BPC10.0 role ZBPC__BUI_ userid
Hi all,
We are in the process of upgrading our BPC system from 7.5 to 10.0 (CPMBPC 801 SP9), and are trying to define the future strategy for maintaining user security for BPC10.0, given that we use CUA on our BW/BPC systems.
We have read sapnote 0001757825 - BPC security supporting CUA, and have some general questions about the BPC generated roles ZBPC__BUI_userid
1. What is this role used for, and do we need to give it to all our BPC users?.
2. We have noticed that these ZBPC__BUI_roles have been generated for existing users after running the 7.5 to 10 migration program. However when we add new users to an environment via BPC web client, there is no ZBPC__BUI role generated for that user. When and how does this ZBPC__BUI role get generated?
3. What is the recommended approach for assigning this role to users in Test and Production systems? Should it be transported from Development, or should it be generated in target systems?
4. Does the name of the role have to include the user ID, because it seems bad practice to name a security role after a user from a maintenance point of view?
5. If required, can we assign a generic dummy role called ZBPC__BUI_DUMMY to all BPC users?
Thanks,
Carlton
Carlton,
We cannot assign a dummy role ZBPC__BUI_DUMMY to all BPC users because if you open a real role ZBPC__BUI_<userid> in your system and display the authorization objects, you can see environment info in the "Sub Namespace". That means this role contains the info that which environment the user can access.
Charlie
Similar Messages
-
GRC AC V10 - one approval step for manager and role owner
Hello Community,
I have one, perhaps easy, question. Where is it possible to maintain the solution of one approval step for manager and roleowner, if both are unique.
E.g.:
simple approval workflow: manager stage afterwards roleowner stage afterwards auto-provisioning
So if the request is routed to the manager and the manager is also the roleowner of the requested authorization role (same UserID). The user has to approve one and the same request twice.
Is it possible in V.10 to change the config that the user has only to approve the request once? And then to decide on which relevant stage settings are valid for this process.
Thanks,
AlexaHi Alexa,
We have had a similar questions raised in a project. In an ideal world, a single "Sign-off approval" would be a great functionality where the same user has to approve the same consecutive stages, but the reason for different stages would entail that the responsibilities entailed per stage differ, e.g. Line Manager would just check the over request, and the role owner etc may be reviewing the elegibility of a specifc role etc.
If it is likely to be the same person reviewing the 2 consecutive stages, maybe a single stage workflow would be sufficient to cover this scenario.
I think the logic you are trying to configure in the workflow is possible but will require alot of work with knowing how to create a clever custom workflow with BRF+ or the actual WF stuff in SAP itself. -
Is it possible to create user-roles associations at run-time?
basically I need to be able to add a user to a role programmatically before the role-based content is displayed to the user.
Example: I have a role called 'Manager' created in the portal. When a user logs on, I detect that the user has the attribute 'job title' = 'Manager' so I add the user to the 'Manager' role and the portal shows the content for the 'Manager' role.Hi Umesh,
Yes, we can add users to the Role programatically.We did that.
Just see the below code to get some idea...
IUserFactory userFactory = UMFactory.getUserFactory();
IRoleFactory roleFactory = UMFactory.getRoleFactory();
IRole role = roleFactory.getRole(roleName);
String userId = "";
//Here userIDS is the list of user-id s to assign.
for (Iterator i = userIDS.keySet().iterator(); i.hasNext();) {
userId = (String) i.next();
role.addUserMember(userId);
Hope this helps you.
Cheers....
Satya
[Pl reward points if this is helpful] -
I'm trying to add a role to multiple users. I've never used a bulk action before and I can't find any documentation. Can somebody point my in the right direction or help me with the syntax/format of a bulk action file?
Hi,
This has to be a csv file.
Syntax for multiple roles
command,user,waveset.roles
Update,userid,Role1|Role2
Update,userid,Role1
Syntax for appending
command,user,waveset.roles
Update,userid,|Merge|Role1|Role2
Thanks. -
Hi,
I have ECC,SCM,EP,BI and LDAP(MS-ADS) servers in my landscape.
Here I want to know information like maintaining of user id for ECC system , As of My knowledge I have three options.
1) Integration of LDAP server to ECC ,then LDAP userID will become ECC userid . In ECC I need to Assign roles to userid manually
2) Downloading the LDAP Userids into Excel sheet and uploading it into the ECC system
3) Manually creating userid through SU01 in ECC system (This process will take much time to create 500 users in ECC)
For EP system we are integrating LDAP server with EP server (WAS JAVA) to maintain userid and assigning roles Manually. Is this process correct?
Please suggest meHi Nancy,
You could also considder to implement Netweaver Identity Management solution.
See the following link: https://www.sdn.sap.com/irj/sdn/nw-identitymanagement
Its a rather new solution but from my oppinion the best to implement now if you still have the choice to make.
Cheers,
Benjamin Houttuin -
How do I assign an action to a user at runtime in GP?
Hi All,
Can anyone give me an insight to how I can assign an action role to a user at runtime? My GP has around 7 actions. One of the actions determines a portal user via a RFC. The user id (portal id) returned by this RFC is whom I want to assign to the following action in the block. How can I achieve this?
Thanks in advance,
TM.Interesting disucssion..:) yeah You are correct you assign user to Role. But you also assign role to action by consolidating the action in one role in role consolidation of process.
You can not assign the processor of action to action. Lets make it simple, I will try to explain the trick in simple terms.
Action Input output Role
[ A - UserId ( UniqueID ) Inititator ][UserRoleAssignment) B UserList-UserIdentifier ProcessorB ]
[ C X X ProcessorB ]
Now what happens in Action B is user which is input get assgined to Role ProcessorB ( becuase it is of that kind of callable object). Since once the user is (user-U) assigned to ProcessorB any of the subsequent step which needs to be performed by ProcessorB can be performed by the same user user-U.
Now I have explicity assigned the Action C to be in the same Role ProcessorB so it will be performed by user-X
One more thing the userID which you have output is uniqueID not the logonID it has to be like USER.PRIVATE_DATASOURCE.un:00000006.
And the ProcessorB needs to be defined as RuntimeDefined.
Hope it make sense. -
Hi,
My lccs application is not running on server even server is supporting ssl.
php version on server is 5.2.14.
i tried to print lccs RTCAccount object on server its giving some fatal error.
i got response like .....
Array
[wrapper_data] => Array
[headers] => Array
[0] => HTTP/1.1 302 Moved Temporarily
[1] => Server: Apache-Coyote/1.1
[2] => X-Powered-By: Servlet 2.4; JBoss-4.2.1.GA (build: SVNTag=JBoss_4_2_1_GA date=200707131605)/Tomcat-5.5
[3] => Expires: Fri, 15 Oct 2010 15:23:37 GMT
[4] => Cache-Control: max-age=30
[5] => Set-Cookie: Whitcomb-Ident=vatrai:na2-sdk-9b17de0a-2188-4f2e-89b2-9453f6eb6be2; Domain=collaboration.adobelivecycle.com; Path=/vatrai
[6] => Location: https://na2.collaboration.adobelivecycle.com/vatrai?mode=xml&accountonly=true&
[7] => Content-Language: en-US
[8] => Content-Length: 0
[9] => Date: Fri, 15 Oct 2010 15:23:06 GMT
[10] => HTTP/1.1 200 OK
[11] => Server: Apache-Coyote/1.1
[12] => Set-Cookie: JSESSIONID=ZubjKocVM3rJinHDTxkN.22; Path=/
[13] => Cache-Control: max-age=0
[14] => Content-Type: text/xml;charset=UTF-8
[15] => Content-Length: 190
[16] => Date: Fri, 15 Oct 2010 15:23:08 GMT
[readbuf] => Resource id #4
[wrapper_type] => cURL
[stream_type] => cURL
[mode] => r
[unread_bytes] => 0
[seekable] =>
[uri] => https://collaboration.adobelivecycle.com/vatrai?mode=xml&accountonly=true&
[timed_out] =>
[blocked] => 1
[eof] =>
Array
[0] =>
Fatal error: Uncaught exception 'RTCError' in /home/myapp/public_html/videos/lccs.php:707 Stack trace: #0 /home/myapp/public_html/videos/lccs.php(587): RTC->http_get('https://collabo...', Array) #1 /home/myapp/public_html/videos/lccs.php(254): RTCAccount->do_initialize() #2 /home/myapp/public_html/videos/a.php(16): RTCAccount->__construct('https://collabo...') #3 {main} thrown in
/home/myapp/public_html/videos/lccs.php on line
707Sorry.... I am pasting here full code of lccs.php...
<?php
** Adobe LiveCycle Collaboration Service Account Management API
** Revision
** $Revision: #1 $ - $Date: 2010/07/26 $
** Author
** Raffaele Sena
** Copyright
** ADOBE SYSTEMS INCORPORATED
** Copyright 2007 Adobe Systems Incorporated
** All Rights Reserved.
** NOTICE: Adobe permits you to use, modify, and distribute this file in accordance with the
** terms of the Adobe license agreement accompanying it. If you have received this file from a
** source other than Adobe, then your use, modification, or distribution of it requires the prior
** written permission of Adobe.
* error thrown or generated by RTC API
class RTCError extends Exception {
* Constants for common user roles
interface RTCUserRole {
const NONE = 0;
const LOBBY = 5;
const VIEWER = 10;
const PUBLISHER = 50;
const OWNER = 100;
* Constants for node configuration
interface NodeConfiguration {
const STORAGE_SCHEME_SINGLE_ITEM = 0;
const STORAGE_SCHEME_QUEUE = 1;
const STORAGE_SCHEME_MANUAL = 2;
* a class that generates RTC authentication tokens
class RTCAuthenticator {
private $authURL;
function __construct($url) {
$this->authURL = $url;
// Get an RTC authentication token give login and password.
function login($user, $password, & $retHeaders) {
$headers = array (
"Content-Type" => 'text/xml'
$data = "<request><username>{$user}</username><password>{$password}</password></request>";
$resp = RTC::http_post($this->authURL, $data, $headers);
if (RTC::$DEBUG)
echo "$resp\n";
try {
$result = new SimpleXMLElement($resp);
} catch (Exception $e) {
throw new RTCError("bad-response");
if ($result['status'] == "ok") {
$auth = $result->authtoken;
if ($auth['type'] == "COOKIE") {
$retHeaders["Cookie"] = (string) $auth;
return null;
} else {
$gak = base64_encode($auth);
return "gak={$gak}";
} else
throw new RTCError($resp);
// Get a guest authentication token.
function guestLogin($user) {
$guk = base64_encode("g:{$user}:");
return "guk={$guk}";
* a class that deals with meeting sessions and # external collaboration
class RTCSession {
private $instance;
private $account;
private $room;
private $secret;
function __construct($instance, $account, $room) {
$this->instance = str_replace("#room#", $room, $instance);
$this->account = $account;
$this->room = $room;
* get an external authentication token
function getAuthenticationToken($accountSecret, $name, $id, $role) {
$role = (int) $role;
if ($role < RTCUserRole::NONE || $role > RTCUserRole::OWNER)
throw new RTCError("invalid-role");
$utfname = utf8_encode($name);
$token = "x:{$utfname}::{$this->account}:{$id}:{$this->room}:{$role}";
$signature = $this->sign($accountSecret, $token);
$signed = "{$token}:{$signature}";
// unencoded
// $ext = "ext={$signed}";
// encoded
$encoded = base64_encode($signed);
$ext = "exx={$encoded}";
return $ext;
* get the userId that the server will generate for this user
function getUserID($id) {
return strtoupper("EXT-{$this->account}-{$id}");
function getSecret($baseURL, $authToken, $authHeaders) {
$data = RTC::http_get("{$baseURL}app/session?instance={$this->instance}&{$authToken}", $authHeaders);
if (RTC::$DEBUG)
echo $data;
$response = new SimpleXMLElement($data);
$this->secret = (string) $response-> {
'session-secret' };
function invalidate($baseURL, $authToken, $authHeaders) {
$data = "action=delete&instance={$this->instance}&{$authToken}";
$res = RTC::http_post("${baseURL}app/session", $data, $authHeaders);
if (RTC::$DEBUG)
echo $res;
$this->instance = null;
$this->account = null;
$this->room = null;
$this->secret = null;
private function sign($acctSecret, $data) {
$key = "{$acctSecret}:{$this->secret}";
// Calculate HMAC-SHA1 according to RFC2104
// http://www.ietf.org/rfc/rfc2104.txt
$blocksize = 64;
$hashfunc = 'sha1';
if (strlen($key) > $blocksize)
$key = pack('H*', $hashfunc ($key));
$key = str_pad($key, $blocksize, chr(0x00));
$ipad = str_repeat(chr(0x36), $blocksize);
$opad = str_repeat(chr(0x5c), $blocksize);
$hmac = pack('H*', $hashfunc (($key ^ $opad) .
pack('H*', $hashfunc (($key ^ $ipad) . $data))));
return bin2hex($hmac);
* A class that contains room or template item information.
class RTCItem {
public $name;
public $desc;
public $created;
function __construct($name, $desc, $created) {
$this->name = $name;
$this->desc = $desc;
$this->created = date_create($created);
* a class that deals with account information and provisioning
class RTCAccount {
const ROOM_ITEMS = "meetings";
const TEMPLATE_ITEMS = "templates";
public $url;
private $authToken;
private $uathHeaders;
private $authenticator;
private $baseURL;
private $contentPath;
function contentURL() {
return "{$this->baseURL}app/content{$this->contentPath}";
function __construct($url) {
$this->url = $url;
$this->authToken = null;
$this->authHeaders = array ();
$this->authenticator = null;
$this->baseURL = null;
$this->contentPath = null;
$this->roomInstance = null;
if (RTC::$DEBUG)
echo RTC::$VERSION . "\n";
$this->do_initialize();
// Return the node configuration
function getNodeConfiguration($room, $coll, $node) {
$instance = str_replace("#room#", $room, $this->roomInstance);
$path = "/{$coll}/nodes/{$node}/configuration";
return RTC::http_get("{$this->baseURL}app/rtc?instance={$instance}&path={$path}&{$this->authToke n}", $this->authHeaders);
// Return the RTC items given collection and node
function fetchItems($room, $coll, $node, $items = null) {
$instance = str_replace("#room#", $room, $this->roomInstance);
$params = "instance={$instance}&collection=${coll}&node={$node}";
if ($items != null) {
if (!is_array($items))
$items = array (
$items
while (list ($i, $it) = each($items)) {
$params .= "&item={$it}";
$params .= "&{$this->authToken}";
return RTC::http_get("{$this->baseURL}app/rtc?{$params}", $this->authHeaders);
// Publish an item
function publishItem($room, $collection, $node, $item, $overwrite = false) {
$headers = array_merge($this->authHeaders, array ( "Content-Type" => 'text/xml' ));
$instance = str_replace("#room#", $room, $this->roomInstance);
$params = "instance={$instance}&action=publish&collection={$collection}&node={$node}";
if ($overwrite) $params .= "&overwrite={$overwrite}";
$params .= "&{$this->authToken}";
$data = "<request>" . RTC::array_toXML($item, "item") . "</request>";
return RTC::http_post("{$this->baseURL}app/rtc?{$params}", $data, $headers);
// Retract an item
function retractItem($room, $collection, $node, $itemID) {
$instance = str_replace("#room#", $room, $this->roomInstance);
$data = "instance={$instance}&collection={$collection}&node={$node}&item={$itemID}&{$this->authTo ken}";
return RTC::http_post("{$this->baseURL}app/rtc", $data, $this->authHeaders);
// Set user role
function setUserRole($room, $userID, $role, $coll = null, $node = null) {
$instance = str_replace("#room#", $room, $this->roomInstance);
$data = "instance={$instance}&action=setrole&user={$userID}&role={$role}";
if ($coll != null)
$data .= "&collection={$coll}";
if ($coll != null)
$data .= "&node={$node}";
$data .= "&{$this->authToken}";
return RTC::http_post("{$this->baseURL}app/rtc", $data, $this->authHeaders);
// Returns information about the account, if active
function getAccountInfo() {
$acctid = explode('/', $this->roomInstance);
$acctid = $acctid[0];
$data = RTC::http_get("{$this->baseURL}app/account?account={$acctid}&{$this->authToken}", $this->authHeaders);
return $data;
// Returns information about the room/instance, if active
function getRoomInfo($room) {
$instance = str_replace("#room#", $room, $this->roomInstance);
$data = RTC::http_get("{$this->baseURL}app/account?instance={$instance}&{$this->authToken}", $this->authHeaders);
return $data;
private function do_initialize() {
if ($this->contentPath)
return true;
$data = RTC::http_get("{$this->url}?mode=xml&accountonly=true&{$this->authToken}", $this->authHeaders);
if (RTC::$DEBUG)
echo $data;
try {
$xml = new SimpleXMLElement($data);
} catch (Exception $e) {
throw new RTCError("bad-response");
if ($xml->getName() == "meeting-info") {
$this->baseURL = '' . $xml->baseURL['href'];
$this->url = rtrim($this->baseURL, '/') . parse_url($this->url, PHP_URL_PATH);
$this->contentPath = '' . $xml->accountPath['href'];
if ($xml->room)
$this->roomInstance = '' . $xml->room['instance'];
return true;
if ($xml->getName() == "result") {
if ($xml['code'] == "unauthorized") {
if ($xml->baseURL) {
$this->baseURL = '' . $xml->baseURL['href'];
$this->url = rtrim($this->baseURL, '/') . parse_url($this->url, PHP_URL_PATH);
$authURL = '' . $xml->authentication['href'];
if (substr($authURL, 0, 1) == '/') {
$authURL = $this->baseURL . $authURL;
$this->authenticator = new RTCAuthenticator($authURL);
return false;
throw new RTCError($data);
class RTC {
public static $DEBUG = false;
public static $USE_CURL = false;
public static $VERSION = '$Revision: #1 $ - $Date: 2010/07/26 $';
function http_get($url, $headers = null) {
if (RTC::$DEBUG) {
echo "http_get: {$url}\n";
if ($headers != null)
print_r($headers);
if (RTC::$USE_CURL) {
* use curl library
$req = curl_init($url);
//if (RTC::$DEBUG) curl_setopt($req, CURLOPT_VERBOSE, true);
curl_setopt($req, CURLOPT_RETURNTRANSFER, true);
curl_setopt($req, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($req, CURLOPT_SSL_VERIFYPEER, false);
if ($headers)
curl_setopt($req, CURLOPT_HTTPHEADER, $headers);
$resp = curl_exec($req);
$error = curl_error($req);
if ($error == "")
$status = curl_getinfo($req, CURLINFO_HTTP_CODE);
else
$status = $error;
curl_close($req);
if ($error != "" && $status != 200)
throw new RTCError($error);
else
return $resp;
} else {
* use streams
if ($headers == null)
$header = '';
else {
$header = "";
foreach ($headers as $name => $value) {
if ($header != "")
$header .= "\r\n";
$header = $header . $name . ": " . $value;
$opts = array (
'http' => array (
'method' => 'GET',
'header' => $header
$context = stream_context_create($opts);
$fp = fopen($url, 'r', false, $context);
if (!$fp)
throw new RTCError("connection-failed");
$meta = stream_get_meta_data($fp);
$statusLine = explode(' ', $meta['wrapper_data'][0], 3);
$resp = stream_get_contents($fp);
fclose($fp);
// printf("<pre>%s</pre>", print_r($meta, TRUE));
//printf("<pre>%s</pre>", print_r($resp, TRUE));
//printf("<pre>%s</pre>", print_r($statusLine, TRUE));
if ($statusLine[1] == "200" | $statusLine[1] == "302")
return $resp;
else
throw new RTCError($statusLine[1]);
function http_post($url, $params, $headers = null) {
if (is_array($params))
$data = http_build_query($params);
else
$data = $params;
if (RTC::$DEBUG) {
echo "http_post: {$url} {$data}\n";
if ($headers != null)
print_r($headers);
if ($root == 'configuration')
$result .= '</field>';
else
$result .= '</property>';
if ($root != null)
$result .= "</{$root}>";
return $result;
if (!isset($_SERVER['QUERY_STRING'])) {
function usage($progname) {
echo "usage: {$progname} [--debug] [--host=url] account user password command parameters...\n";
echo "\n";
echo "where <command> is:\n";
echo " --list\n";
echo " --create room [template]\n";
echo " --delete room\n";
echo " --delete-template template\n";
echo " --ext-auth secret room username userid role\n";
echo " --invalidate room\n";
echo "\n";
echo " --get-node-configuration room collection node\n";
echo " --fetch-items room collection node\n";
echo " --register-hook endpoint [token]\n";
echo " --unregister-hook\n";
echo " --hook-info\n";
echo " --subscribe-collection room collection\n";
echo " --unsubscribe-collection room collection\n";
echo " --create-node room collection [node]\n";
echo " --remove-node room collection [node]\n";
echo " --set-user-role room userID role [collection [node]]\n";
echo " --publish-item room collection node itemID body\n";
echo " --retract-item room collection node itemID\n";
exit(1);
function getRole($role) {
$role = strtolower($role);
if ($role == "none")
return RTCUserRole::NONE;
else if ($role == "lobby")
return RTCUserRole::LOBBY;
else if ($role == "viewer")
return RTCUserRole::VIEWER;
else if ($role == "publisher")
return RTCUserRole::PUBLISHER;
else if ($role == "owner")
return RTCUserRole::OWNER;
else if (is_numeric($role))
return intval($role);
else
throw new RTCError("invalid-role");
// running from the command line
$args = $_SERVER['argv'];
$progname = array_shift($args);
$host = "http://connectnow.acrobat.com";
$accountName = "<YOUR DEVELOPER ACCOUNT NAME>";
$username = "sdkuser";
$password = "sdkpassword";
while (count($args) > 0) {
$arg = $args[0];
if ($arg == "--debug")
RTC::$DEBUG = true;
else if (strncmp($arg, "--host=", 7) == 0)
$host = substr($arg, 7);
else if (strncmp($arg, "-", 1) == 0) {
echo "invalid option: $arg\n";
$args = array();
else
break;
array_shift($args);
if (count($args) < 3) {
usage($progname);
$accountName = array_shift($args);
$username = array_shift($args);
$password = array_shift($args);
$host = rtrim($host, '/');
$accountURL = "{$host}/${accountName}";
try {
$am = new RTCAccount($accountURL);
$am->login($username, $password);
if (count($args) == 0 || $args[0] == "--list") {
echo "==== template list for {$accountName} ====\n";
foreach ($am->listTemplates() as $t) {
echo "{$t->name}:{$t->created->format(DATE_RFC822)}\n";
echo "==== room list for {$accountName} ====\n";
foreach ($am->listRooms() as $r) {
echo "{$r->name}:{$r->desc}:{$r->created->format(DATE_RFC822)}\n";
else if ($args[0] == "--create") {
$am->createRoom($args[1], count($args) > 2 ? $args[2] : null);
else if ($args[0] == "--delete") {
$am->deleteRoom($args[1]);
else if ($args[0] == "--delete-template") {
$am->deleteTemplate($args[1]);
else if ($args[0] == "--ext-auth") {
if (count($args) >= 6)
$role = getRole($args[5]);
else
$role = RTCUserRole::LOBBY;
$session = $am->getSession($args[2]);
$token = $session->getAuthenticationToken($args[1], $args[3], $args[4], $role);
echo $token . "\n";
else if ($args[0] == "--info") {
if (count($args) == 1) {
echo $am->getAccountInfo();
} else {
echo $am->getRoomInfo($args[1]);
else if ($args[0] == "--get-node-configuration") {
echo $am->getNodeConfiguration($args[1], $args[2], $args[3]);
else if ($args[0] == "--fetch-items") {
echo $am->fetchItems($args[1], $args[2], $args[3]);
else if ($args[0] == "--register-hook") {
if (count($args) > 2)
echo $am->registerHook($args[1], $args[2]);
else
echo $am->registerHook($args[1]);
else if ($args[0] == "--unregister-hook") {
echo $am->unregisterHook();
else if ($args[0] == "--hook-info") {
echo $am->getHookInfo();
else if ($args[0] == "--subscribe-collection") {
if (count($args) > 3)
echo $am->subscribeCollection($args[1], $args[2], $args[3]);
else
echo $am->subscribeCollection($args[1], $args[2]);
else if ($args[0] == "--unsubscribe-collection") {
if (count($args) > 3)
echo $am->unsubscribeCollection($args[1], $args[2], $args[3]);
else
echo $am->unsubscribeCollection($args[1], $args[2]);
else if ($args[0] == "--publish-item") {
echo $am->publishItem($args[1], $args[2], $args[3],
array( 'itemID' => $args[4], 'body' => $args[5] ));
else if ($args[0] == "--retract-item") {
echo $am->retractItem($args[1], $args[2], $args[3], $args[4]);
else if ($args[0] == "--create-node") {
echo $am->createNode($args[1], $args[2], $args[3]);
else if ($args[0] == "--remove-node") {
if (count($args) > 3)
echo $am->removeNode($args[1], $args[2], $args[3]);
else
echo $am->removeNode($args[1], $args[2]);
else if ($args[0] == "--set-user-role") {
$role = getRole($args[3]);
if (count($args) > 5)
echo $am->setUserRole($args[1], $args[2], $role, $args[4], $args[5]);
else if (count($args) > 4)
echo $am->setUserRole($args[1], $args[2], $role, $args[4]);
else
echo $am->setUserRole($args[1], $args[2], $role);
else {
usage($progname);
} catch(RTCError $e) {
echo "Error: {$e}";
?>
Thanks,
Vishnu -
Hi All,
I'm having a real problem with the below method titled Not Working:. This method will INSERT data into a MS Access data base all day long, but it will always insert it at the same record. It never actually creates a new record, inserts the data and then saves that record. However, the second code example that I have titled Working: will create a new record, insert the data and then save the record. What is wrong with the Not Working code? I can't figure it out.
Please help!
Thanks,
=================================================================
Not Working:
public void add(Account account)
throws DAOException, DAOAddException
if (account == null)
throw new DAOAddException("Invalid account on add.");
Connection dbConnection = MSAccessDAOFactory.getConnection();
Statement statement = null;
try
String strSql = "INSERT INTO Accounts (" +
"USERID, PASSWORD, ROLE )" +
"VALUES (" +
DBUtil.createSqlField(account.getUserID()) + ", " +
DBUtil.createSqlField(account.getPassword()) + ", " +
DBUtil.createSqlField(account.getRole()) + ")";
statement = dbConnection.createStatement();
int nResult = statement.executeUpdate(strSql);
if (nResult != 1)
throw new DAOAddException("Account insert failed.");
else
System.out.println("Account added:");
account.show();
catch (SQLException sqlEx)
throw new DAOException("Account insert failed: " + sqlEx);
finally
if (statement != null)
try { statement.close(); }
catch (SQLException sqlEx) {}
=================================================================
Working:
try
Connection con = DriverManager.getConnection(DB_URL);
System.out.println("got connection");
Statement s = con.createStatement();
String sql =
"INSERT INTO Accounts"
+ " (USERID, PASSWORD, ROLE)"
+ " VALUES"
+ " ('"
+ userID
+ "',"
+ " '"
+ password
+ "',"
+ " '"
+ role
+ "')";
System.out.println("\n" + sql);
int i = s.executeUpdate(sql);
System.out.println("\n" + "executed");
if (i == 1)
message = "Successfully added one user.";
sql = "SELECT * FROM Accounts";
ResultSet rs = s.executeQuery(sql);
System.out.println("\n" + sql);
while (rs.next()){
System.out.println("");
System.out.println("ID: " + rs.getString(1));
System.out.println("UserID: " + rs.getString(2));
System.out.println("Password: " + rs.getString(3));
System.out.println("Role: " + rs.getString(4));
rs.close();
s.close();
con.close();
catch (SQLException e)
message = "Error." + e.toString();
error = true;
catch (Exception e)
message = "Error." + e.toString();
error = true;
if (message != null)
}If one works and the other doesn't, then they must generate different SQL statements. My idea (blatantly obvious as it may sound) would be to actually look at those statements, rather than wasting time looking at the code that generates them.
-
Recommended procedure for SOLMAN_SETUP when CUA is Active
We have upgraded to Ehp1/SP20 in Solution Manager. As recommended, we want to use the guided procedure SOLMAN_SETUP to automatically generate the roles and userids required in the managed systems. DEV/BWD/PID etc. We use CUA and it is active in the managed systems so the Userids, Roles, Profiles etc are not in the managed system nor are they in the CUA parent client.
What is the recommended approach/Best Practice to configure Solution Manager with CUA active?
TIAHI,
Please refer to the RCA- User Administration Guide.
This is under https://service.sap.com/diagnostics.
The guide contains all the details, including the scenario for CUA, closely follow the guide and make sure everything is in place for authorizations.
Hope this helps.
Feel free to revert for any issues.
Thanks,
Jagan -
User Management tool problem ?
Hi,
I'm facing problem in usermanagement tool,
Here is which i follow to maintain contact person details in UM tool:
1)in BP we created we maintained BP general and under internet user we maintained Roles with userid and password also and we created a relationship for this BP,and in SU01 we maintained authorization same as under roles,profiles.But when we try to see this created userid in inernet tab it is not displaying any thing under usermanagement tool in web..so,please advice where i did went wrong step as above i given details ..please reslove my problem..
Thanks&Regards,
Vasu..Hi,
Please check the Internet Sales B2B Best Practices guide for the profiles that would be required. Also, there is a Best Practices guide which talks on the authorizations as well.
Please check the same.
Regards TVS -
Extract the userID that set a role for a specific user
Hi all @SAP Forums,
I'm going to write a simple report to extract some information about users and role assignments in the system I'm working on.
The requirements is quite simple; for every user in the USR02 table, I have to extract some info about the roles the user has.
In order to do so, it's quite straightforward to find roles for a particular user looking into the AGR_USERS table, but ... I'd like to know if there's a way to find the user who set the role assignment for that specific user; the problem is that I cannot find that information in any AGR* tables, so I start to think it's not a stored information I can retrieve in any way.
Any hints/suggests you can give me? Thanks in advance.Hello muthu,
useful link to refer to when I'll need to extract a full username (first and surname) for a userId. But the question, forgive me if I've been not-so clear, was different.
A (key) user, say A123456, sets a role for another user (A00000) in SRM... let's suppose now A00000 becomes a buyer. I'd like to know if there's a way, starting from the user A00000, to understand WHO had given him his role (in this case, A123456) and WHEN... I can see the CHANGE_DAT field in AGR_USERS about the "when"... where can I (if I can, obviously) find WHO set the role for A00000 ?
Thanks again, sorry if I've been not that clear in explaining -
Any ideas on restricting userID Role Assigment within the SAP Security Team
Hello,
I have gotten a request to look into restriction of assignment of roles to oneself within the company SAP Security Team. Thoughts I have come up with so far involve the use of UserID User Groups, Role Assignment Ranges, and forcing all role assignements for all userIDs through GRC-AC CUP for QA and Prod. Has anyone come up with a workable solution that is outside of these suggestions that they have put into practice?
Thanks in advance for your help!
JohnHi John,
There can be a manual control in place and individual should not assign role/s to himself / herself.
Otherwise, security team members can be assigned to a specific group (let say Security) and they shouldn't have access to authorization S_USER_GRP with ACTVT 22 & CLASS - Security.There should be a dedicated power user to assign the role/s to the security team members and this can be auditted (SM20 log for manual super user / FireFighter log for FireFighter user).
Thanks
Prasanna -
IIS - assigning a userid to a role
When we use IIS as HTTP proxy we can retrieve the complete correct
userid. Is it possible to assign this userid to a role in the filerealm
without having to define a password for it. This way we can assign the
correct role for that user without the need for prompting for a
password. (If we use NTRealm we also have a problem, we can't have
several Windows Primary Domain Controllers in 1 cashinf realm).
Regards,
MergI can see publish query To Role, To Portal & BEx broadcaster, this will publish my query. My need is to publish or assign workbook to a role. When you log in through Bex Analyzer, you have two options 1). Open Query, 2). Open workbook., If you choose Open workbook, you can see all workbooks created. I would like to assign these workbooks to a role. Otherwise these workbooks will be saved in the favourites and no one else can view this other then me.
-
Necessary Roles/authorizations required to Userid for workflow assignment.
Hi all,
Am working on a Custom workflow assignment.
This is the first time, customer is working on workflows in this system.
Henceforth, we need to do basic setup/configuration, before starting actual work.
I want to know, what all Roles/authorizations are required for my userid throughout the assignment.
Currently, we have got,
EXX_BC_SAP_ALL_RESTRICTED :: All authorization without basis
SAP_BC_BMT_WFM_ADMIN::Administrator for Business Workflow
SAP_BC_BMT_WFM_DEVELOPER::Developer for Business Workflow
SAP_SWFMOD_ADMIN::Workflow Modeler Administrator
Are these sufficient or do we need any other roles?
With above authorizations, i am unable to access below mentioned t-codes,
SWNCONFIG Extended notifications for business workflow
SWU3 Automatic Workflow Customizing
SWWCOND_INSERT Schedule background job for work item deadline monitoring
SWWCLEAR_INSERT Schedule background job for clearing tasks
Pls let me know the role, i need to get for above t-codes.
Kindly go thru your SU01 t-code & let me know what all roles are used in your workflow system.
cheers.
santosh.Hi,
I recommend you to have roles related to SWLD tcode (SAP menu Workflow). The basis must know what are the exact names.
These are some roles:
SAP_BC_BMT_WFM_ADMIN --> Administrator for Business Workflow
SAP_BC_BMT_WFM_CONTROLLER --> Process Controller for Business Workflow
SAP_BC_BMT_WFM_DEVELOPER --> Developer for Business Workflow
SAP_BC_BMT_WFM_GP_ADMIN --> Role for Guided Procedure Business Workflow Administrators
SAP_BC_BMT_WFM_GP_SERVICE_USER -->Service User for Guided Procedures Business Workflow API
SAP_BC_BMT_WFM_PROCESS --> Business Workflow Implementation Team
SAP_BC_BMT_WFM_UWL_ADMIN --> UWL: Administrator for Workflow Functionality
SAP_BC_BMT_WFM_UWL_END_USER --> UWL: End User for Workflow Functionality
SAP_SWFMOD_ADMIN --> Workflow Modeler Administrator
SAP_SWFMOD_TRANSPORT --> Access to transport manager
SAP_SWFMOD_USER --> Workflow Modeler Administrator
SAP_WF_ADMINISTRATION --> Business Workflow: Work for administrator
SAP_WF_CONTROLLER --> Business Workflow:Work for process controller
SAP_WF_EVERYONE --> Business Workflow: Work for Everyone
SAP_WF_IMPLEMENTATION --> Business Workflow: Work for Implementation Team
Regards, -
Role - responsibility add userid
I want to to add user id's to responsibilities (RULE). Can I directly do in production environment or have to create in development and then transport to production client. Do i need access to t-code for that PFAC_CHG.
ThanksHi friend
The userid are maitained in communication infotype 105 and subty 0001 . All these userid has to be maintained or upload the data into individual client. But responsiabilty you have to individually configured in dev,quality and in production. If you create in dev and tranport to quality the datas in the responsibility will not get transfered you have to individually need to do in all the servers.
Regards
vijay
Maybe you are looking for
-
Hi, I tried to create the mailform in the IC Manager role and getting the below issue (We are having CRM 7.0). First I filled the ID, Desc, Attribute Context=ERMS and Subject. Then I I placed the cursor in the Text element to enter the body of email.
-
I have completed the slide show i am making, but not sure what to do now. I want to burn it to a dvd, but not sure if i can do that from iphoto or do i need to export to imovie or idvd? If i need to export, will iphoto save a copy in iphoto? This may
-
Visual Composer 7.0-Change the Y-axis from decimal scale value to integer
Hi Experts, I'm new in Visual Composer 7.0, my report is work fine, but when I want to show the data in bar-chart, the values on y-axis are 0.0, 0.4.0.8,1.2,1.6.2.0 but i want like 1,2,3,4. Normally, this happen when values on y-axis less than 5, if
-
Capitalization of first character in a sentence
Is there a 'switch' that should be turned on to ensure that the first character in a sentence or paragraph is automatically a capital letter?
-
/usr/lib/hpux64/dld.so: Unsatisfied code symbol 'pidbod' in load module
Dear Gurus, Installation is cancelled at the phase DB creation due to the following error after oracle software installation. Oracle base software (10.2.0.1) is installed, patches (10.2.0.4) are applied. after this unable to login sqlplus with the fo