Layout and role assignment

Similar Messages

• Background job fails for BDC profile creation and role assignment

  Hi Experts,
  I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
  Below is the process of job
     1. ZMIS_AUTH_OBJECT_CREATE
         Variant : auth-create
     2. ZMIS_AUTH_ASSIGN_TO_ROLE
         Variant : auth-assign
  The problem is in second program, runs in foreground but fails in background.
  Code which i have written in my second program
  ***BDC for Profile creation and assignment to Roles
      CALL FUNCTION 'ZROLE'
        EXPORTING
         ctu                     = 'X'
         mode                    = p_mode
         UPDATE                  = 'L'
  *   GROUP                   =
  *   USER                    =
  *   KEEP                    =
  *   HOLDDATE                =
         nodata                  = '/'
          agr_name_neu_001        = wa_role-role_name
          text_002                = wa_role-desc
          text_003                = wa_role-desc
          text_004                = wa_role-desc
         value_01_005            = 'T-ML330881'
          h_fval_low_01_006       = wa_role-auth
          profn_007               = lv_profile
          ptext_008               = lv_text1
  * IMPORTING
  *   SUBRC                   =
       TABLES
         messtab                 = temp_message.
  ***Generation of Profile created
  CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
       EXPORTING
         activity_group                      = wa_role-role_name
  *     PROFILE_NAME                        =
  *     PROFILE_TEXT                        =
        no_dialog                           = ' '
        rebuild_auth_data                   = ''
        org_levels_with_star                = ' '
        fill_empty_fields_with_star         = 'X'
        template                            = ' '
        check_profgen_tables                = 'X'
        generate_profile                    = 'X'
        authority_check_pfcg                = 'X'
     EXCEPTIONS
       activity_group_does_not_exist       = 1
       activity_group_enqueued             = 2
       profile_name_exists                 = 3
       profile_not_in_namespace            = 4
       no_auth_for_prof_creation           = 5
       no_auth_for_role_change             = 6
       no_auth_for_auth_maint              = 7
       no_auth_for_gen                     = 8
       no_auths                            = 9
       open_auths                          = 10
       too_many_auths                      = 11
       profgen_tables_not_updated          = 12
       error_when_generating_profile       = 13
       OTHERS                              = 14  .
  Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
  Regards,
  Chetan

  Hi Praveen,
  Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
  To achieve this i have written two programs
  1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
  "" Creation of Authorization Object
  CALL FUNCTION 'ZAUTHOBJ'
          EXPORTING
           ctu                    = 'X'
           mode                   = p_mode
           UPDATE                 = 'L'
  *   GROUP                  =
  *   USER                   =
  *   KEEP                   =
  *   HOLDDATE               =
           nodata                 = '/'
           g_authname_001         = 'ZDUMMY_MIS'
            g_targetauth_002       = wa_tab-auth
            g_authtxt_003          = wa_tab-short_desc
            g_authtxtmd_004        = wa_tab-med_desc
           marked_04_005          = 'X'
            g_authtxt_006          = wa_tab-short_desc
            g_authtxtmd_007        = wa_tab-med_desc
           tctiobjnm_04_008       = 'ZBUS_UNIT'
            g_authtxt_009          = wa_tab-short_desc
            g_authtxtmd_010        = wa_tab-med_desc
           marked_05_011          = ''
           opt_01_012             = 'EQ'
            low_01_013             = wa_tab-bu
            g_authtxt_014          = wa_tab-short_desc
            g_authtxtmd_015        = wa_tab-med_desc
           marked_04_016          = 'X'
            g_authtxt_017          = wa_tab-short_desc
            g_authtxtmd_018        = wa_tab-med_desc
           tctiobjnm_04_019       = 'ZCONTRCT'
            g_authtxt_020          = wa_tab-short_desc
            g_authtxtmd_021        = wa_tab-med_desc
           marked_05_022          = ''
           opt_01_023             = 'EQ'
            low_01_024             = lv_contract
            g_authtxt_025          = wa_tab-short_desc
            g_authtxtmd_026        = wa_tab-med_desc
            g_authtxt_027          = wa_tab-short_desc
            g_authtxtmd_028        = wa_tab-med_desc
            g_authname_029         = wa_tab-auth
  * IMPORTING
  *   SUBRC                  =
         TABLES
           messtab                = temp_message.
  "" Creation of role
  LOOP AT it_role INTO wa_role.
        CLEAR wa_text.
        wa_text-text = wa_role-desc.
        wa_text-langu = 'E'.
        APPEND wa_text TO it_text.
        wa_jobrole-agr_name = wa_role-role_name.
        wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
        wa_method-usmethod = 'CHANGE'.
        CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
          EXPORTING
            jobrole          = wa_jobrole
           parent           = wa_parentrole
           method           = wa_method
         TABLES
  *   RETURN           =
           shorttext     = it_text
  *   LONGTEXT         =
  *   MENU_NODES       =
  *   MENU_TEXTS       =.
      ENDLOOP.
  2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
    ""*BDC for Profile creation and assignment to Roles
      CALL FUNCTION 'ZROLE'
        EXPORTING
         ctu                     = 'X'
         mode                    = p_mode
         UPDATE                  = 'L'
  *   GROUP                   =
  *   USER                    =
  *   KEEP                    =
  *   HOLDDATE                =
         nodata                  = '/'
          agr_name_neu_001        = wa_role-role_name
          text_002                = wa_role-desc
          text_003                = wa_role-desc
          text_004                = wa_role-desc
         value_01_005            = 'T-ML330881'
          h_fval_low_01_006       = wa_role-auth
          profn_007               = lv_profile
          ptext_008               = lv_text1
  * IMPORTING
  *   SUBRC                   =
       TABLES
         messtab                 = temp_message .
     COMMIT WORK AND WAIT.
  ""*Generation of Profile created
    LOOP AT it_role INTO wa_role.
      CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
       EXPORTING
         activity_group                      = wa_role-role_name
  *     PROFILE_NAME                        =
  *     PROFILE_TEXT                        =
        no_dialog                           = ' '
        rebuild_auth_data                   = ''
        org_levels_with_star                = ' '
        fill_empty_fields_with_star         = 'X'
        template                            = ' '
        check_profgen_tables                = 'X'
        generate_profile                    = 'X'
        authority_check_pfcg                = 'X'
     EXCEPTIONS
       activity_group_does_not_exist       = 1
       activity_group_enqueued             = 2
       profile_name_exists                 = 3
       profile_not_in_namespace            = 4
       no_auth_for_prof_creation           = 5
       no_auth_for_role_change             = 6
       no_auth_for_auth_maint              = 7
       no_auth_for_gen                     = 8
       no_auths                            = 9
       open_auths                          = 10
       too_many_auths                      = 11
       profgen_tables_not_updated          = 12
       error_when_generating_profile       = 13
       OTHERS                              = 14
      IF sy-subrc <> 0.
        MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
                WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
      ENDIF.
    ENDLOOP.
  For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
  i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
  Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
  Regards,
  Chetan

• Report to see user type and roles assigned to users in EP?

  Hi,
  a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
  b) If  the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.

  By default Portal UME comes along with the installation of portal.
  Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories.  But you can also create users in the portal UME.  The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
  You can check them in user administration->identity management and search for the users.
  THere you can see some users will be from UME and some from LDAP.
  User Admin tool is nothing but User Administration only.
  Raghu

• CUA and role assignment

  Hi forum,
  I have a CUA configured where I want the profile and the role assignment to be distributed global from the central system. I can create new roles with PFCG assign, users there, but I don’t see these new roles in the user details in SU01.
  What am I doing wrong?
  Thank you!

  Hi Chris,
  Seems pretty simple to me. Since it is a new role you need to do a text comparision.
  In the central system of CUA execute the report SUSR_ZBV_GET_RECEIVER_PROFILES in SE38 transaction.
  In receiving systems give all the systems that are part of CUA including the central system (in this particular case only central system can be input since the new role is present in central system) Now execute it and then do the role assignment wither through SU01 or PFCG once again. Check once more.
  After every new role creation this report needs to be executed. This is what is known as Text comparison of roles which can also be done in SU01. Check for the pushbutton for text comparision under tabsrtip Roles within SU01.
  Regards.
  Ruchit.

• Making users available for OpenSSO realm group and role assignment?? Help.

  Here is the situation. We have 3 Open SSO realms set up. One we have called OpenSSO-Admin, a second called OpenSSO-Provider and a third OpenSSO-Internal. We are having issues provisioning and managing the OpenSSO-Internal OpenSSO-Provider realms, but OpenSSO-Admin seems to be fine.
  Here is the behavior that is manifest.
  In the 2 'broken' realms, when we create users and assign them to the appropriate Open SSO realm, they appear to be provisioned correctly in IDM as well as the realm (We have validated user creation in LDAP and everything about the user appears to be fine). When we view the groups and roles in the specific resources, we are presented with a list of users that are in Brackets and appear to be provisioned. The brackets indicate that the users are not found as available users. The bracketed users can not be unassigned, nor can any others. note, our bracketed users in the list of assigned users are created from a workflow which assigns them directly to the appropriate group and role based on their business role.
  The third realm, OpenSSO-Admin works fine and we can add, and manage users in the groups and roles within the realm.
  We have ruled out the workflow as a source as the problem persists when we use the tool to manage users. We can create a user from scratch and add them to the realms. In the 'Broken' relms, the users do not appear in thelist of available users to be assigned to the groups or roles. Yet in the 'good realm, everything appears fine. We can move users from one realm to another and the problem persists in the broken realms, but when a user is added to the 'good' realm, everything is fine.
  I have tried reconciling and get no different results.
  Question is, We have isolated that the issue seems to be in the generation / management of the left hand "Available Users" list. How and where is this generated from and how can we check/fix or regenerate this list?
  Thanks.
  Joe

  I should clarify. We are using Sun IDM 8.1

• List of Users and Roles Assigned in Portal (producer & consumer)

  Hi
  We are running federated portal EP 7.0 EHP1 SPS07, we need to pull the list of users and their roles assigned from tables or thru report in our federated portal, so that we can have a consolidated list of users and their roles in both producer and consumer portal
  Thanks
  Senthil

  Hi Senthil,
  Use report RSUSR002 to get list of roles for the users.
  Regards,
  Marasa.

• Custom Auth. Object with Profile and role assignment not working

  Hi,
  I have created custom Authorization Object with field ACTVT with allowed values - 01,02, 03. Now test it with custom program using AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ' it is working fine and returning sy-subrc 12. At this point i have not created any role using this Auth Object.
  Now I have created custom role ZPM_**** and assigned above Auth object to it with value ACTVT 03. Assigned this role to user.
  When I try to test the above custom program with any ACTVT value it is giving sy-subrc as 0. Used below custom code in program.
  AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ'
              ID 'ACTVT'  FIELD '01'.
  Am I missing anything? The profiles are generated correctly. 
  Best Regards,
  Nilesh

  Below are the screen shots for PFCG:

• Role Assignment Discovery Issue for Files and Folders through Sharepoint REST services

  To preface, I am a decided Sharepoint newbie in every sense. I am trying to use the Sharepoint REST services (Sharepoint 2013) to walk the folder and file structure of my Sharepoint server and, determine as I go, the Role Assignments (and subsequently
  Permissions) on those folders and files. I'm using an Administrator credentials and I'm actually able to successfully do it but I've run into some caveats. All the caveats begin with this; when I'm examining a folder, for example:
  /_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/ListItemAllFields
  I receive either an empty list or an error response doc when following the link supplied for ListItemAllFields.  When following that kind of link for folders, I either get:
  <d:ListItemAllFields
  m:null="true"
  />
  or an error response document that says "The object specified does not belong to a list." When I hit the /ListItemAllFields endpoint for files, I receive a response with a link for Role Assignments which subsequently also works and I get the
  info I need. So, is this a bug? Why does the link returned from Sharepoint work for files and not folders? So, google, google, google, and I discover that there is another possible way to get at the Role Assignments (and that the object does, indeed, belong
  to a list!).
  If I know the Title (or the guid) of the folder in question, I can use the following endpoint:
  /_api/Web/Lists/GetByTitle('Development')
  If I use that endpoint, I get the information I would have expected to get from following /ListItemAllFields and the subsequent Role Assignments links all work and I get what I need. If there's a bug and this is how I have to work around it, that's fine
  but I have yet to discover how to dynamically determine the Title of a given folder nor am I sure if all Titles are supposed to be unique within a given Sharepoint server. I'm assuming that the folder name as represented in the server relative URL and the
  Title may be different and this is where my newbishness may start to shine if I'm misunderstanding what a "List" is supposed to be in Sharepoint. Anyway, I did find that I could use the Properties endpoint to perhaps get the Title, for example:
  /_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/Properties
  gives me:
  <d:vti_x005f_listtitle>Development</d:vti_x005f_listtitle>
  whose value I assume I could then supply to the /GetByTitle endpoint and be golden. However, "vti_x005f_listtitle" just sounds a little too deep to be something I should be relying on but maybe that's kosher. That's part of what I'm trying to
  find out. Also, if there is a way to use the Sharepoint REST API to discover the guid of a given object, then I could look it up in that way.
  So, in summary:
  1. Am I going about getting folder Role Assignment information in the wrong way? Based on the CSOM examples I've seen, I believe I'm doing it correctly and that the answer to #2 below is a resounding "Yes!" :)
  2. Is it a bug if I'm not able to use /ListItemAllFields on folders using the server relative url?
  3. If I'm supposed to use GetByTitle as a workaround, am I discovering that Title correctly through /Properties? Seems quite circuitous and awkward. Are Titles required to be unique throughout a given Sharepoint server?
  4. If I'm supposed to use the guid, how can I use the REST interface to discover an object's guid? Once we get down to the Role Assignments and other links, the guid appears in those links but I don't know how to discover it independently if that's the
  path I should use to get the data I described above.

  Upon further research, I'll answer my own question for the benefit of some other potential future newbie.  The answer to question number 1 above is "Not exactly.".  The server relative URLs I was using corresponded to lists (which are
  returned as a collection through /_api/web/lists).  I was treating them mentally like regular folders.  That, coupled with the fact that accessing their data as I showed above returns a ListItemAllFields link, made me think that was the way to get
  the Role Assignments just as I would for files and, as it turns out, "real" folders and sub-folders created under these lists.  That was the other problem with thinking of these lists as regular folders.  So, ListItemAllFields works on
  all files and folders in a list.  However, if you want Role Assignments for the lists themselves, you can keep track of the Titles and\or Guids from the /_api/web/lists that you're interested in (in my case, all non-hidden "document library"
  type lists) and then access those Role Assignments as I discussed in questions 3 and 4 above.  For example, from the /_api/web/lists collection from my test server, the "Development" document library Role Assignments are accessable via /_api/Web/Lists(guid'cd242eeb-aafa-4efa-aecc-9bbdf8e3d459')/RoleAssignments
  or /_api/Web/Lists/GetByTitle('Development')/RoleAssignments.

• Security-role and security-role-assignment not working in WL7.0

  Hello all..
  Some EJB components that worked fine in WebLogic 6.1 no longer work in
  WL7.0. It has to do with the security-role and security-role-assignment
  descriptor elements no longer allowing anonymous users to be included in the
  authorization for a bean.
  For example, in WL6.1 placing these items in ejb-jar.xml:
  <assembly-descriptor>
  <security-role>
  <role-name>Employees</role-name>
  </security-role>
  <method-permission>
  <role-name>Employees</role-name>
  <method>
  <ejb-name>CustomerEJB</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
  <security-role-assignment>
  <role-name>Employees</role-name>
  <principal-name>guest</principal-name>
  <principal-name>system</principal-name>
  </security-role-assignment>
  worked fine for clients creating their context using a simple
  InitialContext() constructor without specifying SECURITY_PRINCIPAL or
  SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
  the security-role-assignment element above told WebLogic that "guest" was in
  the Employees role for purposes of this EJB archive.
  Worked in WL6.1, no longer works in WL7.0. Client receives typical
  permission exception:
  java.rmi.AccessException: Security violation: insufficient permission to
  access method 'create'
  If I explicity connect as "system" things are fine, or I can create a new
  user in the default realm in WebLogic, put a matching <principal-name>
  element in the section above, and connect as that user. Note that if I leave
  off the <security-role> section completely, or set the required role name to
  "everyone", the anonymous access works fine. Apparently the anonymous user
  is a member of "everyone" behind the scenes even though "everyone" does not
  appear in the realm list of groups or roles.
  So, my question boils down to this: Is there a "magic" username in WL7 like
  "guest" was in WL6.1 that can be mapped to the required role name, or must
  every client connection use a true weblogic-created user with appropriate
  role assignments used to map it to the required role name.
  -Greg
  P.S. Note that none of the EJB examples provided with WL used
  <security-role>..
  Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
  www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

  Below are the screen shots for PFCG:

• Urgent: User Roles assigned to Sales Orgs and document types

  Dear Guru's :
  I have job user roles one side and sales orgs on otherside. We are trying to find out which sales orgs are using what sales document types.
  All i am trying to achieve is connect those two and make a report. it needs to be done by SE16
  First step is :
  PFCG- Enter Role u2013Click glasses-Authorizations-Display Authorization data
  you need to identify the authorization objects for each T-code and then assign the appropriate values for each authorization object. these authorization objects assigned to a Role and then, allowed T-codes are assigned to Role and
  My Basis Person to Create one AUTHORIZATION OBJECT      V_VBAK_AAT  Sales Document: Authorization for Sales Document Types  and assign your required transaction codes to that authorization and assign them to the users.
  User IDs which can use this Role (set of authorizations) can be assigned to this role.
  Second step is achieved through SE16 ;
  Execute this two table :
  There is no one-shot for this However there is a way out for this outside SAP.
  You can download AGR_1251 and AGR_1252 for the selected roles and use MS Excel or Access to do this compare for you. Its a bit more tricky than said, however once you get a hang of it, I think its a good way of reducing the efforts of making use of individual compare reports.
  Any one knows how to do this i am kind of lost here.  Could you help me to organize this process / steps.
  Full points will be given to who helps me answer my question.
  Thank you in advance.

  Dear Raghu and all:
  I am very much thankful to you for your answer Raghu. This is exactley what i was looking for. Could you throw more light on this topic. Or do you know where can i get more info.or  more tcodes related to this topic. I am using SUIM and PFCG. I dont know much about this transactions. Could you please help me to understand this topic.
  I have Authorization object through which i found out which sales documents are attached to users. I dont know next step in this process. Or does any one know any thing about this subject.  Any help will be grateful.
  Van bills.

• Role assignment and FDI polling interval for participant info

  Hi,
  When a role is added to a participant in Portal Admin console how long it takes to take effect meaning how soon he can login and use the role. Inother words what is the FDI polling interval time to get participant info? I am getting "fuego.portal.exception.WapiOperationException: Participant 'XYZ' does not have execution permissions for role 'ABC' though the Execute permission was given to the user.
  Will this role assignment applies for In Flight instances too?
  Regards,
  Xavier

  After you have assigned a particpant to a role and if you are sure you have given execute permission to the partcipant and still if the change doesnt reflect in your application, just try restarting engine. Even if the problem persists then try restarting the weblogic server. The role assignment applies to inflight instances also. for eg : if there are two instances that belong to the role say'ABC' and you have mapped 'XYZ' for that role, then you can see the instances of that role in 'XYZ''s inbox.
  Hope this helps.
  Regards,
  Charan

• ESS and MSS role assigned to position

  Hi,
  I have to find out that wheter the  ESS Role is  assigned to a position .I have to display  (Y/N)   (Details 'Y' if ESS Role Assigned, 'N' if no ESS role is assigned) To have a 'Y' it must be an active role
  Is MSS Role assigned to a position .I have to display (Y/N)  (Details 'Y' if MSS Role Assigned, 'N' if no MSS role is assigned)   To have a 'Y' it must be an active role.
  Kindly let me know how to do it.I am a abap developer and new to HR module.
  Thanks !
  Sachin Sharma

  hi
  you can check the user id assigned to the position ,
  the correct procedure would be to use Logical database and HR function modules to retrive the poistion code and user id
  position code can be taken from infotype 1 and user id can be taken from infotype 105 , once u get the user id , then you can check the roles that are there , in your case it might be custom roles , you can hard code the role name for that matter to query the same.
  Hope this gives you a clear idea.
  Regards
  sameer

• SPML: search the roles assigned to a user and add others to him

  Hi,
  as in the subject i'm trying to create a method in idmClient to search the roles assigned to a user and then add some other (one or more).
  How can i implement the search/filter of the available roles assigned to a user?
  Thanks in advance,
  Gentjan

  coocooche wrote:
  Hi,
  as in the subject i'm trying to create a method in idmClient to search the roles assigned to a user and then add some other (one or more).
  How can i implement the search/filter of the available roles assigned to a user?I already find how to do it. I have to asked another question about SPML: is there any way to add new roles without searching the old ones?
  In other words i implemented a method that:
  1) search the roles assigned to a user and copy it to a List
  2) add to the List of the old roles, the new ones.
  Is it possible just to add the new roles without doing a search of the old ones? In this way the performance is better.
  Thanks in advance,
  Gentjan

• How to retrieve the Role of a custom sharepoint Group Progrmatically and also assigning the same roles to new user?

   I want to retrieve the roles assigned to custom group progrmatically and assigning the same roles to new user?

  Hi,
  According to your post, my understanding is that you want to retrieve the Role of a custom sharepoint Group Progrmatically and also assigning the same roles to new user.
  To retrieve the Role of a custom sharepoint Group, you can refer to:
  http://www.sharepointfix.com/2011/05/find-rolepermissions-of-currently.html
  To assign the same roles to new user, you can refer to:
  http://msdn.microsoft.com/library/Microsoft.SharePoint.SPRoleAssignment
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Find the iViews, Pages and Folders assigned to Role

  Hi,
  Does any one has the idea about how to retrieve the worksets, pages and iviews assigned to a role.
  I found a piece of code that will retrieve the roles, worksets, pages and iviews from PCD.
  Here is the code, that is to retrieve the roles, worksets, pages and iviews from PCD
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, IPcdContext.PCD_INITIAL_CONTEXT_FACTORY);
  env.put(Context.SECURITY_PRINCIPAL, WDClientUser.getCurrentUser().getSAPUser());
  env.put(com.sap.portal.directory.Constants.REQUESTED_ASPECT, PcmConstants.ASPECT_ADMINISTRATION);
  InitialContext initialContext = null;
  DirContext dirCtx;
  initialContext = new InitialContext(env);
  dirCtx = (DirContext) initialContext.lookup("pcd:portal_content/");
  PcdSearchControls pcdSearchControls = new PcdSearchControls();
  pcdSearchControls.setReturningObjFlag(false);
  pcdSearchControls.setSearchScope(PcdSearchControls.SUBTREE_WITH_UNIT_ROOTS_SCOPE);
  dirCtx.addToEnvironment(Constants.APPLY_ASPECT_TO_CONTEXTS,Constants.APPLY_ASPECT_TO_CONTEXTS);
  // Gets the full path of the iViews from the PCD
  NamingEnumeration ne =      dirCtx.search("","(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.iview)",     pcdSearchControls);
  while (ne.hasMoreElements())
       IPcdSearchResult searchResult = (IPcdSearchResult) ne.nextElement();
       String location = "pcd:portal_content/" + searchResult.getName();
       wdComponentAPI.getMessageManager().reportSuccess("View ="+location);
  // Gets the full path of the pages from the PCD
  NamingEnumeration nePage = dirCtx.search("","(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.page)",pcdSearchControls);
  while (nePage.hasMoreElements())
       IPcdSearchResult searchResult = (IPcdSearchResult) nePage.nextElement();
       String location = "pcd:portal_content/" + searchResult.getName();
       wdComponentAPI.getMessageManager().reportSuccess("Page ="+location);
  // Gets the full path of the worksets from the PCD
  NamingEnumeration neWorkSet = dirCtx.search("","(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.workset)",pcdSearchControls);
  while (neWorkSet.hasMoreElements())
       IPcdSearchResult searchResult = (IPcdSearchResult) neWorkSet.nextElement();
       String location = "pcd:portal_content/" + searchResult.getName();
       wdComponentAPI.getMessageManager().reportSuccess("WorkSet ="+location);
  But my requirements is, if I have the role as "Sales Role", I want to find the iViews, Pages and worksets assinged to this role.
  Your help is really appreciated.
  Thanks in Advance,
  Chinna.

  Hi,
  All you need to do is to change the search root object:
  DirContext dirCtx;
  initialContext = new InitialContext(env);
  dirCtx = (DirContext) initialContext.lookup("pcd:portal_content/mypath/myrole");
  PcdSearchControls pcdSearchControls = new PcdSearchControls();
  pcdSearchControls.setReturningObjFlag(false);
  pcdSearchControls.setSearchScope(PcdSearchControls.SUBTREE_WITH_UNIT_ROOTS_SCOPE);
  dirCtx.addToEnvironment(Constants.APPLY_ASPECT_TO_CONTEXTS,Constants.APPLY_ASPECT_TO_CONTEXTS);
  all the rest stays the same.
  BTW - you can also retrieve all the objects using one search by putting
  (|(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.iview),(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.page),(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.workset))
  In the search query. Then you can get the type using PCM (portal content model) APIs.
  Hope this helps, Elisha