How to map CRM roles to EP roles

Similar Messages

• Is there a way to automatically map CRM Roles to Portal Roles

  <b>Scenario:</b>
  When a new user registers on our portal he is assigned a CRM Role, however, he still needs to be assigned a Portal Role. Since we will have many users registering through our portal we do not want to assign roles to users manually. We want this to be an automated process, which requires almost no administration after the initial configuration.
  <b>Solution we are looking for:</b>
  Ideally we would like to do some configuration on the Portal side that would some how pull roles from CRM user store and map them on to appropriate Portal roles. In our case the reverse would also be ok as well, i.e. we do some configuration on the CRM side that would push the appropriate role to the Portal and do the Portal Role assignment.
  Does anyone know how to do this? I am very new to portals so a detailed explanation would be very helpful.
  Thanks for all the help!
  Muhammad Osman Yousuf

  No, the portal role will not be the same for the same CRM Role.
  So for example...
  On the CRM side we have CRM_ROLE_A, CRM_ROLE_B, and CRM_ROLE_C and on the Portal sider we have PORTAL_ROLE_A and PORTAL_ROLE_B.
  All mappings given are possible...
  CRM_ROLE_A = PORTAL_ROLE_A
  CRM_ROLE_B = PORTAL_ROLE_A and PORTAL_ROLE_B
  CRM_ROLE_C = PORTAL_ROLE_B
  The solution you mentioned, will it work with the above mappings?
  Thanks for all the help!
  Muhammad Osman Yousuf

• How to map Application Roles to Enterprise Roles

  Hello,
  i am having a problem with mapping Application Roles (from ADF Security) to the corresponding Enterprise Roles. I have already seen that it is possible with a tool called Enterprise Manager, but what if i do not have it??
  Can i map the roles in WebLogic Server itself? I have searched for such ability and did not found it. Also have not seen any tutorial on the internet. Someone help me pls.
  The version i am using is 12.1.2.0.0.

  Application roles and permissions defined within WebCenter Portal are stored in its policy store and, consequently, apply to the WebCenter Portal application only.
  Application Roles : Application roles control the level of access a user has to information and services in WebCenter Spaces. Specifically, application roles determine what a user can see and do in their personal space.
  Application Permissions : Again every application role has specific, defined capabilities known as permissions. These permissions allow individuals to perform specific actions in their personal Portal.
  Enterprise roles are different. Enterprise roles are stored within the application's identity store and do not imply any permissions within WebCenter Portal.
  2. How and where do we create these 5 Application Roles in WC 11.1.1.8 version ?
  You can create an application role from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> Roles -> Create Role
  See : Managing Security Across Portals for more info :
  http://docs.oracle.com/cd/E29542_01/webcenter.1111/e27738/wcadm_ps_security.htm#WCADM398
  3. Last, where and how do we MAP these Application Roles TO Enterprise Roles in 11.1.1.8 version ?
  First, You can grant privileges to a specified group (say sales group) of users by granting Enterprise Roles in Enterprise LDAP.
  Next, Create custom application roles (say Contributor, Moderator, UIDesigner, Application Specialist, etc) and assign the appropriate permissions as explained above.
  Then, You can assign one or more Application Roles to a specified group (say sales group) from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> users & Groups
  I hope it helps.

• How to map CRM BP relationship and R/3 customer partner funnction

  Hello !
  Please, I need the following actions:
  1) during BP initial download from R/3 to CRM, a specific partner function should be mapped by a CRM relationship (Example: in R/3 master data, customer X is the Payer of customer Y. I'd like this partner function "Payer" should be mapped by BP relationship "Payer" in CRM);
  2) a particular relationship between BPs in CRM should be mapped by  the corresponding R/3 partner function during upload from CRM to R/3.
  Please, can anyone help me ?
  Thank you.
  Kind regards.
  Elena

  Hi, Venkat.
  Thank you for your answer, but the question is: is it possible to define the correspondece between R/3 partner function and CRM relationship ? I know transaction PIDE: it allows to map R/3 accont group and CRM roles.
  Thank you very much.
  Bye.
  Elena

• How Does The security-role Mapping Work?

            I am studying the security part of the deployment descriptor. I am confused about
            how the mapping works.
            Suppose we have
            <security-role>
            <role-name>manager</role-name>
            </security-role>
            and
            <security-role-ref>
            <role-name>FOO</role-name>
            <role-link>manager</role-link>
            </security-role-ref>
            My first question is when a client of the servlet supplies a name for authentication,
            the name supplied should be FOO or can be, say, John Smith?
            Then, according to the Servlet Specification, a security role is a logical grouping
            of users defined by the Application Developer
            or Assembler. When the application is deployed, roles are mapped by a Deployer
            to principals or groups in the runtime environment.
            My second question is how deployer maps the role, say, manager, to principals
            or groups in the runtime environment?
            Thanks in advance.
            

            Thanks a lot, Udit.
            "Udit Singh" <[email protected]> wrote:
            >
            >Hello,
            >The role-name is mapped to principals or gruops based on the security-role-assignment
            >entrires in weblogic.xml. Let us say you have a role-name FOO and you
            >want to
            >assing this role to users John and Mark. You need to make this entry
            >in weblogic.xml-
            ><security_role_assignment>
            > <role-name>FOO</role-name>
            > <principal-name>John</principal-name>
            > <principal-name>Mark</principal-name>
            > </security_role_assignment>
            >
            >so now actually the user need to supply John or Mark as user name at
            >the time
            >of authentication . Hope it helps.
            >
            >Udit
            >
            >
            >"[email protected]" entrance wrote:
            >>
            >>I am studying the security part of the deployment descriptor. I am confused
            >>about
            >>how the mapping works.
            >>Suppose we have
            >><security-role>
            >><role-name>manager</role-name>
            >></security-role>
            >>
            >>and
            >>
            >><security-role-ref>
            >><role-name>FOO</role-name>
            >><role-link>manager</role-link>
            >></security-role-ref>
            >>
            >>My first question is when a client of the servlet supplies a name for
            >>authentication,
            >>the name supplied should be FOO or can be, say, John Smith?
            >>
            >>Then, according to the Servlet Specification, a security role is a logical
            >>grouping
            >>of users defined by the Application Developer
            >>or Assembler. When the application is deployed, roles are mapped by
            >a
            >>Deployer
            >>to principals or groups in the runtime environment.
            >>
            >>My second question is how deployer maps the role, say, manager, to principals
            >>or groups in the runtime environment?
            >>
            >>Thanks in advance.
            >>
            >>
            >>
            >
            

• CRM 7.0 How to create Business role & generate

  Hi Team,
  Can you please let me know some breif idea about CRM 7.0 security guide.
  How to created Business role is this part of functional activity?
  Whats the role of Technical colleagues BASIS guys in CRM 7.0 security .
  Please help me to get some document regarding business role creation , generation , assignment & authorization checks in CRM 7.0.
  Thanks & Regards,
  Vyash Mishra

  Hello Viyash
  I will add the most important information for generation of business roles and assignment of authorizations to users.
  You must first create the PFCG roles. PFCG role is built based on the Business Role.
  Please see documentation in : SPRO
  SAP Implementation Guide =>  Customer Relationship Management
  UI Framework  > Business roles > Define Authorization Role
  Then the PFCG role can be assigned to the business role in 
  SAP Implementation Guide =>  Customer Relationship Management
  UI Framework  > Business roles > Define Business role
  Finally you must assign business roles to Organizations or positions in organizations in
  SAP Implementation Guide =>  Customer Relationship Management
  UI Framework  > Business roles > Define Organizational Assignment
  The users that are assigned to such organizations / positions will be therefore linked to the business role.
  With the previous steps the users will have the authorizations that are assigned to the PFCG profile that is linked to their business role.
  Business roles are the main way to configure authorizations for users in CRM but you have more options that give you flexibility.Each business role has assigned one PFCG role, but the relationship between business role and PFCG role is not strict. You can even assign a dummy PFCG role to a certain business role in business role customizing and then go to transaction PFCG and assign other PFCG role(s) to the users that are assigned to that business role.
  I would say that the previous tasks must be performed by the basis team but in cooperation with the functional team
  Best Regards
  Luis Rivera

• How to capture the role of the user logged in  CRM

  Hi
  How to capture the role of the user logged in  CRM so as to restrict the Account group selection ; While creating a sales Order .
  Can we deternine the profile in the related view .If so how , and what tables can we use to do so.

  hi,
  I think you should check CRM table AGR_USERS.
  Regards
  Michael

• How to map roles by using JAAS

  Dear all,
  i am implementing JAAS by using my own custom LoginModule, which will access to my database and get user login and password and do verification myself.
  and i know that i need to set the secruity roles, secruity constraint in web.xml, and i have set Login Configuration to Form-Based Authentication.
  here is part of my web.xml:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>LogonMain</web-resource-name>
  <url-pattern>*.do</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>manager</role-name>
  <role-name>sales</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>LogonMain.jsp</form-login-page>
  <form-error-page>LogonMain.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>manager</role-name>
  </security-role>
  <security-role>
  <role-name>sales</role-name>
  </security-role>
  <security-role>
  <role-name>staff</role-name>
  </security-role>
  here is my question, it seems that all data action in my pages are protected, and i dont know how to map a particular user to the role that i define in web.xml.
  so even though i logged in, i still cannot perform data action.
  could anyone nice to tell me what could i do in this case for custom login module which accessing the database to get user login and password ?
  i am appreicated your help !
  thanks
  Kenny

  Hi Matthew,
  so the mapping is defined in orion-application.xml , right ?
  i have something like this
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application runtime 1.2//EN" "http://xmlns.oracle.com/ias/dtds/orion-application.dtd">
  <orion-application>
  <web-module id="dbLoginModule" path="dbLoginModule.war"/>
  <library path="d:\oc4j904\jdbc\lib"/>
  <!-- mapping for DB Login Module -->
       <security-role-mapping name="manager">
            <user name="ITAH01" />
       </security-role-mapping>
  <jazn provider="XML">
  <property name="role.mapping.dynamic" value="true"/>
  </jazn>
  <log>
            <file path="application.log"/>
       </log>
  <data-sources path="./data-sources.xml"/>
       <namespace-access>
            <read-access>
                 <namespace-resource root="">
                      <security-role-mapping name="&lt;jndi-user-role>">
                           <group name="administrators"/>
                      </security-role-mapping>
                 </namespace-resource>
            </read-access>
            <write-access>
                 <namespace-resource root="">
                      <security-role-mapping name="&lt;jndi-user-role>">
                           <group name="administrators"/>
                      </security-role-mapping>
                 </namespace-resource>
            </write-access>
       </namespace-access>
  </orion-application>
  just wondering the library path should point to where ?
  <library path="d:\oc4j904\jdbc\lib"/> this is the default path

• How to map the bulk users with the required  roles in portal at one time

  Hi,
  Would anyone tell me how to map the bulk users with the required roles in portal at one time?

  Thanks for all the reply.
  <b>I need to assign 1 or 2 group to n((eg) 1000)number of users</b>
  I tried the first option like
  [group]
  gid=
  gdesc=
  user=
  Thr problem with this is I could n't put more no of users in the notepad.
  I would be able to put only 150 users in the single line of notepad. If it goes to next line it is not working.
  I tried creating seperate notepad but in Import it says "exists"
  I'm not sure about LDAP. Would anyone explain me the best approach to do this.

• How many standard business roles are there in CRM

  Hi Experts,
  I had a question in one of my exam.. please answer it
  question:- How many standard business roles are there in CRM?
  options were:- 2,3,4,5
  I think the options does not have the right answer , upto my knowledge it is more than 5. please help me with the appropriate answer
  Thanks
  Rahul Mathur

  Hi,
  There are approximately 40 standard business roles available in the latest version ehp3.
  As the version changes the business roles increases. Initially  there are only 3 std business roles..
  1.sales pro 2. marketing pro 3. service pro and along with IC Agent.
  Each BR above is loaded with huge no of transactions even though our aim is to for ex: create sales order...we use sales pro but all the sales related operations(transactions) are being loaded in to the system so along with the version improvements/releases SAP have divided each of these std BR as much as they can and thus the no of operations or transactions per BR is decreasing with each release....
  Thanks & Regards,
  Malleswar.

• Problem mapping LoginModule roles to ejb security roles

  I have "successfully" managed to implement the DBSystemLoginModule. When I run my application I successfully authenticate to the database, the login module successfully retrieves the users roles from the database and adds them to the subject:
  PassiveCallbackHandler cbh = new PassiveCallbackHandler(username, password);
  LoginContext lc = new LoginContext("current-workspace-app", cbh);
  lc.login();
  I then perform a lookup on a bean using the same user:
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, "oracle.j2ee.rmi.RMIInitialContextFactory");
  env.put("java.naming.security.principal",username);
  env.put("java.naming.security.credentials",password);
  env.put("java.naming.provider.url", "ormi://localhost:23891/current-workspace-app");
  Context ic = new InitialContext(env);
  final SessionEJBHome sessionEJBHome =
  (SessionEJBHome) PortableRemoteObject.narrow( ic.lookup( "SessionEJB" ), SessionEJBHome.class );
  Finally, I create an instance of the bean and call a method of this bean.
  SessionEJB sessionEJB;
  sessionEJB = sessionEJBHome.create( );
  sessionEJB.testMe( );
  I am expecting (hoping) that the roles retrieved from the database by the login module may be used to authenticate the ejb methods. i.e. if (in ejb-jar.xml) the method "testMe" has a method-permission with role-name of "ABC" then this method may only be accessed if the user is a member of the "ABC" role retrieved from the database by the login module. However I get the message:
  "username is not allowed to call this EJB method"
  When I add a security-role-mapping in orion-ejb-jar.xml mapping the role "ABC" to the group "ABC" (and impliesALL="true") then the method is called successfully. However, if I add a security-role-mapping mapping the role "DEF" to the group "DEF" (which the user is not a member of) the ejb method is (wrongly) called successfully (with implies all="false" the method always fails). In other words there seems to be no mapping of the roles retrieved by the login module to the ejb security roles.
  Can anyone please enlighten me on how I can achieve the mapping of the ejb security roles to the roles obtained from the login module.
  Thanks
  PS I have this problem with JDeveloper 10.1.3 (Developer Preview 10.1.3.0.2.223 and Early Access 10.1.3.0.3.3412)

  Hi Sebastian,
  yes, it is possible to do such mapping. And here how it works:
  1. define security roles in the ejb-jar.xml within the <security-role>. For example:
  <security-role>
       <role-name>test</role-name>
  </security-role>
  2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
  <security-permission>
     <security-role-map>
        <role-name>test</role-name>
        <server-role-name>myUMErole</server-role-name>
     </security-role-map>
  </security-permission>
  the myUMErole must be defined in the UME!
  Does this answer your question?

• Mapping UME Roles to J2EE Engine Security Roles

  Hi all,
  is there a way to map the roles defined in UME which are used in a Web Dynpro application to those declared as part of an EJB descriptor?
  Any help is highly appreciated.
  Regards,
  Sebastian

  Hi Sebastian,
  yes, it is possible to do such mapping. And here how it works:
  1. define security roles in the ejb-jar.xml within the <security-role>. For example:
  <security-role>
       <role-name>test</role-name>
  </security-role>
  2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
  <security-permission>
     <security-role-map>
        <role-name>test</role-name>
        <server-role-name>myUMErole</server-role-name>
     </security-role-map>
  </security-permission>
  the myUMErole must be defined in the UME!
  Does this answer your question?

• Mapping security roles to other roles

  I found the security newsgroup and posted the question there under the same topic. Kindly respond there.
  Message was edited by:
  jheinone

  Hi Sebastian,
  yes, it is possible to do such mapping. And here how it works:
  1. define security roles in the ejb-jar.xml within the <security-role>. For example:
  <security-role>
       <role-name>test</role-name>
  </security-role>
  2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
  <security-permission>
     <security-role-map>
        <role-name>test</role-name>
        <server-role-name>myUMErole</server-role-name>
     </security-role-map>
  </security-permission>
  the myUMErole must be defined in the UME!
  Does this answer your question?

• How to create a role in EP

  Hi All,
  I am new to EP, Please let me know how to create a role in EP and how to map ABAP based roles to EP.
  Thanks a million

  Hi Ayub,
  I would suggest that you check out the Documentation at:
  <a href="http://help.sap.com/saphelp_nw04/helpdata/en/4f/bceaffeb8c114ebef8255b63079c7c/frameset.htm">Roles and Worksets</a>.
  I found this by searching for "create role portal" in the SDN Search.
  Regards
  Gregor

• How to creating a role configuration key, nd how to assigning it to our bus

  how to creating a role configuration key, nd how to assigning it to our business role?
  advance thanks..

  Hello Suri,
  To create the Role Key
  In the SPRO CRM - UI Framework - Technical Role Definition - Define Role Configuration Key
  Then to assign the Business Role in the
  In the SPRO CRM - UI Framework - Business Roles - Define Business Role
  The field  for the Role Key is Config Key
  Regards.