Limiting Primary Administrator Role

Similar Messages

• [Basic administration]Primary Administrator role

  Hi guys !!!
  I am learning how to use SMC - Solaris Management Console. I created a role with the follow privilege : primary administrator.
  I created this role because i read that this role has the "same" access of a root.
  But when i want to start the smc in the command line i got ? smc : cannot execute
  I thought with primary administrator i could execute any commands !!! Am i wrong !?? Can i log with root and on SMC use my primary administrator account ?
  Thanks a lot !!!
  Levi

  Hello,
  Change to the shell pfsh and try.
  -bash-3.00# pfsh
  Thanks,
  sal.

• OES MAPI problem of "Assigning Principals to an Administration Role"

  Hi,
  I meet the problem of programmatically Assigning Principals to an Administration Role using Oracle Entitlement Server Management API. I can successfully run the sample code following the <Developer Guide>, Chapter 5.4.3 Assigning Principals to an Administration Role
  My code snippet is like this:
  List<PrincipalEntry> principals = new ArrayList<PrincipalEntry>();
       principals.add(new BasicPrincipalEntry
         ("weblogic.security.principal.WLSUserImpl", "Lisa"));
       //Grant the users in the list the role
       admManager.grantAdminRole(adminRole, principals);
  And no error or exception occurs in java app side or oes_admin side. But when login to http://vmware.localdomain:7001/apm admin GUI, I could not login with Lisa.
  I also tried manually assign app1 with delegated admin role, and then Lisa can successfully login to admin GUI.
  Then I run the app program to programmatically assign app2 with delegated admin role to Lisa. Login with Lisa could not see app2.
  I have checked the system admin "weblogic" login to admin GUI and it can see that app2 already have Lisa listed on the external user of delegated admin of app2.
  I even checked the DEV_APM.JPS_CHANGELOG in the oracle database schema for oes. I can see the changelog of java app assiging operation.
  Can anyone tell me the reason why programmatically assign user to an delegated admin not work correct? Is there some mistake steps in my java app code or there is a bug in OES product?
  I use the OES 11.1.1.5 version with Oracle Database 11.2.0, Weblogic 10.3.5 on Oracle Enterprise Linux 6 32bit.
  Thanks very much.

  Thanks very much for all the reply posts. With the suggestions from yours, I tried distribute the policy and finally it works!
  The code snippet is from 4-8 Using the distributePolicy() Method  , listed below:
  //get the PolicyDistributionManager
  PolicyDistributionManager pdm =
    app.getPolicyDistributionManager();
  //distribute policies
  String distID = pdm.distributePolicy(true);
  DistributionStatusEntry status = pdm.getDistributionStatus(distID);
  System.out.println("Start distribute policy");
  while (status.getPercentComplete() != 100) {
    Thread.currentThread().sleep(200);
    System.out.print(".");
    status = pdm.getDistributionStatus(distID);
  System.out.println("Finish distribute policy");
  There is another trick that I discovered from DEV_APM.JPS_CHANGEBLOG:
  If this is the first time that user be assigned as a delegated admin, you should also grant user with applicaionRole "APMViewer" to the application "oracle.security.apm"
  You can refer to the sample code from 2-9 Assigning Principals to an Application Role  , also listed below:
  ApplicationPolicy app = ps.getApplicationPolicy("oracle.security.apm");
  AppRoleManager roleMgr = app.getAppRoleManager();
  //Construct the list of users to be granted
  List<PrincipalEntry> principals = new ArrayList<PrincipalEntry>();
  principals.add(new BasicPrincipalEntry
    ("weblogic.security.principal.WLSUserImpl", "Nick"));
  //Grant the users in the list the role
  //admManager.grantAdminRole(adminRole, principals);
  AppRoleEntry appviewerRole = roleMgr.getAppRole("APMViewer");
  roleMgr.grantAppRole(appviewerRole, principals);

• Functional and Technical Administration Roles in Solution Manager

  Hello
  A big company has been implementing new functionality in Solution Manager during the last couple of years,  they started with System Monitoring and EWA, Maintenance Optimizar, then Project Implementation, now Service Desk and ChaRM.  This is company has a wide open structure in IT and a discussion has been raised about who is the owner of soluton manager in IT.
  In my experience I always propose two main roles one is Technical Administrator Role and the other is Functional Administrator role.  The former is more basis oriented, in charge of the installation and update of stacks in Solman, basic-initial configuration and then working mainly in setting Solutions, RFCs, System Monitoring, EWA, SAP services, OSS connections, Diagnostic, E2E Root Cause Analysis and also support in ChaRM (in setting up the transport routes, security)
  On the other hand, I support a role of SolMan Functional Administrator which deals with Implemenation side, ASAP methodologies, business process definition, integration with ARIS, setting up project standards, coaching Project Managers, ensuring good application information.  Also in Service Desk and ChaRM, setting the process, customizing, implementing and controlling that things are running smooth in SolMan productive.
  I would like to get from you your inputs and experiences regarding how to set-up those roles, whether there are clear lines to divide responsiblities or what kind of definitions should be made.
  Many thanks
  Esteban Hartzstein
  Director
  Tebyon Consulting

  As recommended by some colleagues I am also investigating Customer Center of Excelence as a reference to define roles and responsibilities, particularly in the concept of Application Lifecycle Management.  
  Any other input is welcome.
  Regards
  Esteban

• Administrator role

  Hi,
  I have just installed Contribute CS3 a day ago, and have been
  getting to grips with it.
  I won't need any other 'writers' or 'publishers', just the
  one Administrator role, but I would like it to ask for a password
  sometime before it allows me (or anyone) to editor the website on
  starting up Contribute . . . . . but it doesn't!!
  When I set up the administrator, I did give it a password
  where it asked.
  What could be wrong?
  Cheers
  Greg

  Hello,
  I have provisioned a user with Planning admin access. And later when i provision him with Essbase admin access, he is not able to see any Essbase applications. I have refreshed security from shared services for Essbase, but that doesnot work. I am using version 11.1.1.3 and shared services, workspace services, planning and Essbase services are installed on Unix.
  In shared services, when i navigate to Application Groups-> Essbase -> Essbase Server and then right click to "Assign Access Control", I am getting 'page cannot be displayed'.
  In EAS -> Users, 'Application access type' is coming as planning.
  Can anyone please suggest on how a planning user can be given access to Essbase.
  Thanks,
  - hg

• Administrator Role Deleted in Portal???

  Hi all,
  Accidentally administrator role deleted in UME.When i login j2ee_admin i deleted administrator role in UME what i do Now  plz tell me. How i found administrator role ???.Because sap predefined administrator role to j2ee_admin So i am not able to working in portal in UME all button is disabled.
  Help me Plz
  Thanks & Regards
  Kumar
  Message was edited by:
          Kumar

  Hello,
  May be you cud try out this:
  First of all give the user (J2ee_Admin) SAP_J2EE_Admin group.
  Now login to the usera administration of J2EE using the User with SAP_J2EE_Admin group.
  Next go to useradministration and then give the user (Self) different admin roles
  such as super admin, system admin, content admin etc.
  Hope this helps you.
  Regards,

• Administrator Role deleted ???

  Hi all,
  Accidentally administrator role deleted in UME.When i login j2ee_admin i deleted administrator role in ume what i do Now i am login via j2ee_admin it gives error what i do plz tell me. How i found administrator role ???
  Help me Plz
  Thanks
  Kumar

  Hi Kumar:
  For all the non UME Roles content in Portal has some action. So I guess for Administrator Role should have an action pertaining to its admin responsibilities. Try to Create Role under Identity Management and assign the action equivalent to it.
  Goto:
  User Admin >  Identity Mgmt > Role > Create User > Give Name > Assign Action.
  Note: I'm currently not at EP server for few days, plz check the option said above and I hope they might work for you.
  If my guess is correct, you can get the Action for already existing Administrator Role from other EP Server in your organization.
  Tnx,
  Munna SAP

• Change Primary Administrator for Cloud Team

  How can I change the primary administrator under the Admin Tools in the Cloud Team portal?

  manage your team account http://forums.adobe.com/thread/1460939?tstart=0 may help

• Primary administration ISE nodes failed

  Hi All,
  I'm going to implement 3 ISE with destributed deployment, 1 ISE will configured as Administration & Monitoring node, and the others as dedicated Policy Service node.
  My questions are :
  1. If the Administration & monitoring node failed, are the authentication, authorization and posture still can be running well on the client ?
  2. Can we promote the dedicated Policy Service Node as  the new administration & monitoring nodes ? If can, how the procedure for promoting it? it's just as simple as promoting the secondary nodes (in case we have primary and secondary nodes) or there is others effort, such as must restoring the database or etc?
  Thanks?
  Regards,
  Rian

  Hi,
  When the primary administration node fails. The psns will still continue to function and enforce policies.
  Since you have a single administration node and if the that node has to be rebuilt, all other nodes will also have to be reset to factory then re registered once the primary node is ready again.
  In that case you can open a tac case yo have them assist in pulling your database from one of the psn nodes.
  As always this is my observations and what I would do if I was in the situation, we can wait for a cisco engineer to respond or you can post this question in a tac case to make sure there isn't an upcoming feature which addresses this scenario.
  Sent from Cisco Technical Support Android App

• Business Connector - Read only - Administrator role

  Hi Community,
  We've currently got SAP 4.8 running in our environment.
  The situation is that often developers need to check the extended settings, logs, or what jobs are scheduled.
  The two main roles are Developer or administrator.
  The only way to get access to the web GUI admin page is to assign the administrator role.
  Does anyone know how to assign a "read-only" role for the web admin page?
  I would then assign this to a developer rather than give them full administrator access on business connector.
  Kind Regards,
  Chris

  To the best of my knowledge thats not an option.
  But like to hear it if otherwise.
  Regards
  Juan

• ESS/MSS HR administrator role

  Hi,
  any docs to setup HR administrator role.
  Will reard point for helpful answers.
  Thanks
  Rocky

  [email protected]
  Please copy:[email protected]
  Thanks
  Will definitely reward points.

• Portal Installation : User Administration -- Role workset error

  Dear All,
  We have installed EP NW04 SR1 . Every thing is working fine, All the menus are coming up properly except when i click on the User Administration --> Role --> Role menu, its starts for some time and then gives "Page cannot be displayed, Operation aborted" . This error only comes for the Role workset. Every thing else is working fine.
  It would be nice if i can get guidance as to how to debug this error
  Regard
  PN

  Hi,
  I am still unable to solve the problem. The same problem persists with the ROLE and User Mapping.
  I try to open it and it gives the "page cannot be displayed, operation aborted " error
  Help is appreciated
  Regards
  PN

• Only Super Administration role can use collaboration rooms,

  The problem using portal 7.0 SP14, The users came from a SAP systems. the users with super administration role, Collaboration and CollaborationRoomCreator works perfectly, I mean, can create rooms and enter without problem, then i have an user that have standard user role, and collaboration role, and its include as member in an room, but when I try to enter to the room I get an error. and of course doesn't work... I have try with several role to enter the room, all 6 roles from collaboration, (3 specialist, 3 com.sap.pct) and nothing, Only with super admin role works.... and off course..... that not the idea...
  The exception that I get is:
  08_8368550
  I check on logs files and see this...
  Applications/WebApplications#sap.com/irj#com.sap.engine.services.servlets_jsp.server.runtime.context.ServletContextImpl#JMALDONA#71781##cetec3.cetec.es_CTC_8368550#JMALDONA#98fa7e203c7b11dd91b8001b789f30ad#SAPEngine_Application_Thread[impl:3]_33##0#0#Info#1#com.sap.engine.services.servlets_jsp.server.runtime.context.ServletContextImpl#Plain###application
  Any help, Thanks!

  Hi José,
  First, welcome on SDN!
  About your problem:
  See https://forums.sdn.sap.com/thread.jspa?threadID=696974&tstart=0 and the referred document, https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/00bfbf7c-7aa1-2910-6b9e-94f4b1d320e1 page 11 nr. 8.
  Your exception log message does not give much information, I would think there should be more, but at least from your description, this sounds like this well known issue.
  Hope it helps
  Detlev
  PS: Please consider rewarding points for helpful answers on SDN. Thanks in advance!

• System Administrator role OIM 11gR2

  Hi experts,
  I am trying to figure out which table in OIM 11gR2 stores the information for roles assigned to the user.
  I am specifically looking for users who have system administrator role assigned. The way to assign is through organizations, but not sure which table stores it.
  Thanks
  Kunal Jain

  Below is table names and description used to obtain admin role and user information:
  ADMIN_ROLE  - stores information about admin roles available in system
  USR - user infromation
  ADMIN_ROLE_MEMBERSHIP  - USer and admin role mappings
  regards,
  GP

• How can i change mail id as primary administrator

  wanted to change my id as primary administrator for centralised control on the licensing . as I have to in my login two records of company ID which can be common?

  If the CC for team is an indirect purchase i.e through a re seller,then you can contact Adobe Support to change the primary Admin.
  If the purchase of the CC for Team is from Adobe store directly, in such purchases the primary Admin can not be changed however secondary admin can be added.
  There are certain privileges attached to the primary admin console like billing information.
  You can cancel this CC & repurchase new CC for Team with the desired Primary Admin. The members just have to unassigned from their seat & then on fresh purchase , they have to send invite again.
  The users just have to sign out & sign back in once they accept the new CCT order invite.
  Regards
  Rajshree
  Change the primary administrator