Creation of a new Role in Content 10.0.1

Similar Messages

• Creation of a new Person role for "Contractors" & "Customers"

  Hi EHS Experts,
  For Incident / Accident log creation, I wish to have two different roles in place of existing SAP standard role of "External Person"
  1. Contractors
  2. Customer
  How, and where to create/change new roles. Also, please tell where exactly the data gets stored. What would be the ease of maintaining these roles in an organization where these roles involve many persons with dynamic data, as they keep on changing?

  Hi Brajesh,
  Thanks for your answer. The same thing I tried earliar as well. I  defined an additional role as CBIH30 for "Customer" with same BP category as of "External Person- CBIH10" .
  Above is not solving my purpose, as I am not getting the option of selecting "Customer" in the F4 values of "Person group" on the "Involved" tab of any Incident accident log; t-code CBIH82.
  There should be some way to integrate the created BP roles to the Incident / Accident Log in particular, with some definable person group say "D" here to associate with.
  To ask my question in another way, how and where person groups(A,B,&C) have been defined and integrated with the relevant BP roles ?
  Also, If I am selecting any person with say group "External Person" , would the person records be fetched from SAP HR standard tables, or there would be different table for external group of persons i,e not an employee. Clients may wish to differentiate and hence separately maintain data for employees and any external person. How exactly this can be taken care of?
  Thanks & regards
  Pavan

• Need Documents on New Role Creation in SAP

  Hi All,
  i am new to SAP Security and i would like to grow in this field,
  Can any one send me the links for the documents on creation of new roles, objects, Authorizations, transactions etc.
  Thanking you in Advance,
  Savitha.

  Hi,
  I guess you should look on Google for ADM940 and ADM950,
  Its a very detailed book for what ou want.
  Indeed to help you out, Its a very very simple task. But when you read this book keep in mind that there are 3 kinds of roles, Single roles, Derived roles and composite roles.
  Just to give you a heads up :
  Single role :  Role which has Authorization and data is restricted via company code and filed level values
  Derived role : these are derived from Single roles or you can say master role. Difference between single role and derived role is that you can derive say 10 roles from single role however company code can be manage in derived roles.
  So generally how it works is one create a master role which has all the required authorization. Now you don't want people in australia sould approve orders for Texas, US.
  Now there are hundred of companies department accross the glob. you don't want to end up creating hundreds of roles. so you create one master role and then you create derive role from that master role which is most of the time master role replica (keep in mind most of the time but not always so you have to be very carefull) now in derived role all you have to maintain is company codes.
  all the authorizations for all the objects and fields come from master role.
  I hope i am making sense.
  Composite role : its a collection of single and derived roles. Keep in mind you can not put composite role into composite role.
  That was just a heads up you need to read ADM940 and ADM950.

• Creation of new roles in OES using BLM API

  I'm currently using policymgtapi examples for creating new roles. Its gets created but doesn't visible in OES Entitlement application console even though the entry is present in OES DB. But if you create a new User, its available immediately in OES Entitlement application. Pls let me know why Role is not available in Entitlement application after creating using policymgtapi. Thanks

  Is there any org scope to the role?
  There's some conversion process that happens when you load roles via policyloader, I suspect you would need to do the same with Policy Mgt API. There are some groups you need to add to have it show up in the EUI.

• Sending an email after creation of new role

  Whenever new role is created in Transaction PFCG I need to email to all the users.
  There is no User-Exit in PFCG and we can't create any new Program for this.
  So how it will be done?
  If anyone worked on it please reply to this as soon as possible.

  hi Zahid Khan,
  as said i tried the same.
  i have created a button "send" action :submit.
  and also have created a process"send mail" with the folloing code
  DECLARE
  l_body CLOB;
  BEGIN
  l_body := 'Thank you for your interest in the APEX_MAIL package.'||utl_tcp.crlf||utl_tcp.crlf;
  l_body := l_body ||' Sincerely,'||utl_tcp.crlf;
  l_body := l_body ||' The APEX Dev Team'||utl_tcp.crlf;
  apex_mail.send(
  p_to => '[email protected]',
  p_from => '[email protected]',
  p_body => l_body,
  p_subj => 'APEX_MAIL Package - Plain Text message');
  APEX_MAIL.push_queue;
  END;
  and , Process Success Message as "done" and When Button Pressed (Process After Submit When this Button is Pressed): "SEND" WITH Process Point : "ON SUBMIT AFTER COMPUTATIONS AND VALIDATION"
  The process is running.., getting the """success message""" but unable to""" get the mail""".(tried different combinations of mail ids)
  any help !!!

• New role creation for display

  Hi,
  We want to create a role such that the users can see only the pricing but not the costing, for sales quotations and orders, for a particular distribution channel?
  Regards,
  Ajit

  Hi Ajit,
  If you wish to create a new Role, Use T. Code: PFCG.
  Once created assign the same role in to User's Profile Via T. Code: SU01.
  Here itself, in Authorization you may add T. Codes (for Display) and also define/ restrict User's view/ access to Sales Area data (i.e. Distribution Channel).
  Better to take help from Basis-Administrator as its purely Basis-job.
  Best Regards,
  Amit.

• New Role creation

  Hi All,
     I created new Role and assigned users to that role . I added HTML page to the particular role and when I go click that link it is saying that java authentication problem. I am unable to see the applets what ever I created for the web page. Is there any thing to add in xMII for the particular role and if add the same HTML page to the Everyone role its working fine.
  Thanks
  Muvva

  Hi Muvva ..
  May be you can try the following ...
  instead of providing the direct html, you can provide the user with the logon credentials which redirect the page to the desired html page, as follows...
  http://Server:50000/logon/logonServlet?redirectURL=XMII/....../YourPage.html
  Regards,
  Ajay.

• How Can I Create a new Role in an PCD address?

  Hello EveryBody,
  I need to develop a new class that it can manage SAP Portal roles. I got how to recover all the roles of a user or how to recover all the roles in a PCD path. Now I have the problem when I try to create a new role in a PCD path.
  The code that I have to do that it is this:
  try {
  *     IRoleFactory iRoleF = UMFactory.getRoleFactory();*
  *     IRole nuevorol=iRoleF.newRole(pcdPath+nameRol);*
  *     nuevorol.setDisplayName(nameRol);*
  *     nuevorol.setDescription(descripcionRol);*
  *     nuevorol.commit();*
  *     return true;*
  catch (Exception e)
  *     return false;*
  This code it works and it makes a new Role but I donu2019t know how to create this role in a PCD path. Could you help me with this?
  This it is a urgent task that I have to develop, please I need help. Thanks in advance.

  Hi,
       Now I understood your question. As of now, I think there is no api which creates workset and roles in pcd. API are available for iView, page, system and layout only.
  For creation of iView, page etc, check this blog.
  PCD II: Creating Portal Objects
  For role and workset creation, there is another tool used. Check these blogs.
  SP15: XML Content and Actions
  Mass Creation of Portal Content - Generic Creator
  If you want to use this tool functionality in code, then check this blog.
  Using the XML upload content and actions dynamically
  If you are on NW7.1, then check this article.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/40c72897-c7e6-2a10-e98a-af81b89084f4
  Hope these will help. Good luck.
  Regards,
  Harini S

• SAP AC 10 : ERM working fails (Unable to add Actions,permission)to new role

  Hello Gurus,
  We have done configuration for Role creation via ERM in SAP GRC AC 10.
  The configuration is done via BRF+ and MSMP ,when we try to create a new role via
  NWBC > ACCESS MANAGEMENT>Role Management -->Role Maintenance.
  We see that the correct "methodology" is selected which contains following steps
  Define Role --> Maintain Authorization -->Risk Analysis -->Request Approval -->generation.
  We go past 1st stage and when we are at Maintaining authorizations , the "edit" option is disabled
  It is not possible to add any Action (Tx), Permission(Objects) to the role.
  Is there something else that we need to configure or something that is missing ??
  Please suggest.
  Regards,
  Victor

  Hello All,
  This issue was resolved , after i maintained a User as "Role content approver" and "Assignment Approver"  Under "Owners/Approver" Of define role Tab.
  Whole cycle ran w/o any problem.
  Regards,
  Victor

• The creation of the new workspace has been partially successful

  Hi,
  I tried to create a Workspace called WSMedicina and the following error apears:
  The creation of the new workspace has been partially successful.
  Exception Message: Cannot find library item WsMedicina.
  The error cause: Cannot add Library Service.
  Please help me.
  Thanks.
  James.

  Hello James,
  What error appears in the application.log file for Workspaces when the creation fails? You can find this log at a path like this:
  $ORACLE_HOME/j2ee/OC4J_OCSClient/application-deployments/workspaces/OC4J_Workspaces_default_island_1
  Has creation of a library during new workspace creation worked in the past?
  Can the same user access the Content Services application successfully?
  regards,
  -Neil.

• Unable to see new role in environment

  An end user said that a role that was working last week is no longer available in the portal. No changes have been made to the system in the past week.
  A co-worker successfully imported this new role into the portal a week ago, but the change did not synchronize to all the servers in the environment. We have one Central Instance and two Web Application Servers in our Java environment.  The import was successfully completed on WAS1. I verified this by checking the PCD import log files on WAS1. When I log into the portal running on WAS1 the new role is available. When I log into the portal running on the Central Instance the role is NOT available.
  To resolve the issue a logged into the portal running on the Central Instance and used System Administration >Transport Packages> IMPORT to import the *.epa file containing this role.
  Is there something else I should have done to resolve this use? How does a the system synchronize changes to objects in the java environment?

  Hi,
  when doing a depoly of an application (PAR) or EPA, you basically just copy the file to a (shared) folder on your java instance. This change get's recognized by your instance.
  If it's a PAR, the instance informs all the other instances in your cluster of the change. They all access the application and do a local deploy / installation of the change.
  If it's an EPA (PCD objects), the instance reads the content and writes it to the DB and informs the other instances that a DB change has occured and they should read the DB again to sync their content.
  Normally, the deploy;import works without problems in a server, but can produce from time to time some errors / sync issues. Depending on the cache, an instance simply won't read the DB. You can use a tool from SAP that checks the instance and DB for sync issues (the tool is called something like: PCDcheckDB.sh).
  Generally, you should clear the cache of your portal after every deploy/transport to ensure that the user is getting the latest version:
  - Navigation cache
  - portal DB cache
  - PCD cache
  - (HTTP provider cache, web dispatcher cache)
  Depending on you configuration (cluster with many servers and nodes), you see this issue several times, you can do the following:
  - Shut your DI down and do the deploy on your CI.
  - Restart your DI with the sync option. This way, they will sync the content of the DB and disregard the local cache.
  br,
  Tobias

• Track new roles / change in existing roles

  Hi,
  I have a requirement to track the creation of new role OR changes to existing role in the system. In either case I have to send an email to the group of people.
  I tried to find the enhancements but found nothing useful.
  Basically, I need to find how can I track the even for creation / change of a role...
  Please help me out to find the solution for this...
  Thanks,
  Gagan Chodhry

  Hi Atish,
  Thanks for the reply...
  No, I tried to find the enhancements, but could not get the one I need...
  I found couple of things more like transaction PFAC_CHG / PFAC_INS for change or create role, but not sure how  exactly to use these... if these are the correct one to be used....
  Thanks,
  Gagan Chodhry

• Role in Content Management

  Hi,
  I am currently unable to view any of the role on different content type through Portal console. Is there a way to still create a new content or access content type from repository. How important is it to view roles on the entitlement service of the Repository. How to create a content when i am unable to view any of the default roles on the content type. Is it possible to create a new role using the API's and then create new content/content types? This issue is my project deployed in weblogic 10. what attributes need to be set in the domain files to provide role based access to the contents/content types.
  Any idea???? ........
  Regards &
  Cheers,
  Lakshmi
  Edited by RDLakshmi at 03/13/2008 3:05 AM

  Responses inline >>>
  I am currently unable to view any of the role on different content type through Portal console. Is there a way to still create a new content or access content type from repository.
  it's possible to both create content types (ObjectClasses) and edit content types via the CM API. What issue are you running into?How important is it to view roles on the entitlement service of the Repository.
  I'm not sure why this would or would not be important to you. Can you describe what you are trying to do? How to create a content when i am unable to view any of the default roles on the content type.
  can you describe what is happening when you attempt to create a node? the exact error message or stack trace may be helpful.Is it possible to create a new role using the API's and then create new content/content types?
  I believe new roles can be created via an API call. New types (objectClasses) can also be created via an API call.It sounds like perhaps the entitlements roles the user is in (when creating a node) do not have the ability to create a node of a specified type. An error message or exception would be helpful.
  In WLP 10, CM entitlements are used to secure nodes, types, workflows, and repositories. No settings need to be configured to enable this behavior. The entitlements can be configured via the WLP admin tools, as well as via API calls.
  -Steve

• New role created and Security zone.

  When I create the new role and I need to set the properties for that role. Then after I try to add this role to user and have user test the access.
  Why there are some error happen and I need to go to 'security zone' by follow path from the error, then my new role into security zone, then user can access without any problem.
  Please anyone explain why do we need to add role again in security zone even though we already set the property to that role in 'content administration.' Please let me know the difference. Thank you very much.

  Hi,
    Security Zones are used to prevent unauthorized users from accessing iviews, Portal Components and Portal Services through a direct url used outside of the portal environment. It will be controlled by means of progressive safety levels and permissions, which are assigned by the system administrators to authorized users in the permission editor.
  Regards,
  Saraswathi

• Delegating "Portal Display" to a new role

  Hi all,
  I would like to create a role that I can assign to selected people that would allow them to manage the themes/desktops/framesworks/rules.  These people will already have content administrator's role.
  So, I created new folders for the new role and new role and workset.  My next step was to add the "Portal Display" workset to the new workset, as used in the System Administration role.  However, when I went to look for the "Portal Display" workset  I could not find the object in the PCD.
  Is there a way to create a role for just the "Portal Display" management?  Where is that object?
  I am able to do a delta link on the "System Administration" workset, but then I have to remove lots of stuff.  Seems a waste and not at all an elegant way to go.
  Thanks for your help,
  --Amy Smith
  --Haworth
  Points always rewarded.

  HI
  u r right
  i thought i could copy the role from role editor to pcc. But it is not possible.
  so the simple solution is to copy the role of system administrator as such in pcc and paste it  as delta link in ur folder of pcc. delete all the unwanted page , iview and workset from that role.
  Since u r pasting as delta link any future changes to system administrator by SAP will reflect in ur role too
  Regards,
  Vijay.