
Best regards,
Arun prabhu S -
Customize portal "Help" link based on user roles
Is there a chance to customize the Help link URL in Masthead iView based on user roles? The use case we have is that the "Help" should be different for users of the purchasing company from those of the supplying company.
Thanks.Hello Jay.
This is a multi step process.
Step 1 : Create 2 desktops with everything as same but different mastheads.
- Copy your existing desktop and paste it in your working folder in PCD (Not select Delta link)
- Now download masthead par file.
- Modify your masthead par file where you will disable help link. Rename you masthead file (newMasthead.par) and export it from NWDS. Now import it in portal.
- open your framework page in desktop2. Just add your new masthead in it. Enable the new one and disable the existing one.
Step 2 : Create 2 groups of users. (First one belong to users who wish to see help link . i.e existing desktop) (Second of thoese users who do not have to see help link i.e. newDesktop)
- Assign users to appropriate groups.
- Assign same roles to both groups.
Step 3 : Modify main rule section in PCD.
- If group = HelpLinkUsers Then Desktop1
If group = NoHelpLinkUsers Then Desktop2.
You may find above process bit tedious and lengthy.
But if you wish to further customize your portal then this will be needed one day.
If you find problems in implementing any step then please search in google or SDN.
Please revert back on any specific question on above approach you may face while implementing.
Thanks
Maybe you are looking for
-
Pricing procedure in billing type
How can I change pricing procedure in billing type
-
I have an multiple arrays of numbers 1-10 in different orders. I want to sort them in ascending order. example for(int pass=0; pass < sizeofarray; pass++){ for(int t=0; t < sizeofarray; t++){ if(array[t] > array[t+1]){ hold=ar
-
hi all, I think that you could help me with one JSF trick. I use <h:messages /> to add my messages in browser. How to make my messages to appear every in a separate row,not one after another?? best regards, Nikola
-
I hope its OK to announce a new plugin here. I know its not OK in the Lightroom forum proper. I wouldn't even do it here if it wasn't taking 2+ *******' months to push it through the exchange. Please just let me know if you have an objection and I'll
-
so i bought my macbook at the beginning of august 2012, and 13 months on when i go to purchase a version of logic for the first time i'm only finding out that actually a) i didn't get the newest os at the time & b) i was entitled to a free upgrade. w