Find roles by assigned ume actions
Hi
Does anybody know of a way to find out, which roles are assigned a specific UME action?
In the identity management I can find a specific role and see all the assigned ume actions, but I want to find a specific UME action and see all the roles, that has this ume action assigned.
Does anybody know how this is possible? May directly in DB?
Cheers,
Jacob Vennervald
I have now tried to make a small java portal application that handles this but I can't seem to find at method to find which ume actions are assigned to a specific role.
Does anybody have any input?
/Jacob
Similar Messages
-
Java: Find users with specific UME actions
Hi everybody
On the Java UME it is easy to find out which roles, groups and actions a specific user has. The same applies for groups or roles - the connected entites can easily be found.
But how can I found out which users have a certain action? If I browse for the action I have not possibility to find the direct or indirect assignment to the users.
Could somebody assist? Thanks in advance!
BeatSame problem I faced yesterday for my SSO project on the portal:
My method to resolve was :
1. Take the user/users in scope Export them from UME
2. Export roles into a readable format and check out the actions by comparing the user - role - actions relationship in a TEXT file/readable file
3. pick the roles you want to edit , edit in notepad import the roles( here I copied and created a Zrole before importing )
for example ( NWDI.ARCHITECT ) to ( ZNWDI.ARCHITECT)
I could not find easier method than the above -
Specific UME Actions required for Deployement in CE 7.1
Hi Experts,
I need to know how many and which UME action are required for deploying the application in CE 7.11
For deployement, we usually assign the UME Role called "Administrator" to the ID that we use for deployment.
If I remove this "Administrator" UME role, an error message is thrown as...
com.sap.ide.eclipse.deployer.api.APIException: DeployException,cause=ERROR CODE DPL.DCAPI.1023AuthorizationException
This "Administrator" UME role has some 2978 UME Actions assigned to it.
For the UME role "Administrator", inside the assigned UME actions, I have tried filtering the UME Actions based on the filter keyword "deploy", which returned some 14 UME actions.
Now, I have made following Test case and result.
Test Case:
1) Remove the Administrator Role from the ID that is used for deployement.
2) Now Assign all the above 14 UME actions that were found related to "deploy" keyword to a Custom UME role "DeployRole".
3) Deploy using the same id.
Result : Deployement fails with the same above mentioned error.
Conclusion: There can be 2 possible conclusions...
1) None of the above 14 UME actions provide the authorization for the deployment.
2) OR There are some other UME actions which might have some dependecies that are required along with the suspected UME actions.
In short my requirement here is, to find out the specific UME actions that are required for deployment, so that i can remove the "Administrator" UME role and assign the specific UME actions needed for deployment to a my Custom UME role, and assign this Custom UME role to the user ID for deployment.
Regards,
Shreyas PandyaHey Nghia Nguyen...!
Thanks a lot for your reply, i have rewarded you the points.
I have found out that for deployment following UME actions are required.
dc_action (Mandatory)
auth.all.all (Mandatory)
deploy_action (Not Mandatory)--> if you remove this deploy_action UME action the deployment will still work, but in developer studio, the Deploy result dialog box with OK button, that pops every time after you deploy your project by right clicking your application and choosing "Deploy new Archive and Run" will cease to appear and the application will directly run in the browser.
Regards,
Shreyas Pandya -
Missing property category - UME Action
Does anyone know why when I edit a role, the option 'UME action' is missing from the drop down list under property category?
This is happening on EP6 SP2 patch 4 (620 j2ee engine).
ThanksHi Ram
Please check assigning these roles instead of super admin role
"content_admin_role" or " contentmanager" . In case if any of these enable open permissions then check out what activity is in the role and include in yours .
Regards
Rahul
Award points if help useful " -
List all UME actions of all Roles
HI all,
I need to list all the UME actions associated to all roles. I couldn't find any API suitable for this requirement. Can some one help me on this. ?
Thanks,Dear P734305
Please have a look at [http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=16442|http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=16442] and search in the SDN. you can use the security api to list the UME data.
Refer to [Security API |http://help.sap.com/javadocs/NW04S/current/se/index.html]
Best Regards
Arun Jaiswal -
Where are all the UME actions and UME roles stored?
Hi there,
I had a look at the SAP<SID>DB.UME* tables, it seems to me that they are not stored there.
What I wanted to achieve is to build a list of all user, user to role assignment, all UME actions, and role to action assignment so that we can do some analysis of the data.
Another related question is about the SPML based java API for user management in UME. It only allows you to list all the UME roles. What about the J2EE security roles? It seems to me that by using this API, you can not get a complete picture of user authorization, which includes both UME role and J2EE security role. Any comments?
Thanks in advance
GGHi,
I would suggest to use [UME Java API|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/package-summary.html] instead of reading from the DB tables. You can get all users using methods of the class IUserFactory. The class IRoleFactory has method getRolesOfUser which gives you all roles for each user. Don't forget about roles assigned to user groups. Have a look also at package com.sap.security.api.acl. You should be able to get all ACL entries using [IAclManager|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/acl/IAclManager.html]. Especially, check the code example. I've never done this but from reading javadocs it looks like it should be possible.
Have a look also at this [document|http://help.sap.com/saphelp_nwce711core/helpdata/en/a4/d39b3e09cdf313e10000000a114084/frameset.htm]. It describes the authorization concept of the AS Java.
Cheers -
Dignostic Error-Failed to assign UME support Roles : Server returned: 503
Hi All,
We are trying to implement diagnostics on one of our EPortal Server. We have already completed all the pre-requisites of diagnostics on EP .
When we try for diagnostics System >Managed System> it gives us following error
User existence check failed : Server returned: 503 Service Unavailable
The following J2EE roles were granted to user SAPSUPPORT : SAP-J2EE-Engine/SAP_JAVA_SUPPORT
Failed to get User ID for user with logonname SAPSUPPORT
!! Exception : Server returned: 503 Service Unavailable
Failed to assign UME support Roles : Server returned: 503 Service Unavailable
Failed to assign UME support Roles for XI : Server returned: 503 Service Unavailable
We have checked UME Page on Eportal , where the error is
Application cannot be started.
Details: com.sap.engine.services.deploy.container.ExceptionInfo: JMS error.
Please suggest.
Regards,
SwatiHi,
Please try to re-start the JAVA instance and then try again.
Regards,
Thulasi -
Finding roles assigned to a user ?
Hi Folks,
Is there a view that will list all role(s) assigned to a user in Oracle 11g?
Thanks in advance
rogers42DBA_ROLE_PRIVS will do it:
SQL> desc dba_role_privs
Name Null? Type
GRANTEE VARCHAR2(30)
GRANTED_ROLE NOT NULL VARCHAR2(30)
ADMIN_OPTION VARCHAR2(3)
DEFAULT_ROLE VARCHAR2(3)
SQL> select granted_role,admin_option,default_role from dba_role_privs where grantee='&user';
Enter value for user: MBOBAK
old 1: select granted_role,admin_option,default_role from dba_role_privs where grantee='&user'
new 1: select granted_role,admin_option,default_role from dba_role_privs where grantee='MBOBAK'
GRANTED_ROLE ADM DEF
DBA NO YESAlso, you can use the same query and give the ROLE as input to the GRANTEE predicate to see what roles that role confers:
SQL> select granted_role,admin_option,default_role from dba_role_privs where grantee='&user';
Enter value for user: DBA
old 1: select granted_role,admin_option,default_role from dba_role_privs where grantee='&user'
new 1: select granted_role,admin_option,default_role from dba_role_privs where grantee='DBA'
GRANTED_ROLE ADM DEF
DATAPUMP_IMP_FULL_DATABASE NO YES
SCHEDULER_ADMIN YES YES
OLAP_DBA NO YES
EXECUTE_CATALOG_ROLE YES YES
DELETE_CATALOG_ROLE YES YES
OLAP_XS_ADMIN NO YES
SELECT_CATALOG_ROLE YES YES
EXP_FULL_DATABASE NO YES
WM_ADMIN_ROLE NO YES
GATHER_SYSTEM_STATISTICS NO YES
JAVA_DEPLOY NO YES
GRANTED_ROLE ADM DEF
DATAPUMP_EXP_FULL_DATABASE NO YES
JAVA_ADMIN NO YES
XDB_SET_INVOKER NO YES
IMP_FULL_DATABASE NO YES
XDBADMIN NO YES
16 rows selected.Hope that helps,
-Mark -
Hello ,
I have a transaction where I am writing an XML file locally within the project using web://u2026. Then using FTP to put that file on a remote folder and after a success of the FTP action I delete the local file on web://u2026
This works well if I test it as an Admin or a Super Admin.
I have a custom role that needs to execute this and that is where it is failing.
Do you know if there is any particular action I can use in the UME that will solve this issue u2013 I tried FileSystem_RW but that did not work, and finally I tried Workbench_all and that worked , but obviously it is not right to assign this action to a Custom Role.
I am on 12.1.8.
Any thoughts are appreciated.
Thanks
UdayanHi,
Instead of XMII_Workbench_all, if XMII_Workbench_content action is assigned to custom role, one can create and delete local file on web://... without exposing workbench link on custom role users' home.
Thanks,
Sumit -
UME actions and Group permissions
Hi there ,
New to portal and NWDI . How do you see what a UME action contains.
i.e. MANAGE_ALL . Do you need java skills or visual administrator to view.
Also, using NWDI.Administrators group , the group itself gives permissions
outsided of just having the NWDI.Administrator role. Where/How are the group
permissions defined ? Thank You
Dan.Dan,
This is a good place to start: [Authorization Concept of the AS Java|http://help.sap.com/saphelp_nw04s/helpdata/en/44/7fdf2470a412d2e10000000a422035/frameset.htm]. The two roles are different. Security roles are part of the J2EE Standard. UME roles are collections of UME actions. The UME interface cannot show the J2EE roles.
Now as to the role that lets you look at system info, you are correct. As your test showed, this is not included in Manage.All. I just tried that myself. If you look in the visual admin, you see there is a security role called administrators assigned to the group Administrators. Now when the developers create a J2EE application they specify the name of the role that the user must have in order to access it. Often they use the name administrators. When the applications are deployed to the server, the AS Java consolidates all these roles into a single role with the same name, administrators, by role references. This is assigned to the Administrators group by default. This is done to make the life of the developer and the deployer easier. So System Info needs this role. Well, there are two keystore roles assigned by default as well, but I doubt these are the roles System Info is looking for. In SAP NetWeaver 7.1 you have more granular control. But that is another question.
I hope that helps.
-Michael -
No portal roles are assigned for this user.If this problem persists, contac
I am trying to access portal first time using j2ee_admin user. It is saying "No portal roles are assigned for this user.If this problem persists, contact your system administrator."
iam using abap+java enginee how config in abap enginne ,iwant which role to assign j2ee_admin user
i already asiigned sap_j2ee_admin,SAP_BC_JSF_COMMUNICATION,SAP_BC_JSF_COMMUNICATION_RO but it show same problem
please help me..
Edited by: Mugala Balu on Aug 7, 2010 5:53 PM
Edited by: Mugala Balu on Aug 8, 2010 7:48 AMBalu,
Well this issue has been discussed many a times in forums. You would have to point your data source to ABAP system.
Check this thread in [here|J2EE Failed to start , after changing UME datasource;.
Good Luck!
Sandeep Tudumu -
How do I assign an action to a user at runtime in GP?
Hi All,
Can anyone give me an insight to how I can assign an action role to a user at runtime? My GP has around 7 actions. One of the actions determines a portal user via a RFC. The user id (portal id) returned by this RFC is whom I want to assign to the following action in the block. How can I achieve this?
Thanks in advance,
TM.Interesting disucssion..:) yeah You are correct you assign user to Role. But you also assign role to action by consolidating the action in one role in role consolidation of process.
You can not assign the processor of action to action. Lets make it simple, I will try to explain the trick in simple terms.
Action Input output Role
[ A - UserId ( UniqueID ) Inititator ][UserRoleAssignment) B UserList-UserIdentifier ProcessorB ]
[ C X X ProcessorB ]
Now what happens in Action B is user which is input get assgined to Role ProcessorB ( becuase it is of that kind of callable object). Since once the user is (user-U) assigned to ProcessorB any of the subsequent step which needs to be performed by ProcessorB can be performed by the same user user-U.
Now I have explicity assigned the Action C to be in the same Role ProcessorB so it will be performed by user-X
One more thing the userID which you have output is uniqueID not the logonID it has to be like USER.PRIVATE_DATASOURCE.un:00000006.
And the ProcessorB needs to be defined as RuntimeDefined.
Hope it make sense. -
Error when assigning SID: Action VAL_SID_CONVERT InfoObject 0FISCPER
Dear experts,
I'm getting this error when activating an DSO.
I'll try to explain when this error happens.
I have a DTP in Delta Mode between 2 DSO's.
The first time I run the DTP the DSO activates with no problems.
The next time I run the DTP and it gets data the activation of the DSO has the error: Error when assigning SID: Action VAL_SID_CONVERT InfoObject 0FISCPER
I've googled it but I can't find a solution for this.
The first time I got this error I've deleted the DSO anda loaded the Data again and got no errors.
The next Delta that has Data gave error when activating the DSO.
Whan can be happening here?
Best Regards,
Rui RombaSo you want to say that data loaded successfully in DSO 1 and while activating data in DSO2 you are getting this error.
DSO1 feed data to DSO2 correct.
Please check if generate SID upon activation setting is checked in DSO1 or not.Because if its the issue with fiscal year period then it should have given the error at DSO1 itself provided that setting is maintained.
I just stumbled upon a document which addresses this issue and it seems the problem is with fiscal year variant.
Check out the document:
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0a5a670-13f6-2c10-179d-a35e50a208bf?quicklink=index&…
Regards,
AL
Message was edited by: Anshu Lilhori -
E-Commerce for ERP role mapping to UME
Experts,
We have successfully configured the ECO module to use the UME in addition to SU01. We are able to create users in both systems in ISAUSERADMIN. However, the newly created users in UME have no roles assigned to them. We found one SAP Note that seems to be relevant ([891151|https://service.sap.com/sap/support/notes/891151]). Unfortunately, it is very vague on how to setup the user mapping. We have tried several permutations of the role assignments to no avail.
Has anyone done this before, and if so could you provide some examples?We discovered the problem. We were updated the right file for the wrong application. The file ume-config.xml needs to updated from the application crm~isauseradm. Once we discovered this, the UME role mapping worked. We are now able to assign UME roles to a new user when they are created or updated in ISAUSERADMIN.
- Andrew -
Modify the default "No portal roles are assigned..." message iView
Hi,
When a user with no roles assigned is trying to access the EP6 SP9 portal, he/she is facing a warning message:
"No portal roles are assigned for this user.If this problem persists, contact your system administrator."
accompanied by a 'log off' link.
Is it somehow possible to change the look and feel and/or behaviour of this message?
For instance, we would like the message appearance to be more 'friendly' and with a link where they can find further assistance, etc.
With best regards,
RobinThe window for logoff is part of the masterhead. So i think you can modify the masterhead pasr file for that.
Its location is at...
usr/sap/<instance>/JC00/J2EE/cluster/server0/apps/sap.com/irj/servlet_jsp/root/web-inf/deployment/pcd.
In this folder you can find the com.sap.portal.masterhead.par.bak
this file can be imported to your developer studio and can be editted and uploaded.
hope this helps
Cheers
gEorgE
Maybe you are looking for
-
When i type in my log in and password and enter, the site either returns to the blank screens or does nothing. This is not limited to one or two sites. all of my financial institutions, electric company, insurance companies, even trying to register h
-
Finished FCP file too big to burn and quality is needed.. Please helpp me
I've just completed a 40 minute project that i've been working on for months on Final Cut Pro 5.1.4. I exported it as a Quicktime movie and the finished product is 8.8 GIGS. I have both iDVD and Toast, and have tried for the last two days straight to
-
Some Field Descriptions are missing on the ALV
Hi Experts, In my ALV list output some fields are missing. Details of My Requirements...... I ve one final internal table i.e. T_OUTPUT_DATA where all the output data were stored and in this internal table one column i.e. NOC where the total number o
-
How do I get and use ICloud, will my current mobile me email automatically convert to iCloud?
-
PCUI - Pop-up "save changes" appears every time we switch between the list
Hi Experts, maybe you can help me with the following issue: We work with PCUI EP 7.0 and CRM 5.0 and if we start a pcui application (Salesorder for example) and open the enhanced search, put some data in the search criterias and then press search - t