Escalation in hierarchical role

Hello All,
i am new on oracle bpm 10.3, i'd like to know how to configure an escalation in BPM,
let say there's process that need to escalate to participant's supervisor, because he/she cannot not handle the task.
what i need to know is escalation not to be designed manually in BPM, but probably only configuration in BPM or hierarchical role.
is it possible to do that in oracle BPM?
in my opinion, i think escalation should be included in BPM engine because it is standard workflow process.
any help would be appreciate.
thanks
Edited by: user10869807 on Jan 28, 2009 11:55 PM

I'm not sure, if my solution is nearly what you mentioned to me. But I found out how to solve this issue for me. I write it here, may be someone else will run in the same situation.
My intention was to create the following structure:
Role 1
Workset 1
Role 2
Workset 2
Role 2 should only be visible when the user is assigned to Role 2. But when I add the Role 2 to Role 1, then the permission of Role 1 overwrites the persmission of Role 2, so that everybody assigned to Role 1 can also see Role2. This was not, what i was looking for.
So to solve the problem, it is not required to add Role 2 to Role 1. Simply define the Roles as they are and merge them at the end. So in my case I defined every Role with the property "Can be merged" and gave all the same "Merge ID". Now the roles are automatically structured as one entry point, as long as they are defined with "entry point" = yes. And the visibility of the roles depends on the assignments from the user.

Similar Messages

Why different role types?

Hi,
Qust a simple question:
Why there is a special "nested" role? I would imagine that any role could be a "member" of other roles. Why is it not that way?
Motivation behind this is simple. Imagine a hierarchical role structure. Like an bank teller has some rights, teller supervisor has all the rigts of a teller plus some additional rights, departmet director has all the rights of a supervisor (and teller) and yet some other, etc.
I will neet to create "directorManagedRole" that will contain the directors, then create "directorNestedRole" that will contain "directorManagedRole", then "supervisorManagedRole", then "supervisorNestedRole" that will be "supervisorManagedRole" + "directorNestedRole" ... I hope you get the idea.
There are plenty of role definition objects that will complicate the management of role hierarchies. I will need to create at least two role definition per "business layer" role. And this can create real confusion, because I have to assign users to "*ManagedRole" but check for "*NestedRole".
Are there any reasons why it is implemented in such a way? Why the role mechanism cannot be unified?

Hi,
Qust a simple question:
Why there is a special "nested" role? I would imagine that any role could be a "member" of other roles. Why is it not that way?
Motivation behind this is simple. Imagine a hierarchical role structure. Like an bank teller has some rights, teller supervisor has all the rigts of a teller plus some additional rights, departmet director has all the rights of a supervisor (and teller) and yet some other, etc.
I will neet to create "directorManagedRole" that will contain the directors, then create "directorNestedRole" that will contain "directorManagedRole", then "supervisorManagedRole", then "supervisorNestedRole" that will be "supervisorManagedRole" + "directorNestedRole" ... I hope you get the idea.
There are plenty of role definition objects that will complicate the management of role hierarchies. I will need to create at least two role definition per "business layer" role. And this can create real confusion, because I have to assign users to "*ManagedRole" but check for "*NestedRole".
Are there any reasons why it is implemented in such a way? Why the role mechanism cannot be unified?

OIM 11g R2 Available Roles For Organizations Is Empty After XML Import

Hi,
When we exported Organizations in OIM via Deployment Manager and imported them back, available roles on Organizations are gone.
To be exact; Hierarchical role assignments are gone, which are done using "include-sub-orgs" check while putting organizations to Roles.
To understand the problem,
We took a single organization, exported it, changed only organization name in the XML and imported it back. The results are the same.
We included every possible dependency in the xml to see if this was the issue, apparently it wasn't.
Furthermore,
On the Role screens' Available Organization's tab, when we check the "include sub orgs" box, it works fine on manually added organizations. They are shown on Available Roles for the Organizations.
But this doesn't work on imported organizations.
Is there a trick to this in R2?
How can we export-import the organizations and still see the available roles?
Thanks,
Erdogdu

Hi All
Any updates please . Can any one just update whether creating a custom attribute on User Profile adds the attribute in the list of attributes for membership rules for roles .
Thanks
Darshan

Authorized Roles

Authentication type: JAAS
Use Role-based Authorization: checked
Authorization Type: JAAS
We have an application that will be accessed by users with role A in "Edit mode" and users with role B in "Query Mode". Role A also has sub role C. (meaning all users with role C will have access to role A as well)
What we have done so far:
OID is set up with all three roles A, B, C in the hierarchical order
web.xml has all three roles defined
Application Definition editor for the view has the following values:
Authorized Roles/Permissions A, B
Insert Allowed EL Expression #{jhsUserRoles['A']}
Update Allowed EL Expression #{jhsUserRoles['A']}
Delete Allowed EL Expression #{jhsUserRoles['A']}
When a user with role "C' logs in they are not able to see the page. But when I include C in the Authorized Roles/Permissions like this
Authorized Roles/Permissions A, B, C it works.
My question is since role C is a subrole of A won't it automatically pick up that permission? Is hierarchical role structure not supported in Jheadstart?
Thanks,
-Sree

Sree,
Hierarchical role structure is not supported in Oracle's JAAS implementation, and subsequently not in JHeadstart (all we do is using the JAAS API's for this type of security).
Steven Davelaar,
JHeadstart Team.

RoleMapper with an external LDAP

Dear friends,
We use an external LDAP to store information related to users, groups and roles. We have managed to configure an out of box LDAP Authenticator within our realm for authentication. We wanted some guidance on configuring or writing RoleMapper.
1) What is good practise in terms of storing and managing roles? Is it a common practise to store roles in an external LDAP or do people use Admin console to created roles within the embedded LDAP? The advantage with the Embedded LDAP is definitely that you could use out of the box RoleMapper and the disadvantage is that we could not extend LDAP schema to store hierarchical roles.
2) If we store and manage roles in an external LDAP store, the same one where we store users and groups, could we still use the out of the box role mapper? If not, could someone provide a sample role mapper that uses an external LDAP store.
3) Why WebLogic doesn't provide an out of the box Role Mapper that connects to an external LDAP?

All Users Filter: (&(&(uid=*)(objectclass=person))(!(quitdate=*)))
User From Name Filter: (&(&(uid=%u)(objectclass=person))(!(quitdate=*)))
User Name Attribute: uid
Here you're configuring that uid is the key of your users in OID. And in your case user A and B has the same uid, so the webcenter can login using user B, but when realize a search uid=jack ldap returns the first one.
Make any sense for you?
Hope that I help you

SAP PLM

Hi Guys
I am have working on PDM(Team center), VPM(Enovia DPM) and Catia V5 since 2 years now and I am planning to change to SAP PLM. Can any one help me Do i need to Have knowledge in any other things other then PDM, VPM to start up with SAP PLM.
If I want to take p my certification in SAP PLM where can i get it,( Do i need to contact Siemens for it or i can try with some other place)
Your help will be Appreciated
Pradeep

Hi Pradeep,
1.As you have worked in PDM (Team Center), and other CAD packages, you will be knowing the Functional processes/activities involved in the PLM which is very much required to learn and give solutions in SAP PLM.
2. As you must have worked with BOM, Documents, workflows, Organizational hierarchies, Roles & Responsibilities (Draftsmen, Junior/Assist Design Engineer, Design Engineer, Project Manager etc etc) and their authorizations.
3. So with these things it is very easy to learn & work with SAP PLM, if you are currently working in non-sap or any functional domain, you can join any SAP implementation company as a Trainee or Fresher and get trained on SAP
or there are many training institutes which train SAP even for 25-30K without certification. (You will get a fare idea about what SAP is )
Even SAP PLM starts with PDM Objects like, Material Master, Document Managment System, Engineering Change Managment (Versioning/Revisioning for BOM, MM, DIR), Bill of Materials, Classification System (Classes, Characteristics, Object Dependencies etc) all this are PDM Objects in SAP.
And there is Collaboration Projects, Collabortion Folders and CAD Integrations. etc these all together constitutes a SAP PLM
For Certification on SAP PLM below mentioned are details. and follow the link as well
https://websmp203.sap-ag.de/certification
SAP Consultant Certification
Solution Consultant PLM - Project Management with mySAP ERP 2005
Software components: SAP ERP Central Component 6.0
Certification exam is included in course TPLM22 and is also offered in separate certification events at many SAP locations.
Certification ID (Booking code):
C_TPLM22_05
Certification duration: 3 hours
Number of certification questions: 30
Required certificates for participation in this certification test: None
Consultant Academy courses for certification preparation: TPLM20 (Project Management I), TPLM22 (Project Management II (Case Study))
Alternative Project Team Training courses for certification preparation:
PLM
200 (Project Management), PLM210 (Project Management - Structuring), PLM 220 (Project Management Logistic), PLM230 (Project Management Controlling), PLM240 (Project Management Reporting)
Please note that you are not allowed to use any reference materials during the certification test (no access to online documentation or to any SAP system).
The certification test Solution Consultant PLM Project Management with mySAP ERP 2005 verifies the knowledge in the area of the mySAP Product Lifecycle Management for the consultant profile Project Management. This certificate proves that the candidate has a basic understanding within this consultant profile, and can implement this knowledge practically in projects.
The certification test consists of questions from the areas specified below:
Topic Areas
1. Project Structuring (+++)
Basic data in PS: work breakdown structure, network and activities, milestones, PS texts, documents
Project Builder and project planning board
Project simulation
Standard work breakdown structure, standard network
Assembly processing
2. Dates (+)
Time scheduling and scheduling (network scheduling, project scheduling, overall network scheduling)
Actual dates
3. Resources (+)
Work center
Capacity planning and capacity evaluation
Workforce planning to HR resource
Confirmation and working time sheet
Internet scenarios
Workflows in PS
4. Material (+)
Work breakdown structure BOM
BOM PS interface
Component assignment in the network
Material procurement through in-house production or external procurement
Collective stock and project stock
Requirements grouping
Progress tracking
ProMan
Delivery from the project
5. Costs and Budget (++)
Cost planning in the work breakdown structure
Network costing
Assigning orders to the project
Budgeting and availability control
Commitment and actual costs through account assignment and order assignment
6. Revenue and Payments (+)
Revenue and payment planning in the project
Sales pricing and quotation creation
Resource-related billing
Milestone billing and down payment processing
7. Period-End Closing (+)
Template allocation
Application of overhead
Interest calculation
Progress analysis and Progress Analysis Workbench.
Results analysis
Incoming orders
Settlement
8 Miscellaneous (+)
Exernal service and service activities
Organizational units in SAP ERP
Info systems in project management
Field selection
OpenPS
Amount of questions by topic (as percentage of test):
+ = 1 - 10%
++ = 11 - 20%
+++ = over 20%
No responsibility is taken for the correctness of this information. Copyright © SAP AG 2006.
Very Important:
http://mysapbi.blogspot.com/2007/01/sap-help-in-pdf-files.html
Regards
Rehman
Reward Points if Useful

How to use management chain and escalation hierarchies with LDAP

Hi,
I have experienced now with the management chain pattern and escalation feature. I have used the standard file-based security provider (JAZN and user-properties.xml). You can easily define a user hierarchy using the user-properties.xml file to define the escalation path and the management chain in terms of hierarchy levels.
In a production environment in most cases you will use LDAP as the security provider. I wonder if it is possible to define such an user hierarchy in LDAP. I now you can create a role-based hierarchy, but in cases this will be to much and you need user based hierarchy.
Another issue is that you can also define a highest level op approval. Hower you onlyonly define manager/director/ceo, used in the user-properties.xml file. How can you tell jdeveloper to use other custom roles?
Does anyone has experience of suggentions om this issue?
Kind regards,
-Tom

Tom,
I can address parts of your question, please see below:
How can you tell jdeveloper to use other custom roles?JDeveloper picks up users from the Integration Server connection. So, if the server is configured with the LDAP configured server, you will see users and groups from that registry. JDeveloper (the human task editor dialog) does not go directly against the LDAP.
I wonder if it is possible to define such an user hierarchy in LDAPYes. That is the way it has been designed.
I now you can create a role-based hierarchy, but in cases this will
be to much and you need user based hierarchy.Making a user specific hierarchy has problems - what if a user leaves the company? The role based hierarchies solve this problem very well. May be I misunderstand your question.
I will have a colleague, who works on identity management, look at your question.
Regards,
Sidda.

Dimension with 2 roles and 2 hierarchies used in 2 cubes

Hi,
I have a dimension in which there are two dimension roles (roleA, roleB) defined as well as two hierarchies (hierarchyA, hierarchyB). Currently hierarchyA is set as default. (Not because that is in fact the default one, only because OWB forces one to choose a default)
I need to define two cubes (cubeA, cubeB). CubeA will use the dimension with roleA and cubeB will use the dimension with roleB.
Is it possible to tell cubeA to use/see/make available only hierarchyA and cubeB only hierarchyB? HierarchyA makes no sense in cubeB so I want to "specify" hierarchyB for cubeB.
Thanks,
Juanita

A different issue but possibly related:
I have a ROLAP cube with one of the dimensions containing multiple hierarchies. If I deploy this with deployment option set to "Deploy data only", it works 100%. As soon as I change the deployment option to "Deploy All", I get a VLD-0398 error.
I need to choose "Deploy all" since the cube metadata must be deployed to the OLAP catalog in order for Disco OLAP and BI Spreadsheet Add-In to see the cube.
First question:
Is it possible to deploy to the OLAP catalog if the cube has a dimension with multiple hierarchies?
Second question:
If it is not possible, what is the workaround?
Thanks,
Juanita

CST - escalated support role replacing 1st level only when needed?

Hi,
I'm setting up a CST system with one 1st level CSR and 2 in the escalated role.
Per the CST doc in the KB here: http://kb.worldsecuresystems.com/kb/customer-service-ticketing.html, you can't have the same person in both levels. But I want to set it up so that the person in level two can uncheck herself from that level and check herself as available in level 1 when the designated CSR is away.
Will this cause problems?

I had to laugh when reading your post. I wasn’t laughing at you, and clearly not laughing with you. However, I do empathize and after my first experience of cashing in on my “Pro” Care investment, question whether the move to Mac was a wise one.
I have decided to continue with Apple products in hope that they are simply going through growing pains; and will recognize they are failing in certain customer service areas and will endeavor to improve. However, my patience is growing thin.
Thanks for the post, it was well done.

Role Mining on hierarchical entitlements (OIA 5.0.3)

Hi All,
I am able to do the role mining on single level entitlements.
Does anyone have any kind of experience on how to do the role mining on hierarchical entitlements(parent child relationship)?
Exa:
Entitlement
-------Update
--------Delete
--------Read
Please also let me know how to load the data for same.
Regards,
Amit

If using Oracle 10g as you sql repository then please make sure you are using the correct jdbc driver for the local jdk for the app server which OIA/SRM is running on.
If using jdk 1.5 then use ojdbc5.jar in the WEB-INF/lib directory of OIA/SRM.
Good Luck.

How would you create a read/display only applicaiton montior role for SRM

Hello,
I was hoping to get some insight on how to create a display/read only SRM Application monitor role. This role would be used by our Service Desk to perform basic trouble shooting before escalating. Currently in our system it is tied into a tab named SAP Administration and has the capability of doing more than read. How do you create a read version of this to only display the application monitoring in read mode? We currently have an SRP role that has the followiing auths below. Would a EPP portal role need to be created and if so how> Thank you for any assistance.
   Manually   BBP Component                                                BBP
          Manually   SRM: General Access Authorizations in EBP                    BBP_FUNCT
           Manually   SRM: General Access Authorizations in EBP                    T-SD59003000
             Function in SRM (for Authoriza MON_ALERTS                                                                  BBP_FUNCT
- Todd

Hello,
I was hoping to get some insight on how to create a display/read only SRM Application monitor role. This role would be used by our Service Desk to perform basic trouble shooting before escalating. Currently in our system it is tied into a tab named SAP Administration and has the capability of doing more than read. How do you create a read version of this to only display the application monitoring in read mode? We currently have an SRP role that has the followiing auths below. Would a EPP portal role need to be created and if so how> Thank you for any assistance.
   Manually   BBP Component                                                BBP
          Manually   SRM: General Access Authorizations in EBP                    BBP_FUNCT
           Manually   SRM: General Access Authorizations in EBP                    T-SD59003000
             Function in SRM (for Authoriza MON_ALERTS                                                                  BBP_FUNCT
- Todd

Windows 2012 R2 Active Directory Domain Services and Remote Desktop services Role on the same server.

Findings:
Currently, Windows 2012 R2 AD DS role and RDS With Broker services can only seem to coexist properly in a new domain not an existing domain. Any attempt to add to an existing domain causes internal database user access denied issues and any attempt to
adjust rights and circumvent is dubious at best.
The escalation technician said it best. Out of 50 clients that want to do this, they end up not being able to help 5 right off the bat for whatever reason. As for the other 40 they might be able to help by running reports, adjusting rights and trying to add
the roles until it works. This can end up being a 20 day process. Basically they are playing whack-a-mole with user rights and permissions until something sticks.
We tried creating an OU where any other domain policies would not be inherited to see if that was the issue, a fresh install with different sequence of adding the Roles, no effect.
Given the errors I witnessed when running procmon and then trying to add the roles, the NT System and the Windows Internal database user had access denied issues on 100+ registry keys when trying to add the roles. After that the system is not behaving normally.
The errors displayed almost mirror the errors that would occur on Windows 2012 when those two roles would be added which of course is officially NOT supported on that system.
This blog needs serious revision:
http://blogs.msdn.com/b/rds/archive/2013/07/09/what-s-new-in-remote-desktop-services-for-windows-server-2012-r2.aspx
This is the excerpt from that blog: Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller. In addition, we published
guidelines for how RD Session Host could be used without the RD Connection Broker.
Microsoft Support was curteous and helpful and they were the ones who advised cutting our losses, which mirrored my hunch after seeing what was transpiring in the system. They refunded my money for the support call.
For me, it was an opportunity to find out if there was any way to configure Windows 2012 R2 in the Same manner that it was setup as Windows 2008 R2 and lay that to rest. The coexistence is poorly implemented. It is as if there was a reaction from all the deprecation
of bread and butter features such as shadowing in TS and the coexistence of AD DS and RDS to where those features were re-added haphazardly. (I have no complaints on shadowing on Windows 2012 R2 it works, just do not like having to go to server manager to
use it).
I opted for virtualizing the Domain controller to eliminate the incompatibility issues and that is what I will be doing from now on. I found free solutions for backing up and reporting for virtual machines as well as the suggested procedures for configruing
a Domain controller as a virtual machine on a Hyper-V environment and I will be sticking to those. Thus far the setup has been operational.
I am not allergic to virtualization, but for really small setups it adds additional time and considerations but if that is how it has to be done, so be it. Windows 2008 R2 days are numbered and since we can usually squeeze 5-7 years on quality server equipment,
buying a Windows 2008 R2 setup now is a borderline disservice in my opinion.
Hopefully someone finds this useful and saves some time.

Hi,
Thank you for posting in Windows Server Forum.
Do you need any other assistance?
Based on your description, you are describing your story of successfully implementing RDS server with AD role and more regarding all RDS related scenario. For shadowing feature, you can use with command also. Below is the syntax to shadow a session.
mstsc /v:<ServerName> /shadow:<SessionID>
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support

How to do Enhancements in Reporting & What is Role and How to create Roles

Hi All,
Can any one tell How to do Enhancements in Reporting, and also What is Role and How to create Roles in Reporting?
Plz reply back me on [email protected]
Regards,
Kiran

Reporting Enhancement - RSR00001 - BW: Enhancements for global variables in reporting
And using the SAP Exit - EXIT_SAPLRRS0_001
RSR00001- With this enhancement to global variables in reporting you have the option of determining your default values for variables. You can use this enhancement for variables, for which 'Processing by Customer-Exit' has been selected in the variable maintenance. This is valid for all variable types (characteristic value, node, hierarchy, formula and text variables). You use the Exit EXIT_SAPLRRS0_001 for this.
The Enhancement component (RSR00001) must be assigned to a Project Created using the Transaction CMOD. On activating the Project, the Exit would become active and in turn the logic written inside the Exit.
To ensure that the data warehousing soultion reflects your company's structure and business needs it is critical that you establish who is authorized to access the data.With SAP BW, Authorizations can be defined and maintained by object and can also be applied to hierarchies and these authorizations can be inserted into roles that are used to determine what type of content is available to specific users or user groups.
T-code for Role maintainence -PFCG.
Please assign points if it is useful.
Regards
Pavan Prakhya

BW Authorizations Hierarchies

Greetings All;
This is yet another question regarding BW Authorizations.
I have two fields 0COMPANY and 0PROFIT_CTR, both Authorization Relevant, both containing hierarchies.
I need to allow a user to see all profit centers for a given company <u>and</u> also selected profit centers for another company ...
example - All profit centers for company A and
Profit Center 1 for company B
... this must be an AND condition.
I've been through RSSM and PFCG but can't get it right.
I created an authorization object with ...
1KYFNM, 0COMPANY, 0PROFIT_CTR, 0TCTAUTHH
... and tried specifying a role with ...
Key figure = *
Company = ' '
Profit Center = *
Unique ID for Authorization = Y_COMPANY_A
... and ...
Key figure = *
Company = 'B'
Profit Center = *
Unique ID for Authorization = Y_COMPANY_B
... this shows me everything for both companies. As soon as I add ...
Profit Center = '1'
... to the second grouping I get an authorization failure.
It's possible I haven't specified the Authorization Definitions Y_COMPANY_A and Y_COMPANY_B (in RSSM) correctly, but I've followed all the documents I've found in SAP HELP and SDN.
Is it an issue with both the fields having hierarchies?
Any, and I do mean any, help would be greatly appreciated.
Regards
Jim

Hi Jim,
If you replace '' with '1' in the second authorization, the variable (auth-based) is filled with '' from the first auth and with '1' from the second auth --> result is still no restriction in the ProfitCenter-Variable ('' and '1' = ''). Try to filter the query with company 'B' - do you see know a result? (At the moment your CompCode-Variable is filled with CompCode 'A' and 'B' but you don't have authorisation for all ProfitCenters combined with Company 'B').
I hope, this will help you.
Best regards,
Thorsten

EBS Resposibility mapping to Roles in EM without EBS SSO

Hello All,
I have a hard time on figuring out how to implement data level security in OBIEE 11g.
We are implementing OBIEE 11g with EBS r12 source ( NOT OOTB) . The EBS ICX based integration has NOT been used instead SSO is achieved thru Windows Native Authentication ( user logs in Windows credentials without entering username or password )
Now when it comes to authorization part the Responsibilities from EBS need to be passed to Roles in EM and Web catalog groups in presentation services.
How can we implement data level security per EBS hierarchies .?
Anyone has tried this before .? Pls help.!
Thanks in advance,
-SVS

SSVS wrote:
Thanks for the response.
Custom table with Network login ID an EBS RESP , USER ID could be populated and refreshed nightly to capture the updates. Also I was mainly wondering about data security , for eg. Consider Projects Module , there are certain restriction for certain Projects and Task information are pertinent to Project Managers and not all users with Projects Role could access this information.
Likewise for any financial module. Pls let me know.
Thanks,
-SVSThe way we implemented security in projects module, is by creating an ETL interface that does a full load of the project security table, which holds the project managers to their projects information. So the table would look like below:
User ID Project Number Active_Flag
abc123 301301301 Y
bbc123 103103103 N
There will be another table which stores the user to roles relationship like svee mentioned in his post. Roles session variable would be puling data from the user to role table, where as project_key sesison variable would pull in the data from the project security table, and therefore both data level and object level security is achieved.
Please mark if helps.
Thanks,
-Amith.

Escalation in hierarchical role

Similar Messages

Maybe you are looking for