How to check logged in user belongs to particular group using workflow

Similar Messages

• How to check if a user has a particular role in sql server

  Is it possible to check to see if a user has a particular role in sql server? For instance, I need to check to see if the user logging in has wite ability to the database. Thanks in advance.

  To answer your question from a Java-perspective, since this is a Java-forum: No.
  The JDBC 3.0 specification does not state that the driver has to implement a user credential mechanism.
  However, the DriverManager will throw an SQLException if user credentials are not met at all and the Connection should throw you a SQLException when trying to create or execute a statement that you are not alowed to do.

• Java portlet customization depending user belongs an OID group

  Hi
  I have developped a Java portlet with a customization display, depending user belongs a specific OID group or not.
  I used a preparedStatement to call the wwsec_api.is_user_in_group PL/SQL procedure.
  My problem is that it seems that OID does not close connections as our portal falls after 2 or 3 days when I install this portlet in production.
  Therefore I wonder if there is a bug in the API wwsec_api.is_user_in_group (if it close OID connection after returning the boolean result).
  Is there a more efficient way in a Java portlet to check if a user belongs an OID group ?
  Is there a bug in wwsec_api.is_user_in_group ?
  Thanks for your help,
  Best Regards,
  Jean-Christophe

  Hi Rajiv,
  I tried out the following code for getting the database reference which I got from some posts on net.
  tcDataProvider db;
                      tcUtilityFactory tcu;
                      ConfigurationClient.ComplexSetting config = ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
                      final Hashtable env2 = config.getAllSettings();
                      tcu = new tcUtilityFactory(env2, "xelsysadm","Password");
                      tcBaseUtility mBaseUtil = (tcBaseUtility) tcu.getUtility("Thor.API.Base.tcUtilityOperationsIntf");
                      DBReference=mBaseUtil.getDataBase();
  But when I execute the code, I get an error :
  Error while getting utility Thor.API.Base.tcUtilityOperationsIntf[Ljava.lang.StackTraceElement;@619eeaaThis must be at the getUtility method call.
  Can you please guide me as to what I might be doing wrong here?
  Thanks,
  $id

• How to check if the user has only the display authority of a message

  hi,
  How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
  Best regards,

  hi blake
  though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
  Basically Authorization Management 
  Use
  You can use the following authorization objects to control the authorizations for maintaining business partner data:
  •        Authorization objects for the Business Partner:
  •             B_BUPA_GRP
  •             B_BUPA_ATT
  •             B_BUPA_FDG
  •             B_BUPA_RLT•       
  Authorization objects for relationships:
  •             B_BUPR_BZT
  •             B_BUPR_FDG
  In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
  You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
  In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
  For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
  IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
  Prerequisites
  You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
  Moving over
  AS ABAP Authorization Concept 
  The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
  To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
  Authorization Checks 
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  •        Starting SAP transactions (authorization object S_TCODE)
  •        Starting reports (authorization object S_PROGRAM)
  •        Calling RFC function modules (authorization object S_RFC)
  •        Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  Starting SAP Transactions
  When a user starts a transaction, the system performs the following checks:
  •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
  •        The system then checks whether the user has authorization to start the transaction.
  The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
  •             The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
  •             If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
  If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
  •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
  The check is not performed in the following cases:
  You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
  This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
  •             You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
  •             So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
  All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
  Starting Report Classes
  You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
  We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
  You must consider the following:
  •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
  •     •         There are certain system reports that you cannot assign to any authorization class. These include:
  •     •         RSRZLLG0
  •     •         STARTMEN (as of SAP R/3 4.0)
  •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
  •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
  Calling RFC Function Modules
  When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
  Checking Assignment of Authorization Groups to Tables
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  please See also:
  •        SAP Notes 7642, 20534, 23342, 33154, and 67766
  guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
  but if u sit with ur BASIS guy then u can learn lot of things in PFCG
  i guess u r a basis guy,then its not a problem
  best regards
  ashish

• How to check the unused users in portal.

  Hi Guru,
  We are doing auditing in Portal server.Can any tell us
  How to check the unused users in portal?.
  Regards,
  Vivek

  Use portal activity reporting  for monitoring the users. This way you can monitor the users in the portal who logged on to the portal.
  Below are things you can monitor from portal activity report iview
  1) number of users logged on during the period of time.
  2) Details of the users who logged on
  3) monitoring particular iview/page
  Check the below threads for more help
  http://help.sap.com/saphelp_nw04s/helpdata/en/47/87329cc84a199ce10000000a42189d/frameset.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/47/87346dc84a199ce10000000a42189d/frameset.htm
  Raghu

• How to Check when the user is connected to different desktop.

  How to Check when the user is connected to different desktop.Sometimes the user maynot see the theme in the personalize theme list. In that case the person must be using different kind of desktop.How to check, I need a path.And how to apply the theme to that user?
  Thanks,
  Paturi

  Hi,
  you can create the new portal desktop from
  System Administration => Portal display => Desktop and Display Themes
  Select your folder from Portal Content and from its context create new Desktop.
  Add The Framework page and the theme to this desktop page.
  Go to your folder from Portal Content and from the context of the framework page select add framework page to portal desktop.
  Adding Theme to desktop
  From Portal content select Theme folder and select the theme right click it and select Add theme to Portal Desktop.
  Create rule for the Desktop.
  Navigate to System Administration => Portal Display => Desktop and Display Themes Portal Content => Portal Administrators => Super Administrators =>main_rules.
  Click Add IF Expression.
  create the expression if user = xyz then click on apply
  Select the then clause of the if and navigate to your folder where Desktop is created ,Add it and Click Apply.
  Save the Changes to the rule.
  Hope it helps you.
  (reward points if its helpful)
  Thanks,
  Gunjan

• Determine if user belongs to Authorization Group.

  My requirement is I have a authorization group (BRGRU) and I need to check if the logged in user belongs to that authorization group. Is there any FM for this or a Database table where in I can get list of users belonging to a particular authorization group.

  Hi
  check the tables
  UST12
  AGR_1252
  and check the Tcode SU21
  see the doc about authorizations:
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Reward points if useful
  Regards
  Anji

• How to check Agent login details in a particular CTIOS

  How to check Agent login details in a particular CTIOS

  Yes, you'll need to provide more information.  If you login a supervisor to the CTIOS supervisor desktop who is part of every team you would be able to tell every agent who is logged in and what state they are in.
  david

• User belonging to multiple groups

  Hi,
  If a user belongs to multiple workgroups, Podcast capture should ask him in wich blog he wants to publish its sequence... but it doesn't seem to work.
  So my question is : how to deal with that ?
  Thanks for your help,
  Nicolas

  Hi
  I know only 2 ways to add some dynamic: posting to user's blog, which supposes to consider that there is only one user who is able to post, otherwise to duplicate workflows and change the target group in it ($$Group Short Name$$ replaced by custom properties or if posted through webUI defined by new field, but it's reliability depends of the human factor..).
  In addition, i may ask you what do you mean by "it doesn't seem to work"..? Is Pc Capture supposed to work this way and ask at any moment to which group's blog the podcast needs to be sent when a user belongs to multiple groups ? That would be a terrific news, but i guess they would have announced it..
  ju
  Message was edited by: JulienC

• How to check/verify running sql in lib cache is using updated statistics of table

  How to check/verify running sql in lib cache is using updated statistics of table used in from clause.
  one of my application table is highly busy i.e frequent update/insert/delete.
  we gather table stats every 30 min.

  Hello, "try dynamic sampling" = think "outside the box", maybe hit two birds with same stone.
  As a matter of fact, I was just backing up your statement: "30 minutes seems pretty extreme"
  cheers

• How to check the hardware vendor of a particular device

  Hi every one
  in the recent interview i have taken he asked me a question like
  how to check the hardware vendor of a particular device
  ex: hard disk ,nic card ,ram
  Thanks in Advance.......

  hi
  depends on OS version
  in RedHat like distros e.g.:
  lspci, lsusb, ls...
  dmidecode|grep -i manuf
  kudzu -p -s
  on Solaris you can use these :
  dladm show-dev
  dladm show-link
  prtconf -D
  kstat [-P]
  Edited by: g777 on 2011-03-11 07:24

• How can I query all the members of a group using querbuilder?  I cannot find any related properties

  How can I query all the members of a group using querbuilder?  I cannot find any related properties describing members under /home/groups/s/sample_group in jcr repository.

  Hi,
  FieldPoint Explorer is no longer used to configure FieldPoint systems. However, I do not think that the configuring your system in FieldPoint Explorer is causing the error.
  FieldPoint systems are now setup in Measurement and Automation Explorer (MAX).  Information on setting up FieldPoint systems in MAX can be found in the MAX help under: Installed Products>> FieldPoint. Also, I recommend upgrading to the latest FieldPoint driver and version of MAX.  The FieldPoint VI's will be slightly different when you upgrade, so there is a good chance that this will eliminate the error.
  Regards,
  Hal L.

• How to check ..the user who is currently logged in ..

  ... suppose i m logged in as HR schema ...so while using SLLplus * environment ...how to check ...that which use is currently logged in..

  If you want to use the name in some program then you can use
  select user into :variable from dual;
  Regards
  Kaustubh

• How to check if the user has log in when he log in again?

  Hi all,
  I was wondering how to track if the user has already log in?
  When this user using browser A to log in then he try to log in using a new browser, then hw I am I going to know that, and terminate his session?

  Hello!
  You can try this code if you want that if a user is login at a machine and tries to login from the other, then he can continue his processing at second machine ('cos it will get the high priority) but can not process from the first machine. This code allows to login but only second one will be active.
  <jsp:useBean id="monitor1" scope="application" class="java.util.HashMap"/>
  if(monitor1.containsKey(num)){
  HttpSession oldSession = (HttpSession) monitor1.get(num);
  oldSession.invalidate();
  monitor1.remove(num);
  monitor1.put(num , session);
  But if you want to restrict it at the time of second login then u can use any of the techniques discussed above.
  aNTUMNIHA

• How to check if a user session is active in Java application server

  Hi Experts,
        We have a online scenario with a third party system by which a portal user will launch the third party application in a new window from portal. The SSO will work at the third party web application with the dynamic key that is generated by calling a webservice for that user. Now, as the user works on the launched screen, they will have to check whether the user (logged in portal) session is still active. ie., they will be periodically calling a service hosted by SAP java application server to find out whether the corresponding user who launched the session is still logged in or logged out.
  So, my question is, how can i find out programatically whether a user/user's session is still logged in/active in SAP Netweaver Java AS? We are in version 7.3.
  Kindly help me in this regard.
  Regards
  Vijay.K

  Hi Vijay,
  Could you check below links
  Tracing Single User Sessions - Administration - SAP Library
  Display and Manage User Sessions (SAP Library - Tools for Monitoring the System)
  Hope this helps.
  Regards,
  Deepak Kori