Disabling Roles, Resources, Proxies subtabs in Profile tab of Self Service

Similar Messages

• Changing the MyProfile tab of Self Service console in OIM 11g

  Hi...
  I want the user not be able to edit any of the fields in the Attribute tab under MyProfile. The user should be allowed just to view his details.
  Also in the roles, resource, Proxy tab he should not be able to create request for role, resource, proxy respectively.
  How can i work out for this?
  Thanks..

  I want the user not be able to edit any of the fields in the Attribute tab under MyProfilehttp://rajivdewan.blogspot.com/2011/08/modify-authorization-policies-in-oim.html
  Also in the roles, resource, Proxy tab he should not be able to create request for role, resource, proxy respectivelYou can remove access from Templates. For Proxy, create authroization policy to restrict the search results
  Or
  You'll have to find the exact JSPX file to remive these tabs.

• User profile vs Remote Desktop Services Profile

  On a Windows 2008 R2 Domain Controller, if you open properties of an user account, you'd see
  a Profile Tab as well as Remote Desktop Services Profile Tab.
  I found this very confusing, can any one tell be the key difference between those 2?
  If I don't specify Remote Desktop Services Profile path, when I logon to Remote Desktop Server, it seems take user's
  romaing profile.
  Anyway, please advice.
  Thank you.

  Hi,
  Thank you for posting in Windows Server Forum.
  The profile tab of the user properties window allows you to configure user profile, logon scripts and home folder details for the user object. It is very useful when you have to allow your user access the same environment and data irrespective of the machine
  he logs in from.
  Active Directory User properties – Profile tab
  Remote Desktop Services User Properties
  You can specify a Remote Desktop Services-specific profile path and home folder for a user connecting to an RD Session Host server. This profile and home folder will only be used for Remote Desktop Services sessions. You should assign a separate profile for
  Remote Desktop Services sessions because many of the common options that are stored in profiles, such as screen savers and animated menu affects, are not desirable when using Remote Desktop Services.
  Manage User Profiles for Remote Desktop Services
  http://technet.microsoft.com/en-us/library/cc742820.aspx
  User Profiles on Windows Server 2008 R2 Remote Desktop Services
  http://blogs.msdn.com/b/rds/archive/2009/06/02/user-profiles-on-windows-server-2008-r2-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Modify Self Service -- Profile page

  Hello Experts,
  I need to modify the Profile page under Self Service ..the attributes tab to be specific..I would really appreciate some guidance.
  Thank you

  I figured this one out...created an authorization policy allowing user to view and modify and added the attribute to the modifyuserdataset.xml..
  Thank you

• How to create custom adf tab in oim 11g for self service

  Hi all,
  I want to create a new tab in self service console by using out box code. Any suggestions please
  Thanking you

  Refer link below:
  http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/oim_11g/customize_oim_ui_selfservice_tabs/customize_oim_ui_selfservice_tabs.htm
  regards,
  GP

• Self service adminstartor role

  Hi Experts,
     Can any one explain the purpose of Self service adminstrator Role in ESS/MSS.
  Thanks
  Rahul

  Hi Rahul,
  Self service adminstrator Role in ESS/MSS is nothing but administrator role which manage/maintain the ESS/MSS iviews/pages
  with standard Floor Plan manager (FPM)
  The Self-Service Administrator determines the settings for the various self-service solutions (Manager Self-Service, Employee Self-Service etc.), in the portal through the Floor Plan Manager (FPM)
  Please check this :
  [Self-Service Administrator role thread |Self-Service Administrator role;
  [Floor Plan Manager  |http://help.sap.com/saphelp_erp60_sp/helpdata/en/68/003cf0b16e4a019549b7904805e70a/frameset.htm]
  Regards
  Arun
  Edited by: Arun Jaiswal on Mar 15, 2010 6:19 PM

• Hiding/Disabling the resources tab under project management.

  Hi,
  We need to hide/disable the resources tab in project management screen. We are not using project resource management module and also the Profile Option "PA: Licensed to use Project Resource Management" has been set to "No".
  Can someone suggest a solution for the same.
  Regards,
  Rakesh Menon

  I already got an response to the issue from Julia through Oracle Community...
  Below is the solution -
  For the Project Management Responsibility where you want your Resource Tab to be disabled:
  Go to a System Administrator responsibility - Security - Responsibility-Define.
  Look for your resposibility of Project Management.
  Under Menu Exclusion Tab add a line with Type Menu and name "Project Resource Sub Tab".
  Click Save button and then go to check in your responsibility if the Resources Tab is disabled. (it should be).

• How disable SPRO from Sap_new and Sap_All profile

  Hello,
  One of my training ID have SAP_NEW AND SAP_ALL. From the particular user how can I disable SPRO transaction.
  Please help
  Regards
  Kariyath

  Hello Kariyath,
  My understanding is that you want the user to just not have access to SPRO though rest all is okie. You should try changing SAP_ALL and SAP_NEW as these are standard SAP. I would suggest that you remove SAP_ALL and SAP_NEW from user profile and instead assign him a role which will be same as SAP_ALL and SAP_NEW and then you can remove SPRO access from it. This would actually help you in monitoring authorizations in a better manner. Please use the following steps for it.
  Create a new role in PFCG.
  Don't assign any transactions in role menu. Go to Authorizations tab and open it in expert mode for profile generation.
  Now go to edit->Insert Authorizations->Full authorizations.
  This would give SAP_ALL and SAP_NEW to the role. next go to authorization object S_TCODE.
  Here you will find the value as *. You need to change it. Make it:
  A* to SPRN*
  SPRP* to Z*.
  Now remove SAP_ALL from the user and assign him this role.
  But while the user won't be able to execute SPRO it doesnot mean that he won't be able to execute other transactions that are within SPRO for example OB52,SALE etc. If you requirement is just SPRO specific then this issue is solved but in case you need it for other ransactions then you need to define the values in s_tcode accordingly.
  I hope this should be able to solve the issue. Please award points accordingly.
  Regards.
  Ruchit.

• How to disable role password in Solaris 11

  Roles can only be assumed by logged in users. That is the definition of a role. Therefore role authentication is to some extent double authentication. The user has already authenticated as himself when he logged in and the sysadmin has enough trust in him to grant him a certain role. So why would he need to authenticate to the role? Isn't that double authentication ? Anyway I can see why that makes sense on a role like 'root' but on other more normal types of roles ? Really?
  Anyway that is not what this posting is about. It is about me not being able to figure out how to disable role password in Oracle 11.
  In Solaris 10 I would do:
  <pre>passwd -r files -d myrole</pre>
  That would set the myrole account to a no password account and that would be enough to disable it.
  In Solaris 11 I cannot make this work. I suspect this is because of the introduction of the roleauth attribute but I've tried all possible combinations:
  <pre>passwd -r files -d myrole</pre>
  <pre>rolemod -K roleauth=user myrole</pre>
  or
  <pre>passwd -r files -d myrole</pre>
  <pre>rolemod -K roleauth=role myrole</pre>
  Can't make any of these work.
  Pls help.

  Hello MrMonza,
  I do not completely understand what you are looking for. Perhaps it would help if you explained, for which purpose you want to use your new role.
  In short, a role is simply a user account, to which you cannot login directly. As to every user account, rights are assigned to each role. And as for every user account, you have to provide a password for it.
  If you want to switch to a role without password, this is nearly the same as extending the rights of your account.
  This is possible by assigning additional profiles to it via /etc/user_attr. Privileged commands, written by you, and connected to these profiles, can be defined in /etc/security/exec_attr.d/local-entries. These commands can be called via pfexec, see pfexec(1), which grants privileges (e.g. uid=0) for just the call.
  See also user_attr(4), prof_attr(4), exec_attr(4) and the "SEE ALSO" sections in there.
  Profiles can be chosen from the predefined profiles in /etc/security/prof_attr.d, or they can be self-assembled from these profiles and authorizations from /etc/security/auth_attr.d.
  New profiles should be stored in /etc/security/prof_attr.d/local-entries.

• Collection Specialist - Collections Profile Tab of Business Partner.

  Hi,
  We are using the SAP FSCM Collections Management module. When I assign the collection profile to the Business Partner on the Collections Profile Tab, the Collection Segment, Collection Group are populated based on the configuration but the Collections Specialist does not get populated.
  Can someone please throw some light on this if they have experienced this issue?
  Thanks & Regards,
  Bhairav Naik.

  Hello Mark , actually I dont think that is possible to transfer data related to collection profile (displayed in BP master data for a BP with colletion managemnt role) from Cusotmer master data because this kind of information are not availabe as my knowledge in Cusotmer master
  Solution could to transfer all other available data from Cusotmer data to BP and once transferred update mannually the collection profile.
  I have seen also a program ( transaction UDM_BP_PROF) to update collection profile automatically, but I did not manage to make it work on a exidting BP.
  What do you think about this approach?

• Need details about "Lock Profiling" tab of JRockit JRA

  Hi,
  I'm experimenting with the JRockit JRA tool: I think this is a very useful tool ! It provides very valuable information.
  About locks ("Lock Profiling" tab), since JRockit manages locks in a very sophisticated manneer, it enables to get very important information about which monitors are used by the application, helping for improving the performances.
  Nevertheless, the BEA categories (thin/fat, uncontended/contended, recursive, after sleep) are not so clear. A short paper explaining what they mean would greatly help.
  Fat contended monitors cost the most, but maybe 10000 thin uncontended locks cost the same as 1 fat contended lock does. We don't know.
  So, there is a lack of information about the cost (absolute: in ms, or relative: 1 fat lock costs as N thin locks) of each kind of monitor. This information would dramaticaly help people searching where improvements of lock management are required in their application.
  Thanks,
  Tony

  great explanation! Thanks
  "ihse" <[email protected]> wrote in message
  news:18555807.1105611467160.JavaMail.root@jserv5...
  About thin, fat, recursive and contended locks in JRockit:
  Let's start with the easiest part: recursive locks. A recursive lock
  occurs in the following scenario:synchronized(foo) {  // first time thread takes lock
  synchronized(foo) {  // this time, the lock is taken recursively
  }The recursive lock taking may also occur in a method call several levels
  down - it doesn't matter. Recursive locks are not neccessarily any sign of
  bad programming, at least not if the recursive lock taking is done by a
  separate method.
  The good news is that recursive lock taking in JRockit is extremely fast.
  In fact, the cost to take a lock recursively is almost negligable. This is
  regardless if the lock was originally taken as a thin or a fat lock
  (explained in detail below).
  Now let's talk a bit about contention. Contention occurs whenever a thread
  tries to take a lock, and that lock is not available (that is, it is held
  by another thread). Let me be clear: contention ALWAYS costs in terms of
  performance. The exact cost depends on many factors. I'll get to some more
  details on the costs later on.
  So if performance is an issue, you should strive to avoid contention.
  Unfortunately, in many cases it is not possible to avoid contention -- if
  you're application requires several threads to access a single, shared
  resource at the same time, contention is unavoidable. Some designs are
  better than others, though. Be careful that you don't overuse
  synchronized-blocks. Minimize the code that has to be run while holding a
  highly-contended lock. Don't use a single lock to protect unrelated
  resources, if that lock proves to be easily contended.
  In principle, that is all you can do as an application developer: design
  your program to avoid contention, if possible. There are some experimental
  flags to change some of the JRockit locking behaviour, but I strongly
  discourage anyone from using these. The default values is carefully
  trimmed, and changing this is likely to result in worse, rather than
  better, performance.
  Still, I understand if you're curious to what JRockit is doing with your
  application. I'll give some more details about the locking strategies in
  JRockit.
  All objects in Java are potential locks (monitors). This potential is
  realized as an actual lock as soon as any thread enters a synchronized
  block on that object. When a lock is "born" in this way, it is a kind of
  lock that is known as a "thin lock". A thin lock has the following
  characteristics:
  * It requires no extra memory -- all information about the lock is stored
  in the object itself.
  * It is fast to take.
  * Other threads that try to take the lock cannot register themselves as
  contending.
  The most costly part of taking a thin lock is a CAS (compare-and-swap)
  operation. It's an atomic instruction, which means as far as CPU
  instructions goes, it is dead slow. Compared to other parts of locking
  (contention in general, and taking fat locks in specific), it is still
  very fast.
  For locks that are mostly uncontended, thin locks are great. There is
  little overhead compared to no locking, which is good since a lot of Java
  code (especially in the class library) use lot of synchronization.
  However, as soon as a lock becomes contended, the situation is not longer
  as obvious as to what is most efficient. If a lock is held for just a very
  short moment of time, and JRockit is running on a multi-CPU (SMP) machine,
  the best strategy is to "spin-lock". This means, that the thread that
  wants the lock continuously checks if the lock is still taken, "spinning"
  in a tight loop. This of course means some performance loss: no actual
  user code is running, and the CPU is "wasting" time that could have been
  spent on other threads. Still, if the lock is released by the other
  threads after just a few cycles in the spin loop, this method is
  preferable. This is what's meant by a "contended thin lock".
  If the lock is not going to be released very fast, using this method on
  contention would lead to bad performance. In that case, the lock is
  "inflated" to a "fat lock". A fat lock has the following characteristics:
  * It requeries a little extra memory, in terms of a separate list of
  threads wanting to acquire the lock.
  * It is relatively slow to take.
  * One (or more) threads can register as queueing for (blocking on) that
  lock.
  A thread that encounters contention on a fat lock register itself as
  blocking on that lock, and goes to sleep. This means giving up the rest of
  its time quantum given to it by the OS. While this means that the CPU will
  be used for running real user code on another thread, the extra context
  switch is still expensive, compared to spin locking. When a thread does
  this, we have a "contended fat lock".
  When the last contending thread releases a fat lock, the lock normally
  remains fat. Taking a fat lock, even without contention, is more expensive
  than taking a fat lock (but less expensive than converting a thin lock to
  a fat lock). If JRockit believes that the lock would benefit from being
  thin (basically, if the contention was pure "bad luck" and the lock
  normally is uncontended), it might "deflate" it to a thin lock again.
  A special note regarding locks: if wait/notify/notifyAll is called on a
  lock, it will automatically inflate to a fat lock. A good advice (not only
  for this reason) is therefore not to mix "actual" locking with this kind
  of notification on a single object.
  JRockit uses a complex set of heuristics to determine amongst other
  things:
  * When to spin-lock on a thin lock (and how long), and when to inflate it
  to a fat lock on contention.
  * If and when to deflate a fat lock back to a thin lock.
  * If and when to skip on the fairness on a contended fat lock to improve
  performance.
  These heuristics are dynamically adaptive, which means that they will
  automatically change to what's best suited for the actual application that
  is being run.
  Since the switch beteen thin and fat locks are done automatically by
  JRockit to the kind of lock that maximizes performance of the application,
  the relative difference in performance between thin and fat locks
  shouldn't really be of any concern to the user. It is impossible to give a
  general answer to this question anyhow, since it differs from system to
  system, depending on how many CPU:s you have, what kind of CPU:s, the
  performance on other parts of the system (memory, cache, etc) and similar
  factors. In addition to this, it is also very hard to give a good answer
  to the question even for a specific system. Especially tricky is it to
  determine with any accuracy the time spent spinning on contended thin
  locks, since JRockit loops just a few machine instuctions a few times
  before giving up, and profiling of this is likely to heavily influence the
  time, giving a skewed image of the performance.
  To summarize:
  If you're concerned about performance, and can change your program to
  avoid contention on a lock - then do so. If you can't avoid contention,
  try to keep the code needed to run contended to a minimum. JRockit will
  then do whatever is in its power to run your progam as fast as possible.
  Use the lock information provided by JRA as a hint: fat locks are likely
  to have been contended much or for a long time. Put your effort on
  minimizing contention on them.

• Profiles tab after CUA implementation

  Hello All,
  I have a query in SU01 transaction. After implementing the CUA, my central system does not show any profiles (in PROFILES tab) for Composite Roles and single roles assigned for the user. Is it Normal or is it something to do with CUA implementation. I can see the related system generated role profiles for the roles assigned to user in the respective child systems. We are on SAP R/3 4.7 version.
  Thanks in advance for the time.
  Br,
  Sri

  Hello Raghu,
  This should not cause any concerns for you. However if you want to display the profiles please change the settings in SCUM from GLOBAL to LOCAL. Then you should be able to see the profiles. But I would advise against it cause then it will be possible to assign profiles in child systems directly.Not a good thing.
  Please award points for useful answers.
  Regards.
  Ruchit.
  Message was edited by: Ruchit Khushu
  Message was edited by: Ruchit Khushu
  Message was edited by: Ruchit Khushu

• Credit  Managment : Profile tab  is  not  visible  in  BP

  Hi  All  ,
  I  am  working on  FSCM  credit  managment project.
  For  FSCM credit managment :
  I  have  activated  the  Badi : activation of  SAP  credit  managment (Interface  Set Active and FI_AR_Upadte mode)
  1)Set Active
  E_ACTIVE_FLAG = 'X' .
  E_ERP2005 = 'X'
  2)FI_AR_Upadte mode
  E_DIRECT_UPDATE = 'X'.
  But when  I am  selecting  the  Bussiness  partner   under (SAP  credit  managment role ).Profile  tab  is  not  visible .
  Please  help  me  out .
  Regards
  Rahul

  Hi,
  Pls check note 956054 and see if you have set up the business partner the correct way. This is the basis.
  Rgds,
  Richard

• Ops Center - Updating Patches using the Update Profile tab

  I am unable to create a new profile in order to update patches onto an asset. When trying to create a new profile in order update assets, I'm unable to access any option on the "Update Profile" tab. According to the manual , http://wikis.sun.com/display/EMOC11g1/Creating+an+OS+Update+Profile , that indicates that the option is disabled and the resolution is to register and manage your assets. The problem at hand is that despite registering and managing my assets I'm still unable to create a new profile. Could somebody give me insight on what else I could do in order to carry out the task of updating assets with patches.

  No the update catalog action is not active. Yes it is in connected mode and I'm unable to define a default local library (all features under libraries are mostly disabled). Yed, I have supplied connected authentication usernames and passwords. How do I go about enable these features?

• HELP! On PC reboot all my extensions get disabled and each one opens a new Tab!

  Help!!!
  On PC reboot all my extensions get disabled and each one opens a new Tab!
  I have seen 2 threads here about this issue and a few more by googling the problem.
  However nothing, nothing, noithing... worked!
  Win7, MS Office 2007, Sony Vaio SZ1VP, FF 10.0
  and:
  >
  Download Unlimited 1.0, Read it Later 2.1.4, Pixlr Grabber 2.1.1, Cool Preview 3.5, Telyfi 1.2.5, Speed Dial 0.9.6.4, Google shortcuts 2.1.7.1, Scrapbook 1.4.9, Screen Grab (fix Version) 0.9.6.3c, Vertical Toolbar 0.2.6, Google Translator for Firefox 2.1.0.1, TinEye Reverse Image Search 1.1, Grooveshark Premium, 2.0.2, Quick Maps 1.5.0.
  >
  To try to solve this issue, I:
  Uninstalled:
  Antivirus (BitDefender)
  PC Cleaner (CCCleaner)
  Flash,
  Java,
  Shockwave,
  MediaPlayer...
  FF (deleting all the settings).
  Then reboot twice for safety.
  Then re-installed Java, Flash, Shockwave.
  Reboot once more.
  Re-installed FF, reboot once more.
  Checked that all the plugins were updated, and only then I finally installed my extensions.
  Checked that the user.js and preferences.js were not read only.
  Everything worked fine (even FF restart) until the next OS reboot!
  Then it all strated again!!!!!! It's driving me crazy!!!! Please, help! Machine cannot defeat man... or, better, machine can defeat me, but not the whole of the FF community!!!!!
  Please, I must get to the end of this story! Help!!!
  Tommaso

  NM, got it fixed. Thanks!!!