How to restrict instance in swimlane to initiating User only?

Hi,
In my process, using BPM 11.1.1.6, there are two swimlanes. The first swimlane (SUBMITTER) allows a user to instantiate an instance, and after some service tasks, the user moves to the next human task, in the same lane. On submission, the instance moves to the second (APPROVER) swimlane. However, if the submitter has not yet submitted the second human task (say he just saves it) then ALL other SUBMITTERS in the same SUBMIITER lane, can see his data! Apparently, this is because the instance is given the SUBMITTER Role, and not assigned to the instantiating person.
How can we restrict the instance to be assigned or restricted ONLY to the instantiating user (during its life in the SUBMITTER Lane), so that other submitters cannot see his instance?
Any help is appreciated.
Thanks!
ps: We are instantiating the task via APIs, so we have flexibility to make an API call if we can know which API call will fix this. Thx.

One thing you'd want to double check before continuing is to see how the predefined variable "creator" is set coming into the human task is set (not sure what this is set to when the API is used).
Assuming the "creator" (or some other string variable) is set to your initiator's userid, here are the steps to assign this person to the task in a subsequent human task.
1. Open the human task.
2. Click the "Assignment" tab.
3. Click the icon with the person in it -> click the "Edit" icon.
4. In the dropdown, select "Names and Expressions" -> make sure that the "Value-based" radio button is selected -> click the + icon on the right -> under "Identification Type" select "User" -> under "Data Type" select "By Expression" -> under "Value" click the "..." button.
5. Expand the "task" -> scroll down and select "task:creator" (or whatever string variable you have set to the userid of the person who created it in the API) -> click "Insert Into Expression" -> click "OK" -> "OK"
Hope this helps,
Dan

Similar Messages

  • How to restrict multiple log-ins by same user in SAP BO 4.0

    Hi ,
    Facing licence issue Due to subjected  error  .
    How to restrict multiple log-ins by same user in SAP BO 4.0
    Thanks in advance .

    Then I would say it is not possible:  Restrict multiple login in SAP Business Objects 4.0 SP6 for single user
    multiple login disable in BO | SCN

  • How to restrict data in reports for different users...

    i created a monthly_sales report on XYZ_SALES_FACT table
    i have to give restriction on reports based on the users.
    i.e. user_1 will access only NORTH region sales info on monthly_sales report
    user_2 will access only SOUTH region sales info on monthly_sales report etc.
    Note: my client is not agreeing to create multiple reports based on the user/region.
    how i have to give user restriction on report based on the users?

    Hi,
    You can create a VPD policy and then create a login trigger and pass SSO client_indentifier or database session_user (use if/then/else to protect both)
    You can check here for the VPD/login trigger.
    Disco Config Guide
    http://download.oracle.com/docs/html/B13918_03/security2.htm#sthref1002
    OTN articles
    http://www.oracle.com/technology/obe/10gr2_db_vmware/security/vpd/vpd.htm
    http://www.oracle.com/technology/oramag/oracle/04-mar/o24tech_security.html
    You can also use secure views, mandatory conditions in the EUL, etc.
    Some other related forums entries:
    Re: Using VPD with Oracle Discoverer without SSO
    Re: Restrict Data for a user without VPD
    May want to search, likely many others on the subject.
    Should give you a good place to start.
    Regards,
    Steve.

  • SHD0 transaction-how to restrict the variant transaction to specified users

    I have created a variant transaction for MM02 wherein am disabling a field .I want this field to be disabled only for certain users.The variant transaction which I created affects all users.So,for everyone the field is grayed out.How to restrict this for specified users???

    Hello,
    Try to look an exit for that transaction, either user exit or badi, then try to disable the field doing a LOOP AT SCREEN, but first you should have the restricted users in a Z table, or by cheking the profiles for each user..
    Another way to do it is trying to do it the profiles customization, maybe you can do it that way.
    Cheers!!
    Dont forget to reward.
    Gabriel P.

  • How to restrict Intercompany Invoice getting generated for receive only trn

    Hi All,
    I have a businesss scenario, where there are two operating units (A and B) Intercompany shipping relationship is set between these two OU's
    Operating Unit: A and Inventory Org: ZZ
    Operating Unit: B and Inventory Org: DEF
    1. If I have Sales order from A and shipped from B OU Inv org(DEF Inv org) , IC AR and IC AP gets generated and also End customer Invoice in A OU gets create
    assume the above order was for 10 Qty shipment
    at Inventory Logical transactions will be created in ZZ Inv org for 10 Qty shipment
    now if the customer comes backs and says you have shipped 12 Qty and returns the 2 Qty, here we dont send any credit Invoice to customer so RMA Order line type is Receive only when you raise RMA order in OU A aganist DEF Inv org (OU B) and you receive the goods in DEF, system creates logical transactions in ZZ inv org which is in OU A and forcing to create IC AR and IC AP in both the OU's, how to restrict the same
    Ideally its extra shipment done from DEF ware house and they are receiving back
    Thanks in advance
    Regards
    Krishna

    Hi All,
    I have a businesss scenario, where there are two operating units (A and B) Intercompany shipping relationship is set between these two OU's
    Operating Unit: A and Inventory Org: ZZ
    Operating Unit: B and Inventory Org: DEF
    1. If I have Sales order from A and shipped from B OU Inv org(DEF Inv org) , IC AR and IC AP gets generated and also End customer Invoice in A OU gets create
    assume the above order was for 10 Qty shipment
    at Inventory Logical transactions will be created in ZZ Inv org for 10 Qty shipment
    now if the customer comes backs and says you have shipped 12 Qty and returns the 2 Qty, here we dont send any credit Invoice to customer so RMA Order line type is Receive only when you raise RMA order in OU A aganist DEF Inv org (OU B) and you receive the goods in DEF, system creates logical transactions in ZZ inv org which is in OU A and forcing to create IC AR and IC AP in both the OU's, how to restrict the same
    Ideally its extra shipment done from DEF ware house and they are receiving back
    Thanks in advance
    Regards
    Krishna

  • How  to Restrict G/L Accounts for One  User

    Hi All,
    I have to restrict the G/L Account when doing FI Postings  for  some particular Users ...
    Ex 100000 Is G/L to be Posted In  XXXX Plant.
         100001 Is G/L to be Posted in  YYYY  Plant 
    I have to give an Authorization  to User in XXXX Plant  to Post only  in 100000 G/L .
    Plz Suggest me at which level I can restrict the Postings ..
    Regards,
    Sriram.

    How about flagging the accounts as "Automatically posted only" and then let customizing take care of the ability to post to the accounts (automatic account determination)?
    That is, if that works for these specific accounts.
    Cheers,
    Julius

  • How to restrict the all access ? Single user mode....

    I am doing export/import of schema objects from Windows to Oracle. How to make sure when I do the export in the migration database no one else is modifying the data. Is there any single user mode so that I can be sure of only one connection while exporting?
    Oracle 10g R2 on Windows Server.
    Thank you,
    Smith

    Perhaps you are not familiar with the concept of multi-version read consistency.
    No one can see that which is not committed and reads can never be blocked.
    If you want a system where no one can see things kill their sessions and do a STARTUP RESTRICT.

  • How to restrict the attribute values for the user in query designer

    Hi All,
    I have a requirment where certain user would see certain vailes in the query desiner of the attribute.
    The requirment is we have planing material which is attribute of material
    When X user want to restrict the  values for planning material ,where he is able to see all the planning material.But who is not authorized for all the value.
    Ex: X user has authorization for see planning material 100,101,102. of material But when he try to restrict the planning material in query designer where is getting all values of planing material.
    Or
    is there way to blank the restriction help.so that he can't able to see values while restricting
    Please some one can advise me on it..

    Hi,
    Let me sum up:
    you have an object ZPLNMAT for the planning material
    you have the object 0MATERIAL for material and this object has ZPLNMAT as attribute.
    If you can restrict in the query designer, I suppose this attribute is then as navigationnal and also added in the multi-provider.
    The object ZPLNMAT is checked as relevant for authorization, and you set up a role with the attached values of ZPLNMAT this user should have access to.
    Are you sure the users are restricting on the ZPLNMAT object and not 0MATERIAL, because you should have everything now
    PY

  • How to restrict access to views for some users in the app?

    Hi SDN!
    I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2  pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
    What I've done:
    1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
    2) in the portal I create iView for this form but don't embedd in any page.
    When I try to call my form from list data (that is one iView from another) I get exception:
    <b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
    Is there a way to get needed functional?
    Thanks,
    Lev

    Hi,
    do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
    If so, you could create your own roles on the app server:
    You need to create a new class that extends NamePermission like:
    import com.sap.security.api.permissions.NamePermission;
    public class ApplicationAccessPermission extends NamePermission {
               * @param name
              public ApplicationAccessPermission(String name) {
                   super(name);
               * @param name
               * @param action
              public ApplicationAccessPermission(String name, String action) {
                   super(name, action);
    Also, you have to create an Action.XML file that looks like this:
    <BUSINESSSERVICE
         NAME="com.vendor.administration">
         <DESCRIPTION
              LOCALE="en"
              VALUE="actions view usage"/>
         <ACTION
              NAME="View Permission">
              <DESCRIPTION
                   LOCALE="en"
                   VALUE="Show view"
                   />
              <PERMISSION
                   CLASS="com.vendor.utilities.ApplicationAccessPermission"
                   NAME="ShowView"
                   />
         </ACTION>
    </BUSINESSSERVICE>
    If you have created these to files in your packages, you can access this function like:
    IUser user ;
    try {
              user = WDClientUser.getCurrentUser().getSAPUser();
              if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
                   wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
              }else{
                   wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
         }catch (WDUMException e1) {
              wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                    e1.printStacktrace();
    You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
    The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
    But, the exception you get is because you have embedded one view twice, which is not possible.
    Hope this helps.
    Regards,
    Dennis

  • How to restrict Create Authorization in Appraisals to Users?

    Dear HCM Experts:
    We are using BSP application hap_document for Business Event Appraisals.
    I have used documents_todo.htm for recording the Appraiser/ Particapant ratings.
    That is when user click on create button, system should not allow the user to create a new appraisal document.
    My Issue is:
    I donot want to give create Appraisal Authorization to User. I tried using Auth Objects: PLOG and P_HAP_DOC but nothings seems to be working.
    My requirement is to give only display and change authorization to Users in Appraisals.
    Please suggest if any wayout.
    regards,
    Srikanth Reddy

    Hi Lincoln:
    Yes, in the AUTH OBJ even if i give change activity, user is defaulted with create authorization as well.
    Possible option that triggered in my mind also is to modify the BSP Application. But i wanted to have the solution in the standard itself.
    Thats why i have raised OSS to SAP for solution, lets see.
    Thank you,
    Srikanth Reddy

  • How to restrict simultaneous log in of a user

    Hi Experts,
      I am facing one problem to implement the following scenario,
    The requirement is at a time one user can log in to the portal only once.Means after login if he tries to logging from another system it  will not allow him to do that and give one message that "you are already logged in".
    Please provide some solutions for that
    - Indranil

    Hi
    U can do it by using the property "login/disable_multi_gui_login "....
    Multiple Logon
    Parameter                                                                                Meaning
    login/disable_multi_gui_login                                                  Controls the deactivation of multiple dialog logons
                                                                                    Available as of SAP Basis 4.6
    login/multi_login_users                                                               List of excepted users (multiple logon)
                                                                                    Available as of SAP Basis 4.6
    related documents are.....
    1) http://help.sap.com/saphelp_nw70/helpdata/EN/a3/68c6385740b561e10000000a114084/frameset.htm
    2)http://help.sap.com/saphelp_nw70/helpdata/EN/22/41c43ac23cef2fe10000000a114084/frameset.htm
    regards'
    Pradeep

  • How to restrict External Drive access in other user accounts

    I just purchased an external HD and moved my iTunes and iPhoto libraries to it. No problem there.
    My Mac mini has four user accounts and I'd like to set the permissions on the external HD so that only I can write to it from my account. I'm attempting to do this through 'Get Info' on the external drive, then setting Sharing & Permissions to 'Read and Write' for myself and 'Read only' for the other three accounts. But it seems that when I set one of these it gets set for all four accounts.
    Am I doing something wrong trying to set the permissions this way, or, is there a better way to do it?
    Thanks,
    Andy

    I didn't realize you could set the privileges for other user accounts in the 'Get Info' box from my account. I added the names of the other three accounts and set them to 'Read Only' but I am still able to delete files from the drive when I'm logged into those accounts.
    What I'm trying to do is set it up so that either (1) they can't accidentally delete files from the external disk or (2) they can't even see the disk at all from those accounts. I would have thought that 'Read Only' would not allow them to delete files, but with the privilege set to 'Read Only' I'm still able to delete files from the disk.
    Maybe I'm missing a step? Or maybe there's another way to do it?
    Thanks,
    Andy

  • How to restrict outbound calls to some destinations nos. only??

    Hi,
    I am using cisco 3845 router as voice gateway and running voice serice over that using E1 which is connected to a EPBX.
    I am using only 3 dial-peers (2 for VoIP and other one is POTS). I have 20 sites with similar kind of setup and have 2 gatekeepers (primary-secondary) for their call routing.
    To make config simple I have used ".T" as destination pattern with session IP of Gatekeepers for dial-peer VoIP in each gateway.
    Now the demand of users of site "A" is that they don't want to talk site "B" and "D" because of their some security reasons.
    And since I am using gatekeeper and ".T" as destination-pattern I am not able to prevent site site A to call site B and D whose destination nos. are "89" and "950" respectively and I don't want to create 18 different voip dial-peers because with increase in sites in future we will have to update the nos. of dial-peers.
    Is there a any solution to that site A can call any site but B and D?
    Thanks
    Ashish

    Replied with link below even if this forum would be more appropriate.
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Video%20over%20IP&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddf47d3

  • How to restrict transaction PE03 (HR: Features)  to display only mode?

    We have a situation where a set of users need access to transaction PE03 to display HR Features. However they should not be changing any feature through it.
    The only auth objects that are checked for this transaction seem to be s_tcode and p_tcode. As both this objects are checked during transaction start, there does not seem to be any check for display/change access.
    Appreciate any inputs.....Thanks!

    > I was wondering if we could find an appropriate user exit and put in some custom code for checking the display/change access of the user. However, I am yet to find an exit to do this.
    Just had a quick glance at the program and couldn't find anything fast either... that could say more about my abap reading skills than the program structure
    I suggest you have an abaper look at it to see if it's easier to build a read-only copy of PE03 or create a report that delivers the same information. To find out if any user exit is available you could also give the HR forum a go.
    Jurjen

  • How to restrict changing password for user ?

    Hi All experts ,
    We have created users . Users should not change their password without permission of Administrator . How to restrict them by setting Permissions / Authorizations ? 
    Thanks.
    KISHORE SATPUTE

    Hi,
    In "USER MAINTENANCE- SU01" --> in the "logon tab" there are 5 different "user type"
    1. dialog
    2. system
    3. communication
    4. service
    5. reference
    Kindly mention the function and role of all the above mentioned user types specifically and hows is one user type different from another.
    These are as follows:-
    1. Dialogue:-
    For this kind of users:-
    GUI login is possible.
    Initial password and expiration of passowrd are checked.
    Multi GUI logins are checked.
    Usage:- These are used for GUI logins.
    2. System
    For this kind of users:-
    GUI login is not possible.
    Initial password and expiration of passowrd are not checked.
    Usage:- These are used for internal use in system like background jobs.
    3. Communication
    For this kind of users:-
    GUI login is not possible.
    Users are allowed to change password through some software in middle tier.
    Usage:- These are used for login to system through external systems like web application
    4. Service
    For this kind of users:-
    GUI login is possible.
    Initial password and expiration of passowrd are not checked.
    Multiple logins are allowed.
    Users are not allowed to change the password. Only admin can change the password
    Usage:- These are used for anonymous users. This type of users should be given minimum authorization.
    5. Reference
    For this kind of users:-
    GUI login is not ible.
    Initial password and expiration of passowrd are not checked.
    Usage:- These are special kind of users which are used to give authorization to other users.
    Rewads point if helpful
    Thanks
    Pankaj Kumar

Maybe you are looking for

  • Mail crashes on opening in OS 10.9.4

    Mail is currently unusable. Every time I open it it cashes with the error message below. I've installed the 10.9.4 combo update but that didn't work. It does the same thing in safe mode. Any ideas anyone? Process:         Mail [814] Path:           

  • Problems with RPM fans [SOLVED]

    Hello. I'm a Spanish user. I don't speak very well English, I'm sorry. My problem: PWMconfig don't detect modules: $ pwmconfig # pwmconfig revision 5630 (2009-01-29) This program will search your sensors for pulse width modulation (pwm) controls, and

  • How do I go back to the previous page if the app dosen't have a back button?

    In iOS we can go to the previous activity of an app by swiping from left to right of the screen. In FireFox OS is there any way to go to the previous page of an app?

  • Fatal Exception

    Hello, I am using Dreamweaver MX Windows, and in the past week I am getting an error that shuts me down when I: 1: try to change the name of a file from the Dreamweaver site panel (you know, the "geneology tree" thingie on the right side window. I'm

  • Sm59 SAPXPG_DBDEST_ sid failed

    Hi expert:     I meet a problem that the DB13 database job can not excute successfully.Our central instance and DB installed on two seperate server.I have searched some subject about this,and found the rfc connection SAPXPG_DBDEST_<SID> is related ,b