Listing of Users with associated Groups
Is there an easy way to generate a listing of APEX users and their associated groups? I know how to get the current user and how to determine what groups they are part of, but am looking for a simple query I can run to generate a complete list of Users and their associated groups.
Thanks
if you want to return the application groups that a user is assigned to, you can use the WWV_FLOW_GROUP_USERS intersection table. For example;
SELECT group_name
FROM wwv_flow_group_users
WHERE user_id = (SELECT user_id
FROM wwv_flow_users
WHERE user_name ='MRITTMAN')
would list out all of the groups that the user 'MRITTMAN' belongs to
So to get all users and their groups, remove the where clause..
(You will need read rights to the view, some dba's deny read rights to these objects in the name of security..)
Thank you,
Tony Miller
Webster, TX
Similar Messages
-
Where do I see Sharepoint user with no group or permission in the UI ?
Hello All -
The powershell cmdlet 'New-SPUser' has only 2 mandatory parameters UserAlias and Web. Group and PermissionLevel are not required.
This means I can create a user with no group or no permission level. However UI does not allow this to happen, it forces you to select either one (group or permission level).
My question is where do I see the user in UI which was created using powershell without any group or permission level ? The reason I ask is UI when it displays user, a group is always selected.
Thanks!You should be putting the "_catalogs/users/detail.aspx" section into your url. For example if you were to go into your site settings page your url might start as:
"http://manju.sharepoint.domain.com/sites/manjuTest/_layouts/settings.aspx"
and it should become:
http://manju.sharepoint.domain.com/sites/manjuTest/_catalogs/users/detail.aspx -
List of users with authorised reports and tables.
hi all
i have another requirement, that is List of users with authorised reports and tables in SAP.
that means user wise which reports and tables have authorisations to execute. for that what is the tcode or table name?. please help me in this..
Thank you.Hi,
In SUIM tcode expand transactions node der ull have for users..........
Cheers,
jose. -
List all users with full control on a SharePoint 2013 Sub site from SharePoint Object Model in C#
If I have a sub site URL and a user with Site Admin, can I list all users in that sub site that have Full Control at that level?
Any C# code sample?Still you can do that, just pass the subsites to your code and from their you can find the users dynamically.
You could also use SPWeb.Users property to get users assigned to a subsite
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.users(v=office.15).aspx
alternatively you can also use SPWeb.SiteUsers to get all users
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.siteusers(v=office.15).aspx
other APIs of help-
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.associatedmembergroup(v=office.15).aspx
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.associatedownergroup(v=office.15).aspx
http://sharepoint.stackexchange.com/questions/101671/object-model-list-all-users-with-full-control-on-a-sub-site-in-sharepoint-2013
Hope this helps!
Ram - SharePoint Architect
Blog - SharePointDeveloper.in
Please vote or mark your question answered, if my reply helps you -
PS Script to find the list of users and the groups in a Workgroup server
Hi There, could you please explain on how to get a complete list of local users and local groups in a "Workgroup" server to which they belong to using Powershell. I'm able to get the users list but couldn't find any help in finding
the script to find to which localgroup the user belong to. Anticipating your response. Also let me know the cmdlet for Win2k3 servers to find the same.Here's some code from David Pham (don't remember wher I fund this code):
Trap {"Error: $_"; Break;}
Function EnumLocalGroup($LocalGroup)
$Group = [ADSI]"WinNT://$strComputer/$LocalGroup,group"
"Group: $LocalGroup"
# Invoke the Members method and convert to an array of member objects.
$Members= @($Group.psbase.Invoke("Members"))
ForEach ($Member In $Members)
$Name = $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
$Name
# Specify the computer.
$strComputer = gc env:computername
"Computer: $strComputer"
$computer = [adsi]"WinNT://$strComputer"
$objCount = ($computer.psbase.children | measure-object).count
$i=0
foreach($adsiObj in $computer.psbase.children)
switch -regex($adsiObj.psbase.SchemaClassName)
"group"
{ $group = $adsiObj.name
EnumLocalGroup $group }
} #end switch
$i++
} #end foreach -
How can I get a list of users with reset password ability?
We are trying to tighten our security, but thanks to the environment we are in this is a bigger task than it should be. As part of this I have been asked to get a list of users who have the ability to reset other users passwords. there are the obvious suspects,
domain admins, service desk etc., but we also appear to have random people who can do this because of a requirement during test or development stages way back. Is there a way to get this, I looked at using powershell but there doesn't seem to be much out there
to give me a pointer, things like ADManager+ do not work, when I try to search on permissions it sits there doing nothing then crashes.
Is there a way to build a function using powershell that can do this or is there some third party cmdlet or app that will provide me this info?
Any help gratefully accepted.Hi,
Based on my knowledge, except for those default groups users, such as domain admins and enterprise admins and so on, have reset password ability for other users, we can use delegation control to give other common users permissions to reset password for others,
to view or delete Active Directory Delegated Permissions, please go through the below article:
https://social.technet.microsoft.com/wiki/contents/articles/6477.how-to-view-or-delete-active-directory-delegated-permissions.aspx
And if you were editing single user's security tab to give specific users reset password permissions, then I think we should create a script to get all those users, for scripting, please also post in the official scripting guys forum:
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
Regards,
Yan Li
Regards, Yan Li -
Hi guys,
I need to write some code that returns a list of Users that belong to a particular group, using pt 5. This has been asked in lots of different posts but no answer has been given. There must be a way to do this somehow.
Should I be doing an IPortalSearchRequest and then filtering by group? I can't work out how to do this, or even if it is possible. Or should I be using the IUserGroupManager interface? It does not seem to be documented anywhere.
I do not want to resort to reading the PlumTree DB but it looks like I may have to. Obviously this defeats the whole point of the API - but considering this changed from 4.5 to 5 maybe this is not a problem!Also check these other two posts. If the gateway blows up the links I'm sticking in below, just use the general portal search to look for "QueryUsers"
http://portal.plumtree.com/portal/server.pt?in_hi_req_objtype=18&in_hi_req_objtype=17&in_hi_req_objtype=1&in_hi_req_objtype=512&in_hi_req_objtype=43&in_hi_userid=281772&in_hi_req_bbs=1&in_hi_req_thesaurus=1&space=SearchResult&in_hi_req_spell=1&parentid=1&cached=false&control=searchstart&in_hi_req_gadsrchtype=bannersearch&in_hi_req_initialsearchstring=QueryUsers&in_hi_req_page=50&in_tx_query=QueryUsers&in_hi_req_lang=en&parentname=SearchResult#
http://portal.plumtree.com/portal/server.pt?in_hi_req_objtype=18&in_hi_req_objtype=17&in_hi_req_objtype=1&in_hi_req_objtype=512&in_hi_req_objtype=43&in_hi_userid=281772&in_hi_req_bbs=1&in_hi_req_thesaurus=1&space=SearchResult&in_hi_req_spell=1&parentid=1&cached=false&control=searchstart&in_hi_req_gadsrchtype=bannersearch&in_hi_req_initialsearchstring=QueryUsers&in_hi_req_page=50&in_tx_query=QueryUsers&in_hi_req_lang=en&parentname=SearchResult# -
Initial Load - AS ABAP - getting only user with a group
Hi,
when i start initial load, i just get users with groups. Is that standard?
Br,
PhilipFirst of all - you'll need to familiarize yourself with the database for effective learning and debugging. I'm talking about the MS-SQL or Oracle-DB where you installed the IC-schema. It often helps me to understand whats going on behind the scenes.
Secondly - I read some of your posts - I would advise you to install the dispatcher and everything on the server where the DB is hosted - at least as long as you're in development. The MMC can still be on your local pc/laptop, although some things won't work well there (Import, Dispatcher-Status, ...). This'll ease things a lot I suppose.
About the service-user... SAP delivers a role you can import into PFCG (SAP_BC_SEC_IDM_.SAP-File in misc-folder of installation media). This role should be sufficient for your communication user, is updated every now and then and contains only the necessary permissions. Maybe you'll have to extend it (Z_SAP_) in case you want to read special tables not supported by the SAP framework (e.g. license data).
I can hardly believe that the current role assigned to your user only has permissions to users with groups != empty
By now I have no clue why you only see users in IdM with groups assigned in SU01... look up the SQL-table I mentioned if there are more users.
BR
Michael -
How to get list of users with access of MM01 (create & change)
Hi all,
i have to take out list of user having access for MM01 (create material), when i use SUIM to get the list it shows all the list of users including the users with DISPLAY & CHANGE, but i want only those users who had the access of CREATE & CHANGE.
please help out me, its very urgent.
Thanks & Regards
Syed..Hi Syed,
You can try to get it from S_BCE_68001398. Key in the required transaction code.
Thanks and Regards
Points reward is much appreciated -
List of Users with access per dashboard
Hi,
Please is there any report, file or table in the DB that I can query to get the list of users who have been granted access permissions per dashboard or page ?
Thanks.Oracle Business Intelligence Product Version 10.1.3.4 (Build 080726.1900)
-
Uploading list of user to single group
hi,
i want to add 500 users to one group,can any one tell me,how to do it in the simple way.
thanks in advance.
Regards,
Ravi.Hi Ravi,
what kind of UME data source (DB, LDAP, ...) do you use. Depending on the UME data source you have got different options. For example most LDAP products support batch group assignment.
But as Michael said, you can always use the text-based UME object import tool. You will find it in the portal under => User Administration => Import.
You will find more information about the tool in the <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/index.htm">SAP Library</a>. Search for "UME object import tool" and have a look into the group section.
Best regards,
Martin -
Hi,
I wonder why in all existing users lists I know I don't see the user group they are assigned to.
I have no problem to get the users by user group (su10) but what I need is a list of all users (name,adress,...) + user group they are created in.
I have tried RSUSR002 without success.
By the way, what's the difference between "Group for Authorization" and "User Group (General)". My user groups appear in both.
Thanks in advance to help a security officer rookie.
Regards,
JulienHi julien,
Please have a look at BAPI_USER_GET_DETAIL. Its a function module so execute it using se37.
i.e., SE37->BAPI_USER_GET_DETAIL->EXECUTE.
Type the userId in the Username field (In Import Parameters), than execute. Expand LogonData (In export parameters), this would display the usergroup as well.
Please award points if it is useful.
Thanks & Regards,
Santosh -
I am updating roles and would like to use the [me] and [my group] tokens for views. I am planning on updating all the templates to specify an ad group in the "Assigned to User" field that corresponds to the appropriately selected support
group. I would like to avoid having the "Assigned to User" blank (this could happen either via using a generic template, or when re-assigning workitems) so I think I need a workflow to remediate any workitems that have no Assigned to Users.
There does not seem to be an easy way to do this just with a workflow configuration. Do I need to create a workflow with the authoring tool? Can I create a workflow that will compare a support group (enumeration?) and assign an appropriate
AD group?probably the easiest way to do this would be to create a console workflow that runs on create (or update, if you want this to be reoccurring) and checks for the looks for the Display Name of the Assigned to user. This would only be populated if there was
a legitimate user, and would be null otherwise.
you could create console workflows for each support group (i.e. If Supportgroup = NumberA and AssignedtoUser.Displayname is blank) that applies a template that contains the correct user or group for that support group enum.
other options are available, so let us know what you're ideal conditions are. -
List all users with no permissions?
Hello, is there a way to get a list of all users within a DB that have not been assigned permissions/roles?
Thanks in advance.There may be a chance this users may have fixed server role.
to get complete list you can try the below query
DECLARE @DBuser_sql VARCHAR(4000)
DECLARE @DBuser_table TABLE
DBName VARCHAR(200),
UserName VARCHAR(250),
LoginType VARCHAR(500),
AssociatedDatabaseRole VARCHAR(200)
SET @DBuser_sql='
SELECT ''?'' AS DBName,a.name AS Name,
a.type_desc AS LoginType,
USER_NAME(b.role_principal_id) AS AssociatedDatabaseRole
FROM ?.sys.database_principals a
LEFT OUTER JOIN ?.sys.database_role_members b ON a.principal_id=b.member_principal_id
LEFT OUTER JOIN ?.sys.server_role_members c ON a.principal_id=c.member_principal_id and a.principal_id=c.member_principal_id
WHERE a.sid NOT IN (0x01,0x00) AND a.sid IS NOT NULL AND a.type NOT IN (''C'')
AND a.is_fixed_role <> 1 AND a.name NOT LIKE ''##%'' AND ''?'' NOT IN (''master'',''msdb'',''model'',''tempdb'')
ORDER BY Name'
INSERT @DBuser_table
EXEC sp_MSforeachdb @command1=@dbuser_sql
SELECT DBName,UserName,LoginType,
max(case when AssociatedDatabaseRole ='db_owner' then '1' else '0' end )'db_owner',
max(case when AssociatedDatabaseRole ='db_securityadmin' then '1' else '0' end )'db_securityadmin',
max(case when AssociatedDatabaseRole ='db_accessadmin' then '1' else '0' end )'db_accessadmin',
max(case when AssociatedDatabaseRole ='db_backupoperator' then '1' else '0' end )'db_backupoperator',
max(case when AssociatedDatabaseRole ='db_ddladmin' then '1' else '0' end )'db_ddladmin',
max(case when AssociatedDatabaseRole ='db_datareader' then '1' else '0' end)'db_datareader',
max(case when AssociatedDatabaseRole ='db_datawriter' then '1' else '0' end) 'db_datawriter',
max(case when AssociatedDatabaseRole ='db_denydatawriter' then '1' else '0' end )'db_denydatawriter',
max(case when AssociatedDatabaseRole ='db_denydatareader' then '1' else '0' end )'db_denydatareader',
max(case when AssociatedDatabaseRole is NULL then '1' else '0' end )'No Roles'
FROM @DBuser_table
group by DBName,UserName,LoginType
-----Server Roles
SELECT sp.name AS LoginName,sp.type_desc AS LoginType, sp.default_database_name AS DefaultDBName,slog.sysadmin AS SysAdmin,slog.securityadmin AS SecurityAdmin,slog.serveradmin AS ServerAdmin, slog.setupadmin AS SetupAdmin, slog.processadmin AS ProcessAdmin, slog.diskadmin AS DiskAdmin, slog.dbcreator AS DBCreator,slog.bulkadmin AS BulkAdmin
FROM sys.server_principals sp JOIN master..syslogins slog
ON sp.sid=slog.sid
WHERE sp.type <> 'R' AND sp.name NOT LIKE '##%'
OR
You can also the refer below link
http://consultingblogs.emc.com/jamiethomson/archive/2007/02/09/SQL-Server-2005_3A00_-View-all-permissions--_2800_2_2900_.aspx
--Prashanth -
List of materials with valid Group Counters (No. of valid routing variant)
Hi,
do you know, how to get a list of the materials together with the information, what Group Counter is currently valid? That means if a material have 3 variants of routings, to show for example that the variant number 3 is currently valid.
Thank you in advance.
IvanaHi Sankaran,
this is a great tip. I tried it but it seems that our engineering has some "strange" rules for creating of the group counters. There were several group counters for one material that had the same Valid From date:-( I will have to discuss with them, why they do so.
However thank you very much for your help. I´m satisfied what I got from the C223 transaction.
Have a nice day.
Ivana
Maybe you are looking for
-
How to include a system for a configured Domain
Hi, Pls suggest how to include a preproduction system into a Development-->Production System Configuration in TMS. I have configured already as Development-->productions configuration settings and make production as Domain Controller. Now i want to i
-
Hi All I have parent and child entity services in CAF. Now I want to first create parent ,generate some ids and then save child with reference to the parent Id. Now if I have some problem in saving child then I want complete rollback , I mean I want
-
Hi everybody, I am starting with a tutorial of BSPs and I am having a problem. I have followed all the steps that the tutorial says but when I want to see the BSP application I don't have anything in the browser. It is like nothing was found. Everyth
-
Can someone just spell it out for me? Going from FCP HD to DVD SD :-(
Hey folks. I hate to come here and ask a gargantuan number of questions, but this has been driving me out of my mind. I've tried asking specific question in hopes of simply finding one little problem that will fix my woes, but now it has come to this
-
If there are other copies of Firefox running, do not know how to check.