How to determine role authorization of user in MAM?

Similar Messages

• How to interrogate roles of a user in a process

  I mentioned this in the beta call on Wednesday, but I thought I would enter it here to follow-up on....
  We have a business need to be able to interrogate the roles assigned to a user in our process flow. Here is an example:
  1. A user enters some data on an initiator type human task. (let's say the swimlane or role is 'data entry')
  2. Next, there is an approval type human task that must be completed (it is in the swimlane or role of 'approver')
  3. If the user that performed the data entry task is also associated to the role of 'approver', the approval task should be bypassed.
  So, I think I need to get the user who did the data entry and determine if they have the role associated to the approval task....if so then I can branch around that task in my process flow. Is there a way to do this in the BPM process (preferred)? Or within the Human task definition? Or do I need to write a service of some sort?
  --- Becky Kellinger
  Edited by: bkellinger on Apr 8, 2010 2:06 PM

  Essentially,
  a. You can find the actual performer of a Task by using output/execData/systemAttributes/updatedBy/id
  b. You can use ids:isUserInRole to test user's membership in desired role
  Note that since we have a bug of not exposing identity XPath functions in BPMN, you have to edit the source of BPM. What I did was, create an expression in editor: ora:addQuotes(concat(role, users)) (any dummy expression to get everything setup), then found the expression in the .bpmn file, and replaced it with:
  <from language="http://www.w3.org/1999/XPath" xmlns:bpmn="http://www.omg.org/bpmn20" xmlns:ora="http://schemas.oracle.com/xpath/extension">ora:addQuotes(concat(bpmn:getDataObject('role'), bpmn:getDataObject('user')))</from>
  This will work with Groups but not Swimlane roles (app roles) It is supposed to work with Swimlane roles as well and we will fix it in PS.
  Please let me know if you would like the sample code.

• How to determine which cell the user has just left?

  I want to check the contents of a JTable cell just after the user has left that cell.
  What is the most reliable way to determine which cell the user has just left?

  Hi,
  I use the cellRenderer for that... if the value is not correct, I call an editCellAt() method...
  JRG

• Roles/authorizations for user to Solman Diagnostics.

  We have a need to have non-administrator persons access our Sol Man
  Diags environment. We do not want them to access with j2ee_admin
  account.
  How / what roles or authorizations do I assign to restricted users so
  users cannot see the administration and setup tabs and not be able to
  turn traces on?

  The roles for the end users are mentioned in the standard SMD guide  pleas go thuroug it

• How to determine numebr of portal users?

  Hi experts,
  we are using sap portal for displaying contents from different application, and active directory is storage of user master data.
  my question is how can i find the number of users using SAP Portal ( login to sap portal ) ? i searched the users through portal user administrator  it gives me all users created in active directory that does not make sense because some user do not know about portal.
  another way i tried to run http://<server>:<port>/USMM this does not work either.
  so how can i determine number of users using SAP Portal?
  your any help would be highly appreciated?
  Regards;
  kumar

  Hi Arvind,
  If you want to find out the number of users which are actually defined in Portal, you can go to the User Administration tab and in Identity Management, Search Criteria as USER and select All DATA SOURCES, put a * in the column adjacent to it and click on GO.
  It may give you tht the size limit is exceeded but it also gives you the total number of search elements.
  I hope this helps.
  Regards,
  Sneha.

• How to determine which AD server User Profiles is pulling from?

  I have a User Profile set up, and can't recall specifying an AD server.
  I've been asked to run multiple UP incrementals during the day. The SharePoint and SQL server seem capable of handling it, but I forgot to check performance of the AD server(s) during the nighly incremental.
  How would I determine which AD server is being used, so I can test CPU and memory?
  Thanks,
  Scott

  Go to:
  C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe
  On the Operations tab, if you look at any of the operations, there is a Connection Status box in the middle right. This contains the DC that it has connected to.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• How to determine the logged in user - BI Publisher

  Hi,
  I am building a SQL based BI Publisher report. I am using BI Publisher integrated with the E-Business Suite so all ebiz users can log in to BI Publisher
  I have a requirement that my parameter LOV query is to be restricted based on the BI publisher logged in user. I have the necessary select statement which just requires the logged in user to be supplied. But I don't know if there is any standard BI variables which I can use in my SQL Query
  Thanks
  Shasik
  Edited by: Shasik on Sep 14, 2008 1:04 AM

  Hi Shashi,
  http://winrichman.blogspot.com/2008/09/how-to-get-logged-in-obiee.html
  Use the available XDO session variables like :xdo_user_name
  Select :xdo_user_name from dual wil fetch you , the Logged in USER :)

• How to determine that the Mapped User Id has the active r/3 account?

  Hi Experts,
  I have a requirement to determine the whether the mapped user ID in portal has active  or inactive user account in R/3.
  For example:
  We have implemented SSO between WAS & backed R/3. Now the user has the active poratl account but the R/3 account is inactive or locked due to some reason. Now in this situation when user logs in and hit the application then the screen display's the 500 internal server error which is not understood by the client. The requirement is to display the custom message instead of 500 internal server error inorder to direct the user that his account is inactive or locked in R/3.
  I have to handle this within the WDinit method of the Componenet controller which will stop the processing if incase the above is true and display the appropiate Error Message.
  Hope I am clear in statement above.
  Looking for your prompt reply.
  Thanks
  Shobhit Taggar

  Hi
  import com.sap.security.api.IUserAccount;
  See this link
  http://www.sdn.sap.com/irj/scn/index;jsessionid=(J2EE3417300)ID1438221150DB00601362742208939333End?rid=/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19&overridelayout=true
  Kind Regards,
  Mukesh.

• HRPAD00INFTY - How to determine what action the user took (IN_UPDATE)

  Greetings, Experts.
  I've been asked to modify an existing BAdI for infotype 0167. The existing code is in method IN_UPDATE.  FYI, we have to use this method (as opposed to, say, AFTER_INPUT) since we have to make sure the user completed the operation as we're modifying data in another infotype based on their action.
  As such, the  logic depends on what the user is doing, i.e., inserting, updating, delimiting or deleting a record. I was testing different scenarios in PA30 to see what the value of IPSPAR-ACTIO would be and got some puzzling results.
  For example, I used the Edit->Copy feature in PA30 to copy and then delimit an existing record and was expecting an ACTIO of "LIS9" (Delimit) but it was "MOD". Similarly, I used the trashcan to remove an existing record and got a "MOD" operation. Finally, I deleted another record the same way (trashcan icon) and this time it was "LIS1" which I found stupefying since that's not even a valid value according to the DDIC for data element ACTIO.
  I can't seem to get a consistent way to determine what the user is doing. What is the best practice?
  Thanks.

  Hi Steve,
  You can  try with IPSYST-IOPER Parameter Which is Showing the Right Values .
  Regards,
  Kishore.S

• How to determine IP Address of user filling out form

  I have an online form and one of the requirements is to show (and then submit) the ip address of the user filling out the form. How can I find out this information?

  String ipAddress = request.getRemoteAddr();
  Michael

• Authorization for User Creation for Admin user

  Dear All,
  We have Cronacle 6.0.2.
  We have a requirement where in we want to create an admin user with all access to Redwood (in order to avoid using SYSJCS). We have and created an admin role with which our criteria is almost met. After assigning this admin role to our newly created admin user, everything work except user & role authorization. I am not able to create, delete or alter any user or role with this user.
  I have seen that we have the oracle system privileges related to user and role authorization (create user, alter role, etc), but when we are trying to assign the same to the admin user, its not allowing us to do so. We have tried the assignment using sysjcs from both RWE and from the shell using the SYJCS, RSI users.
  How can I achieve this? with which user?
  Any pointers on this would be highly appreciated.
  Thanks in advance for your help.
  Warm Regards
  Rajeet

  Hi Rajeet,
  This is because SYSJCS has the privileges to create users and roles in the database, but not the right to actually give out these privileges to other users.
  For that, you need a user with the DBA role in the database, or with the "create user" and "create role" privileges "with admin option". A user with the admin option on a privilege can hand out this privilege to other users.
  If you don't have any own users with these privileges yet, the SYSTEM user will work as well.
  Regards,
  Anton.

• SAP BW Roles for CPIC user to use in Univ Connection

  Hello All,
  I am working on BO XI 3.1 and SAP BW 7.0. At present we are using personal logon credentials in the Universe creation wizard to connect to SAP BW. Instead we would like to create a CPIC user and use that user to connect to SAP BW.
  I am wondering what are the roles/authorization this user should assigned.
  I greatly appreciate your input.
  Thanks

  Ingo,
  Thanks for the reply. I went the through "SAP Integration Kit Installation" document.
  It has details on SAP Single Sign-On and required authentication details. At this moment we are not ready for that.
  As I mentioned in the email, we are using the BW developer logon credentials in the Universe Connection Wizard to SAP BW. We would like to get away from that by creating general user in SAP BW specifically for the purpose of BOBJ reporting.
  And we just do not want to copy SAP BW developer role to the generic user instead we would like to assign only the required roles. I am not sure what are the minumum roles required for this user.
  It would be great if you can share any information related to that.
  Thanks

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• How to get the type of user role in ISF?

  We have functionality to hide all the buttons on Monitor task, which was successfully achieved by javascript. But we need to enable these buttons for only Site Administrators, so that they only can do necessary modifications upon request from end users. Can someone point me to correct direction how to get the user role when a user is not a Site Administrator. Thanks in advance.

  What about having your custom ISF onload script first run a db query (on older version called a rcFetch) which would evaluate if the person loading form is a member of the site admin ou.
  Here's a rough example:
  ISF_onLoad()
   rcFetch('Q1','Q1PL=' + UserID);
  This will then run a query to validate if the person is a member of the admin ou.
  SELECT * FROM DirOrganizationUnitPeople WHERE PersonID = #P1# AND OrganizationalUnitID = 1 (this should be the id of the site admin ou or the ou which you are referring to as an admin)
  then have a call back to determine if any records where return, which indicate the person is a member of the site admin ou.  
  function Q81_DataCallback(retArray, queryList)
  if (retArray['Q8500._COUNT_'] == 1)
   {  *Show the fields*  }
  Hope this helps.

• Assigning different authorizations inside a role to different users

  Hello,
  Could someone please guide me to how can we assign different authorizations (authorizations field values) for an authorization object inside a role to different users; i.e. in the role maintenance transaction (pfcg) after we create a new role and add an authorization object to it, if this authorization object has several authorizations (authorization field values), and if I need to add two users to that role, how can I assign to one user an authorization different from that assigned to the other user ?
  Thank you in advance.
  Best regards.
  Reda Khalifa
  IT Department - Almansour Automotive Group - Egypt

  Hi Reda,
  That documentation complicates the subject slightly as it is talking about principles that are at a lower level than the usual role level.
  We have 1 authorisation object - S_TRVL_BKS
  Authorisations have been created for this object, called S_TRVL_CUS1 and S_TRVL_CUS2
  In this context, an authorisation is an instance of an authorisation object that has been populated with data.
  Before the profile generator you used to create authorisations (auth objects populated with data) and assign them to profiles which are then assigned to users.
  In this example 2 profiles would be needed
  Profile1: S_TRVL_CUS1 and S_TRVL_CUS2
  Profile2: S_TRVL_CUS2
  Miller would be assigned profile1, Meyers would be assigned profile2
  The profile generator allows us to easily build authorisations and profiles and packages them up in a role.  This way, we can assign transactions and authorisation objects into a role, populate the authorisations (which is what we do in the authorisations tab in the role) and automatically create the profile.
  The example in the documentation is still valid because it requires 2 seperate authorisations (and therefore profiles and roles) to be assigned to different people.  Unfortunately this is not explained very well in the documentation.
  I hope that makes sense, roles are static and the permissions that they give do not vary dynamically.   In BW we can use variables to do something similar and to some extent structural authorisations in HR work dynamically however this doesn't apply to R/3 or ECC.  (it can be done in come cases but costs many, many £££/$$$'s)
  Please let me know if you want me to elaborate further on this
  Cheers
  Alex