IP Address determination based Portal Roles Access
Dear Experts,
Current Scenario - SAP Portal is accessible directly and via Citrix (VPN).
Based on the URL alias - we have implemented Desktop Filtering.
eg if the URL ends with / internet - You get restricted roles
eg if the URL ends with / intranet - You get wider roles
In Production, we also have Netscaler Reverse Proxy and HTTPs settings in place for External (outside firewall) access.
New Requirement (Example) - Based on the IP address of the client, determine which subnet it falls under and based on that -
If used within Citrix - Provide certain roles
If not used within Citrix - Restricted access / Redirect to a different URL on the redirect server.
Questions - With the current desktop filtering in place based on URL determination and no specific restriction for inside/outside Citrix access -
I believe tweaking SAP Portal Logon logic can get very painful and overtly complicated for such scenarios.
Please suggest which would be a good way to crack this? eg using admin settings at these levels - eg Citrix, Network OS Exit, Reverse Proxy etc based on Best Practise ?
Thanks for your inputs ~ Dhanz
Hi Dhanz,
You are right, it's a complicated scenario.
Unfortunately I am not expert on Citrix, Network OS Exit, Reverse Proxy, etc. But I have discussed this issue with web dispatcher expert colleagues and I believe you can use the IP address as distinguishing criterion / mapping table. Please see the documentation below:
http://help.sap.com/saphelp_nw04/helpdata/en/de/89023c59698908e10000000a11402f/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/24/62c6bacba12442a869a599149227ab/frameset.htm
I hope it helps,
Kind regards,
Lisandro Magnus
Similar Messages
-
HI,
How to access portal role in WD Application.
Actually I want to restrict some fields to be shown in application. So I want to design some portal role based on this. So If roles assigned to user can be accessible in our application than I can achieve the required functionality.Hi Haresh,
I think we both are in same ship. Even we do had a similar requirement. But we are gonna take care based on the backend roles(PFCG stuff). I dont think you can get the portal roles into WDA environment as the Portal Content(Roles) are entirely maintained in JAVA WAS.
Hope this helps.
Regards
<i><b>Raja Sekhar</b></i> -
Accessing portal roles in webdynpro for java
Hi,
Please let me know how to access portal roles in webdynpro for java.
Rgds,
PatanaHi ,
Please use this API to access the portal roles:
IRoleFactory fact=UMFactory.getRoleFactory();
Also see this code to get more information of role using code:
IRoleFactory rolef=UMFactory.getRoleFactory();
IRoleSearchFilter searchfilterrole= rolef.getRoleSearchFilter();
ISearchResult searchResult = rolef.searchRoles(searchfilterrole);
while(searchResult.hasNext())
String unq=(String) searchResult.next();
IRole role1=rolef.getRole(unq);
String roleName = role1.getDisplayName();
String roleID = role1.getUniqueID();
// Once you get the informationof role you can use it in your application as per your requirement.
Also please note that:
You should add "com.sap.security.api.jar" to your project`s java build path for getting the Portal Security API's.
I hope this solves the problem. Please revert back incase you need any further informationon this.
Thanks and Regards,
Pravesh -
Getting the Address Information based on the Partner Number & Partner Role
Hello,
I have a requirement where in I am populating the Address into a Custom Segment Z1E1ADRM1 where I am reading the Partner Data from E1ADRM1 Segment. It has the PARTNER_Q which contains the Partner Role (WE,AG,RE,RG etc...) and PARTNER_ID which contains the Partner Number. Now, using VBPA Table, I am populating the STREET4 and STREET5 manually by passing the Address Number got from VBPA Read.
Instead, is there any Function Module / BAPI which can be used to get the Address Number / Address Information based on the Partner Role and Partner Number as Input Parameters? Please Let me know.
Thanks and Regards,
Venkat Phani Prasad KonduriTry
/SPE/BUPA SPE Business Partners
/SPE/BP_STORE_ADDRESSES Business partners store addresses
BPAR_P_PARTNERS_WITH_ADDRESS
SD_ADDRESS_KEY_GET_FROM_VBPA
SD_ADDRESS_TYPE_GET
SD_PARTNER_ADDR_DIALOG_INTERN
VELO01_GET_PART_ADDR_FOR_VBELN get the partners and their address details
WS_LM_ADDRESS_READ
WS_LM_CONTACT_ADDRESS_DISPLAY
^Saquib -
How do I access the remote(requesting) clients IP address through the Portal API?
How can I access the remote(requesting) clients IP address through the Portal API?
On our 4.5 - IIS system, we can acces it using the Request.ServerVariables("Remote_Addr") in the ASP pages.
We are deploying 5.0 on Java Portal and would like to be able to do this through the Portal's API so I can call it in one of our custom login Activity space or control etc.
I have looked documentation for the HTTPServletRequest object. It seems like we should be able to access it through one of the methods getRemoteAddr if we can get a handle to HTTPServletRequest object through the Plumtree's framework.
I think the XPRequest object encapsulates the HTTPServletRequest but I didn't see getRemoteAddr method listed in the Javadocs.
Is there a way to access the client's IP address through the Plumtree's framework?
I need to do this so we know the location of the user and in our business case we have fixed IP adresss which let us identify which location is user accessign the system from. We can't do this through preferences or profile because we have to use generic userid for the specifc group of users.
Any help on this would be appreciated.
Thanks.
VanitaHi, Vanita. For now, you can use
stringsClientIP = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"].ToString();
Hope that helps!
Sarah -
Web/UME Services to fetch list of Portal Roles??
Hi All,
Are there any out of the box Web or UME services available which can fetch list of Portal Roles based on certain criteria.
Basically I am looking for a service that will fetch list of all Portal Roles (PCD & UME) and will take couple of input parameters, a Role Name/ID & the permission property "Role Assigner"
Thanks
SandipThanks for your reply.
But I guess these forums shows how to retrieve roles & its sub-ordinates for a particular user. Where as I am trying to retrieve all PCD roles for which I have "Role Assigner" permission.
Basically I am building a delegated admin functionality on Portal using custom coding. It is the same as Portal out of box Del User Admin but I am not using it because of some other enhancements.
I will have many user admins and the roles they can assign to users are determined by the "Role Assigner" permission. So its like, User_Admin_RoleA has access to 5 Portal Roles, User_Admin_RoleB has access to some other 5 roles and so on.
So just wanted to know if there are standard Portal service (like we have for KM) available to do this.
Thanks
Sandip -
Storing Portal Roles in LDAP server
Hi,
I want to use an LDAP server for user authentication to my portal. The documents I got from help.sap.com says about keeping an LDAP server for storing normal user attributes and the portal db for storing roles. Is there any way to store thr portal roles also in the LDAP server and retreive them for authentication. Please help
Thanks,
RanjithHi Ranjith,
There is no way to store the roles in the LDAP. They are kept in the portal DB. Also, portal roles aren't used for authentication like roles are in R/3. They are used mainly for determining what a user can see in the portal.
The authentication in the portal is based on the user id and password. when you log on to the portal. You will be assigned a role(s) for what you can see in the portal. The actual authentication to application come from the back end systems. For example, even if you have a portal role that lets you have access to a transaction in R/3, if you don't have the back end authorization you won't be able to get at the data.
I hope this helps
John -
BEA User Broup based portal rendering in WLP 10.3
Hi,
We are connecting to an external LDAP system to get the user group informmation for the loggged in user and these user groups are already configured in portal admin.
How can I make sure for the logged in user with a valid user group, gets a portal with only those portlets that he can view?
Is there any API using which the portal is rendered as per user group privileges?
Thanks,
CAVisitor entitlements are used to restrict access to portal resources for portal users. Visitor entitlements are based on security roles. Security roles can be based on group membership.
See the docs at:
"Overview of Visitor Entitlements": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/portlets/portlet_org.html#wp1012363
"Security Guide": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/index.html
"Visitor Entitlements": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/intro.html#wp1020050
"Restricting Portal Visitor Access Using Entitlements": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/planning.html#wp1021317
"Creating Visitor Entitlement Roles": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/visitor_entitlemt.html#wp1057731
There are more that you will want to look at but if you start with these docs then you will find the links to the other stuff that you need to see.
Good luck. -
Customizing availability of Portal Roles/TABs (ESS)
Hello Portal Knowledgeable ones,
I am running EP 6.0 SP13.
We will be implementing many of the Standard HR ESS functions. We desire to purposefully limit the hours of the day when these capabilities are available to users--EVEN THOUGH THE PORTAL IS UP. As an example, viewing paystubs is available 24x7, whereas other update-type ESS functions (update absences) will not be available from 1am to 5am each day. We want to limit this access because our payroll processing occurs during this window, and we do not want updates to occur during it.
Here is my question:
For the standard ESS web dynpro portal functions, how do we implement a time-of-day switch such that access to certain iViews is prohibited.
The end user experience needs to be as follows:
If time is between 1am - 5am and user clicks on updating ESS item in the portal, the system displays an alternative iView indicating that the system is down for maintenance.
General advice would be welcome as well. It seems that the portal displays tabs/content solely based on your pre-assigned roles. How do you turn-off assigned portal roles dynamically?
Thank you for any insights!
KevinFound a solution. All users are assigned to groups. Groups are then linked to roles. To change content for user, update the group to role link using UMFactory inside a portal application.
-
Hi,
Can someone tell the context of the portal roles (PPM_admin, RPM_admin etc.) in Netweaver Business client. Suppose I want to restrict access to a user in NWBC what should be the procedure. For example I want to give a user only Portfolio Management role in NWBC, how will I achieve that in pfcg role. Currently the pfcg role SAP_BPR_PPM is assigned to all the users and hence all the users have the privileges of Project Management, Portfolio Management, REsource Management in the NWBC. For your information, I am using Netweaver Business client for HTML.
REgards,
SwamiHi Thorsten,
Thanks for the reply. Yes I got it. In the meanwhile I referred to the note 1405902. It talks about how to restrict certain tabs and features based on the roles. But they are all related to the portal roles. Could you please kindly let me know how to remove tabs and features when one uses Netweaver business client (for HTML) as the front end? I am opening another thread for this. -
No portal roles are assigned for this user.If this problem persists, contac
I am trying to access portal first time using j2ee_admin user. It is saying "No portal roles are assigned for this user.If this problem persists, contact your system administrator."
iam using abap+java enginee how config in abap enginne ,iwant which role to assign j2ee_admin user
i already asiigned sap_j2ee_admin,SAP_BC_JSF_COMMUNICATION,SAP_BC_JSF_COMMUNICATION_RO but it show same problem
please help me..
Edited by: Mugala Balu on Aug 7, 2010 5:53 PM
Edited by: Mugala Balu on Aug 8, 2010 7:48 AMBalu,
Well this issue has been discussed many a times in forums. You would have to point your data source to ABAP system.
Check this thread in [here|J2EE Failed to start , after changing UME datasource;.
Good Luck!
Sandeep Tudumu -
How to setup the security based on roles in Organization.
Hi,
How to setup the security based on roles in Organization.
For example:Few users are Manager and a few user are Non Manager .Manager should have access to all work data including Non Manager and Non Manager should access based role.How to setup this? How OBI server identify the user role?
kindly let me know.
Regards.,
CHRHi,
You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
Hope this will solve your problem.
Regards
MuRam -
J2EE roles vs Portal roles vs ABAP roles
(I also posted this on portal implementation, but i hope i receive more reactions here )
Dear all,
I have a question about the information on the following link:
http://help.sap.com/saphelp_nw2004s/helpdata/en/4c/6c0f40763f1e07e10000000a1550b0/content.htm
It says the following:
"These functions are intended to assign users and their assigned portal roles a corresponding role in the SAP System. This corresponding role (authorization role) contains the authorizations needed to execute certain functions from the portal."
1. These "...certain functions..." they talk about, can someome give an example of these functions?
2. Is it possible for example to create a role in the portal that gives a user authorisation for starting transaction SE80 in the backend system? Without making the role in the backend first and uploading it to the portal.
3. It's also possible to upload ABAP roles to the portal. Is the main reason for this that users can see their SAP menu (or part of it) in the portal? Or does this have other advantages too?
4. I'm very confused about the relation between J2EE roles, portal roles and ABAP roles. Is it possible to manage the roles for a user in one place, without having to do certain actions in the portal AND the backend system?
From what I've read on help.sap.com, you always need to do certain actions in both places.
A possible approach is the following (from what i know): Creation of roles in the R/3 system, without assigning to users. From a webdynpro application, a user can then be created and roles can be assigned: portal roles (via some API) and R/3 roles (via BAPIs).
I hope someone can give a bit information on this issue. I've done alot of reading on help.sap.com, but it's still an abstract issue for me.
Kind regards,
JorenHi Jorem
Re: point 3. I don't build portal roles through this mechanism as I don't believe in replicating the SAP easy access menu inside the portal. If there are some specific functions (transactions) that I want to run inside the portal, then I might use this mechanism to build the iViews once. I would rather start an iView that runs transaction SMEN and let the user see their regular easy access menu.
Please note that the speed of executing transactions in the portal isn't a function of the portal, but the fact that you are using ITS, for example, to web enable the transaction...
Re: point 4. Groups are a UME concept. They have nothign to do with ABAP groups. They can be created directly in UME through user administration functions, or they can be created in the LDAP and then they are visible in the portal. If the UME points to an ABAP system, then the ABAP roles are autoamtcially visible as UME groups. Groups created in the UME need to have the members assigned through user admin functions of the Java engine. Groups stored in LDAP are maintained using LDAP admin tools. There are upload utilities that allow you to maintain LDAP users and groups through text files. Google LDIF for more details.
Roles on the portal need to be built in the portal contetn directory. As Michael mentioned, this can be automated by the use of the role upload function built into the portal. -
Revenue Account Determination based on Sales Order Document Type & Service Order Type
Hi Expert,
I have Customer Service Module with Resource Related Billing for services attached with SD.
When DP90 runs sales document debit memo request is created & then debt memo is created.
I need to configure Revenue Account Determination based on Sales Order Type and also based on Service Order Type.
I did not see any field catalogue in revenue account determination for order type, For communication structure KOMKCV Header and KOMPCV Item level there is no field for sales order type nor service order type.
Is it possible to bring in both order types? Can ABAP person do it?
How to bring these fields?
Is it possible & recommendd to have service order type filed AURAT for service order into this sturcture?
Is this configuration is OK acceptable by SAP? If so is there any chnace for issues errors & wrong determination from FI CO view?
Your valued input is highly appreciated.
Thanks
Prakash ParikhHi Prakash,
Yes, you can certainly add new table fields into the field catalog KOMKCV and KOMPCV and use it during account determination. You will also have to add these new fields in the user exit RV60AFZZ for it to work. I believe you will need ABAPer's help to make this work. The abaper will have to crate a ZZFIELD (ZZAUART for example) and put it in the structure and use the same in the user exit to pass the values.
In your case, what I am not sure is, are you looking to modify the existing standard tables or creating new ones. My suggestion is to create the new condition tables with these new fields (like document type) after adding it to the field catalog. Only modify the access sequence (KOFI) in such a way that your new tables are access first before it goes into standard tables (or you can adjust it according to your scenario.
We have done it in our company and it is working fine. Basically what we have done is to create new tables instead of modifying the standard ones. We have adjusted the access sequence in such a way that some of our custom tables are accessed first before the standard SAP tables (C001 to C005).
I found a similar requirement on SCN. This might help.
Adding New Field in Account Determination
Hope this helps.
Regards,
Mukund S -
Add tab in Portal to access SAP BW system
Hello All,
Currently, we have SAP ECC tab available in the Portal to access the ECC system directly with a single sign on.
Similarly, we want to add a tab to access SAP BW system wherein user can login to BW system to execute a process chain..
Please advice me with the development required for the same.
Thanks & Regards
SnehaHi Sneha,
Please follow the below steps.
1) Create a system object to BW system and get the single sign on done and test the connections are fine(BASIS TEAM)
2) Create a Portal Role called BW Extractor
3) Create a standard transaction iview to rspc to BW system, and make the entry point on iview to true
4) Add the iview to the Portal Role
5) Add the Portal Role to user or user group.
Please let me know how it goes !
Regards,
Vivek Nidhi
Maybe you are looking for
-
i have iphone 4 ios 5.0.1 and i want to restore it to ios 6.1.2 not to 7.0.2 does it works?
-
I HAVE A TOUCH 4.3. MY COMPUTER DIED AND NOW HAVE A NEW LAP TOP. I HAD SYNCED PHOTOS FROM THE COMPUTER TO THE TOUCH THAT APPEAR IN FOLDERS. THEY WERE NOT ORIGINALLY TAKEN WITH THE TOUCH. NOW HAVE A NEW COMPUTER AND WANT TO GET THESE PHOTOS FROM THE I
-
hi all im new to 11g, been working with 10g for the past 4 years. just finished the install and and everything looks good. open up the admin tool, and open the repository and its asking me for a repository password to coreapplication_OH1406836271 wha
-
Billing pages changed to be much less functional
1. Someone changed me from itemised billing without asking permission. Why? I need itemised billing to do my work expenses and tax. I've had itemised billing for several years, why suddenly has it been removed without my consent? 2. To make matters w
-
Adding elements to a node: cannot bind or add element
Hallo, I want add emenents of my phases and subphases to a table, but I get this exception: ContextException: Node(RoadMapVIew.phase_subphase_table): cannot bind or add element, because it is already bound to a node The code is the following: int pha