Find roles by assigned ume actions

Hi
Does anybody know of a way to find out, which roles are assigned a specific UME action?
In the identity management I can find a specific role and see all the assigned ume actions, but I want to find a specific UME action and see all the roles, that has this ume action assigned.
Does anybody know how this is possible? May directly in DB?
Cheers,
Jacob Vennervald

I have now tried to make a small java portal application that handles this but I can't seem to find at method to find which ume actions are assigned to a specific role.
Does anybody have any input?
/Jacob

Similar Messages

  • Java: Find users with specific UME actions

    Hi everybody
    On the Java UME it is easy to find out which roles, groups and actions a specific user has. The same applies for groups or roles - the connected entites can easily be found.
    But how can I found out which users have a certain action? If I browse for the action I have not possibility to find the direct or indirect assignment to the users.
    Could somebody assist? Thanks in advance!
    Beat

    Same problem I faced yesterday for my SSO project on the portal:
    My method to resolve  was :
    1. Take the user/users in scope  Export  them from UME
    2. Export roles into a readable format and check out the actions by comparing the user - role - actions relationship in a TEXT file/readable file
    3. pick the roles you want to edit , edit in notepad  import the roles( here I copied and created a Zrole  before importing )
    for example ( NWDI.ARCHITECT ) to ( ZNWDI.ARCHITECT)
    I could not find easier method than the above

  • Specific UME Actions required for Deployement in CE 7.1

    Hi Experts,
    I need to know how many and which UME action are required for deploying the application in CE 7.11
    For deployement, we usually assign the UME Role called "Administrator" to the ID that we use for deployment.
    If I remove this "Administrator" UME role, an error message is thrown as...
    com.sap.ide.eclipse.deployer.api.APIException: DeployException,cause=ERROR CODE DPL.DCAPI.1023AuthorizationException
    This "Administrator" UME role has some 2978 UME Actions assigned to it.
    For the UME role "Administrator", inside the assigned UME actions, I have tried filtering the UME Actions based on the filter keyword "deploy", which returned some 14 UME actions.
    Now, I have made following Test case and result.
    Test Case:
    1) Remove the Administrator Role from the ID that is used for deployement.
    2) Now Assign all the above 14 UME actions that were found related to "deploy" keyword to a Custom UME role "DeployRole".
    3) Deploy using the same id.
    Result : Deployement fails with the same above mentioned error.
    Conclusion: There can be 2 possible conclusions...
    1) None of the above 14 UME actions provide the authorization for the deployment.
    2) OR There are some other UME actions which might have some dependecies that are required along with the suspected UME actions.
    In short my requirement here is, to find out the specific UME actions that are required for deployment, so that i can remove the "Administrator" UME role and assign the specific UME actions needed for deployment to a my Custom UME role, and assign this Custom UME role to the user ID for deployment.
    Regards,
    Shreyas Pandya

    Hey Nghia Nguyen...!
    Thanks a lot for your reply, i have rewarded you the points.
    I have found out that for deployment following UME actions are required.
    dc_action (Mandatory)
    auth.all.all (Mandatory)
    deploy_action (Not Mandatory)--> if you remove this deploy_action UME action the deployment will still work, but in developer studio, the Deploy result dialog box with OK button, that pops every time after you deploy your project by right clicking your application and choosing "Deploy new Archive and Run" will cease to appear and the application will directly run in the browser.
    Regards,
    Shreyas Pandya

  • Missing property category - UME Action

    Does anyone know why when I edit a role, the option 'UME action' is missing from the drop down list under property category?
    This is happening on EP6 SP2 patch 4 (620 j2ee engine).
    Thanks

    Hi Ram
    Please check assigning these roles instead of super admin role
    "content_admin_role"  or " contentmanager"  . In case if any of these enable open permissions then check out what activity is in the role and include in yours .
    Regards
    Rahul
    Award points if help useful "

  • List all UME actions of all Roles

    HI all,
             I need to list all the UME actions associated to all roles. I couldn't find any API suitable for this requirement. Can some one help me on this. ? 
    Thanks,

    Dear P734305
    Please have a look at [http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=16442|http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=16442] and search in the SDN. you can use the security api to list the UME data.
    Refer to [Security API |http://help.sap.com/javadocs/NW04S/current/se/index.html]
    Best Regards
    Arun Jaiswal

  • Where are all the UME actions and UME roles stored?

    Hi there,
    I had a look at the SAP<SID>DB.UME* tables, it seems to me that they are not stored there.
    What I wanted to achieve is to build a list of all user, user to role assignment, all UME actions, and role to action assignment so that we can do some analysis of the data.
    Another related question is about the SPML based java API for user management in UME. It only allows you to list all the UME roles. What about the J2EE security roles? It seems to me that by using this API, you can not get a complete picture of user authorization, which includes both UME role and J2EE security role. Any comments?
    Thanks in advance
    GG

    Hi,
    I would suggest to use [UME Java API|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/package-summary.html] instead of reading from the DB tables. You can get all users using methods of the class IUserFactory. The class IRoleFactory has method getRolesOfUser which gives you all roles for each user. Don't forget about roles assigned to user groups. Have a look also at package com.sap.security.api.acl. You should be able to get all ACL entries using [IAclManager|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/acl/IAclManager.html]. Especially, check the code example. I've never done this but from reading javadocs it looks like it should be possible.
    Have a look also at this [document|http://help.sap.com/saphelp_nwce711core/helpdata/en/a4/d39b3e09cdf313e10000000a114084/frameset.htm]. It describes the authorization concept of the AS Java.
    Cheers

  • Dignostic Error-Failed to assign UME support Roles : Server returned: 503

    Hi All,
    We are trying to implement diagnostics on one of our EPortal Server. We have already completed all the pre-requisites of diagnostics on EP .
    When we try for diagnostics System >Managed System> it gives us following error
    User existence check failed : Server returned: 503  Service Unavailable
    The following J2EE roles were granted to user SAPSUPPORT : SAP-J2EE-Engine/SAP_JAVA_SUPPORT
    Failed to get User ID for user with logonname SAPSUPPORT
    !! Exception : Server returned: 503  Service Unavailable
    Failed to assign UME support Roles : Server returned: 503  Service Unavailable
    Failed to assign UME support Roles for XI : Server returned: 503  Service Unavailable
    We have checked UME Page on Eportal , where the error is
    Application cannot be started.
      Details:   com.sap.engine.services.deploy.container.ExceptionInfo: JMS error.
    Please suggest.
    Regards,
    Swati

    Hi,
    Please try to re-start the JAVA instance and then try again.
    Regards,
    Thulasi

  • Finding roles assigned to a user ?

    Hi Folks,
    Is there a view that will list all role(s) assigned to a user in Oracle 11g?
    Thanks in advance
    rogers42

    DBA_ROLE_PRIVS will do it:
    SQL> desc dba_role_privs
    Name                                      Null?    Type
    GRANTEE                                            VARCHAR2(30)
    GRANTED_ROLE                              NOT NULL VARCHAR2(30)
    ADMIN_OPTION                                       VARCHAR2(3)
    DEFAULT_ROLE                                       VARCHAR2(3)
    SQL> select granted_role,admin_option,default_role from dba_role_privs where grantee='&user';
    Enter value for user: MBOBAK
    old   1: select granted_role,admin_option,default_role from dba_role_privs where grantee='&user'
    new   1: select granted_role,admin_option,default_role from dba_role_privs where grantee='MBOBAK'
    GRANTED_ROLE                   ADM DEF
    DBA                            NO  YESAlso, you can use the same query and give the ROLE as input to the GRANTEE predicate to see what roles that role confers:
    SQL> select granted_role,admin_option,default_role from dba_role_privs where grantee='&user';
    Enter value for user: DBA
    old   1: select granted_role,admin_option,default_role from dba_role_privs where grantee='&user'
    new   1: select granted_role,admin_option,default_role from dba_role_privs where grantee='DBA'
    GRANTED_ROLE                   ADM DEF
    DATAPUMP_IMP_FULL_DATABASE     NO  YES
    SCHEDULER_ADMIN                YES YES
    OLAP_DBA                       NO  YES
    EXECUTE_CATALOG_ROLE           YES YES
    DELETE_CATALOG_ROLE            YES YES
    OLAP_XS_ADMIN                  NO  YES
    SELECT_CATALOG_ROLE            YES YES
    EXP_FULL_DATABASE              NO  YES
    WM_ADMIN_ROLE                  NO  YES
    GATHER_SYSTEM_STATISTICS       NO  YES
    JAVA_DEPLOY                    NO  YES
    GRANTED_ROLE                   ADM DEF
    DATAPUMP_EXP_FULL_DATABASE     NO  YES
    JAVA_ADMIN                     NO  YES
    XDB_SET_INVOKER                NO  YES
    IMP_FULL_DATABASE              NO  YES
    XDBADMIN                       NO  YES
    16 rows selected.Hope that helps,
    -Mark

  • UME Actions in 12.1

    Hello ,
    I have a transaction where I am  writing an XML file locally within the project using web://u2026. Then using FTP to put that file on a remote folder and after a success of the FTP action I delete the local file on web://u2026
    This works well if I test it as an Admin or a Super Admin.
    I have a custom role that needs to execute this  and that is where it is failing.
    Do you know if there is any particular action I can use in the UME that will solve this issue u2013 I tried FileSystem_RW but that did not work, and finally I tried Workbench_all and that worked , but obviously it is not right to assign this action to a Custom Role.
    I am on 12.1.8.
    Any thoughts are appreciated.
    Thanks
    Udayan

    Hi,
    Instead of XMII_Workbench_all, if XMII_Workbench_content action is assigned to custom role, one can create and delete local file on web://... without exposing workbench link on custom role users' home.
    Thanks,
    Sumit

  • UME actions and Group permissions

    Hi there ,
    New to portal and NWDI . How do you see what a UME action contains.
    i.e.  MANAGE_ALL . Do you need java skills or visual administrator to view.
    Also, using NWDI.Administrators group  , the group itself gives permissions
    outsided of just having the NWDI.Administrator role. Where/How are the group
    permissions defined ?   Thank You
    Dan.

    Dan,
    This is a good place to start: [Authorization Concept of the AS Java|http://help.sap.com/saphelp_nw04s/helpdata/en/44/7fdf2470a412d2e10000000a422035/frameset.htm]. The two roles are different. Security roles are part of the J2EE Standard. UME roles are collections of UME actions. The UME interface cannot show the J2EE roles.
    Now as to the role that lets you look at system info, you are correct. As your test showed, this is not included in Manage.All. I just tried that myself. If you look in the visual admin, you see there is a security role called administrators assigned to the group Administrators. Now when the developers create a J2EE application they specify the name of the role that the user must have in order to access it. Often they use the name administrators. When the applications are deployed to the server, the AS Java consolidates all these roles into a single role with the same name, administrators, by role references. This is assigned to the Administrators group by default. This is done to make the life of the developer and the deployer easier. So System Info needs this role. Well, there are two keystore roles assigned by default as well, but I doubt these are the roles System Info is looking for. In SAP NetWeaver 7.1 you have more granular control. But that is another question.
    I hope that helps.
    -Michael

  • No portal roles are assigned for this user.If this problem persists, contac

    I am trying to access portal first time using j2ee_admin user. It is saying "No portal roles are assigned for this user.If this problem persists, contact your system administrator."
    iam using abap+java enginee how config in abap enginne ,iwant which role to assign  j2ee_admin  user
    i already asiigned sap_j2ee_admin,SAP_BC_JSF_COMMUNICATION,SAP_BC_JSF_COMMUNICATION_RO   but it show same problem
    please help me..
    Edited by: Mugala Balu on Aug 7, 2010 5:53 PM
    Edited by: Mugala Balu on Aug 8, 2010 7:48 AM

    Balu,
    Well this issue has been discussed many a times in forums. You would have to point your data source to ABAP system.
    Check this thread in [here|J2EE Failed to start  , after changing UME datasource;.
    Good Luck!
    Sandeep Tudumu

  • How do I assign an action to a user at runtime in GP?

    Hi All,
    Can anyone give me an insight to how I can assign an action role to a user at runtime? My GP has around 7 actions. One of the actions determines a portal user via a RFC. The user id (portal id) returned by this RFC is whom I want to assign to the following action in the block. How can I achieve this?
    Thanks in advance,
    TM.

    Interesting disucssion..:) yeah You are correct you assign user to Role. But you also assign role to action by consolidating the action in one role in role consolidation of process.
    You can not assign the processor of action to action. Lets make it simple, I will try to explain the trick in simple terms.
                      Action    Input           output                                       Role              
    [                        A       -                 UserId ( UniqueID )                   Inititator ][UserRoleAssignment) B      UserList-UserIdentifier                        ProcessorB   ]
                        [      C       X                   X                             ProcessorB   ]        
    Now what happens in Action B is user which is input get assgined to Role ProcessorB ( becuase it is of that kind of callable object). Since once the user is (user-U) assigned to ProcessorB any of the subsequent step which needs to be performed by ProcessorB can be performed by  the same user user-U.
    Now I have explicity assigned the Action C to be in the same Role ProcessorB so it will be performed by user-X
    One more thing the userID which you have output is uniqueID not the logonID it has to be like USER.PRIVATE_DATASOURCE.un:00000006.
    And the ProcessorB needs to be defined as RuntimeDefined.
    Hope it make sense.

  • Error when assigning SID: Action VAL_SID_CONVERT InfoObject 0FISCPER

    Dear experts,
    I'm getting this error when activating an DSO.
    I'll try to explain when this error happens.
    I have a DTP in Delta Mode between 2 DSO's.
    The first time I run the DTP the DSO activates with no problems.
    The next time I run the DTP and it gets data the activation of the DSO has the error: Error when assigning SID: Action VAL_SID_CONVERT InfoObject 0FISCPER
    I've googled it but I can't find a solution for this.
    The first time I got this error I've deleted the DSO anda loaded the Data again and got no errors.
    The next Delta that has Data gave error when activating the DSO.
    Whan can be happening here?
    Best Regards,
    Rui Romba

    So you want to say that data loaded successfully in DSO 1 and while activating data in DSO2 you are getting this error.
    DSO1 feed data to DSO2 correct.
    Please check if generate SID upon activation setting is checked in DSO1 or not.Because if its the issue with fiscal year period then it should have given the error at DSO1 itself provided that setting is maintained.
    I just stumbled upon a document which addresses this issue and it seems the problem is with fiscal year variant.
    Check out the document:
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0a5a670-13f6-2c10-179d-a35e50a208bf?quicklink=index&…
    Regards,
    AL
    Message was edited by: Anshu Lilhori

  • E-Commerce for ERP role mapping to UME

    Experts,
    We have successfully configured the ECO module to use the UME in addition to SU01.  We are able to create users in both systems in ISAUSERADMIN.  However, the newly created users in UME have no roles assigned to them.  We found one SAP Note that seems to be relevant ([891151|https://service.sap.com/sap/support/notes/891151]).  Unfortunately, it is very vague on how to setup the user mapping.  We have tried several permutations of the role assignments to no avail.
    Has anyone done this before, and if so could you provide some examples?

    We discovered the problem.  We were updated the right file for the wrong application.  The file ume-config.xml needs to updated from the application crm~isauseradm.  Once we discovered this, the UME role mapping worked.  We are now able to assign UME roles to a new user when they are created or updated in ISAUSERADMIN.
    - Andrew

  • Modify the default "No portal roles are assigned..." message iView

    Hi,
    When a user with no roles assigned is trying to access the EP6 SP9 portal, he/she is facing a warning message:
    "No portal roles are assigned for this user.If this problem persists, contact your system administrator."
    accompanied by a 'log off' link.
    Is it somehow possible to change the look and feel and/or behaviour of this message?
    For instance, we would like the message appearance to be more 'friendly' and with a link where they can find further assistance, etc.
    With best regards,
    Robin

    The window for logoff is part of the masterhead. So i think you can modify the masterhead pasr file for that.
    Its location is at...
    usr/sap/<instance>/JC00/J2EE/cluster/server0/apps/sap.com/irj/servlet_jsp/root/web-inf/deployment/pcd.
    In this folder you can find the com.sap.portal.masterhead.par.bak
    this file can be imported to your developer studio and can be editted and uploaded.
    hope this helps
    Cheers
    gEorgE

Maybe you are looking for