GRC5.3 UME roles & CUA

Similar Messages

• UME Role and Action

  I am developing a recursive tree in a Web Dynpro App. My tree has some nodes and subnodes. Under the subnodes i have documents. Depending to the permission of the users should be decided what can the user do with the documents, for example, create, upate, delete and so on. I need to check the authorization of users. I want to follow the conzept like the Web Dynpro tutorial RentCar APP with Actions und Permissions. If a user logs on, i can get his UME role and group. My question is: if it is possible to list the permissions behind of one specific role, which is assigned to the user or a group.
  In short I want to list the permissions and not only check if the user has it or not.
  Please help me.
  Regards
  Hairong Zhao

  Hi Sudhir,
  thank you very much for your quick answer. But it can't resolve our problem really.If we only use hasPermission() method to check if the user has right, the efford to check user in our case is too great .
  I try to describe our problem exactly. In our case, thers is possible that tausend documents can be attached to a node. we can't create a permission for every document. We create for every node a role, but for document we haven't role.  If we don't use the conzept with Actions and Permissions, how can we check the permission of the users, have you another idea?
  Regards,
  Hairong Zhao

• UME Roles/Groups problem

  UME Roles/Groups problem
  I have installed an ABAP +J2EE instance with the view of using it for Adobe Document Services.
  While following the Adobe Document Services configuration guide, Step 3.2.1.1:
  I'm creating a role in the ABAP engine, creating a user (ADSUser); creating and assigning the role (ADSCallers) to it.
  When I start visual admin, i expect the user to be shown under the 'group': ADSCallers.
  While I can see the user in visual admin, I'm unable to see the group (role in ABAP instance)
  I'm on SP19 NW2004. Any views???

  There is a delay before roles show up as groups on the Java side. The delay runs about 30 minutes. See http://help.sap.com/saphelp_nw04s/helpdata/en/45/af3ac012d32e78e10000000a155369/frameset.htm
  -Michael

• Notification Task needs UME role and other value

  Hi Experts,
  I have a BPM notification task which needs to go to two UME roles (always same) and a UME user (dynamic selection).
  This UME user is already stored in my context data.
  However, when I configure the "To" tab of the notification task, how do I achive this.
  If I select "Choose one or more UME principles" - I can assign the 2 UME roles.  But then how do I get that UME user?
  Please help.
  Thanks,
  Rahim.

  Hi Rahim,
  You want to use an expression and one of the getPrincipal  built-in mapping functions.
  How are your user id and role names formatted? If you have the full UME name you can use getPrincipal  or getPrincipals (for a list of values).
  If you only have the name itself then you use getPrincipalByUniqueName - the identityType parameter is 1, 2 or 3 indicating whether its a user, group or role respectively.  That only returns a single value ... so if you need to process multiple values then suggest you create a EJB-based mapping function using the UMFactory API to do something similar.
  Regards,
  Jocelyn

• Custom UME Role with action: Manage_All_User_Passwo

  Hi all,
  I have to create a custom role on EP. This role has to able a user to manage the password of all user (only password).
  i created a custom UME role Reset_PWD and I add the following action
  Manage_All_User_Password
  I attribute this role to a user.
  When I logon with this user I get an error: Page not found.
  Any suggestion to solve my problem?
  Thanks in advantage
  Enzo

  Hi Enzo,
  The reason why you are getting this error is because you have assigned just the role and an action to it. There is no content attached to the role.
  For this requirement, I am not sure if adding any existing iview will help or not.
  Thanks,
  Nikhil

• Add UME Role to LDAP User

  Hi,
  i'm having a problem with portal user management. We have a LDAP user called charlie81 in an Active Directory Server, which has a set of LDAP groups. We have also a UME Role (a role created in the portal) called "Manutenzione". Our target is to assign "Manutenzione" to charlie81 through the portal. I made it but when charlie81 is logged in, he can see only LDAP Roles; "Manutenzione" is not visible!!!! How can i resolve this problems? Do you help me, please? Thank you in advance, Carlo Paglia

  Hi,
  What kind of role did you assign to the user? A portal role (source = portal role) or a "UME role" (source = UME database)?
  If it's a portal role, is it a standard or a custom role? If it is a custom portal role, make sure an entry point is defined or your role won't be visible. Here's a link to the documentation : [Defining Entry Points|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/4e/3e703e632c7937e10000000a114084/frameset.htm].
  Regards,
  Pierre

• CUP 5.3: Automated Provisioning for UME Roles

  Hi,
  Does CUP 5.3 provide automated provisioning for UME roles or just for R/3 roles?
  Thanks in advance. Best regards,
     Imanol

  In order to use UME provisioning though, the WebAS must have Portal components installed (not necessarily used). The Portal RTA uses the Portal's SPML interface that is installed with portal components.
  And please make sure to check the PAM - I think the Portal RTA only works for 7.00, if I'm not mistaken!
  Frank.

• UME Roles for PDF Actions

  Hello All,
  Can you please let me know which UME roles I need to add in NWA to enable PDF actions in MII workbench for my user. For e.g. I want to use the Generate Documentation feature and even after following SAP notes 1325997. Its still disabled.
  Thanks,
  Kiran

  Hi Jeremy,
  Thanks for your help in answering our questions. I tried adding the PDF actions XMII_PDF* to one of our roles assigned to the user and still the Generate Documentation icon is disabled. I followed the steps provided in 1325997
  Solution
  1. Download and unzip the attached pdfactions.zip file to your local
  machine.
  2. Obtain version 1.4.5. of
  the third-party iText.jar and iTextAsian.jar, from
  http://www.lowagie.com/iText/download.html and save to your local machine.
  3. Rename the files iText.jar and iTextAsian.jar making sure to match the
  noted case.
  4. Open a browser window and navigate to the SAP xMII Administration
  Menu at http://<server>:<port>/XMII/Menu.jsp.
  5. On the SAP xMII Administration Menu, choose System Management ->
  Custom Actions. The Custom Actions screen appears.
  6. To upload the .jar files to SAP xMII, click Upload. PDFActions.jar is
  the assembly .jar file, and iText.jar and/or iTextAsian.jar are the
  dependency .jar files.
  I also restarted my server to make sure the changes will be activated but so far I have been unable to make it work.
  Thanks,
  Kiran

• Fetch PCD and UME roles and worksets

  Hello,
  I want  to fetch PCD and UME roles and worksets of the logged in user in a web dynpro java application. Can some one help ?
  Regards
  Mrinalini

  hi mriNalini
  check this wiki links for web dynpo java
  [Retrieving all iViews,pages,worksets from PCD |http://wiki.sdn.sap.com/wiki/display/WDJava/RetrievingalliViewsfromPCD]
  [web dynpro java home page wiki|http://wiki.sdn.sap.com/wiki/display/WDJava/WelcometoWebDynproJava%21]
  [Get Current Logged In User, using Web Dynpro for Java |http://wiki.sdn.sap.com/wiki/display/Snippets/GetCurrentLoggedInUser%2CusingWebDynprofor+Java]
  and
  [Fetching all the Portal Roles Assigned to the Current Logged in User, Using Web Dynpro for Java|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/80ef07f8-3e6c-2b10-9cb7-81d4ef2e294a?QuickLink=index&overridelayout=true] ( document)
  hope these links solve your problem
  Regards,
  Maheshchandra

• Where are all the UME actions and UME roles stored?

  Hi there,
  I had a look at the SAP<SID>DB.UME* tables, it seems to me that they are not stored there.
  What I wanted to achieve is to build a list of all user, user to role assignment, all UME actions, and role to action assignment so that we can do some analysis of the data.
  Another related question is about the SPML based java API for user management in UME. It only allows you to list all the UME roles. What about the J2EE security roles? It seems to me that by using this API, you can not get a complete picture of user authorization, which includes both UME role and J2EE security role. Any comments?
  Thanks in advance
  GG

  Hi,
  I would suggest to use [UME Java API|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/package-summary.html] instead of reading from the DB tables. You can get all users using methods of the class IUserFactory. The class IRoleFactory has method getRolesOfUser which gives you all roles for each user. Don't forget about roles assigned to user groups. Have a look also at package com.sap.security.api.acl. You should be able to get all ACL entries using [IAclManager|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/acl/IAclManager.html]. Especially, check the code example. I've never done this but from reading javadocs it looks like it should be possible.
  Have a look also at this [document|http://help.sap.com/saphelp_nwce711core/helpdata/en/a4/d39b3e09cdf313e10000000a114084/frameset.htm]. It describes the authorization concept of the AS Java.
  Cheers

• Mapping UME Roles to J2EE Engine Security Roles

  Hi all,
  is there a way to map the roles defined in UME which are used in a Web Dynpro application to those declared as part of an EJB descriptor?
  Any help is highly appreciated.
  Regards,
  Sebastian

  Hi Sebastian,
  yes, it is possible to do such mapping. And here how it works:
  1. define security roles in the ejb-jar.xml within the <security-role>. For example:
  <security-role>
       <role-name>test</role-name>
  </security-role>
  2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
  <security-permission>
     <security-role-map>
        <role-name>test</role-name>
        <server-role-name>myUMErole</server-role-name>
     </security-role-map>
  </security-permission>
  the myUMErole must be defined in the UME!
  Does this answer your question?

• UME to CUA(ABAP) user data replication for custim attribute.

  Hi All,
  We have planned that Users will be created in portal and from there user data will flow to CUA(ABAP) and from CUA it will flow to r3,BW,CRM ..etc .
  I have configured the UME(portal) so that when ever I create user in Portal it flows to CUA (ABAP). In CUA when I assign a system (system name -  the abap system in which CUA should transport the user data) to the user ,user data flows in respective system (R3) ie user gets created in that system (r3 or BW depending on the assigned system name) .
  UME ---> CUA --- > r3 or bw or CRM etc…
  Now I want to automate the process .I want to assign the system name to the user in UME itself (not in CUA).I have created a custom attribute ‘system’ in CUA .
  Now problem is how to map UME custom attribute of ‘system’ to CUA (ABAP) user attribute ‘system’ . Also please let me know which XML file (data source) I should modify.
  Regards,
  Gyan

  Hi Gyan,
  We have installed NW'04 SP14 with both ABAP and JAVA stacks on this system. We are using datasourceConfiguration_abap.xml as our J2EE
  UME setting. We have found that when we create any user in client 000 from CUA that user is then create in UME. We have three clients in this development system. When we create users from CUA from the other clients in this ABAP system the users do not come into the Java UME. We do not want to create the users in client 000. What is your Java UME setting and how can we get the users in the other clients push to UME.
  Regards,
  Anthony
  Message was edited by: Anthony Bright

• How do I Change Permissions for a UME Role:  UME.Manage_Users

  I am trying to set up a helpdesk role that will allow a limited number of users to reset passwords and unlock users.
  I do not want them to be able to change user data, delete or create users.
  I created a user and assigned it the user administration content. I removed all except the search, previous search and locked users options. In the permissions I clicked on yes for the manage_users capability.
  However, the manage_users option is set to all by default. How can I change it so they only have reset password and unlock capabilities?

  Hi,
  Mangae_users action in UME is basically for delegated admin's. With this action an user can do all admin activities for the particular company.
  If you want to give only password change permission assign the action
  UME.Manage_all_user_passwords. With this action an user can view and change all user passwords.
  Refer the link below also for more information.
  http://help.sap.com/saphelp_nw70/helpdata/en/5f/670db7939b8e48999d65f8a05ad611/frameset.htm
  Thanks
  R.Murali

• CC 5.2 , UME and CUA

  How can I configure the CC5.2, UME connect to CUA? The SAP system is on a different box from the CUA. I want to get the most current userIDs from the CUA.
  Please advise!

  Established the JCO connections to the CUA and made the CUA as the User master source

• ACCESS CONTROLS -  UME ROLES (RAR)

  Hello Experts!
  i was wondering if you could help me. Is there a way to create/modify a role with the activity to assign Custom User Groups in RAR?
  I checked the actions that exist for VIRSA.CC and didnt found any relevant actions.
  I dont want to give authorization for all the actions in the Configuration tab but only for creating Custom User groups.
  Thanks in advance!
  david

  hello Frank,
  I want to give the authorization to our service desk, to create Custom User Groups over RAR> Configuration>Custom User Groups.
  But i searched the actions over the UME and i couldnt find about custom groups.
  I didnt want to give the authorization for the configuration tab.
  Thanks
  david