Creation of Roles/Participants in BPM programmatically
Hi ,
I have the following requirement :
I am creating users in Weblogic Portal using Portal API.So when i create the users at the same time i need to trigger a call to create the rol/participant information in ALBPM.
Is there any API, to do so.Could anyone help me out in this ..its urgent!!!!
Thanks in advance
Regards,
Shiny
Use the classes located in Fuego.Fdi,
specifically for creating a participant use:
Fuego.Fdi.DirHumanParticipant , method create
Similar Messages
-
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
Creation of role using T-code PFCG in R/3
Hi Experts,
I have created a Role using PFCG inorder to give acess only to three T-codes(PZ09. PZ80,PZ88).
so i have created a role intially using PFCG and incorporated PZ09 tcode in it and assigend the Role to users in R/3. it is displaying the TCode(PZ09) in Portal.
Now again i have added PZ80 & PZ88 to the same Role in R/3, but now i am getting an error:
Infotype 0000 does not exist.
but whereas when i assign SAP_ALL they(PZ88 & PZ 80) are working fine.
Is they anything i can do so that i can avoid assigning SAP_ALL Profile to the users and eliminate the Error "Infotype 0000 does not exist.
Thanks Inadvance,
Regards,
SivaHi,
Thanks for your reply,
Creation of role using T-code PFCG in R/3
The above link has solved my issue, Thank you!
Regards,
Siva -
Parametric roles in Oracle BPM 11g
Hi all!,
For all of us that was asking how to do the parametric roles in Oracle BPM 11g, here´s how to do it, hope it helps.
Regards!!
Z3uV4k
https://docs.google.com/file/d/0B7YrnfO7h717M2U1MTlmMmEtZjI3Mi00ZTNhLWFhNTQtYzkyZjc5OGI5Y2I4/edit?pli=1Might also want to look at a blog post I wrote based on an idea Arun Pareek came up with. (click here)
The differences are (1) that this lets you assign parametric roles to groups or application roles instead of individual users making them simpler to maintain and (2) IMO it's a lot easier to do using this technique.
Dan -
Assigning Users to a Role in a BPM Task
Hi,
Is it necessary to have User Admin access to add Users to a Role in a BPM Task ?
Is there any work around to it ?
Regards,
UtsavHi Utsav,
Yes you require User Admin role to search and add UME Users.
A workaround can be using the 'Use an Expression' :
User: getPrincipalByUniqueName(string uniqeName,"user")
Role: getPrincipalByUniqueName(string uniqeName,"role")
Regards,
Unni -
Is it possible to automate creation of roles,users & assign roles to users
Respected Guru's,
Is it possible to automate creation of roles according to our functional requierment with the help of SAP IDM.
Futher, i would like to know whether creation and deletion of users along with assigning created roles to the user's can be automated.
Please help me....
Thank you.Hi Dayananadan,
SAP NW IdM is compatible with your system and uses SAP Java Connector (JCo).
My colleague Steffen Baumann wrote a blog with three parts, where you get some hints and screenshots how to create similar objects to business roles and automatically assign them. Have a look at the last two parts How To synchronize data from SAP HCM to SAP NetWeaver Identity Center using SAP PI (Part II) and
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/8868. [original link is broken] [original link is broken] [original link is broken] Especially the last topic in the last part shows how to implement dynamic groups. It's not everything covered you will need to automatically create business roles and assign them. To explain this in detail is like writing another blog... If you go through the last two parts of the blog you will know how to modify the jobs my colleage has used for importing HCM data to create business roles similar to org. units.
You can also have a look at /docs/DOC-8983#section6. There you find "Identity Management for SAP System Landscapes: Configuration Guide" and other documents. They help to get familar with the possibilites of SAP NW IdM, but don't mention how to implement your case in detail.
Best regards,
Nils -
Hi All:
Can anyone tell me how to perform mass creation of roles using VIRSA role expert,also if you could point me to some documentation it will be very helpful.
Thanks,
J DHi Olivier,
I am afraid, my help is limited to this forum.
However, I can help you with some ABAP logic :
Table AGR_1252 is used to store the ORG values of derived roles.
You can start working with an ABAP'er to get his coding magic started. Though I am not familiar with ABAP, I believe our ABAP'er debugged PFCG and knew what needed to be done. I have no clue what he did
the logic:
Start of Selection
Load information into internal tables for use in creating report
Upload the Organsational Changes Spreadsheet
Ensure Roles exist and there are no duplicates
Ensure Organistional levels exist and there are no duplicates
*Checks if the file exists
Role must exist
Ignore duplicate roles
Authority Check Role for user
IMP Logic checks-
For Add High range of Role must be greater than low range
*...if adding specific ranges - remove existing * or space entry if it
exists
*...if adding * access remove other accesses if they exist
*Process All Org Levels for each role
...submit report to generate profiles
You can start working with your ABAP'er with this logic.
*Disclaimer* - this may need enhancements to meet your requirements. Also, I have just put the logic what I could remember at the top of my head. I may have missed something.
Hope it helps
Abhishek -
Getting Roles & Participants Dynamically in BPM
Hi,
I am trying to get the roles and particiants from external resources such as LDAP. Is there aby way to connect BPM to LDAP and retrieve the users & roles.
Thanks,
Sanjay
Edited by: Sanjay_21 on Aug 24, 2009 10:47 AMSanjay,
You can do this in BPM Enterprise. You have to configure a "hybrid" directory. The default is to store all the information of your organization in a database. With a hybrid configuration this will come from an LDAP.
You can read a bit about it in the docs:
http://download.oracle.com/docs/cd/E13154_01/bpm/docs65/admin_guide/modules/dir_service/c_Hybrid_Directory_Service.html
http://download.oracle.com/docs/cd/E13154_01/bpm/docs65/admin_guide/modules/dir_service/t_Config_Hybrid_Dir_Service.html
Inside the directory $BPM_HOME/conf you can find some configuration files for integrating with an LDAP:
generic_sunone.conf
generic_oracleldap.conf
Here you can specify how to find the participants and groups in your LDAP.
And then in your code you would search for them in the same way as always:
Participant.find("p1")
Role.find("r1") -
Modifying ang Creating Participants with BPM API (10.3.1)
Hello,
I am trying to create and modify participants and their properties with the API in Studio 10.3.1.
I am using a "DirHumanParticipant" object in a new activity in the "ReassignTeamByParametricValue" screenflow of the demo. First, I am testing the DirHumanParticipant.fetchCurrent method.
When executing the activity with the predefined user "Rudy", the log shows that DirHumanParticipant.fetchCurrent doesn't return "Rudy" but a "root" user I don't know.
So, what is it ? What method should I use to get "Rudy" ? What about creating a participant and assigning him roles ?
+ Is it mandatory to get an organizational unit to create a participant ?
+ Is there a difference about participants between executing BPM in Studio vs executing BPM in Webcenter Interaction ?
Thanks for help,
Here is my code :
// Reuse Engine session to the Directory
DirectorySession session = DirectorySession.currentEngineSession;
logMessage("ReassignTeamByParametricValue.creationParticipant : session : "+session.organizationName);
logMessage("ReassignTeamByParametricValue.creationParticipant : session : "+session);
// Load the Organization Unit to which the participant will belong to
DirOrganizationalUnit myOU = DirOrganizationalUnit.fetchRoot(session : session);
logMessage("ReassignTeamByParametricValue.creationParticipant : DirOrganizationalUnit : "+myOU.displayName);
logMessage("ReassignTeamByParametricValue.creationParticipant : DirOrganizationalUnit : "+myOU);
// Load the Role that the participant will have assigned,
// and create a role assignment for it
DirOrganizationalRole myRole = DirOrganizationalRole.fetch(session : session, id : roleName);
RoleAssignment[] myAssignments;
RoleAssignment myAssignment = RoleAssignment.create(role : myRole, parametricValue : paramaterValue, permissions : 255);
myAssignments[0] = myAssignment;
logMessage("ReassignTeamByParametricValue.creationParticipant : myAssignments[0] : "+myAssignments[0].roleId +" "+myAssignments[0].parametricValue);
DirHumanParticipant currentPart = DirHumanParticipant.fetchCurrent(session);
logMessage("ReassignTeamByParametricValue.creationParticipant : participant : "+currentPart.displayName);
logMessage("ReassignTeamByParametricValue.creationParticipant : participant : "+currentPart);
Here is the log :
ReassignTeamByParametricValue.creationParticipant : session : ExpenseReimbursement
ReassignTeamByParametricValue.creationParticipant : session : fuegoblock.fdi.DirectorySession@93e4d1
ReassignTeamByParametricValue.creationParticipant : DirOrganizationalUnit :
ReassignTeamByParametricValue.creationParticipant : DirOrganizationalUnit : name: fullName: description:null|IN:-1|ID:|displayName:|internalId:/
ReassignTeamByParametricValue.creationParticipant : myAssignments[0] : AP Auditor West
ReassignTeamByParametricValue.creationParticipant : participant :
ReassignTeamByParametricValue.creationParticipant : participant : firstName:,lastName:,mail:,status:R,tel:null,fax:null,permissions:0|IN:-1|ID:root|displayName:null|internalId:rootI got the DirHumanParticipant "Rudy" of the demo by hardly coding : myParticipant.displayName == "Rudy".
I assigned him roles with : myParticipant.rolesAssignment[] = myAssignment;
(see above)
Now I get this error when I update the user !
A component failed while executing activity '/ExpenseReimbursement#Default-1.0/Grab[ReassignRegion]' (BP-method ReassignRegion) over instance '/ExpenseReimbursement#Default-1.0/1/0'.
Caused by: java.lang.UnsupportedOperationException
at fuego.directory.provider.UnsupportedParticipantAccessor.updateHumanParticipant(UnsupportedParticipantAccessor.java:184)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at fuego.directory.provider.DirectorySessionImpl$AccessorProxy.invoke(DirectorySessionImpl.java:756)
at $Proxy15.updateHumanParticipant(Unknown Source)
at fuego.directory.DirHumanParticipant.update(DirHumanParticipant.java:1752)
at fuegoblock.fdi.DirHumanParticipant.update(DirHumanParticipant.java:1951) -
Error while creation of role menu
Dear All,
I am creating role for my functional team. In Menu, I want to copy the area menu W10T meant for IS Retail. But, it gives me following dump:
Runtime Errors CALL_FUNCTION_PARM_MISSING
Except. CX_SY_DYN_CALL_PARAM_MISSING
An exception occurred that is explained in detail below.
The exception, which is assigned to class 'CX_SY_DYN_CALL_PARAM_MISSING', was
not caught in
procedure "MENU_AREA_F4_HELP_HIERARCHY" "(FUNCTION)", nor was it propagated by
a RAISING clause.
Since the caller of the procedure could not have anticipated that the exception would occur, the current program is terminated.The reason for the exception is:
When calling the function module "MENU_AGR_TREE_GET_SELECTED", one of the
parameters needed according to the interface description was not specified.
This parameter was "INPUT_DTLS".
I searched for notes but no help, google didnt work either for this dump for menu creation.
Any help please.
regards, Sean.Shantanu,
Have you tried narrowing down the problem to only this area menu or does it happen if you attempt to change/copy any of your menus in your system?
What release is your SAP System?
regards,
Ronald Meyer -
Vendor Creation ,Partner role OA not allowed for Vendor of a/c group ZLOV
Dear Freinds,
I am facing problem of Vendor creation , i am getting message PARTNER ROLE OA NOT ALLOWED FOR VENDOR OF ACCOUNT GROUP ZLOV.
While creation of Vendor in Partner function i could not enter partner number, system is not accepting any data, message is getting as above.due to which i could not create any vendor.
Presently I am in process/ setting of ERS functionality in MM,
now all my Vendor creation is stuck up ,
please help me how to solve the problem
Regards
DilipHi Dilip,
Check first have you Define Permissible Partner Roles per Account Group..
Check the path:
SPRO-Materials Management-Purchasing-Partner Determination-Define Permissible Partner Roles per Account Group
Here check whether OA is assigned with ZLOV or not...If no then click on new entries and enter partner function as OA and Vendor account group ZLOV...Save nd come out...
Now proceed...Hope it helps..
Utsav -
SQL Authenticator Issue not able to see roles /groups in BPM Worklist
Hi ,
I had configured the SQL Authenticator in Web logic using the SQL Authenticator default scripts and i have inserted few users.
I am able to login to the Workspace using the users available in DB but i am not to able to see his group / role to which he belongs.
Even the user who belongs to Administrator group not able to see Administrator tab in BPM Workspace.
I have already added dbprovider.jar and i have configured jps-config.xml accordingly such that it point to custom SQL Authenticator.
Even set the Control flags to "SUFFICIENT".
Please some one help me on this.
Its a high priority task.
Regards,
Santosh HAs u are talking about the IR ID components, u may have a look here
For IR components
The specified item was not found.
For ID components
Security: Access Control via Assigned Users
Regards,
Prateek -
Roles required for BPM operation
Hi Everyone,
Any idea what roles are required for the user used in receiver SOAP channel for accessing NWBPMs deployed on Java AS(Marked in Red)?
I have already tried below :
http://scn.sap.com/community/process-orchestration/blog/2012/06/12/ume-role-required-for-netweaver-bpm-development-and-testing
https://help.sap.com/saphelp_nwce72/helpdata/en/45/d7d0e08a164c5e87e4604ba89c632a/frameset.htm
With these roles it doesn’t work. I consistently get 403 forbidden error i.e. not sufficient authorization.
Even tried roles like : SAP_BPM_SuperAdmin, SAP_BPM_TRIGGER_EVENT but same result.
Only with full admin rights it works. Appreciate some inputs incase anybody has worked on this?
Thanks,
SharanyaHi Sharanya,
Have you checked the point 3 in this wiki PI Messages are not delivered to SAP NetWeaver BPM - Technology Troubleshooting Guide - SCN Wiki?
Regards. -
Participants from BPM Studio to Enterprise version
Hi I deployed my project into BPM enterprise but I can't use the participants I created on the studio. I know that in studio the password and name are the same but in enterprise version I can't create a user which password is the same. so I created a user with the same name of a user in the studio project with a random password and it enters in the project but I have in my project the next code and It's not working because the workspace shows the tasks as unassigned
participant.next =participant.find(name : "John");thank you very much for your helpI don't remember what the 'find' actually searches on, but I would guess it is display name...
A simple test would be to do a 'fetchAll', and print out all (or just some) of the participants to verify they are there, and what values can be searched on...
HTH -
WEB UI account creation with role and grouping
Hi All,
I can create account in SalesPro->Account Management-> Account - New
I don't have an option of selecting BP Role or Grouping for number range...
Should i be using any other WEBUI Role in order to create Account with an option of BP Role and Grouping
Thanks
AmishHello there,
The BP Role which will be used and even the number ranges are generally not used for Web UI usage. Instead we provide different configurations of the same Account Creation view based on the Component Usage and three different keys.
The functionality you are looking for can be achieved by creating different configurations.
To create different configurations of the same view in Web UI please search on the below link :
[http://wiki.sdn.sap.com/wiki/display/CRM/CRMWebClientUIFramework|http://wiki.sdn.sap.com/wiki/display/CRM/CRMWebClientUIFramework]
Please reply if this helps.
Best regards,
Vinamra.
Maybe you are looking for
-
I have never asked for a refund of any type once i purchase an app. Regardless if I do not like it or not. YET, this app is not working properly on my iphone, nor inconjunction with my Macbook. I am asking if there is any way you could please refund
-
How to make a circle from image?
hello, I have an image I created that is sort of straight, but I want to turn it into a circle, so I can make a frame. What's the best way to accomplish that? My image is sort of like this: Thank you!
-
May i write data to a spreadsheet file at different times
I'd like to write two sets of data at different times(not simutaniuosly)into the same spreadsheet file. I tried to re-open the spreadsheet file which i created when i wrote in the first set of data, to write in the second set of data. But it didn't w
-
Hi to all, I have DB oracle 9.2 on windows 2003 end now I need to install a client di forms6i (only runtime) but I can't. I can install forms on a new oracle home but when execute a forms it doesn't work because it don't see the forms60_path variable
-
Hello all, I have been trying to transform an xml file of mine to select a random record/node and display the results on my web page. I have gotten this far (see a portion below) but I don't know what the predicate or xpath condition is for selecting