Custom Admin Roles

Similar Messages

• Customizing User Admin Role

  I am trying to customize user admin role. I copied the role to the custom folder. I made the Import and Activity Reports invisible. I assigned it to a test user. When I login as the test user I get the error saying You are not authorized to run the application. I did assign the user permission in the Permission Editor.
  It is a SAP EP 7 2004s install.
  Any help appreciated.

  Hi Michael,
  Check whether the end user "check box" is checked in the permission editor of the role for the appropriate user or group.
  Regards,
  Abhishek

• SAP Enterprise Portal 7.0 Error while customizing Standard  Admin roles.

  Hi All,
  I have a business requirement of Creating Transport role which should access only Transport Navigational Tab in Enterprise Portal 7.0.
  Because we can't give Standard Administrator roles to Users.
  For that, I have created a role and added Standard System admin role as role to role and i hide the Navigational tabs except Tranport Tab (by changing Properties of ''Invisible in Navigational areas of System Admin role'')
  I have assigned this role to a user. and i have also given read/write permission to folders and in security zones. Export is working o.k and when i click on browse tab in import it is showing-->>
  "Unexpected error. Check the log files for details."
  I have checked logfiles and i didn't find any thing.
  Any ideas??
  Your early response would be highly appreciated.
  Thanks in advance,
  Khasim.

  Hello Khasim,
                      My name is Mohammed and I am talking from chicago. I am facing problem in EP 6.0 Authorization.
  First of explain me what is Security Zone. why it is used
     I have created one new role and added system admin role(inbuild role) into new role. Is that possible to restrict all portal content folder. I want to show only centain folder and other foldr should be invisible or not able to see.
  Example
                New Role
                            added system admin role
  When user login and he should be only see his folder in portal content not others folder. So if you have solution or detail explaination please send me info to mtajamulatgmail.com or call me 7735010306
  Thanks
  Mohammed

• Is there any way to create admin role only for one resource.

  Hi all,
  I am trying to create an admin role with 'update user' capability. But I want to restrict the user(with the admin role) to be able to update a user's attribute only for one resource, The user(with the admin role) should not be able to update the attributes of the other resources which a user have.
  Is there any way to create admin role only for one resource?
  I customized the tabbed user form to show only one resource attribute (deleting the missing fields and adding my tab for the resource) and then assigned this new User Form to the user(with the admin role) in security tab.
  It works fine. But the problem is that if any user(with the admin role) is also admin of some other resource then he/she will not be able to view the other resource attributes.
  Please suggest,
  thanks

  The loop function always repeats the same region so of course the fade is also copied. So option+drag the original region to make a (non clone) copy, fade the first region and loop the second one (which you just copied).

• Creation of new admin role in Exchange Online Protecion

  HI,
  I am brand new with the Exchange Online Protection solution.
  I want to create a new admin role since the default one do not offer teh specific rights that we need for a group.
  I went in Exchange admin Center > Permissions > Admin role and we can only edit the actual default groups.
  I need to be able to create new one.
  I did read somewere some powershell command but, since this is cloud base solution, i have hard time to believe that there is no option to create a custom role on the actual web interface of EOP.
  Anybody have a solution for that ?
  Thx

  Hi,
  as far as I can see you can't create roles in EOP because there is access necessary to Exchange Online. EOP has only limited access to Exchange Online or no access. It seems to me that managing roles is not part of EOP.
  To be sure you should open a support case in the admin center.
  Greetings
  Christian
  Christian Groebner MVP Forefront

• Not able to work with customized Java roles which were edited in ABAP stack

  Hello All,
  I am trying to copy standard roles into customized roles (i.e. Z roles) using PFCG in XI system. All ABAP based roles are working fine, but all JAVA based roles are not working. I generated profiles as well. And I check all the authorization objects in both standard and customized roles. Everything look same but customized roles are not working.
  And when I check the logs on JAVA stack I found the error which says " User XXXXXXXXXX IP address HTTP request processing failed. HTTP error [403] will be returned. The error is [You are not authorized to view the requested resource.No details available]."
  I thought there might be any Jco RFC connections missing between the stacks and I tried to check in Visual Admin, but I was not able to find much info regarding these roles.
  Am I missing anything or is there any other way for these roles to make customized roles.
  And can any one tell me how to run a trace for JAVA stack activitites as we do in ABAP using ST01. Any help will be rewarded. Thanks in advance.
  Regards,
  Farooq.

  Java roles work with influence of permissions in Application Server which we call actions in UME. As you are aware in PI user master record will be in ABAP stack. So the roles in ABAP stack will be having only RFC connections to JAVA stack for the specific JAVA based role. So you need to edit the permission on Java App Server. For that you need to log on to server through visual admin and then go to services and you will find the standard groups assigned to actions. But I don’t remember that under which service you will find them
  Under that service you will find some 200 actions. And you have to add the name of the custom created JAVA roles on ABAP to all those actions where you find the standard roles. And its a very very lengthy procedure. So SAP advice to go for customized ABAP roles and Standard JAVA roles.
  Hope this answer clears your query.
  Farooq.

• How to create Custom User Role in HelpDesk?

  Unfortunately, it is not possible to create a custom user role with custom permissions.  What you see is what you get!
  When you say, 'access to the Spiceworks server', do you mean Remote Desktop?  Or accessing Spiceworks application from another computer?

  Hi,
  Could anyone help me to create my custom User Role or edit the existing Role in HelpDesk system? Please help me for this problem.
  One more, How could my Helpdesk Admin/Tech user access to the Spiceworks's server. I mean, could he access through web browser or need to install it on client's PC?
  Stay tune,
  This topic first appeared in the Spiceworks Community

• Creating a reports folder that's only visible to the Admin role

  Hi all,
  I want to create a new Shared Custom Analyses folder to contain Admin reports. I need to make this folder only visible to users with the Administator role. But you can't seem to add the Admin role when setting up User Visibility to Shared Report Folders. Help says that it's because the Admin role has visibility to all folders.
  I understand this - but how can you resrict access to a reports folder to just the Admin role (ie. it should not be visible to other roles)??
  Many thanks.

  You will need to assign all the other folders to rest of the roles.This would be the only way so that your required folder access is given only to admin and not to other users.
  -MR

• In Portal Content admin Role "Portal content" folder is not displaying

  Hi,
        I created a user in EP and assign Only Content admin Role. But in portal content area "Portal content "folder is not displaying.
  Can someone help me the process steps to achieve it?
  Thanks,
  kundan

  It is because the user has no proper permissions  to the porta content folder.
  you should give atleast read permission to the portal content folder to the content_admin role or to the users who have content admin role.
  also make sure the end user check box is checked at the time of giving permissions.
  Otherwise give eevryone group as read permisisons to the portal content folder. then you can see the portal content folder with read permissiosn only.
  Raghu
  Edited by: Raghavendranath Garlapati on Sep 1, 2009 9:32 AM

• Transfer customer specific Roles assigned to a customer from R/3 to CRM

  Hello dear all,
  on R/3 side there are customer specific roles defined and assigned to customers. These roles are sales area depending.
  On CRM side we plant to uses the Employee Responsible relationship to build up these customer specific roles. To differentiate these roles we want to use the partner function which is assigned to the sales area.
  Can anybody show me how to do the initial load of the CRM system and map the role to the Employee Responsible relationship?
  I assume that I have to create a own mapping function module to realize this. Where do  I register this function module so it will be used during the initial load? How do I debug these functionality?
  A similar functionality we have to build up in case of the upload to the R/3 system. There we have map the Employee Responsible relationship to the specific role and assign it to the customer. Where do I register this function module?
  Thanks for your help!
  Best regards
  Michael

  hi
  In order to replicate the ECC customer to CRM customer the following steps (tips) might be helpful to you:
  First a Mapping structure should exist between business partners in SAP CRM and ERP ECC Customers in both the directions. In the ERP ECC system you can see this mapping using transaction /nPIDE
  You should create your own account group for the data transfer from SAP CRM to ERP ECC
  In SAP CRM, the roles sold-to party, ship-to party, bill-to party and payer are assigned to the classification Customer and the customer is assigned to exactly one account group in ERP ECC
  For consistent distribution of Business Partners with identical numbers in both the systems, the internal number range (ex. 1-5999) should correspond to an external number assignment in the ERP ECC system or vice versa. Thus a business partner is given the same number in both systems.
  For data exchange to be successful, you must ensure that the field control (mandatory fields) between the CRM system and the ERP system matches.
  Besides Both SAP CRM and SAP ECC can talk to each other only when there is some settings done in the middleware. And for the CRM only a small plugin is needed for the ERP/ECC Connectivity.
  Now whenever you have both the system mapped then if you create a BP in CRM it will automatically flow in the ERP System. And also the vice versa. As for the roles are concerned, the roles like ship-to-party and some few specific roles are mapped in ECC system. For a complete look at roles matching have a look at the following link.
  http://help.sap.com/saphelp_crm50/helpdata/en/52/cff837a9aae651e10000009b38f8cf/frameset.htm
  Once you have created a BP in CRM it will be created in some Account group in ECC. And in that AC GRP you will be not be able to create the Customer with identical ID. So if your systems are connected then even manually you also cannot create same BPs.
  And for all of these the PIDE settings in ECC needs to be maintained properly.
  Hope it serves your purpose
  best regards
  ashish

• Pictures not loaded in a Web Page Composer site without admin role

  Hello!
  I have got an new problem concerning SAP Web Page Composer.
  I have created an new site with some paragraphs and some pictures. The problem is when I, with admin role, access this site I am able to see everything. When another user, without admin role, is trying to access this site he is able to see everything but the pictures. All paragraphs or linklists are displayed but the pictures are not available. When giving the user the admin role he also become able to see the pictures.
  I know it is a permisson problem but not know where I forgot to set the permissions to "every user". But I do not understand why this is only concerning the pictures and every other Web Page Composer element is displayed properly, although the pictures permissions set to the same as the other elements. When trying to access the pictures by the user without admin role NetWeaver is throwing following exception:
  "com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/every_user/general/eu_role/com.sap.km.home_ws/com.sap.km.hidden/com.sap.km.urlaccess/com.sap.km.docs)"
  Thanks for your help in advance!
  Regards
  Georg

  The whole exception:
  [EXCEPTION]
  com.sapportals.portal.prt.runtime.PortalRuntimeException: Access is denied: pcd:portal_content/every_user/general/eu_role/com.sap.km.home_ws/com.sap.km.hidden/com.sap.km.urlaccess/com.sap.km.docs - user: Manager,
  at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1932)
  at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:234)
  at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:316)
  at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:387)
  at com.sapportals.portal.prt.connection.PortalRequest.getRootContext(PortalRequest.java:488)
  at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:607)
  at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
  at com.sapportals.wcm.portal.connection.KmConnection.handleRequest(KmConnection.java:52)
  at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:524)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:407)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
  at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
  at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  Caused by: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/every_user/general/eu_role/com.sap.km.home_ws/com.sap.km.hidden/com.sap.km.urlaccess/com.sap.km.docs)
  at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:422)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookupLink(PcdProxyContext.java:1353)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookup(PcdProxyContext.java:1300)
  at com.sapportals.portal.pcd.gl.PcdProxyContext.lookup(PcdProxyContext.java:1067)
  at com.sapportals.portal.pcd.gl.PcdGlContext.lookup(PcdGlContext.java:68)
  at com.sapportals.portal.pcd.gl.PcdURLContext.lookup(PcdURLContext.java:238)
  at javax.naming.InitialContext.lookup(InitialContext.java:347)
  at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1919

• OIM Read only Admin Role

  Hello Everyone
  Is there something like read-only OIM Admin role?. My manager wants to just see everything done by a system administrator or xelsysadmin . He doesn't want to modify any date, but he just wants to access everything added by the administrator.
  Thank You

  Hi,
  I hope you are using OIM 11g R2.
  If yes, then OOTB OIM provides many Admin Roles under organization section. For example: User Viewer, HelpDesk, Org Admin etc.
  You can use any of the OOTB admin roles to fulfill your requirement.
  HTH
  J

• Request Offerings not showing up for custom User role in SMPortal

  Hello All,
  I've created a custom End User role and scoped it to the domain users group.
  To this role I want to show a specific set of Request Offerings on the portal
  For that Purpose I created a new Service Offering and added these Request Offerings to it.
  I then went on to create a Catalog Group and added the Service Offering to it.
  I then created the custom user role based on the EndUser role and allowed them to see all Forms, all Queues, All CI's and on the Catalog group I select that they could only see the Catalog Group which I just created.
  I then logged in into the SMPortal and was expecting that my Service Offering would be shown to them.
  However, they don't see the service offering.
  What could cause this?
  Is there something I'm missing?
  Thanks in advance!
  Filip

  You have to add the Service Offerings and the Request Offerings in the Catalog Group. Nesting doesn't work because Service Offerings and Request Offerings are different types of objects.
  This offers the option the manage the access to Service Offerings and Request Offerings very granular if needed. For instance you can control access to a Service Offering in one Catalog Group related to one user role (A) and use two additional Catalog Groups
  with different Request Offerings related to other user roles (B) and (C). Result will lead to:
  User in Role A and B -> Can see Service Offerings A containing Request Offerings B
  User in Role A and C -> Can see Service Offerings A containing Request Offerings C
  User in Role A, B and C -> Can see Service Offerings A containing Request Offerings B and C
  User in Role A only -> Don's see anything because of the missing permission on any Request Offering. So the "empty" Service Request won't show up in the portal.
  Hope his helps.
  Andreas Baumgarten | H&D International Group

• Help required for linking Organization Admin Roles to User Profile in R2

  Hi,
  We are using OIM 11.1.2.0 (Without any patch).
  Current Requirement:
  We have requirement to provide search capability to end users to search/see users of other Organizations in OIM.
  For example: I belong to Org1: UK, So OOTB OIM just support searching/viewing profile of UK Organization users. I can not search/view user info of Org2: Italy.
  To overcome this issue,Oracle has suggested us to add both the following roles in order to see user information of other organization.
  • User Viewer
  • Organization Viewer
  After just logged in using xelsysadm, I can able to assign Admin Roles of each organization to end users.
  We want some API info/ how to automate this assignment to Admin Roles(Which are available to Organization) to end users?
  We went through the APIs available for OIM 11.1.2.0, but could not find any API related to Admin Roles of OIM.
  Please suggest.
  Regards,
  J

  Hi,
  Has any one implemented this method?
  addAdminRoleMembership(oracle.iam.platform.authopss.vo.AdminRoleMembership membership) Add a admin role membership.
  Regards,
  J

• Transaction launcher not working for custom business role in WEB UI

  Hi Experts,
  we have maintained a link for activity reports in web Ui which triggers a program Z_CRM_TIME_REPORT . we have maintained the logical links and assigned them to the custom business role. when we run the program in SE38 in GUI its working fine but we are facing the problem when we click the link in WEB UI we get a different screen related to BP and not the activity report.Kindly suggest what are the configuration need to be tested.
  Thanking you,
  Deepa

  My guess would be that the parameter stated in the logical link (navigation bar customizing) that you use is incorrect. This should be the name of the transaction launcher definition you have maintained.
  Otherwise, check the transaction launcher wizard to see that the report is maintained correctly.
  Hope this helps.
  Regards,
  Pieter Rijlaarsdam