Hiding specific Roles from specific users

Similar Messages

• Receiving an error when trying to remove P00 Security role from the user

  Hi All,
  I am receiving an error when trying to remove P00 Security role from the user.
  After logging on to GRC CUP, clicking on u201CCreate requestu201D, and filling out required information,
  I click on Select Roles/Groups
  On the next screen,
  I click on Existing Roles/Groups
  ERROR MESSAGE appears X Action failed and no roles appear in the box to select for removal.
  Regards,
  Vineet

  Hi Vineet,
  My be your selection is incorrect
  Try this
  in Applicaiton Area -- Select ALL
  Functional Area  -
  Select ALL
  Company           -
  Select ALL
  Role/Profile/Group Names --- Give p00* and execute the report
  if you give only p00 it wont give any result
  Hope this helps
  Thank you,
  Kishore

• Deleting roles from multiple users simultaneously

  I need to delete all of the roles from multiple users and I was wondering if anyone knows of a way to do it simultaneously other than  a Mercury script(it wont take the roles away that are lower than the initial 20)?

  Hi there,
  there could be easier ways to do it, but this is how I'd go about it if I didn't want to go to each user ID.
  Get a list of all roles assigned to your users you want to restrict from SUIM (display the list of users via tcode S_BCE_68001400).  Click on the 'roles' button and it will pull up a list of all the roles assigned to those users.  Extract and save that).
  Filter the list so you have only one entry of each role name.
  Then go to SU10, enter in all your user IDs to change and go to the role tab, enter the unique list and put wide dates on it say from 01.01.1995 - 31.12.9999 (you want them earlier than the earliest role 'valid from' date and later than the latest role 'valid to' assignment).
  Click the 'Remove' box and save and you should have all roles removed.
  Good luck with it.
  Cheers,
  Dianne

• Removing a role from a user

  Hi All,
  My requirement is to remove a role from the user so the resources assigned to that role has to be deleted once the role is removed from the user. But I am having some trouble to remove the role in the workflow.
  I am checking out the view of type User and removing the role from waveset.roles and then checking in the view. I don't see any errors but the role is not getting removed from the user and in turn the end resource is not getting deleted.
  Can anybody post some points like what is the correct way to remove the role from the user in the workflow itself.
  Thanks in advance.

  Thanks for the reply.
  Nevermind, actually I managed to solve the issue, there was mistake in the express code.
  I have one question, can you help me? I am removing a role from a user and for example there are 2 resources (A and B) assigned to the role, while removing the role from the user it is deleting the account in both resources A and B but I don't want to delete the account in resource B. Is there a way to do this?
  I am the checking out and checking in the user view and I am using the following code but it is not working. It is deleting the account from both the resources.
  +<set name='delview.update.selectAll'>+
  +<s>false</s>+
  +</set>+
  +<set name='delview.update.accounts.selected'>+
  +<s>false</s>+
  +</set>+
  +<set name='delview.update.accounts[A].selected'>+
  +<s>true</s>+
  +</set>+
  +<remove name='delview.waveset.roles'>+
  +<ref>myrole</ref+>
  </remove>
  can anybody post some points regarding this issue?
  Thanks

• Help with copying permissions and roles from one user to another. Issue with RoleDefinitions

  I need help please. 
  I’m trying to copy a role definition/name in SharePoint 2010 Powershell. 
  The below is only a piece of my script, but I have to find '$SearchUser" and wherever it lives (webs, lists, groups), I need to add "$account" and copy permissions
  from '$SearchUser" . We are doing this to limit certain users from access our farm (by adding a new AD domain that does not contain these users, then deleting the old domain). 
  Every time I run it, it seems to mess up on this line: 
  $role = $web.RoleDefinitions.[$newRoleDef].
   It is acting like the $newRoleDef is null, but it is not. 
  When I outputfile the $newRoleDef, it has values, such as Read, Contribute.
  foreach($Web in $Site.AllWebs)
  if($Web.HasUniqueRoleAssignments -eq $True)
  foreach($WebRoleAssignment in $Web.RoleAssignments )
  if($WebRoleAssignment.Member.userlogin)
  if($WebRoleAssignment.Member.LoginName -eq $SearchUser)
  $WebUserPermissions=@()
  foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
  $newRoleDef = $RoleDefinition.Name
  $assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
  $role = $web.RoleDefinitions.[$newRoleDef]
  $assignment.RoleDefinitionBindings.Add($role)
  $_.RoleAssignments.Add($assignment)

  Hi,
  Glad to hear that you solve this issue, thanks for your sharing.
  Thanks,
  Linda Li
  Linda Li
  TechNet Community Support

• Hiding Airport access from OD user

  I have 40 iMac on APX (under 12 yrs old!) I have them obviously locked out of all sys prefs but they can still turn off the airport from the top of the screen, can I prevent this?

  are these managed clients?
  do you use os x server/OD for logins, and which version?
  i'd recommend using mcx to disable the airport menu bar item for managed accounts. also be sure to disallow access to the network diagnostic utility in /System/Library/CoreServices, as that can be used to enable airport even if the menu item is missing.
  i just had to do this for a client and used this approach with a launchd item to disable airport power on login or restart. enabling airport requires admin account access, in this case.

• Hiding Document versions from End user

  Hi
  I am in EP6 SP2 Patch 4 Hotfix 7 and CM Patch 4 Hotfix 4.
  We are utilising the "Version Management" feature within Content Management.
  After enabling "versioning" feature for the folder, I am able to upload multiple versions of the same document as a Content Owner/Administrator.
  I am also able to see the different versions of the same document by clicking on to the Settings - Versions of the document.
  However an enduser who has only "read" rights for a folder is also able to go into the document details and see the versions. I need to prevent this since he should be only restricted to see the latest version of the
  document.
  How can I control this ?
  Regards,
  Rajan.K

  Hi Rajan,
  When you activate the state management on that folder, you should get the desired behaviour. It is sufficient to activate the workflow without assigning approval steps.
  If this doesn't work, you should verify, if the corresponding repository manager has the services state management and feedback assigned.
  And be aware that you probably have to modify the service permissions of that folder as well, because normally everybody has full control. Change it to subscription only and check, if this works.
  Hope that helps,
  Stefan

• Mass deletion of roles from users

  I want to delete all roles from locked users. Is there a specific transaction for this instead of SU10? In SU10 one has to enter the roles to remove.

  We developed our own application which locks users after a while, then removes their role assignments after a while, and then lists roles which no longer have any assignments or no one is using anything which the role authorizes.
  This way you can optimize / automate periodic controls.
  There is no standard monitoring cockpit for this, but you can use declaritive system params to destroy password based authentication.
  The real trick with periodic controls is to target the sample before you unassign and destroy roles, but the ability to do that depends on how you buikd the roles.
  Disclaimer: If you use composite roles then you have no chance. You are doomed.. ;-)
  Cheers,
  Julius

• Remove role from user

  HI how do i remove a role from a user when he id terminated or disabled.
  I am assigning a role in the following way during creation with the help of a rule
  <setvar name='newuser.waveset.roles'>
  <filterdup>
  <appendAll>
  <ref>accounts[Lighthouse].roles</ref>
  <s>General-Provision-Role</s>
  <rule name='Get Location Role'>
  <argument name='LocationCode' value='$(newuser.global.LocationCode)'/>
  </rule>
  </appendAll>
  </filterdup>
  </setvar>
  How do I remove this role when termination of user.

  We looking for a way to automate the removing of a user (US) or role (AG) from a position (S).
  There is a report called RHGRENZ2 which can be used to delimit specific OM infotypes (like IT1001- Relationships) specifying the end-date and Position ID (Object Type S and Object ID= Position) manually. In your case, I believe IT1001's Relationship A008 and B007 have to be delimited in order to remove a user (US) or role (AG) from a position (S) but this report cannot be run for specific relationship types of IT1001 (atleast I did never find an option to filter based on relationship types).
  You can try using report RHRHDL00 to delete IT1001 relationships from PP Database but you should consider the consequences of such deletions and restrict the selection based in infotypes and relationship types carefully.
  Alternatively, you can also build a LSMW script to automate the process of mass delimit/deletion of IT1001's relationship types using transaction PP02 (PP01 is not compatible to BDC/background processing)
  Thanks
  Sandipan

• Remove roles from users

  Hi All,
  I would like to ask what can I do if I would like to remove multiple roles from ALL users in the system?
  Normally, for a list of users , I use SU10 to do it.
  However, since there are 1 thousand something users in the system, is there a more efficient way to do it?
  Thanks for your help.
  Regards,
  Chris

  Thanks.
  I would say, in my case, it's the best to use PFCG sinceI only need to remove 3X something roles from them. (I don't know which users have those particular roles, the only thing I need to do is to make sure that the 3X roles have no corresponding users).
  Thanks again !
  Regards,
  Chris

• Mass deletion of SAP roles from users

  Hello All,
  i need to delete all assinged roles from a big number of users. I know the users but not the roles which the users have. I need to delete all roles from the users-id's.
  I know SU10 and i can select all my needed users. But in the role tab i can not work with roles-names like Z* to delete. I can select all z*-roles and select "remove" but when i click to save, i get the message no changes made on the users???
  Any idea?
  Gruß
  Toni

  Hi David.
  David Berry wrote:
  I take it this is being run in PRD? What checks are being carried out during the table entry deletions and are you 100% happy sitting at your keyboard when pressing the 'run' button?
  Changes are made in PRD. The program was tested and is approved by each customer.
  Is there an easy way back to the previous state should it go wrong and how do you explain it to the auditors if needed that you assigned-number of roles in PRD against your own user ID possibly with no CDHDR/CSDPOS entries to back you up.
  Sorry for the 'negative vibes' but I don't like direct table maintenance in PRD for security.
  Best wishes
  David
  The way back is uploading the old role assignment previously exported from AGR_USERS. The program takes an excel sheet. In addition this excel sheet is attached to the change requests.
  From risk perspective we say (and experienced): mass changes through copy and paste lead to much more errors and faulty authorizations.
  Regarding direct table maintenance: standard function modules are used (like the one mentioned above) and the changes are visible in the change documents, Therefore the auditors grant an exception for using such tools.
  Cheers, Tobias

• Role removal from Multiple users

  Hi All
  I have a query related to removal of roles from user profile.
  I want to delete a particular role from a set of users (say more than 600 users)
  is it possible with su10 you to  remove the role from the users  at a stretch or is it the right way to get it removed from the user tab in PFCG and get the user- master record adjusted?
  Please Suggest

  Hi,
  Preferably, you should use PFCG for your need...
  It will be a easiest way to perform this task...
  After that dont forget to do "user comparison"...
  Regards.
  Rajesh Narkhede

• How to revoke everything from a user when opening a new session.

  HI,
  I am using oracle 10g Express Edition and SQL Developer.
  I have 2 user, 2 database connections in my SQL Developer.
  First user is Oracle and its database connection is called TCF.
  Second user is SMITH and its database connection is called TCF_SMITH.
  Oracle user has privileges to do anything.
  SMITH user has no privileges except for CREATE SESSION.
  What I am trying to achieve is assign a user to a role (this role will have grants to select, insert , update from tables) for the current session (this step is successful), and then revoke
  The role from that user (set it back to its default/or revoke everything from it) if opening another session, or session has been terminated (what I am trying to achieve).
  From TCF I was able to do the following:
  CREATE synonym SMITH.EMP_IOD FOR EMP_IOD;
  CREATE ROLE TCF_I;
  GRANT SELECT, INSERT, UPDATE ON EMP_IOD TO TCF_I;
  GRANT TCF_I TO SMITH;In TCF_SMITH
  SMITH has the same privileges as TCF_I.
  so, smith now can select, insert , and update from EMP_IOD table.
  If I open another TCF_SMITH session, and select * from EMP_IOD I should not be able to see any of the records.
  I am trying to make this session base only. Unfortunately when opening another session I am able to select, update and insert records in the new session.
  Is there a way to make this session based ?
  How can I revoke everything from user SMITH from TCF connection ?
  Thanks,

  Oh My Good Lord!
  Rooney,
  What are you attempting to do ?
  In programming anything can be achieved, but there are speicifc tools to solve specific problems .
  I think you are trying to use fork to paint a wall* (If painting the wall indeed is your requirement).
  The "need" as you say...
  +The need for this is to grant the user different roles each time the user logs in.
  for example I can log in 5 different time in one week with different role each time.
  Moday I could have access to X,Y,Z,
  Tuesday I could have access to X,A,B
  Wednesday I could have access to A,B,C.+
  ... is to solve WHAT PROBLEM?
  Please describe your original requirement , not what you think should be the solution/tool to satisfy the requirement.
  In your previous thread you "solved" privilege/role problem by creating SYNONYM. That does not compute at all.
  Re: database roles seems like its not working for me - your help is appreciated
  Think about it. We are here to help each other as best we can.
  Please read more* about Oracle capabilities and "tools" it provides.
  http://tahiti.oracle.com/
  Especially the Oracle Concepts Guide ...
  http://download.oracle.com/docs/cd/B14117_01/server.101/b10743.pdf
  Also, please take time to respond as "helpfully" as possible. each response from you should take you closer to the solution.
  Hopefully, your original requirement will be solved.
  vr,
  Sudhakar B.

• Is it possible to copy security Groups from other user in CMC

  Hi,
  Usually in SAP security we can create user ids with the option of copy the roles from other user. means we can create user id Y same as like X. then Y will get all roles and security same as X.
  it is possible the same in BO also, is there any way for this.
  Regards,
  Sri

  Not that easily - I agree. However, normally permissions are granted to groups - not users. So as long as User Y has the same group memberships as User X it should be the same.
  There are also 3rd party tools available that can make this work and of course if you like coding - using the SDK you can build a tool yourself .

• Changes like password and removal of roles for all users

  Hi
  i want to change password for all users and remove single roles from all users.When i am doing this in SU10 changes are not reflecting for users.Please help reg this
  Vinod

  Me too...I have never been able to remove roles from multiple users with SU10.  I don't know if it's a bug or (more likely) just a confusing screen, but in 4.7 it never worked for me.