Creating Single Role from Many Roles

Hi,
Can we created a single role(not composite) from many roles?? i.e. all the authorisations of n roles being copied into a single new role??

You can create a composite role in PFCG and just include the other roles within it. But there is no functionality to merge roles into one another.
If you need more detail, the I suggest you ask your question in the Security Forum.
Hope that helps.
J. Haynes
Denver CO US

Similar Messages

Create single-roles in satellite-system

Hello everybody,
I want to create Single-role´s in a satellite-system over RFC but the Fm´s in the Functiongroup PRGN are not remotable. Is there an alternative way to create these single-roles in a satellite-system? Up-/download and transport function isn't a alternative because my requirement is to create the single-roles an from excel-import. I considered that one way could be to copy the roles in the satellite.
Regards,
Christian

You can create an RFC-able FM that is a wrapper for that FM.
Neal

Document on How to Create Single Roles in ecatt

I have created a document displaying how to create single roles using ecatt.
I hope this helps.
How do I add the file to this thread?
Message was edited by:
Mohammed Junaid Khan

hi Junaid,
I don't think u can save files here. U can give links here.
If possible, can you please send that file to me through mail to [email protected]
I am getting error while creating a ecatt script in BI 7.0 system for creating roles.
Hopes yours may help.
thanks,
venkat

Any Tutorial / Sample to create Single PDF from multiple source files using PDF assembler in a watched folder process.

Any Tutorial / Sample to create Single PDF from multiple source files using PDF assembler in a watched folder process. I have a client application which will prepare number of source files and some meta data information (in .XML) which will be used in header/footer. Is it possible to put a run time generated DDX file in the watch folder and use it in Process. If possible how can I pass the file names in the DDX. Any sample Process will be very helpful.

If possible, make use of Assembler API in your client application instead of doing this using watched folder. Here are the Assembler samples : LiveCycle ES2.5 * Programming with LiveCycle ES2.5
Watched folder can accept zip files (sample : Configuring a watched folder to handle multiple input files and write results to a single folder | Adobe LiveCycle Blog ). You can also use execute script to create the DDX at runtime : LiveCycle ES2 * Application Development Using LiveCycle Workbench ES2
Thanks
Wasil

Creating single role by copying profiles from other roles

HI ,
I am creating a single role from 4 roles. Ihave copied the authorizations of 4 roles and added into the new role. This is done by copying the profiles.
Problems Faced :-->
1. )In table AGR_TCODES i am not able to see the Tcodes for this new single role present in the new role, whereas if i goto object S_TCODE i am able to see tcodes and have that access.
2.) Some of the objects are not copied into this new role. Even from the roles whose all other objects are copied into this role.
Can anybody help me on this and also if someone knows what other problems can be faced by doing this.
<removed_by_moderator>
Thanks,
Rajesh
Edited by: Julius Bussche on Oct 15, 2008 3:55 PM

Hi Rajesh,
If you have created a role by copying authorizations, then it is possible to get the t-codes provided your role contains the auth.obj S_TCODE which you might have copied manually from one or two among the 4 roles.
If S_TCODE exists in your role then you can find out the t-codes belonging to this role through SUIM->Transactions->Executable for Roles-> Insert your role name
or
Go to SE16-> Table AGR_1251->
In the field AGR_NAME, give the role name
In the field OBJECT, enter S_TCODE and then
Execute.
Q.My second question THere is one role created by some user I am checking it in AGR_Tcodes and SUIM ....I am finding that the no. of Tcodes in both cases donot match....Can anybody tell where i can look for this and what is the possible reason.
Possible reasons for this could be that some of the t-codes have been entered into the role manually and not through the menu in PFCG and as mentioned earlie that AGR_TCODES only shows the transactions that exists in the menu of the role.
It could also be that the manually entered t-codes contains wildcards specifying a range of values.
The best option would be to find it out from the AGR_1251 table.
Hope this helps !
Thanks,
Saby..

Acrobat 9.3.4 issue: Creating single PDF from Multiple PDFs

Hey all,
My setup:
• Mac OS 10.6.4 / Mac Pro dual / 6GB RAM
• Adobe CS5 Master Collection
• Acrobat Pro 9.3.4
Just ran into issue (critical) I have not encountered before, but it is frighteningly reminiscent of the InDesign CS5 problem of the "Document fonts" folder issues and Small Caps/All Caps. Here's the scenario:
1. In an IDCS5 document I've used the "All Caps" command to give a heading that characteristic (font used is Avenir 95 Black; type 1).
2. Export to PDF (Print), and receive a correct PDF, with the All Caps designation showing/printing correctly.
3. Open it in both Acrobat 9.3.4 and Adobe Reader 9.3.4, and the file is correct (see attachment 1, below).
4. I then make several other single-page PDFs and save them all to a new folder.
After creating these single-page PDFs for client review, the client has requested that a random number of these PDFs be compiled into a single PDF, which is no problem--it's a common request which we do all the time. The steps for this are:
1. Launch Acrobat Pro 9.3.4
2. Choose File>Create PDF>Merge Files into a Single PDF; dialogue box pops up.
3. Click the "Add Files" button in the upper left corner of dialogue box (Single PDF button is selected in top right corner of box).
4. Navigation window pops up, allowing me to choose the folder created in step 4, above, which contains the PDFs I need.
5. Highlight the desired PDFs, and arrange them in the desired order; click on the "Combine Files" button in the lower right corner of dialogue box. 6. PDFs are generated, and I save the resulting PDF; I then open it in either Adobe Reader 9.3.4 or Acrobat Pro 9.3.4 to verify all went well, and to my disappointment, notice the incorrect interpretation of the "All Caps" line of type (see attachment 2, below).
I have verified that a PDF file exported through IDCS5 works correctly, and making the 'combined' PDF by making a new IDCS5 document and adding the necessary pages and exporting a single PDF works correctly, as well. The problem is that the "Combine..." feature in Acrobat Pro is our workflow, because it allows for single PDFs to be combined into one WITHOUT having to set up a new IDCS5 document specifically for the final PDF; to do so would require countless numbers of IDCS5 files in order to get the randomly chosen pages into one PDF.
Has anyone else encountered this problem, and if I overlooked a similar post, my apologies. Thanks in advance...
Cheers!
Mikey

The issue is related to font embeddings. If all of the pdfs had contained the entire font set rather than font subsets this would not be an issue. The way to tackle the problem is to use the PDF optimizer to remove ALL font embeddings. Then use the Preflight to to re-embed the fonts.

Graphical mess-mapping help needed: select single segment from many

Hi All,
I am sending a standard PO IDOC from R/3 and converting it into a file before sending to 3rd party.
The IDOC used is ORDERS.
In this IDOC segment E1EDK14 gets repeated in R/3 and I want to use the value of 009th occurance (E1EDK14 009) to map my values.
When I look at XML, it looks as follows
<E1EDK14 SEGMENT="1">
         <QUALF>014</QUALF>
         <ORGID>AB1</ORGID>
      </E1EDK14>
      <E1EDK14 SEGMENT="1">
         <QUALF>009</QUALF>
         <ORGID>CD1</ORGID>
      </E1EDK14>
      <E1EDK14 SEGMENT="1">
         <QUALF>013</QUALF>
         <ORGID>AA</ORGID>
      </E1EDK14>
      <E1EDK14 SEGMENT="1">
         <QUALF>011</QUALF>
         <ORGID>GDE</ORGID>
      </E1EDK14>
I need to get the ORGID value of 009th segment( i.e when QUALF (above) has value '009'.
I tried to put a simple if condition in mapping (if qualf = 009-->then get ORGID), but it does not work.
Can you help.
Many thanks
Shirin

Thanks Prakasu,
I tried it again, but it is picking the first segment value and not the 009th one.
Many thanks
Shirin
Edited by: Shirin K on Oct 24, 2008 10:56 AM
Edited by: Shirin K on Oct 24, 2008 11:00 AM

Creating Single TreeTable from two self linking VOs

Hi,
Lets say, I want to show the organization structure in TreeTable in following format
NOTE: I am sorry, I am not able to get the indentation. Every row in below layout is indented one level compared to above row
Continent
Country
AreaHead
Employees
So the layout should look like
Asia
India
Ahead01
Emp01
               Emp02
Below are the tables I am using
1. LOCATION – Self linking table which displays continents and countries hierarchically.
Eg:
     | Location | Location_ID | Parent_Location_ID |
     | India | 100 | 101 |
     | Asia Pacific | 101 | 102 |
2. EMPLOYEE Table – Employee table which holds employee details
     Its a self linking table which defines manager, team member relationship
     Holds a foreign key to LOCATION table
     | Employee_ID | Name | Designation | Location | Manager_ID |
     | 100 | Emp01 | Area Head | 100 | |
     | 101 | Emp02 | Department Head | 100 | 100 |
I have created two VOs LOCATION, EMPLOYEE and two self referencing view links
     one on LOCATION.LOCATION_ID to LOCATION.PARENT_LOCATION_ID
     one on EMPLOYEE.EMPLOYEE_ID to EMPLOYEE.MANAGER_ID
While displaying as a tree table the details of EMPLOYEE table should start from the leaf node of LOCATIONS table.
Please let me know the best way of achieving this. I am okay with creating a VO programatically accessing other VOs?
I am using JDeveloper: 11.1.1.3.0
Edited by: 817895 on Dec 5, 2010 6:06 AM
Edited by: 817895 on Dec 5, 2010 6:13 AM

Hi,
see sample 32 on http://www.oracle.com/technetwork/developer-tools/adf/learnmore/index-101235.html
Frank

Trying to create single select from two

Hi all, i am new to this forum so be gentle with me...;-)
i have got the following two queries that group by a number of columns and return counts of the grouped columns....now the question is, can i get a single query out of this with the two counts still coming out as two seperate counts but all grouped together...any advice gratefully received...
1)
SELECT BUSINESS_EVENT_DATE,
     nvl(POS_TYPE,'NONE') POS_TYPE,
     nvl(APPLICATION_TYPE, 'NONE') APPLICATION_TYPE,
     nvl(PROCESSING_AREA, 'NONE') PROCESSING_AREA,
     COUNT(*) APPS_RCVD
FROM APPLICATION_FACT
GROUP BY BUSINESS_EVENT_DATE, POS_TYPE, APPLICATION_TYPE, PROCESSING_AREA
2)
SELECT AF.BUSINESS_EVENT_DATE,
     nvl(AF.POS_TYPE,'NONE') POS_TYPE,
     nvl(AF.APPLICATION_TYPE, 'NONE') APPLICATION_TYPE,
     nvl(AF.PROCESSING_AREA, 'NONE') PROCESSING_AREA,
     COUNT(*) APPS_WITH_ANCAS_RCVD
FROM APPLICATION_FACT AF, APPLICATIONWARNING_FACT AWF
WHERE AF.INTERNAL_ACCOUNT = AWF.INTERNAL_ACCOUNT
AND AF.APPLICATION_SEQ = AWF.APPLICATION_SEQ
GROUP BY AF.BUSINESS_EVENT_DATE,
          AF.POS_TYPE,
          AF.APPLICATION_TYPE,
          AF.PROCESSING_AREA

Hello
I think you need to look at UNION and UNION ALL:
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96540/queries5a.htm#2054266
HTH
David

Creating single clip from multiple clips

I'm wondering if there's an easier way to do what I'm doing....
I had someone digitize a bunch of tapes for me but they had the "on timecode break, make new clip" on, in the preferences, so now I have about 100 clips per tape. What I want to do is make each tape a single clip for easier logging.
What I've been doing is that I grab all the clips on a particular tape, drag them to the timeline, mark in and out at heads/tails and export it as a reference (not self-contained). Then I reimport that file back in and it all works out great. Only that each tape takes about 20 minutes to do this. Is there a faster way to get the same result?
Thanks in advance....
Steve

Once the clips are loaded into a sequence, Name the sequence Tape_001 (or whatever) and simply log from that timeline.
The individual clips will retain their timecode, you can mark the in/out for each clip, you can mark 'good take' on the individual clip and do all manner of wonderful file management that is difficult with only one long clip.
x

Reversal of single HU from many

Dear Friends ,
I made a PO , Inbound delivery (with packing and made handling unit , 5 handling unit 10 qty in each HU).
did shipment cost doc and shipment cost then PGR.
Now i would like to reverse 1 HU .
when i tried the entire HU gets reversed along with the frieght cost .
please suggest.
note : lean warehouse or WH is not maintained is not configured .

Unassign the Handling unit from inbound delivery ,
but possible on deletion of shipment
Thanks
Adarsh

GRC 10 ERM Not able to create Business/Single Role

Hello Experts,
In GRC 10, ERM, i have completed all the pre-requisites i.e. Maintaining Connectors, Configuration for Role Management, Maintained and generated the default MSMP workflow (methodology), maintaining role owners.
Now when i am trying to create a business role or let's say a single role i am unable to to do so as the edit button is disabled.
I just can't get through this.
Have i missed anything, and for the record when i tried to Import the Role(Under Role mass maintenance) from backend system i was successfully able to do so and that way only i could get my first role in GRC via import.
Now if i open this role and try to edit it, can;t do again, because edit button is disabled. But if i perform Role Update(Under Role Mass Maintenance) i can successfully change the attributes and other information and am able to see the new values.
Why is it like this, i am not able to create Roles in GRC, just i am able to import and update from backend.
This is really frustrating..what i am missing over here.
Experts pl. Kindly help!

Hi Triera,
1) After opening BRM, Create button is not greyed out. Its available, and if i click on it, then i see all the possible type of Roles that i can create i.e. Business role, composite role, Group, PD Profile, Profile, Single Role, Template etc.
2) When i try to edit a role by clicking on "Open" , and when the role opens, and then if I click on "Additional Details" (you said "More Details" , i believe you meant that only) link, then also the Edit button is not enabled. Its still greyed.
What else could this issue be possibly about.
Configuration- Check.
Authorizations- Check.
Workflow- Check.
Should i raise it with SAP.
Thanks.

Modify Script to Create User Role on Single Database.

Hi All,
Below is the script to create user role on database. Here problem is when I execute this script, it creates user role for all database within an instance and I want it to create user role only on 2 database say TEST1 and TEST2
Can anyone help me to modify the script?
--===================================================================================
-- Description
-- Database Type: MSSQL
-- This script creates a role called 'gdmmonitor' for ALL databases.
-- It grants some system catalogs to this role to allow Classification and Assessment on the database.
-- It then adds a user called "sqlguard" to all databases and grants this user gdmmonitor role.
-- before runnign this script
-- you MUST CREATE A SQL LOGIN CALLED 'sqlguard'
-- This sqlguard login doesn't need to be added to any database or given
-- any privilege. The script will take care of that.
-- Note:
-- If you wish to use a different login name (instead of 'sqlguard') you need to change
-- the value of the variable '@Guardium_user' in the script below;
-- (Look for the string: "set @Guardium_user = 'sqlguard'" and replace the 'sqlguard')
-- after runnign this script
-- Nothing to do, the script already creates the db user
-- User/Password to use
-- User: sqlguard (or any other name, if changed)
-- Pass: user defined
-- Role: gdmmonitor
--===================================================================================
PRINT '>>>==================================================================>>>'
PRINT '>>> Creating role: "gdmmonitor" at the server level.'
PRINT '>>>==================================================================>>>'
-- Change to the master database
USE master
-- *** If a different login name is desired, define it here. ***
DECLARE @Guardium_user AS varchar(50)
set @Guardium_user = 'sqlguard'
DECLARE @dbName AS varchar(256)
DECLARE @memberName AS varchar(256)
DECLARE @dbVer AS nvarchar(128)
SET @dbVer = CAST(serverproperty('ProductVersion') AS nvarchar)
SET @dbVer = SUBSTRING(@dbVer, 1, CHARINDEX('.', @dbVer) - 1)
IF (@dbVer = '8') SET @dbVer = '2000'
ELSE IF (@dbVer = '9') SET @dbVer = '2005'
ELSE IF (@dbVer = '10') SET @dbVer = '2008'
ELSE IF (@dbVer = '11') SET @dbVer = '2012'
ELSE SET @dbVer = '''Unsupported Version'''
IF (@dbVer != '2000')
BEGIN
-- This privilege is required to peform a specific MSSQL test.
-- Test name: SQL OLEDB disabled (DisallowAdhocAccess registry key)
-- Procedure execute: EXEC master.dbo.sp_MSset_oledb_prop
-- Purpose: To display provider property, not changing anything.
PRINT '==> Granting MSSSQL 2005 and above setupadmin server role'
EXEC master..sp_addsrvrolemember @loginame = @Guardium_user, @rolename = N'setupadmin'
END
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if they exist
CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL)
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND mbr.groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the role gdmmonitor on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the role gdmmonitor on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.spt_values TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysconfigures TO gdmmonitor
GRANT SELECT ON dbo.sysdatabases TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syslogins TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
-- Grant execute privileges to the role for MSSql Common
PRINT '==> Granting common EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON sp_helpdbfixedrole TO gdmmonitor
GRANT EXECUTE ON sp_helprotect TO gdmmonitor
GRANT EXECUTE ON sp_helprolemember TO gdmmonitor
GRANT EXECUTE ON sp_helpsrvrolemember TO gdmmonitor
GRANT EXECUTE ON sp_tables TO gdmmonitor
GRANT EXECUTE ON sp_validatelogins TO gdmmonitor
GRANT EXECUTE ON sp_server_info TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sql_logins TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
GRANT SELECT ON sys.server_role_members TO gdmmonitor
GRANT SELECT ON sys.configurations TO gdmmonitor
GRANT SELECT ON sys.master_key_passwords TO gdmmonitor
GRANT SELECT ON sys.server_principals TO gdmmonitor
GRANT SELECT ON sys.server_permissions TO gdmmonitor
GRANT SELECT ON sys.credentials
TO gdmmonitor
--This is called by master.dbo.sp_MSset_oledb_prop.
--By defautl it should have already been granted to public.
GRANT EXECUTE ON sys.xp_instance_regread TO GDMMONITOR
GRANT EXECUTE ON sys.sp_MSset_oledb_prop TO GDMMONITOR
END
-- Re-add the dropped members
IF EXISTS (SELECT 1 FROM #rolemember)
BEGIN
PRINT '==> Re-adding the role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- END of role creation on database
PRINT '==> END of role creation on: ' + @dbName
PRINT ''
-- Change to the msdb database
USE msdb
set @memberName = ''
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if it exists
TRUNCATE TABLE #rolemember
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM .dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the gdmmonitor role on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the gdmmonitor role on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
GRANT SELECT ON dbo.backupset TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
-- Grant execute privileges to the role for MSSql 2005 or above
PRINT '==> Granting MSSql 2005 and above EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON msdb.dbo.sp_enum_login_for_proxy TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
END
IF (@dbVer > '2000' and @dbVer < '2012')
--This sp is not available in SQL 2012
BEGIN
GRANT EXECUTE ON sp_get_dtspackage TO gdmmonitor
END
-- Re-add the dropped members
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Re-adding the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the temporary table
DROP TABLE #rolemember
-- END of role creation on database
PRINT '==> END of gdmmonitor role creation on: ' + @dbName
-- Role creation complete
PRINT '<<<==================================================================<<<'
PRINT '<<< END of creating role: "gdmmonitor" at the server level.'
PRINT '<<<==================================================================<<<'
PRINT ''
PRINT '>>>==================================================================>>>'
PRINT '>>> Starting application database role creation'
PRINT '>>>==================================================================>>>'
use master
DECLARE @databaseName AS varchar(80)
DECLARE @executeString AS varchar(7950)
DECLARE @dbcounter as int
set @dbcounter = 0
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases where name not in ('master', 'msdb')
and not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @dbcounter = @dbcounter + 1
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'PRINT ''>>> Starting MSSql ' + @dbVer + ' role creation on database: ' + @databaseName + ''' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'/* Variable @memberNameDBname must be declare within the string or else it will fail */ ' +
'DECLARE @memberName' + cast(@dbcounter as varchar(5)) + ' as varchar(50) ' +
'/*find any members of the role if it exists*/ ' +
'CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL) ' +
'INSERT INTO #rolemember ' +
'SELECT DISTINCT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr ' +
'WHERE usr.uid = mbr.memberuid ' +
'AND groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'/*Drop the Role Members If they exist*/ ' +
'IF EXISTS (SELECT * FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Dropping the role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Dropping member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_droprolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/*drop the role if it exists*/ ' +
'IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'BEGIN ' +
'PRINT ''==> Dropping the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_droprole ''gdmmonitor'' ' +
'END ' +
'/* Create the role */ ' +
'PRINT ''==> Creating the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_addrole ''gdmmonitor'' ' +
'/* Grant select privileges to the role for MSSql Common */ ' +
'PRINT ''==> Granting common SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON dbo.sysmembers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysobjects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysprotects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysusers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON dbo.syspermissions TO gdmmonitor ' +
'/* Check if the version is 2005 or greater */ ' +
'IF (' + @dbVer + ' != ''2000'') ' +
'BEGIN ' +
'/* Grant select privileges to the role for MSSql 2005 and above */ ' +
'PRINT ''==> Granting MSSql 2005 and above SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON sys.database_permissions TO gdmmonitor ' +
'GRANT SELECT ON sys.all_objects TO gdmmonitor ' +
'GRANT SELECT ON sys.database_principals TO gdmmonitor ' +
'GRANT SELECT ON sys.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON sys.database_role_members TO gdmmonitor ' +
'END ' +
'/* Re-add the dropped members */ ' +
'IF EXISTS (SELECT 1 FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Re-adding the gdmmonitor role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Re-adding member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_addrolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/* drop the temporary table */ ' +
'DROP TABLE #rolemember ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT ''<<< END of role creation on: ' + @databaseName + ''' ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT '' ''' +
'PRINT '' '''
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
-- Adding user to all the databases
-- and grant gdmmonitor role, only if login exists.
PRINT '>>>==================================================================>>>'
PRINT '>>> Add and Grant gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '>>> on all databases.'
PRINT '>>>==================================================================>>>'
USE master
/* Check if @Guardium_user is a login exist, if not do nothing.*/
IF NOT EXISTS (select * from syslogins where name = @Guardium_user)
BEGIN
PRINT ''
PRINT '************************************************************************'
PRINT '*** ERROR: Could not find the login: ''' + @Guardium_user + ''''
PRINT '*** Please add the login and re-run this script.'
PRINT '************************************************************************'
PRINT ''
END
ELSE
BEGIN
DECLARE @counter AS smallint
set @counter = 0
-- This loop runs 4 time just to make sure that the @Guardium_user gets added to all db.
-- 99% of the time, this is totally unnecessary. But in some rare case on SQL 2005
-- the loop skips some databases when it tried to add the @Guardium_user.
-- After two to three executions, the user is added in all the dbs.
-- Might be a SQL Server bug.
WHILE @counter <= 3
BEGIN
set @counter = @counter + 1
set @databaseName = ''
set @executeString = ''
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases
where not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'/*Check if the login already has access to this database */ ' +
'IF EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'/*Check if login already have gdmmonitor role*/ ' +
'IF NOT EXISTS (SELECT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr WHERE usr.uid = mbr.memberuid ' +
'AND mbr.groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'AND usr.name = ''' + @Guardium_user + ''') ' +
'BEGIN ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END ' +
'END ' +
'IF NOT EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'PRINT ''==> Adding user [' + @Guardium_user + '] to database: ' + @databaseName + ''' ' +
'execute sp_adduser [' + @Guardium_user + '] ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END '
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
END -- end while
-- Required for Version 2005 or greater.
IF (@dbVer != '2000')
BEGIN
-- Grant system privileges to the @guardium_user. This is a requirement for >= SQL 2005
-- or else some system catalogs will filter our result from assessment test.
-- This will show up in sys.server_permissions view.
PRINT '==> Granting catalog privileges to: ''' + @Guardium_user + ''''
execute ('grant VIEW ANY DATABASE to [' + @Guardium_user + ']' )
execute ('grant VIEW ANY DEFINITION to [' + @Guardium_user + ']' )
END
PRINT '<<<==================================================================<<<'
PRINT '<<< Finished Adding and Granting gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '<<< on all databases.'
PRINT '<<<==================================================================<<<'
PRINT ''
END
GO

Thanks a lot Sir... it worked.
Can you also help me in troubleshooting below issue?
This script is working fine on all databases except one MS SQL 2005 database. build of this database is 9.00.3042.00
SA account with highest privileges is been used for script execution. errors received are as follow:
>>>==================================================================>>>
>>> Creating role: "gdmmonitor" at the server level.
>>>==================================================================>>>
==> Granting MSSSQL 2005 and above setupadmin server role
==> Starting MSSql 2005 role creation on database: master
(0 row(s) affected)
==> Dropping the gdmmonitor role members on: master
==> Creating the role gdmmonitor on: master
Msg 15002, Level 16, State 1, Procedure sp_addrole, Line 16
The procedure 'sys.sp_addrole' cannot be executed within a transaction.
==> Granting common SELECT privileges on: master
Msg 15151, Level 16, State 1, Line 117
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 118
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 119
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 120
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 121
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 122
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 123
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 124
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 125
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 126
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
==> Granting common EXECUTE privileges on: master
Msg 15151, Level 16, State 1, Line 130
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 131
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 132
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 133
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 134
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 135
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 136
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.

How to insert entities for a role and retrofit single trigger from DB

Hi,
before Oracle Designer replacement I would like to clarify these 2 issues:
- how to insert entities for a role?
- how to retrofit just a single trigger from database?
Could somebody give a step by step advice, how to do these 2 things? Thanks!

> um.. i don't think you could use 'create table'
inside a pl/sql procedure.
You are wrong. You can create table inside a PL/SQL using execute immediate. But, this is not a good practise. I think you should reconsider the logic and then use such programming code. Please read the Oracle documentation regarding execute immediate.
Regards.
Satyaki De.

ECATT to mass delete singles roles from a composite

Hi,
I am creating an eCATT to delete singles roles from multiples Composites roles. The eCATT takes the same position of the single role for each composite. And of course the single role may differ per role.
Could someone help?
Thank you in advance,
Yolanda

HI Garcia,
I didnot quite get your example as I am not familiar with the roles tables or transactions.
But, if I understood ur requirement, you want to delete all those single roles (some specific role) from a list of roles.
I am not sure how the transaction looks here, but a standard way of doing it is to record one execution of deleting the role using TCD or SAPGUI using the position button when available, entering the role name, selecting the delete button on the screen and then save.
Now, when you check the database table for the number of occurances that this type of role is present, collect the count of the table into a local parameter and execute the earlier script of deleting multiple times using DO command.
Select count from <tabname> where <role field> is <value> into <Local parameter>.
and use the earlier script with in
DO (<local parameter>).
SCRIPT
ENDDO.
This ideally works. You can come back if u need any additional inputs.
Best regards,
Harsha

Creating Single Role from Many Roles

Similar Messages

Maybe you are looking for