How to determine ADF roles a user is in - before fully authenticated

Similar Messages

• ADFS and SharePoint Integration: How to use ADFS Roles?

  Hello,
  I've successfully integrated SharePoint with ADFS2 and users can login by ADFS. One of the claims mapping in ADFS and SharePoint is SAM-Account-Name->Windows account name.
  Is there any guideline how to grant a permission to an specific role? For example I want to grand read access to an specific list to a specific AD group called "ListReaders"
  A link to an online article explains how to use ADFS Roles in SharePoint would be a great help.
  Thank you,

  Hi Allan,
  According to your description, my understanding is that grant permission to ADFS roles.
  Please refer to “A Fellows” last suggestion to grant permission to ADFS roles in the link below:
  http://social.technet.microsoft.com/Forums/en-US/4d5ee453-1447-4d14-b297-33c27ef2c24d/permissions-using-adfs-roles?forum=sharepointadmin
  More reference:
  http://www.css-security.com/blog/claims-based-authentication-and-authorization-with-adfs-2-0-and-sharepoint-2010/
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• How to add a role so user can do Export, Copy & paste Master Data?

  How to add a role so user can do Export, Copy & paste Master Data? Thanks!

  Add S_GUI to the user role.

• How to determine which cell the user has just left?

  I want to check the contents of a JTable cell just after the user has left that cell.
  What is the most reliable way to determine which cell the user has just left?

  Hi,
  I use the cellRenderer for that... if the value is not correct, I call an editCellAt() method...
  JRG

• How to use different (not local) user for NTLM auth in Authenticator?

  Hi All,
  I use custom authenticator to provide user / passwords to connect to .NET Web Services. I overloaded function getPasswordAuthentication() that returns right user / password combination for the requested URL. It all works perfectly for many kinds of HTTP connections: basic, ntlm, ntlm-v2, through proxy, ssl, etc.
  My problem is that during NTLM authentication from Windows computers JVM uses credentials of the currently logged in domain user instead of calling Authenticator to get other user / password provided by the user. In case when local user credentials fail to authenticate, JVM calls my Authenticator but in case authentication is successful it does uses local domain user and never calls my Authenticator. The issue is when this local domain user does not have enough permissions but authenticated correctly there is no way to supply JVM with another user to begin with.
  What can I do to force JVM to ignore local domain user and to use Authenticator to collect credentials during NTLM authentication requested by the server in case the software runs on a Windows box with currently logged in domain user?
  I am looking for the answer for a long time already but found only questions and suggestions to switch server from NTLM authentication which is not an option for me. From the developer's view it has to be pretty simple change for Sun to do in Java networking API. Is there any way to escalate it to Sun support? Maybe there is some property in some JRE patch level that allows to do this?
  Thank you very much!
  Mark

  Thank you for the reply. I have kind of an opposite problem. I can perfectly connect from Linux computers to Microsoft IIS servers using NTLM or even NTLMv2 authentication. My problem is connecting from Windows client computer joined to the same domain as IIS server with the domain user logged in to this computer. In this case this user account will be used in any HTTP connections I initiate to this IIS server instead of the one that I want to supply in my custom Authenticator.
  I have graphical interactive application that connects to IIS Server. When user runs it and connects to IIS server I want to prompt for the user/password regardless whether JRE may correctly authenticate using current user account credentials. The current user may not have enough permissions in IIS application so I want to use different user to login to IIS application.
  Thank you anyway,
  Mark

• How to determine numebr of portal users?

  Hi experts,
  we are using sap portal for displaying contents from different application, and active directory is storage of user master data.
  my question is how can i find the number of users using SAP Portal ( login to sap portal ) ? i searched the users through portal user administrator  it gives me all users created in active directory that does not make sense because some user do not know about portal.
  another way i tried to run http://<server>:<port>/USMM this does not work either.
  so how can i determine number of users using SAP Portal?
  your any help would be highly appreciated?
  Regards;
  kumar

  Hi Arvind,
  If you want to find out the number of users which are actually defined in Portal, you can go to the User Administration tab and in Identity Management, Search Criteria as USER and select All DATA SOURCES, put a * in the column adjacent to it and click on GO.
  It may give you tht the size limit is exceeded but it also gives you the total number of search elements.
  I hope this helps.
  Regards,
  Sneha.

• How to determine which AD server User Profiles is pulling from?

  I have a User Profile set up, and can't recall specifying an AD server.
  I've been asked to run multiple UP incrementals during the day. The SharePoint and SQL server seem capable of handling it, but I forgot to check performance of the AD server(s) during the nighly incremental.
  How would I determine which AD server is being used, so I can test CPU and memory?
  Thanks,
  Scott

  Go to:
  C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe
  On the Operations tab, if you look at any of the operations, there is a Connection Status box in the middle right. This contains the DC that it has connected to.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• How to determine the logged in user - BI Publisher

  Hi,
  I am building a SQL based BI Publisher report. I am using BI Publisher integrated with the E-Business Suite so all ebiz users can log in to BI Publisher
  I have a requirement that my parameter LOV query is to be restricted based on the BI publisher logged in user. I have the necessary select statement which just requires the logged in user to be supplied. But I don't know if there is any standard BI variables which I can use in my SQL Query
  Thanks
  Shasik
  Edited by: Shasik on Sep 14, 2008 1:04 AM

  Hi Shashi,
  http://winrichman.blogspot.com/2008/09/how-to-get-logged-in-obiee.html
  Use the available XDO session variables like :xdo_user_name
  Select :xdo_user_name from dual wil fetch you , the Logged in USER :)

• How to determine that the Mapped User Id has the active r/3 account?

  Hi Experts,
  I have a requirement to determine the whether the mapped user ID in portal has active  or inactive user account in R/3.
  For example:
  We have implemented SSO between WAS & backed R/3. Now the user has the active poratl account but the R/3 account is inactive or locked due to some reason. Now in this situation when user logs in and hit the application then the screen display's the 500 internal server error which is not understood by the client. The requirement is to display the custom message instead of 500 internal server error inorder to direct the user that his account is inactive or locked in R/3.
  I have to handle this within the WDinit method of the Componenet controller which will stop the processing if incase the above is true and display the appropiate Error Message.
  Hope I am clear in statement above.
  Looking for your prompt reply.
  Thanks
  Shobhit Taggar

  Hi
  import com.sap.security.api.IUserAccount;
  See this link
  http://www.sdn.sap.com/irj/scn/index;jsessionid=(J2EE3417300)ID1438221150DB00601362742208939333End?rid=/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19&overridelayout=true
  Kind Regards,
  Mukesh.

• HRPAD00INFTY - How to determine what action the user took (IN_UPDATE)

  Greetings, Experts.
  I've been asked to modify an existing BAdI for infotype 0167. The existing code is in method IN_UPDATE.  FYI, we have to use this method (as opposed to, say, AFTER_INPUT) since we have to make sure the user completed the operation as we're modifying data in another infotype based on their action.
  As such, the  logic depends on what the user is doing, i.e., inserting, updating, delimiting or deleting a record. I was testing different scenarios in PA30 to see what the value of IPSPAR-ACTIO would be and got some puzzling results.
  For example, I used the Edit->Copy feature in PA30 to copy and then delimit an existing record and was expecting an ACTIO of "LIS9" (Delimit) but it was "MOD". Similarly, I used the trashcan to remove an existing record and got a "MOD" operation. Finally, I deleted another record the same way (trashcan icon) and this time it was "LIS1" which I found stupefying since that's not even a valid value according to the DDIC for data element ACTIO.
  I can't seem to get a consistent way to determine what the user is doing. What is the best practice?
  Thanks.

  Hi Steve,
  You can  try with IPSYST-IOPER Parameter Which is Showing the Right Values .
  Regards,
  Kishore.S

• How to determine IP Address of user filling out form

  I have an online form and one of the requirements is to show (and then submit) the ip address of the user filling out the form. How can I find out this information?

  String ipAddress = request.getRemoteAddr();
  Michael

• How to determine estimated cost of dynamic SQL queries before execution?

  Hi Performance Gurus,
  Does anybody need know of a function module or program which can give me an estimated cost for a given SQL query. SQL query is a dynamic query and we need to know the estimated cost before we execute it.
  Cheers
  Jiby
  Moderator message: subject corrected, in the future please use one that describes your problem better.
  Edited by: Thomas Zloch on Aug 24, 2010 12:56 PM

  Hi,
  The mentioned function module does not give you the cost but the plan.
  On DB2 e.g.
  U Explanation of query block number: 1   step: 1
  D Query block type is SELECT
  S Performance appears to be bad
  S No index is used. Sequential tablespace scan
  E Method:
  D           access new table.
  D           data pages are read in advance
  D           pure sequential prefetch is used
  D           new table:
  D                       SAPD8M.DD02L
  D                       table space locked in mode:  N
  D           Accesstype: sequential tablespace scan.
  I think there is some information that could be used as well (cost figure transformed to text)
  S Performance appears to be bad
  S No index is used. Sequential tablespace scan
  But as already said: the whole requirement is quite strange...
  I'm not aware of any other options, sorry.
  Kind regards,
  Hermann

• How to determine role authorization of user in MAM?

  Hi everyone,
  I'm new to SAP and SAP MI, and I am currently implementing (or "enhancing") a MAM.  I have the following question on user authorization:
  In terms of role authorizations, does anyone know how I can determine what roles an authenticated user have from SAP?  For example, if user A logs into the MI Client, and if this user accesses the MAM, is there a way for the MAM to know what kind of user roles he/she has?  Is there a SyncBo that will give me such info?  I checked the JavaDocs for the SyncBo's, but they have NO descriptions.  The closest thing that I found was in MAM090 (Interface com.sap.mbs.mam.bo.MAM090).  There are getter methods for getRoleGen(), getProfileResource(), and getPartnerRole().  Are any of these usable?
  Are there any good documents that I can look at to determine what each SyncBo's does? 
  Many thanks!
  Jeffrey

  Hi Jeffrey!
  Here are the 3 different checks you have to look at"Users & Authorizations" for setting up your MAM Users.
  (1) SAP Backend:
  (1a) The SAP MAM User who synchronizes with the Backend from the MI Client should have all necessary authorizations for Plant Maintenance Components of the SAP System that are associated with your MAM Scenarios.Pl refer to the following SAP Authorization Objects I_ALM_ME ,I_AUART,I_BEGRP,I_BETRVORG,I_CCM_ACT ,I_CCM_STRC,I_ILOA,I_INGRP,I_IWERK,I_KOSTL ,I_QMEL,I_ROUT ,I_ROUT1,I_SOGEN,I_SWERK,I_TCODE ,I_VORG_MEL,I_VORG_MP ,I_VORG_ORD,I_WPS_MEB ,I_WPS_REV in your Backend System and have it assigned to the User Profile, based on your requirement.
  (1b) Service User for setting up the MAM & MI Landscape: This user logon info has to be setup in the RFC Destination that is associated with your MAM25 SyncBOs, to logon to the Backend System and this user should have the basic authorizations required to establish the connection.
  (2) MI Middleware: The SAP MAM User who synchronizes with the Backend from the MI Client should have the following Authorization Objects assigned to his/her profile. S_ME_SYNC, S_RFC, S_TCODE.
  (3) MI Client: Refer to MI Security Guide.Pl note that the MI Client MAM User is same as the Middleware User and the Backend User.You should be taking care of this already.This is just a FYI.
  Let me know, if you are looking for any other additional info.
  Thank You
  Gisk

• How can we determined what role contains a particular privilege.

  Hi All.
  How can we determined what role contains a particular privilege.???
  I have found note User Management (UMX) Security Infrastructure Reporting (Doc ID 1222663.1)
  Our implementation doesn't seem to have a "UMX_W3H_HOMEPAGE / W3H Homepage Permission Set"
  This is a R12.0.4 instance
  Thanks in advance

  How can we determined what role contains a particular privilege.???User Management Responsibility > Roles & Role Inheritance > Search for the Role > Click on Edit and you will find the list of Permissions.
  I have found note User Management (UMX) Security Infrastructure Reporting (Doc ID 1222663.1)
  Our implementation doesn't seem to have a "UMX_W3H_HOMEPAGE / W3H Homepage Permission Set"
  This is a R12.0.4 instanceAccording to (How to Assign User Management Security Reports to a User [ID 1221304.1]), it is available in 12.1.1 and above.
  Thanks,
  Hussein

• Configuring roles and users (adf security) application context wise.

  Dear All,
  I referred this tutorial (http://biemond.blogspot.com/2008/12/using-database-tables-as-authentication.html) which shows how to hook up adf security with database schema but at domain level which will be common to all applications in that domain. I want to make it different to each application. (i.e each application will use differene database schema for storing user credientials i.e enterprise roles,application roles and users.)
  Can any one please point me to proper way..
  Regards,
  Santosh
  jdev 11.1.1.2.0

  Dear Frank,
  <i>
  Instead you have a single identity management system and have the application policies being different for the applications.Using ADF Security, users and groups can have different privileges in different applications
  </i>
  suppose i have 3 applications that use adf security, the users will be common to all applications. right..?Roles and group can be different for applications.
  application polices means roles and group..?
  So how it(application polices) can be made different for applications? is it inbuilt or some configurations needed ?. Can you point me to some blogs or tutorials for more reference.
  Bet: Incase i hook up adf security with database schema.
  Regards,
  Santosh.