Finding participants of an existing role

Hi,
I've got an attribute of a BPM Object, its valid values are generated by a dynamic method
in this method, I've typed:
supList as String[]
supRole as Role
supRole = Role("Supervisor")
partList as Participant[]
partList = supRole.participants
for each p in partList
do
     supList[] = p.id
end
return supList
I've got a role named "Supervisor" and I want this attribute to list all of its participants
when I run it, I've got errors like this:
The task could not be successfully executed. Reason: 'java.lang.IllegalStateException: The component must be invoked on a server-side method.'.
[Error code: workspace-1263359260131
When I debug the method, I found that after code
“    supRole = Role("Supervisor")    ”
was executed, several attributes of "supRole" are null, like roleinterface, paticipants_d...
Is there any error in my code

Hi,
Apart from the error you a getting (Ruben has already posted how to solve it) I want to add an additional comment.
The method getParticipants of the Role object (partList = supRole.participants) is deprecated since it doesn't return all the participants that has that role, it returns all the participants that were loaded into memory that have that role.
In other words, in studio or in small organizations (a very common scenario in development environments) there isn't any issue, but if then you try to deploy your process in a big organization (the typical case is when the engine uses the organization LDAP) you will probably get an incomplete result.
If you asked me if there is another way to get that information, I would say "yes, but it is a very very expensive operation that you have to implement yourself".
I know some customer cases that tried to implement that function (just to display a combo box to user) and they finally had very serious performance issues.
So, my suggestion is try to think in the use case to see if you can implement it without that information.
Hope this helps,
Ariel

Similar Messages

Assigning and un-assigning the existing role to the existing participant

Hi,
My requirement is to assign the existing role to a participant and after doing some particular things un-assign that role from that participant
I am using oracle bpm 10g .
Any idea ?
Thanks

session as DirectorySession = DirectorySession.currentEngineSession
theRole as RoleAssignment = RoleAssignment.create(role : DirOrganizationalRole.fetch(session : session, id : "MyRoleName"), permissions : 95)
     dirHum as Fuego.Fdi.DirHumanParticipant = DirHumanParticipant.fetch(session : session, id : "MyUserId")
     curRoles as RoleAssignment[]
     curRoles = dirHum.rolesAssignment
          curRoles[] = theRole
          dirHum.rolesAssignment = curRoles
          update dirHumTo unassign the role, just remove the role from the 'curRoles' array.
HTH,
-Kevin

Track new roles / change in existing roles

Hi,
I have a requirement to track the creation of new role OR changes to existing role in the system. In either case I have to send an email to the group of people.
I tried to find the enhancements but found nothing useful.
Basically, I need to find how can I track the even for creation / change of a role...
Please help me out to find the solution for this...
Thanks,
Gagan Chodhry

Hi Atish,
Thanks for the reply...
No, I tried to find the enhancements, but could not get the one I need...
I found couple of things more like transaction PFAC_CHG / PFAC_INS for change or create role, but not sure how exactly to use these... if these are the correct one to be used....
Thanks,
Gagan Chodhry

List of all participants to a specific role using PAPI

Hi,
Is there a way, we can get the list of all participants with a specific role using PAPI.

Satarama,
Yes, it's possible to get a list of participants in a Role using PAPI. If you're doing this within a project (i.e. not from an external PAPI client), you can use the out-of-box catalog component Fuego.Lib.Role. Using Java syntax, it will look something like this:
Role theRole = Role.find(name: roleName);
Participant[] participantList = theRole.participants;If you're doing this from an external client, you'll find similar functionality in the class DirOrganizationalRole. In Studio, you can find this and related classes in the package Fuego.Fdi.*.
Greg

How do I find and include pre-existing music files on my PC?

I'm new to iTunes and believe that I should be able to find and include pre-existing music files on my PC?
I've found out how to show the menu bar but I can't see how to do the above except file/folder by file/folder.

Hello there, LeighCenturion.
The following Knowledge Base article provides instruction on how to add content from your computer to iTunes:
Adding music and other content to iTunes
http://support.apple.com/kb/HT1473#2
Specifically:
Adding content on your computer to iTunes
iTunes helps you add digital audio and video files on your computer directly to your iTunes library. You can add audio files that are in AAC, MP3, WAV, AIFF, Apple Lossless, or Audible.com (.aa) format. If you have unprotected WMA content, iTunes for Windows can convert these files to one of these formats. You can also add video content in QuickTime or MPEG-4 format to iTunes. To learn how to add these files to iTunes follow the steps below.
Open iTunes
From the File menu, choose one of the following choices:
MacAdd to Library
Windows
Add File to Library
Add Folder to Library
Navigate to and select the file or folder that you want to add
If iTunes is set to "Copy files to the iTunes Music folder when adding to library," iTunes will copy all content that is added to the iTunes library to the iTunes Music folder. To adjust this setting or change the location of this folder, go to the Advanced tab in iTunes Preferences.
Thanks for reaching out to Apple Support Communities.
Cheers,
Pedro.

How to find the list of existing tables in a schema using DB link?

Hi
I know how to find the list of existing tables in a schema using the following query
SQL> select * from tab;
but, how to list the tables using a DB link?
For Example
SQL> select * from tab@dblink_name;
why this doesn't work?
Pl advice me
Thanks
Reddy.

ORA-02019: connection description for remote database not foundHave you used this database link successfully for some other queries?
The error posted seems to indicate that the DB Link is not functional at all. Has it worked for any other type of DML operation or is this the first time you ever tried to use the link?

New Org Level impact in existing roles

Hi,
I would like to set/create 2 fields as organizational levels. For example KLART and DOKAR. Checking these I realized there is a big amount of roles "affected" by this change.
Because I plan to use the organizational level only for new roles , I would like to know which impact could have this change for existing roles, should one modify the existing roles after creating the Org Levels ? or in contrast they still work as always an no changes / adjustments is needed?
Thanks and regards
FedeX

Thanks Bernhard,
I have a question
As I mentioned before my goal is that the existing roles keep working after running that program... and do not want to perform any adaptation....only if there is a real error that avoid work correctly.
In these 2 cases the role will keep working properly ( I mean restricting in the way that it uses to do).
1) In case field is copied to the Orglevel area after running the program and the value(s) will stay in both places (OrgLevel and Original place)
2) In case field is NOT copied to the Orglevel area after running the program but the value still in the original place .
right?
Thanks
FedeX

Making existing roles watertight for HR data

Hello,
I hope to get nudged in the right direction in here. I already descended pretty much to the end of my rope and ... well ... I need some more rope
The situation is like this - I inherited everything that has to do with maintenance of authorizations on our system half a year ago, the guy that did that before me is no longer in the company (so there's no use in asking what he was thinking (if anything) when he was putting the roles together). Documentation is scarce/non-existing. When it exists it's usually not up to date. I'm not exactly a newbie in authorizations field, but at the same time I'm not really that far away from being a newbie yet, so I'm not beyond listening to basics being pointed out to me.
The Utopia:
There are five single roles built for all users of our system (say R1, R2, ... , R5). They're supposed to build on one another, R1 being the basic role, R2 having a couple more authorizations than R1, and so on until R5 which is the role that also has all HR authorizations.
The Reality:
The roles have been designed in a hurry and from the top down starting with the sap_all profile and removing some (or most of the) CA, BC and HR authorizations. They were not properly tested. They do not derive from one another in any way ... R2 for example is a complete copy of R1 with some additional objects and values, same for all the others. Every problem needed to be fixed five times, once for every role. That of course resulted in chaos, things got changed just in one place and the basic role suddenly got more powerful than all the rest. These roles are in use in the production system and there are no plans to substitute them with something better in the very near future.
The Problem:
Suddenly (yeah, right ) the need arose to have these roles watertight with regard to HR data. I did some rudimentary testing and sure enough they're nowhere near watertight even for the most common HR transactions. There are ranges defined in S_TCODE for which I have no idea why they are as they are, there was access to SA38 given where SAP HR programs with no authorization group (and no transaction code) assigned could be run by everyone ... there's god knows how many other security holes. The only help I got from the HR consultants was the list of all 2000 or so HR transactions (taken from the SAP menu tree) which shouldn't be accessible to a normal user. I suspect I might be in need of a typing monkey to check them all five times
Question:
How do I close as many security holes in these roles as possible? What's the strategy when dealing with such tasks? I've made it clear to the management that we probably won't have watertight roles if we don't create new ones, but making a set of new roles created properly from the bottom up is out of the question at this moment.
I'd be extremely grateful for any advice or if anyone could point me to any kind of documentation about making roles like ours more secure for protecting HR data (and also keeping the users away from any BC stuff).
In the meantime, I'm off to searching through the archives of the forum.
ursa

Mopping the floor with the water running is a spot on description
Actually we're in the process of setting up new and improved authorizations but (of course!) the testing phase turned out to be much more time consuming than anticipated. No surprise to me, however someone obviously thought authorizations are a matter of defining roles and their menus and the system does everything else by itself. Riiight.
What I did so far - first I educated myself on the specifics of HR authorizations. I never had to deal with those before, so (for example) it was a surprise to me that there's actually a separate SAP course dealing with HR authorizations Then I compared the existing roles to each other like you suggested and figured out a way that allowed me to do all the modifications with least amount of work. I cleaned most of the infotypes out of P_ORGIN and (to cover my behind), adjusted the ranges in S_TCODE to exclude the 2000 HR transactions our HR consultant listed for me.
Most importantly - I made it clear to the guys above me, that with the roles we use I can't guarantee HR data to be inaccessible for people who should stay away from it. So ... back to the testing of the new authorizations
Thanks for your help! It always makes a huge difference to get something like a second opinion when one can't decide if left is better than right or if it's the other way around.
ursa

Add a base permission to an existing role definition in sharepoint using CSOM

I have to add a base permission to an existing role definition in sharepoint using CSOM Managed API in SP2013, to update base permission of a permission level. I did use below code . But Role definition is not getting updated. What could be the reason? I
have updated RoleDefinition and Web as well but it did not help.
RoleDefinition rd = oClientContext.Web.RoleDefinitions.GetByName("My Permission");
if (!rd.BasePermissions.Has(PermissionKind.ManagePermissions))
rd.RoleTypeKind.ToString();
rd.BasePermissions.Set(PermissionKind.ManagePermissions);
rd.Update();
oClientContext.Web.Update();
oClientContext.ExecuteQuery();
Ashish Baranwal To know what you know and what you do not know, that is true knowledge

Hi Ashish,
I tested the same scenario per your post in my environment, and I got the same results as you got.
As a workaround, I recommend to delete the permission level and then recreate the permission level with the needed permissions:
ClientContext ctx=new ClientContext("http://sp");
RoleDefinition rd=ctx.Web.RoleDefinitions.GetByName("My Permission");
ctx.Load(rd);
ctx.ExecuteQuery();
if(!rd.BasePermissions.Has(PermissionKind.ManagePermissions))
rd.DeleteObject();
BasePermissions permissions = new BasePermissions();
//add the permissions needed
permissions.Set(PermissionKind.ManagePermissions);
RoleDefinitionCreationInformation roleDefinitionCreationInfo = new RoleDefinitionCreationInformation();
roleDefinitionCreationInfo.BasePermissions = permissions;
roleDefinitionCreationInfo.Name = "My Permission";
roleDefinitionCreationInfo.Description = "My Custom Permission Level";
RoleDefinition roleDefinition = context.Web.RoleDefinitions.Add(roleDefinitionCreationInfo);
context.ExecuteQuery();
Best regards.
Thanks
Victoria Xia
TechNet Community Support

Delete all existing roles

Hello,
we 're using the GRC Provisioning Framework (with IDM 7.1 SP4 and GRC 5.3 SP10_1) and want to delete all existing roles from a user bevor we set new roles to him.
Is there a general command to do this or have the existing roles to be known?
Thanks,
Carsten

Hello Christian,
thanks for the quick answer. I'm talking about privileges.
In the To Identity Store, is it enough to set:
MSKEYVALUE                   -
   %MSKEYVALUE%
MXREF_MX_PRIVILEGE     -
Or do I have to set all existing roles behind the (like priv:grc:xxxx)?
Thanks,
Carsten

How to find if certain record exists from stored procedure

Hello
I am not an expert in this and am trying simple thing. I want to find if certain record exists in a table and if so set some boolean variable.
create or replace procedure findit(param)
AS
return_group boolean;
BEGIN
myflag := false;
--here goes my question
-- say I have SELECT WHATEVER FROM TABLE WHERE BLA = param
--if it returns at least one record set myflag to true;
END;Any idea?

THanks Satyaki_De,
However, when I put simple SELECT statement in the body of my procedure it does not compile. Actually I should have said that before. So here is my code and where it breaks:
create or replace procedure close_subjects(study_id varchar2)
AS
return_group boolean;
BEGIN
dbms_output.enable(1000000);
FOR current_group IN(
   SELECT DISTINCT group_id from groups WHERE study_id=study_id
) LOOP
   FOR current_subject IN(
      SELECT individual_id from groups WHERE group_id=current_group.group_id AND study_id=study_id
   ) LOOP
      return_group := true;
      SELECT INDIVIDUAL_ID FROM ASSIGN WHERE DATE_TIME_ASSIGNED = ( SELECT MAX(DATE_TIME_ASSIGNED) FROM ASSIGN WHERE INDIVIDUAL_ID = current_subject.individual_id ) AND                            ASSIGN_STATUS_ID = 'A';
     IF SQL%RowCount = 0 THEN
       return_group := false;
         dbms_output.put_line(current_subject.individual_id);
      END IF;
   END LOOP;
END LOOP;
END;
/If I comment out SELECT statement and leave dbms_output for testing purposes it works well. As I said I am faaaar from expert and seems to me that I cannot have SELECT in procedure BODY?

Existing roles / authorization joining.

Hello.
I have to arrange existing roles in SD.
First issue:
There are defined roles. I just have to aggregate them (e.g. 3 existing roles in new one .) What should I do?
Second issue:
Those roles are subordinated according to plant. I have to add additional "organizational level" : business area.
Thanks in advance
/ Margaret

Hello,
The transaction code for authorisation / user profile maintenance is PFCG, but it is advicable to take the help of a BASIS expert.
Prase

Have 7 mo. old iPhone running 4.3.3 and am wondering if I can upgrade my software. Apps I want to load require minimum of 5.0. Am out of luck or what? Where do I go to find upgrade if it exists? Yes, I am that dim I guess. OS can't be updated?

Have 7 mo. old iPhone running 4.3.3 and am wondering if I can upgrade my software. Apps I want to load require minimum of 5.0. Am I out of luck or what? Where do I go to find upgrade if it exists? Yes, I am that dim I guess. Was under impression software could be updated similarly to std. Apple OS practices with other products.

How to upgrade iPhone, iPod, iPod Touch

Assign WB to existing role always require role regeneration

Dear Expert,
After we upgrade to BI 7, It appears that everytime when we add a new WB to a existing role in the BEx Analyser, the role didn't generate automatically in the BI backend. This means that the team cannot transport a new WB without a corresponding role generation. We have to transport the new workbook and existing role together.
But I remenbered that in BW 3.5, we don't need to transport both new WB and existing role. Can anyone tell me if this is standard practise in BI7.0 or whether there is any configration for this? Thank you very much.
Best Regards,
Fuyang

Hi Fuyang
In addition to Anil's suggestion one small concern ensure that you havent missed up any of the other workbooks and realted roles...
Hope its clear a little..!
Thanks
K M R
>
Chris Fuyang Zhang wrote:
> Dear Expert,
>
> After we upgrade to BI 7, It appears that everytime when we add a new WB to a existing role in the BEx Analyser, the role didn't generate automatically in the BI backend. This means that the team cannot transport a new WB without a corresponding role generation. We have to transport the new workbook and existing role together.
>
> But I remenbered that in BW 3.5, we don't need to transport both new WB and existing role. Can anyone tell me if this is standard practise in BI7.0 or whether there is any configration for this? Thank you very much.
>
> Best Regards,
> Fuyang

To find which packages the PUBLIC role has execute privileges on

Hi Experts:
I need to find which packages the PUBLIC role has execute privileges on, since an Audit has revealed there are "there were execute privileges on 2 packages granted to the PUBLIC role"
How can I find these? I have queried, in different ways, dba_tab_privs and dba_sys_privs but I cant get a way to see
execute privileges on packages / procedures.
Thanks,
10.2.0.4
Linux RH 4.
Edited by: user11981168 on 30-Apr-2010 04:12

SELECT table_name
FROM dba_tab_privs p
,dba_objects o
WHERE p.owner=o.owner
AND p.table_name = o.object_name
AND p.owner = 'SYS'
AND p.privilege = 'EXECUTE'
AND p.grantee = 'PUBLIC'
AND o.object_type='PROCEDURE'; --PACKAGE,FUNCTION

Finding participants of an existing role

Similar Messages

Maybe you are looking for