Customized Roles with Split Permissions

We are running an Exchange 2013 environment using Outlook 2013. We did the install using split permissions because the Exchange Administration and AD Administration are going to be done in two different places. We have had lot's of permission
issues with the split permission install. We now need to figure out a way to created a customized role in Exchange that will allow users to only create/enable/move mailboxes AND add/remove people from Distribution Groups. To this point I have made
a copy of the Mail Recipient Creation role and have been removing role entries from the copy. I'm just not really sure which roles I should be removing. Any guidance on what roles would be needed?

Hi ,
Thank you for your question.
We could refer to the following steps to achieve your requirement:
1. Customized role
Create mailbox:
New-Managementrole –Name “Create Mailbox” –parent “Mail recipient Creation”
Get-ManagementRoleEntry “Create Mailbox\*” | where {$_.name –ne “New-maillbox”} | Remove-ManagementRoleEntry
Then we could type “A”.
Enable mailbox:
New-Managementrole –Name “Enable Mailbox” –parent “mail recipients”
Get-ManagementRoleEntry “Enable Mailbox\*” | where {$_.name –ne “Enable-Mailbox”} | Remove-ManagementRoleEntry
Then we could type “A”.
Move mailbox:
New-Managementrole –Name “Move Mailbox” –parent “move mailboxes”
Get-ManagementRoleEntry “Move Mailbox\*” | where {$_.name –ne “New-MoveRequest”} | Remove-ManagementRoleEntry
Then we could type “A”.
Add user to Distribution Group:
New-Managementrole –Name “Add user to DL” –parent “Distribution Groups”
Get-ManagementRoleEntry “Add user to DL\*” | where {$_.name –ne “Add-DistributionGroupMember”} | Remove-ManagementRoleEntry
Then we could type “A”.
Remove user from Distribution Group:
New-Managementrole –Name “Remove user to DL” –parent “Distribution Groups”
Get-ManagementRoleEntry “Remove user from DL\*” | where {$_.name –ne “Remove-DistributionGroupMember”} | Remove-ManagementRoleEntry
Then we could type “A”.
2. Customized role group and Role was add role group:
New-RoleGroup –Name “Manage Recipients for Helpdesk” –Roles
“Create Mailbox”, “Enable Mailbox”, “Move Mailbox”, “Add user to DL”, “Remove user to DL” –RecipientOrganizationalUnitScope “contoso.com/Users”
3. Add the user you want to grant this connect-mailbox permission to this role group through EAC;
4. Test.
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim

Similar Messages

Custom list with special permissions

Hi There!
Is it possible to have special premissions in 1 field of a list. For example, a ¨status¨ field that can only be updated by the admin. Thanks for your help!! Ignacio

If you want use above codeplex solution, You can deploy this your SharePoint farm using Powershell commands
You can add the solution using "Add-SPSolution" command
Add-SPSolution c:\code\SharePointProject2\bin\debug\SharePointProject2.wsp
Once you have added it, you can deploy the same using "Install-SPSolution" powershell command.
http://www.dotnetmafia.com/blogs/dotnettipoftheday/archive/2009/12/02/adding-and-deploying-solutions-with-powershell-in-sharepoint-2010.aspx
After this activate the feature related to above solution. Remaining steps are available in that codeplex solution on the configuration.
Other option is you can add the JQuery script to the NewForm.aspx or Editform.aspx wherever applicable to a CEWP and provide the target audience for that webpart so it will execute the script only for them.
http://www.csgpro.com/post/41
My Blog- http://www.sharepoint-journey.com|
If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

Customer role from sap standard role SAP_SM_SCHEDULER_DIS or SAP_SM_SCHEDUL

HIi,
according SAP Note Note 1054005 - FAQ: Job Scheduling Management with SAP Solution Manager we want to design a customer role with this roles as templates.
But:
There are a lot of open authorization objects.
We need proposal how to fill this role with adequate values.
Does anybody has designed customer roles from that standard roles ?
What values are advisable ?
Regards,
Roland Fischl

Dear Aviya Paul,
1. Who will responsible for Authorization Matrix?
Authorization Matrix that define "what position may have access to which authorization/ role" shall be developed by User (Management), with support from BASIS. User is the one who have the authority to decide, while BASIS should help User in understanding the technical knowledge of access authorization.
2 to 5. BASIS.

Wlconfig with custom role mapper always fails FIRST time only

WLS 8.1 sp2.
I have a very strange problem, where I'm "coldstarting" a server and
configuring it, much like the ant build script for medrec. Only I have a
custom role mapper (medrec has a custom authentication provider). Anyway,
the first time I execute this task (after a clean), it consistently fails
like so:
[wlconfig] OK
[wlconfig] OK
BUILD FAILED
file:P:/dgs/build.xml:186: Unable to create mbean:
weblogic.management.MBeanCreationException: - with nested exception:
[java.lang.ClassNotFoundException:
weblogic.management.configuration.com.combinenet.security.CNRoleMapperProvid
erMBean]
(that class looks bogus to me, BTW, as my provider class is
com.combinenet.security.CNRoleMapperProvider)
Now, the SECOND time I execute "coldstart", which runs wlconfig, the server
starts up fine, and my custom role mapper is loaded successfully. So,
obviously I figured something was left around the first time which somehow
helped matters, but the strange thing is that I delete the entire domain
directory before "coldstarting" the server, and I also re-copy the role
mapper provider jar into the mbeantypes directory, so I'm very puzzled. I'm
copying the coldstart task below (and the clean).
Can anyone tell me what's wrong with this task that would make it fail the
first time through after a clean? Is this a bug? And why would it succeed on
all subsequent attempts (without a clean)? I just don't see anything wrong
with what I'm doing.
TIA,
Miles
<target name="coldstart"
description="Start a new DGS Server with an empty config"
depends="configServerEnv,startPointBase,configPointBase,dist" >
<delete dir="${dgs.root}" quiet="true"/>
<mkdir dir="${dgs.root}"/>
<wlserver
beahome="${bea.home}"
dir="${dgs.root}"
domainname="${dgs.domain}"
host="${dgs.host}"
port="${dgs.port}"
servername="${dgs.serverName}"
username="${wl.username}"
password="${wl.password}"
productionmodeenabled="false"
generateconfig="true"
action="start">
</wlserver>
<wlconfig url="t3://${dgs.host}:${dgs.port}"
username="${wl.username}"
password="${wl.password}">
<query domain="${dgs.domain}" type="Server"
name="${dgs.serverName}"
property="dgs.server"/>
<create type="JDBCConnectionPool"
name="DgsPool"
property="dgs.pool">
<set attribute="CapacityIncrement" value="1"/>
<set attribute="DriverName"
value="com.pointbase.jdbc.jdbcUniversalDriver"/>
<set attribute="InitialCapacity" value="1"/>
<set attribute="MaxCapacity" value="10"/>
<set attribute="Password" value="${pointbase.password}"/>
<set attribute="Properties" value="user=${pointbase.username}"/>
<set attribute="RefreshMinutes" value="0"/>
<set attribute="ShrinkPeriodMinutes" value="15"/>
<set attribute="ShrinkingEnabled" value="true"/>
<set attribute="TestConnectionsOnRelease" value="false"/>
<set attribute="TestConnectionsOnReserve" value="false"/>
<set attribute="URL" value="jdbc:pointbase:server://localhost/demo"/>
<set attribute="Targets" value="${dgs.server}"/>
</create>
<create type="JDBCTxDataSource" name="DGS Tx DataSource">
<set attribute="JNDIName" value="DgsTxDataSource"/>
<set attribute="PoolName" value="DgsPool"/>
<set attribute="Targets" value="${dgs.server}"/>
</create>
<create type="JMSConnectionFactory" name="Queue">
<set attribute="JNDIName" value="jms/QueueConnectionFactory"/>
<set attribute="XAServerEnabled" value="true"/>
<set attribute="Targets" value="${dgs.server}"/>
</create>
<create type="JMSJDBCStore" name="DgsJDBCStore"
property="dgs.jdbcstore">
<set attribute="ConnectionPool" value="${dgs.pool}"/>
<set attribute="PrefixName" value="Dgs"/>
</create>
<create type="JMSServer" name="DgsJMSServer">
<set attribute="Store" value="${dgs.jdbcstore}"/>
<set attribute="Targets" value="${dgs.server}"/>
<create type="JMSQueue" name="Registration Queue">
<set attribute="JNDIName" value="jms/REGISTRATION_MDB_QUEUE"/>
</create>
</create>
<create type="MailSession" name="Dgs Mail Session">
<set attribute="JNDIName" value="mail/DgsMailSession"/>
<set attribute="Properties"
value="mail.user=joe;mail.host=mail.mycompany.com"/>
<set attribute="Targets" value="${dgs.server}"/>
</create>
<create type="StartupClass" name="StartBrowser">
<set attribute="Arguments" value="port=${dgs.port}"/>
<set attribute="ClassName" value="com.combinenet.test.StartBrowser"/>
<set attribute="FailureIsFatal" value="false"/>
<set attribute="Notes" value="Automatically starts a browser on
server boot."/>
<set attribute="Targets" value="${dgs.server}"/>
</create>
<set mbean="Security:Name=myrealmDefaultAuthenticator"
attribute="ControlFlag" value="SUFFICIENT"/>
<set mbean="Security:Name=myrealmDefaultAuthenticator"
attribute="MinimumPasswordLength" value="10"/>
<set mbean="Security:Name=myrealm"
attribute="DeployPolicyIgnored" value="false"/>
<set mbean="Security:Name=myrealm" attribute="DeployRoleIgnored"
value="false"/>
<set mbean="Security:Name=myrealm"
attribute="FullyDelegateAuthorization" value="true"/>
<set mbean="Security:Name=myrealm"
attribute="AuthenticationProviders"
value="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaul
tIdentityAsserter"/>
<set mbean="Security:Name=myrealm" attribute="RoleMappers"
value="Security:Name=myrealmDefaultRoleMapper|Security:Name=myrealmCNRoleMap
perProvider"/>
<create type="com.combinenet.security.CNRoleMapperProvider"
domain="Security" name="myrealmCNRoleMapperProvider"/>
<set mbean="Security:Name=myrealmCNRoleMapperProvider"
attribute="Realm" value="Security:Name=myrealm"/>
<query domain="${dgs.domain}" type="Server" name="DgsServer">
<set attribute="StdoutEnabled" value="true"/>
<set attribute="StdoutSeverityLevel" value="64"/>
<set attribute="ListenAddress" value=""/>
<set attribute="ListenPort" value="${dgs.port}"/>
</query>
<query domain="${dgs.domain}" type="WebServer" name="DgsServer">
<set attribute="LogFileName" value="logs/access.log"/>
</query>
</wlconfig>
<copy file="${dist}/lib/dgs.ear" todir="${dgs.root}"/>
<wldeploy action="deploy"
source="${dgs.root}/dgs.ear"
name="dgsapp"
user="${wl.username}"
password="${wl.password}"
verbose="true"
adminurl="t3://localhost:7001"
debug="true"
targets="${dgs.serverName}"/>

<sleep hours="10"/>
</target>
<target name="clean"
description="Clean the build tree(s)"
depends="init">
<delete dir="${build}" verbose="true"/>
<delete dir="${dist}" verbose="true"/> (dist is where the ear file is
created)
</target>

g_wolfman wrote:
Are you using Parallels?
Wolfman, thats a good hint!
Additional info at --> http://reviews.cnet.com/8301-13727_7-20106682-263/macbook-airs-double-booting-wi th-parallels-and-filevault-enabled/
Thanks for the input.
Lupunus

Use of default XACML with custom role mapper and authorization provider

Hi,
Is it possible to use the default XACML provider for custom role mappers and authorization providers when role information will be provided via an external application ( not an LDAP or RDBMS server )?
My custom providers will be communicating with the external application via an API that accepts user credentials and will return decisions whether the credentials were successfully authenticated as well as returning a list of roles for the authenticated user.
Once the roles and the subject are cached, will the default XACML provider be able to use them to make role mapping and authorization decisions?

I see 2 approaches. First, write a custom authenticator that stores the role information in the subject either by creating a custom java.security.Principal that is stored in the Subject or by saving it in PrivateCredentials of the Subject. Then right a custom role mapper that knows how to get the role information from the Subject and return a role Map. The default XACML Authorizer will then work with the role information in the role map.
Second approach is to write a custom role mapper that looks up the role information based on the Subject and returns a role map.
The chosen approach depends on where you're getting the role information from.

Custom UME Role with action: Manage_All_User_Passwo

Hi all,
I have to create a custom role on EP. This role has to able a user to manage the password of all user (only password).
i created a custom UME role Reset_PWD and I add the following action
Manage_All_User_Password
I attribute this role to a user.
When I logon with this user I get an error: Page not found.
Any suggestion to solve my problem?
Thanks in advantage
Enzo

Hi Enzo,
The reason why you are getting this error is because you have assigned just the role and an action to it. There is no content attached to the role.
For this requirement, I am not sure if adding any existing iview will help or not.
Thanks,
Nikhil

Custom Role Provider has issue with AuthorizeAttribute for MVC

Hi, I am developing a MVC 5 application with custom role provider, but it seems that the AuthorizeAttribute never call my customer role provider, my code is as below:
My Customer provider:
namespace MyDomain
public class CustomRoleProvider : RoleProvider
public override string[] GetRolesForUser(string username)
using (MyContext objContext = new MyContext())
var objUser = objContext.Users.FirstOrDefault(x => x.Username == username);
if (objUser == null)
return null;
else
string[] ret = { objUser.Access_Levels.Name };
return ret;
public override bool IsUserInRole(string username, string roleName)
var userRoles = GetRolesForUser(username);
return userRoles.Contains(roleName);
My controller:
[Authorize(Roles = "Administrator")]
public class AdminController : Controller
And Web.Config:
<system.web>
<roleManager defaultProvider="CustomRoleProvider" enabled="true" >
<providers>
<clear />
<add name="CustomRoleProvider" type="Online_Storage_Portal.CustomRoleProvider" cacheTimeoutInMinutes="30"/>
</providers>
</roleManager>
</system.web>
Also my custom role provider is in the same project as my other controllers, I am able to call my custom role provider method with following code within my controller
String[] roles = Roles.GetRolesForUser(username)
but the controller with [Authorize(Roles = "Administrator")] always redirect the page to login screen, even the user login and role are both valued.
Please help!!

You should post this question to
ASP.NET MVC forums as problem relates more to that than C#. But the problem might relate to how you have set the principal the one that you can access from HttpContext.User property. I think that is the one where the roles are retrieved.

Create a role with everything except parameterization option

Hello,
We need to create a new role with all object except parameterization
option.
How we can create it?
Best regards,
Julene González

I had no idea that we had discussed SPRO that often...
As you can see from the thread Alex pointed out ( [this one|https://forums.sdn.sap.com/click.jspa?searchID=19779873&messageID=6581648] ) it is also usefull to know which system in the landscape this role is destined for.
Assuming this is for the QAS system, why don't you identify all the business roles for the production system (those which do not permit customizing in production either, nor user admin and other "basis" tasks, nor development work...etc...) and assign them all to the users (I assume these are support users).
They should be in QAS already, and if your client settings are correct (T), you will experience the same or a very similar result.
Of course they won't have "SAP_ALL minus SPRO", but they will have what you are actually using for the "real users"... in production (except it will be in QAS).
That way they have also have a more realistic testing experience with the correct roles (only).
Just a thought,
Julius

Custom role for adding functional position.

Custom role for adding functional position.
I added a custom role for to allow only OrganizationDesigner capabilities. I could see functional positions but I could not modify or add them. What permissions I have to assign to role for adding and modifying functional position in organization designer.
I tryed everything bot noting works unless I give site addministrator privilages to the user.

Hi Indulis,
I have just replicated the behavior you are describing in our training environments. This is not the expected behavior. I will immediately open a case with Customer Care, and I suggest you do the same.

Error while assigning portal custom role

Hi All,
We have a custom role which we use to assign to the users. till now we are able to assign it without any problem. But now as i need to assign it to someone, i got an error stating that "An error occured while adding user assignments; to see the correct status, perform a new assigned user search".
Can anybody help us in finding out the reason of the error and in rectifying the error.
Thanks & Regards,
Ravi

Hi Raghu,
Thanks for your reply..
This role is existing in the PCD, and this error is coming, while assinging this role any users... it is working fine with the existing users, who are having this role before. This is happening only when we are assigning this role to some new user.
I dont think this has some relation with the backend, as the role assignment is part of the Portal itself.
And also here we dont have seperate UME, and we are using r3 users only with single sign on.....
Hi Jithendar,
Thanks fo your reply.....I will do that backend roles check also for those users and see whether any backend role variations happened for these users.
Thanks & Regards,
Ravi

Error Importing a Transport in portal - Using custom role

Hello Everyone,
I have a custom role XYZ which has a few worksets copied (as delta links) from the standard System Administration Role. These worksets include Transport, Portal Display and Monitoring.
Now, I have assigned a user ABC the following roles:
1.Role XYZ
2.Content Admin Role
When the User ABC with the above mentioned roles, tries to import a transport package into the system he gets and authorization error. (This error does not occur if I assign the user Super Admin Role).
Error Details :
com.sapportals.portal.transport.RepositoryAccessControlException
Import data Access denied. (Object(s): pcd:..
Object ID:
Transport File: ..
Original Exception:
com.sapportals.portal.pcd.gl.PermissionControlException: Import data Access denied. (Object(s): pcd:..
at com.sapportals.portal.pcd.gl.transport.PcdGlTransportAdapter.checkPermission
at com.sapportals.portal.pcd.gl.transport.PcdGlTransportAdapter.startElement
at   com.sapportals.portal.pcd.gl.xml.ContentHandlerManager.startElement
<b>Questions:
1.     Is it really possible to have this functionality (ability to Import and Export without Assigning System admin or super admin roles) achieved?
(I went through a thread Portal role for transporting objects on SDN which discusses this scenario)
2.     How should I check for additional authorizations required for Importing / Exporting Transport packages into portal. (without having assigned the super admin role or system admin role).</b>Thanks To all of you
Joan Thomas

Thanks for the inputs.
I have fixed the problem.
To assign content objects to a package, you need at least read permission for the objects to be assigned.
You can only import objects into the Portal Content Directory if you have read/write permission for each folder in the Portal Catalog where the imported objects will be stored.
To create a transport package in a certain folder of the Portal Catalog, you need read/write permission for this folder.
These 3 points helped me do the required.
Raj

AP PAYABLES- Not getting all the DUE DATE's in with split schedule payments

Hello All,
We have some issues with AP Data loading's into our DW from EBS 11.5.10 AP - PAYABLES.
One of our customer is using split schedule and share payment into few payment. Our
sql is not reading all the due dates for PAYABLES.
We are using PAYMENT_NUM=1 from ap_payment_schedules_all table as condition to load the Data to avoid duplicate rows coming for Payables.
Some hints: removing the "PAYMENT_NUM=1" from the where clause gives all the due_dates but then we have duplicate rows for Payables.
Please help to modify our query so that it will work for split schedule payment.
select
inv.invoice_num,
inv.doc_sequence_value,
sob.currency_code,
inv.invoice_date,
'EH'||inv.vendor_id vendor_id,
'EH'||inv.vendor_site_id vendor_site_id,
ael.ae_line_number distribution_line_number,
inv.invoice_currency_code,
aeh.accounting_date,
'EH'||ael.code_combination_id code_combination_id,
nvl(ael.entered_dr,0)-nvl(ael.entered_cr,0) accounted,
nvl(ael.accounted_dr,0)-nvl(ael.accounted_cr,0) amount,
fuser.user_name,
fuser2.user_name user_name2,
inv.payment_status_flag,
'PAYABLES' rowtype,
inv.discount_amount_taken,
inv.invoice_type_lookup_code invoice_type,
inv.exchange_rate,
inv.exchange_date,
tax.name,
inv.source,
inv.attribute6 eflow_doc_id,
sysdate transfer_date,
sch.hold_flag,
inv.cancelled_date,
sch.due_date
from
ap.ap_invoices_all inv,
apps.ap_ae_headers_all aeh,
apps.ap_ae_lines_all ael,
ap.ap_tax_codes_all tax,
ap.ap_payment_schedules_all sch,
gl.gl_sets_of_books sob,
applsys.fnd_user fuser,
applsys.fnd_user fuser2
where
aeh.ae_header_id=ael.ae_header_id and
inv.set_of_books_id=sob.set_of_books_id and
inv.invoice_id=sch.invoice_id and
sch.payment_num*1=1 and ---------------------------------------------- *
fuser.user_id=inv.last_updated_by and
fuser2.user_id=inv.created_by and
ael.tax_code_id=tax.tax_id(+) and
ael.ae_line_type_code='LIABILITY' and
inv.invoice_id=ael.source_id and
ael.source_table='AP_INVOICES' and
aeh.gl_transfer_flag='Y'
Thanks,
Aman

Hello All,
We have some issues with AP Data loading's into our DW from EBS 11.5.10 AP - PAYABLES.
One of our customer is using split schedule and share payment into few payment. Our
sql is not reading all the due dates for PAYABLES.
We are using PAYMENT_NUM=1 from ap_payment_schedules_all table as condition to load the Data to avoid duplicate rows coming for Payables.
Some hints: removing the "PAYMENT_NUM=1" from the where clause gives all the due_dates but then we have duplicate rows for Payables.
Please help to modify our query so that it will work for split schedule payment.
select
inv.invoice_num,
inv.doc_sequence_value,
sob.currency_code,
inv.invoice_date,
'EH'||inv.vendor_id vendor_id,
'EH'||inv.vendor_site_id vendor_site_id,
ael.ae_line_number distribution_line_number,
inv.invoice_currency_code,
aeh.accounting_date,
'EH'||ael.code_combination_id code_combination_id,
nvl(ael.entered_dr,0)-nvl(ael.entered_cr,0) accounted,
nvl(ael.accounted_dr,0)-nvl(ael.accounted_cr,0) amount,
fuser.user_name,
fuser2.user_name user_name2,
inv.payment_status_flag,
'PAYABLES' rowtype,
inv.discount_amount_taken,
inv.invoice_type_lookup_code invoice_type,
inv.exchange_rate,
inv.exchange_date,
tax.name,
inv.source,
inv.attribute6 eflow_doc_id,
sysdate transfer_date,
sch.hold_flag,
inv.cancelled_date,
sch.due_date
from
ap.ap_invoices_all inv,
apps.ap_ae_headers_all aeh,
apps.ap_ae_lines_all ael,
ap.ap_tax_codes_all tax,
ap.ap_payment_schedules_all sch,
gl.gl_sets_of_books sob,
applsys.fnd_user fuser,
applsys.fnd_user fuser2
where
aeh.ae_header_id=ael.ae_header_id and
inv.set_of_books_id=sob.set_of_books_id and
inv.invoice_id=sch.invoice_id and
sch.payment_num*1=1 and ---------------------------------------------- *
fuser.user_id=inv.last_updated_by and
fuser2.user_id=inv.created_by and
ael.tax_code_id=tax.tax_id(+) and
ael.ae_line_type_code='LIABILITY' and
inv.invoice_id=ael.source_id and
ael.source_table='AP_INVOICES' and
aeh.gl_transfer_flag='Y'
Thanks,
Aman

Creation of roles with restricted access to infoarea

HI !
We need to create some custom roles in BW, which will restrict the user (with that role) to access only specific infoareas in BW, i.e. the reports and Infoproviders etc created under those InfoAreas.
When I tried to create a role in tcode PFCG, I dont get any such options to restrict by InfoArea. Do we have to create custom Authorization objects for this and assign them to this role? if yes, how do we create such Authorization objects?
I am totally new to roles/profiles etc... i read the online documentations, but cudnt understand them much.
<u>Please provide the steps to do this</u>.
Thanks,
SUshmita

hi Sushmita,
try authorization object S_RS_COMP - business explorer compnent (under RS - business information warehouse),
you can specify infoarea, infocube
hope this helps.

Using a custom tag with a 2.3 servlet descriptor BUG?

Hi,
I just developed a Custom Tag and I'd like to use in my jsps.
If I add the jsp in my JDev project with the custom tag when I try to build the project I got this error:
Error(11): oracle.xml.parser.v2.XMLParseException: Invalid element 'listener' in content of 'web-app', expected elements '[context-param, servlet, servlet-mapping, session-config, mime-mapping, welcome-file-list, error-page, taglib, resource-ref, security-constraint, login-config, security-role, env-entry, ejb-ref]'.
It seems like when the jsp parser encounters the line with taglib it tries to parse the web.xml against a 2.2 version of the dtd. My web.xml begins with the correct dtd version (2.3). Can anyone tell me if this is a bug and eventually tell me how to solve it?
thanks,
Giovanni

I repost this issue again, now with a simple test case.
If I wrote a simple custom tag:
import java.io.IOException;
import javax.servlet.jsp.tagext.TagSupport;
public class MyCustomTag extends TagSupport {
public int doStartTag() {
try {
pageContext.getOut().print("FOO");
} catch (IOException ioe) {
pageContext.getServletContext().log(ioe.getMessage(),ioe);
return(SKIP_BODY);
with the associated tld:
<?xml version = '1.0' encoding = 'windows-1252'?>
<taglib>
<tlibversion>1.0</tlibversion>
<jspversion>1.2</jspversion>
<shortname>try</shortname>
<uri>try</uri>
<info>A short description...</info>
<tag>
<name>mytag</name>
<tagclass>MyCustomTag</tagclass>
<bodycontent>EMPTY</bodycontent>
</tag>
</taglib>
and a jsp using the custom tag:
<%@ page contentType="text/html;charset=windows-1252"%>
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>
Hello World
</TITLE>
</HEAD>
<BODY>
<H2>
The current time is:
</H2>
<P>
<% out.println((new java.util.Date()).toString()); %>
<%@ taglib uri="try.tld" prefix="try" %>
<try:mytag />
</P>
</BODY>
</HTML>
all runs fine if I have a web.xml with the dtd version 2.2
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<description>Empty web.xml file for Web Application</description>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
but if I use the version 2.3 because I want filters,context listeners and so on:
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
<web-app>
<description>Empty web.xml file for Web Application</description>
<filter>
<filter-name>FilterRedirector</filter-name>
<filter-class>org.apache.cactus.server.FilterTestRedirector</filter-class>
</filter>

<filter-mapping>
<filter-name>FilterRedirector</filter-name>
<url-pattern>/FilterRedirector/</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
I get the error I report in my last post. (the jsp doesn't compile) If I remove the custom tag from my jsp all works fine (filters, listeners,etc). In my project settings I use the 2.3 version of servlet.jar instead of the ServletRuntime that comes with JDeveloper.
Can anyone tell me how to resolve this issue (Using simple custom tag with a web application using the 2.3 servlet specs)?
Thanks in advance,
Giovanni
If I remove the filter secion all

Role with SPRO for FICO

Hello SAP EXperts,
Can anyone tell me how to create a role with SPRO authorization for FICO transactions and roles only. I need to assign a role with which a FICO consultant can do all the customizing related tasks in the development server. Please give some solution.
I invite your valuable inputs
Thanks & Regards
Vanitha
Edited by: Vanitha badampudi on Oct 21, 2008 1:33 PM
Edited by: Vanitha badampudi on Oct 21, 2008 1:36 PM

Hi there,
The easiest way to get all of the t-codes, is for a customising project to be created in the IMG with all of the relevant IMG activities assigned to it. (Your FI CO consultant can assist here.)
Once that has been done, you can go and create a role in PFCG. Select the menu tab, then select Utilities - Customizing Auth. and it will then ask you to select a customising project.
Once you've done that, all IMG activities and transactions for that customising project will automatically be entered into the menu.
You then need to go and maintain and generate the authorisations.
That's my suggestion.
Hope you can use it.
Regards
Lucille

Customized Roles with Split Permissions

Similar Messages

Maybe you are looking for