Managing User - Data Access Privileges in DRM ?

The idea has arisen that DRM may be an option for managing user access privileges - i.e. which Accounts and/or Entities they might have access to in HFM and Planning?
The idea being that users are created as a "dimension" in DRM with relationships being created between the User Dimension and the Entity / Account Dimension for access privileges?
DRM woul then generate the security profiles for uploading into HFM and Planning.
Wondering whether anyone else has entertained this idea?
Thanks in advance for any thoughts

Yes, we played around with the idea as well but eventually refrained from using it because the Shared Services user/role management system is more project/app specific and the admins were more well versed with that. For example, roles related to Financial Reporting priveledges etc. could be done better using Shared Services rather than DRM.
However, metadata based user management can be done well using DRM.

Similar Messages

  • Http: 404 when starting 'manage user data' in EBP/SRM for the firs time.

    We are customizing SRM 3.0 EBP 4.0 with SAPKU40005.
    When we tried to create the first users we started to receive the following error 'http: 404 Page not Found' when starting 'manage user data'. (URL: http://[server]/sap/bc/bsp/bbpusermaint/!?client=400&language=EN&~logingroup=SPACE&addSession=1&parentBbpSession=SRP:[server]:0000.0005.d5ffd7b2.d87e
    I've created the ADMIN user in the SU01 transaction. When logon in mySRM browser with this or any administrator user and try to 'manage user data' i get this error.
    I've looked in the '(...)inetpub\wwwroot\sap' directory and didn't found any 'bc/bsp/...' directory.
    Can someone please give me an hint ....
    Tanks

    Hello Carlos,
    the BSP Framework you are now in has nothing to do with the ITS stuff like inetpub or wwwroot.
    Get the docu for Web AS 6.20 and have a look into transaction SICF. There you can activate your application: follow the path sap/bc/bsp/bbpusermaint, right mouse click on the "node" and say activate.
    This maybe solves your problem. But read a little bit of the doco on Internet Communication Framework (TX SICF) first.
    Regards, Bernd

  • "Manage User Data" option is not available in browser.

    HI Experts,
    I am trying to create a user for my organization using one documentation available with me in SRM from web browser.
    It says that we have to select "Manage Business Data" in the launch pad, but my problem is that,This option is not available in the web browser when i login.
    Kindly let me know the roles requires for the same.
    Also any settings need to be done in SICF to run it successfully.
    Thanks In Advance.

    The wordings in the Document is "Manage User Data" and not "Manage Employee Data",
    I know that its completely on roles thats why i have given that user almost all the roles which i am aware.
    Here is the list of it.
    SAP_BBP_STAL_ADMINISTRATOR
    SAP_BBP_STAL_EMPLOYEE
    SAP_BBP_STAL_MANAGER
    SAP_BBP_STAL_OPERAT_PURCHASER
    SAP_BBP_STAL_PURCHASER
    SAP_BBP_STAL_STRAT_PURCHASER
    SAP_EC_BBP_EMPLOYEE
    SAP_EC_BBP_MANAGER
    SAP_EC_BBP_RECIPIENT
    SAP_EC_BBP_SECRETARY
    In fact there are many other roles which is given but this option is not visible.

  • Managing users (Back-end v/s Front-end)

    h3. Dear oracle gurus
    What is the better option ?
    creating and managing users(data-entry operator/system operator/managers [100+]) through:
    creating users + roles ( complete access/restrictions in Back-end )
    or
    creating table for log-on/log-off and access of forms (restriction) coded in front-end
    Back-end: 10g
    Front-end: Form6i

    Hi InoL,
    I totally agree with what you wrote, but the licensing part is confusing.
    I.m.h.o. there is no link between NUP license and DB defined users.
    Oracle will count DB users or Application as the same.
    This is what Oracle says:
    Licensing a multiplexing environment: If Oracle software is part of an+
    environment in which multiplexing hardware or software, such as a TP monitor
    or a web server product, is used, then all users must be licensed at the
    multiplexing front end.   Alternatively, the server on which the Oracle programs
    are installed and/or running may be licensed on a per Processor basis. Please
    refer to the “Software Investment Guide” for examples.
    Can you define your users by name then NUP is an option.
    Otherwise it has to be a Processor metric license (as with a public Web application)

  • User accounts, directory structures and selective access privileges

    Bought a new MacBook Pro back in April and only now am I getting down to using it. I was thinking of creating the following user accounts in the hope of creating a scheme that allows selective access to certain folders:
    Root -a super user account
    Admin - I don’t think I should be logged in as the administrator all the time
    Jai Gill - my main account with all my work files including client information that is organised in a Workflow folder containing a Projects folder and a Clients folder (within which, each of my clients has a folder)
    Show Time - a secure Simple Finder type account for when I am running a client specific presentation or workshop to ensure all data for other clients is kept secure and away from prying eyes.
    When using the Show Time account, I would like to set it up so that only those files relating to the client in question are available for use. For instance, if I am running a workshop for Client G, I only want the folder for Client G available for use in this account and not any other clients. A few hours or days later, this could change to Client B or F or J etc so I need a way to easily secure the current client’s data and switch over to the other client’s data i.e., put away work and pull up new work.
    Would it be possible to create a scheme using aliases placed in Show Time’s Documents folder pointing at a client folder in my documents folder to allow this to happen? Would I have to create a group with the right access privileges to enable this to happen? Or is there an alternative method based on using the Shared files folder and some sort of script or application to create a duplicate of a client folder and use a scheme to synchronise it with the original client folder?
    Is this possible in Mac OSX? Any thoughts? Ideas? Applications/utilities that already enable this to happen?
    MacBook Pro   Mac OS X (10.4.9)  

    Hi Kiraly
    I cracked it today. Took a couple of hours to figure out some idiosyncrasy but I'm now set.
    Here's what I did:
    1. Got a copies of Sharepoint, Workgroup Manager and ChronoSync.
    2. Logged into the MacBook Pro as myself, went into System Preferences and used the normal approach to set up an account for a user called Show Time
    3. Using Workgroup Manager, created an addition workgroup called macshow
    4. Made myself and Show Time members of macshow
    5. Attached the MBP to my G5 using my 2gen iPod's FireWire cable and cranked it up in target disk mode
    6. Using ChronoSync, did a 'bi-directional' synchronisation of my Workflow folder into a location in the MBP's Shared folder (going to do this all the time)
    7. Shut down, detached then restarted the MBP and logged on as myself.
    8. Located the Workflow folder in the Shared folder and by getting information, set that folder and all it's contents to be owned by me but accessible and R/W for the group macshow
    9. Went two levels into the Workflow folder [Workflow/4 Delivery/Client T] and using SharePoint, made the folder Client T accessible to the group macshow.
    10. Logged in as Show Time and accessed the Shared folder to find that my scheme had worked and I had access to the folder for Client T and all it's contents.
    11. Logged out and went back in under my ID and now using System Preferences, crippled the Show Time account down to Simple Finder with access limited to just a handful of applications like KeyNote, Word, Excel, Powerpoint and Safari.
    12. Went back in as Show Time and it went into Simple Finder and thereafter, everything works great. Workflow showed up as did the folder for Client T plus all its contents. Opened a few documents and presentations and they wrked great.
    New learning points for me:
    1. I had to log out then log back in to make the access privileges stick when using the Show Time accounts
    2. A number of locked Excel files prevented access privileges being set - had to locate and unlock each
    3. Using both SharePoint and Workgroup Manager may be seem to be overkill but it works as these two applications helped in getting the groups sorted out as well as access to a specific folder.
    The best part of the above scheme is that I can at anytime, using SharePoint, change the client folder being shared with the user Show Time through the use of the group macshow i.e., change Client T back to my group and then pick say Client J or any number of other client folders and assign them to the group macshow.
    Thanks to you and the others who have posted on this and all other threads on this topic, I have sorted this out in one go.
    Jai
    PS in case you're wondering why it took me so long to get down to do it, it is something called client work. And may there be more of it too!
    iMac G5 and MacBook Pro   Mac OS X (10.4.10)   MacUser since 1984

  • JES Access Manager User Creation for Messanger

    Hi Everyone
    I installed JES 2005 Q4 on Solaris 10 x86 with schema 2 and Access Manager 7. The Directory Tree is as follows:
    Sol1.nucleussoftware.com:389
    dc=nucleussoftware,dc=com (34 acis)
    DSAME Users
    Internet
    People
    Groups
    Client Data
    services
    nucleussoftware.com
    People
    Groups
    o=Netscape Root (3 acis)
    cn=Schema (6 acis)
    cn=monitor (5 acis)
    cn=config (4 acis)
    Organization DN when I ran "configutil" after running comm_dssetup.pl, was specified o=nucleussoftware,dc=nucleussoftware,dc=com
    This is fresh installation and not any migration.
    Now I create user from Access Manager, http://sol1.nucleussoftware.com/amserver
    There are two organizations 1. Nucleussoftware and 2. Nucleussoftware->nucleussoftware.com
    So I have two locations to create users in People.
    When I create user from Access Manager and try to login into WebMail, I get Login Failed.
    But when I open "startconsole" or "mpsconsole" and open Messaging Server Console and in new user's property, Account Attribute, I mark the check box, and now try to login into WebMail, I get error message, "Mailbox is on a different server".
    I am missing one attribute that I used to get with schema 1 on iPlanet 5.2 for any user, Mail Server Address.
    Please tell me the exact method of creating a user for Messaging.
    Regards
    Amit Bist

    Access Manager was never intended to create working mail users. The Delegated Admin package is provided as part of JES, and that's what it is for, to manage users and groups. There's both a web interface, and a command-line interface, "commadmin"
    Or, you can examine the ldap entries for the automatically created accounts, and duplicate that. Messaging doesn't really care how the ldap entries get done, just so that they are done correctly.

  • Multi user application control data access

    Dear all,
    i am using Oracle Developer Suite 10g and database 10g, windows xp plate form.
    i want to develop multi user application regarding education.
    i have two questions.
    1. i take a start from creating an HR database which have 30 tables.
    this database has 10 users.
    the users will log on from their own schema.
    how they will access the HR schema?
    should i create a public synonym for each table in the HR Schema?
    or should i create a view for each table in each user schema?
    or should i grant select,insert,update etc to each user on HR schema?
    2. i want to control the data access for each user.
    i.e. every student could access his own academic record. each teacher access his own related record, the manager the owner and so on.
    how to accompolish this task? oracle roles are not sufficient for this purpose.
    Your help is highly appriciated.

    How about you start with the basic stuff, like the 2 days developers guide:
    http://www.oracle.com/pls/db112/to_toc?pathname=appdev.112/e10766/toc.htm
    and make it to the advanced developers guide:
    http://docs.oracle.com/cd/E11882_01/appdev.112/e25518/toc.htm
    and work your way through the concepts manual:
    http://www.oracle.com/pls/db112/to_toc?pathname=server.112/e25789/toc.htm
    and everything else which sounds interesting to you in here:
    http://www.oracle.com/pls/db112/portal.portal_db?selected=5&frame=
    As for your first question this should be covered here:
    http://docs.oracle.com/cd/E11882_01/network.112/e16543/authorization.htm#BABHFJFJ
    i want to control the data access for each user.This is also documented:
    http://docs.oracle.com/cd/E11882_01/network.112/e16543/vpd.htm#CIHBAJGI
    cheers

  • Unable to connect to the Data Access service for this management server

    Hate to raise a sleeping horse but was hoping someone might have some insight into why SCOM Report Server install is failing. I am using a domain account for SCOM 2012 R2 services in a distributive environment
    with 2 management servers and 2 SQL servers…one for Ops db and one for DW db.
     Install was failing on selecting the management server. Research led me to
    Kevin Holman's site. I followed his doc and SPN are set per your config and can telnet to MGMT1 on 5723…firewall is off on all servers. I am a domain admin and scom.mgmt account (MSOMSdkSvc) is a local admin on the MGMT servers.
    >setspn -l domain\scom.mgmt
    Registered ServicePrincipalNames for CN=scom.mgmt,OU=Service Accounts,DC= domain,DC=net:
    MSOMSdkSvc/SCOM-MGMT1
    MSOMSdkSvc/SCOM-MGMT1.domain.net
    MSOMSdkSvc/SCOM-MGMT2
    MSOMSdkSvc/SCOM-MGMT2.domain.net
    >setspn -l domain\scom-mgmt1
    Registered ServicePrincipalNames for CN=SCOM-MGMT1,OU=SCOM,OU=INTERNAL,DC=domain,DC=net:
    MSOMHSvc/SCOM-MGMT1.domain.net
    TERMSRV/SCOM-MGMT1.domain.net
    WSMAN/SCOM-MGMT1.domain.net
    RestrictedKrbHost/SCOM-MGMT1.domain.net
    HOST/SCOM-MGMT1.domain.net
    MSOMHSvc/SCOM-MGMT1
    TERMSRV/SCOM-MGMT1
    WSMAN/SCOM-MGMT1
    RestrictedKrbHost/SCOM-MGMT1
    HOST/SCOM-MGMT1
    >setspn -l domain\scom-mgmt2
    Registered ServicePrincipalNames for CN=SCOM-MGMT2,OU=SCOM,OU=INTERNAL,DC=domain,DC=net:
    MSOMHSvc/ SCOM-MGMT2.domain.net
    MSOMHSvc/ SCOM-MGMT2
    WSMAN/SCOM-MGMT2.domain.net
    WSMAN/SCOM-MGMT2
            TERMSRV/SCOM-MGMT2.domain.net
    TERMSRV/SCOM-MGMT2
    RestrictedKrbHost/SCOM-MGMT2
    HOST/CHH-SCOM-MGMT2
    RestrictedKrbHost/CHH-SCOM-MGMT2.osi-asp.net
    HOST/CHH-SCOM-MGMT2.osi-asp.net
    >setspn -l domain\scom-ssrs
    Registered ServicePrincipalNames for CN=SCOM-SSRS,OU=SCOM SQL,OU=SCOM,OU=CHH-INTERNAL,DC=domain,DC=net:
        WSMAN/SCOM-SSRS
    WSMAN/SCOM-SSRS.domain.net
    MSSQLSvc/SCOM-SSRS.domain.net
    MSSQLSvc/SCOM-SSRS.domain.net:1433
        TERMSRV/SCOM-SSRS.domain.net
    TERMSRV/SCOM-SSRS
    RestrictedKrbHost/SCOM-SSRS
      HOST/SCOM-SSRS
    RestrictedKrbHost/SCOM-SSRS.domain.net
    HOST/SCOM-SSRS.domain.net
    When I point to the MGMT server, I keep getting “Unable to connect to the Data Access service for this management server. Ensure the Data Access service is running and that the service, the management group, and setup are
    all the same version”.
    OpsMgrSetupWizard.log states…
    Info:     
    :Could not connect to Management Server: scom-mgmt1.domain.net with exception: Threw Exception.Type: System.ArgumentException, Exception Error Code: 0x80070057, Exception.Message: Version string portion was too short or
    too long.
    Info:     
    :StackTrace:   at System.Version.TryParseVersion(String version, VersionResult& result) at System.Version..ctor(String version) at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.IsManagementServerCurrentVersion(String
    managementServer) at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.CanConnectToManagementGroup(String managementServer)
    When I searched on "Exception.Message: Version string portion was too short or too long" it led me to .Net strings in the reg. i deleted all refs to older versions (3.x) but still no good.
    Bob

    Well, I’m back to trying to get SCOM Report Server up and running. This time I decided to try the command line silent install and rely on logs to debug. But it still fails.
    This is the script: SETUP /install /InstallPath:D:\Program Files\Microsoft System Center 2012 R2\Operations Manager /components:OMReporting /ManagementServer:<server>.<domain> /SRSInstance:<instance> /DataReaderUser:<domain>\<account>
    /DataReaderPassword:******** /SendODRReports:0 /UseMicrosoftUpdate:0 /AcceptEndUserLicenseAgreement:1
    When I run the script, I get a pop-up: “System CenterOperations Manager Setup has stopped working with the following:
    Problem signature:
    Problem Event Name:                       
    CLR20r3
    Problem Signature 01:                      
    setupchainerui.exe
    Problem Signature 02:                      
    7.0.5000.0
    Problem Signature 03:                      
    522a5b85
    Problem Signature 04:                      
    mscorlib
    Problem Signature 05:                      
    4.0.0.0
    Problem Signature 06:                      
    53b4fc1e
    Problem Signature 07:                      
    e4d
    Problem Signature 08:                      
    5a
    Problem Signature 09:                      
    System.FormatException
    OS Version:                                         
    6.1.7601.2.1.0.274.10
    Locale ID:                                            
    1033
    Additional Information 1:                 
    4911
    Additional Information 2:                 
    49111a576c61a461b7f2900e4224563c
    Additional Information 3:                 
    a1e6
    Additional Information 4:                 
    a1e62e9c159c1d7601a31ccff83dbf94
    App Event Log:
    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name=".NET Runtime" />
    <EventID Qualifiers="0">1026</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-29T19:02:39.000000000Z" />
    <EventRecordID>4999</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERVER NAME</Computer>
    <Security />
    </System>
    - <EventData>
    <Data>Application: SetupChainerUI.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception.
    Exception Info: System.FormatException Stack: at Microsoft.SystemCenter.Essentials.SetupFramework.Program.Main()</Data>
    </EventData>
    </Event>
    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-29T19:02:41.000000000Z" />
    <EventRecordID>5000</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERVER NAME</Computer>
    <Security />
    </System>
    - <EventData>
    <Data>SetupChainerUI.exe</Data>
    <Data>7.1.10226.0</Data>
    <Data>522a5b85</Data>
    <Data>KERNELBASE.dll</Data>
    <Data>6.1.7601.18409</Data>
    <Data>5315a05a</Data>
    <Data>e0434352</Data>
    <Data>000000000000940d</Data>
    <Data>a64</Data>
    <Data>01d03bf626a03a7a</Data>
    <Data>C:\Users\USER NAME\AppData\Local\SCOM\Setup\SetupChainerUI.exe</Data>
    <Data>C:\Windows\system32\KERNELBASE.dll</Data>
    <Data>65be21be-a7e9-11e4-a4d7-005056966e1b</Data>
    </EventData>
    </Event>
    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-29T19:03:27.000000000Z" />
    <EventRecordID>5001</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERVER NAME</Computer>
    <Security />
    </System>
    - <EventData>
    <Data />
    <Data>0</Data>
    <Data>CLR20r3</Data>
    <Data>Not available</Data>
    <Data>0</Data>
    <Data>setupchainerui.exe</Data>
    <Data>7.0.5000.0</Data>
    <Data>522a5b85</Data>
    <Data>mscorlib</Data>
    <Data>4.0.0.0</Data>
    <Data>53b4fc1e</Data>
    <Data>e4d</Data>
    <Data>5a</Data>
    <Data>System.FormatException</Data>
    <Data />
    <Data />
    <Data>C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_setupchainerui.e_9724aaa8eec4ffba07c27fea369e612e949d75_5b269652</Data>
    <Data />
    <Data>0</Data>
    <Data>65be21be-a7e9-11e4-a4d7-005056966e1b</Data>
    <Data>0</Data>
    </EventData>
    </Event>
    OpsMgrSetupWizard.log
    [13:48:16]:          
    Error:     :Uncaught Exception: Threw Exception.Type: System.FormatException, Exception Error Code: 0x80131537, Exception.Message: Input string was not in a correct format.
    [13:48:16]:          
    Error:     :StackTrace:  
    at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
       at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
       at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
       at Microsoft.SystemCenter.Essentials.SetupFramework.PropertyBagDictionary.GetProperty[T](String property)
       at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.ValidateBureaucraticSwitches()
       at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.RationalizeCommandLineArguments.ValidateSilentInstallCommandLineOptions()
       at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.RationalizeCommandLineArguments.Rationalize()
       at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.RationalizeGeneralInstall()
       at Microsoft.SystemCenter.Essentials.SetupFramework.Program.RationalizeInstall()
       at Microsoft.SystemCenter.Essentials.SetupFramework.Program.Main()
    Any ideas? I feel like I’m just going in circles…Bob

  • How to access user data in Lion partition from Snow Leopard?

    How do I access data residing on my Lion partition from the Snow Leopard partition, ie when I boot from the 10.6 partition?
    I have an account on the Lion partition and one on the Snow Leopard partition, with the same short name.
    But if I try to access the data residing on the Lion partition (under my user directory) from Snow Leopard , it says I do not have sufficient privileges.
    How do I best solve this issue?
    My user data basically all resides in the Lion partition, the only reason for keeping the Snow Leopard partition is a programme that has not yet been updated to Lion compatibility, and will not be for another two months. I have to use it daily (until the update).
    TIA
    Marc

    That was too easy :-)
    Thank you.
    As an added quirk I had to open the package with the data files (by right-click, show package contents) and manually change the permissions on the four contained files. I had expected that to happen automatically when changing the packages' permissions.

  • How to get Current Log in BO user name in data access driver

    In universe, to get the current log in user is via @Variable('BOUSER').
    Right now, I need to be able to get the user name in the data access driver. I am writing a customized data access driver because we need to patch some where clause on the the query generated by the universe based on the logged-in user info. I only think of using end_sql parameter or adding an universe level filter to patch the @Variable('BOUSER') to the query, which would not work if user want to use customized query.
    Can anyone tell me how to get currentBO user name from connection server ? or how @Variable('BOUSER') is translated into the logged-in user name in the universe?

    Shweta,
    The link you provided was the Auditor guide for BO 6.x, I'm not sure it that is going to help Karen or not.
    Karen,
    There is function called connection
    (usage:  =connection([Query Name]), where [Query Name]
    denotes the name of the tab for the query under Edit Query)
    Here is some of the output from connection:
    4;ODBC18;MS SQL Server 2000166; VERSION=7; USER=xxxxx;
    PASSWORD=; DBTYPE=Relational; DATABASE=xxx_xxxx;
    ODBC_USER=xxxxxx; ODBC_PASSWORD=; BO_DSN=xxxx_xxxx;
    BO_DRV_CONNECT_MODE=0; 224; VERSION=6; Name=xxxxx; Shared=4;
    LoginTimeout=600; Timeout=600; Pool Time=60; Array Fetch Size=10;
    Array Bind Size=5; RecommendedLenTransfert=1000; Password_Encryption=x;
    AliasTable=; MeasureDimension=; Hint=; ConnectInit=; ArrayFetch=1;
    I'm not sure if this info helps out either, being that connection provides info on a post-processing basis and it sounds like you need to get out ahead of the SQL generation.  The @variable('bouser') would seem like the place to be, however, in allowing custom SQL to take place you loose the bouser due to an individual could customize the SQL to the point that it gets unwantingly yanked out.  The end_sql might be your answer...
    Thanks,
    John

  • How to get current logged-in user name in data access driver or in universe

    In universe, to get the current log in user is via @Variable('BOUSER').
    Right now, I need to be able to get the user name in the data access driver. I am writing a customized data access driver because we need to patch some where clause on the the query generated by the universe based on the logged-in user info. I only think of using end_sql parameter or adding an universe level filter to patch the @Variable('BOUSER') to the query, which would not work if user want to use customized query.
    Can anyone tell me how to get currentBO user name from connection server ? or how @Variable('BOUSER') is translated into the logged-in user name in the universe?

    I do not know your EJB Service. But you should pass the credentials of the current logged on portal user to your service. That's not by default I think.
    I had a similar problem with CAF developed webservices. I had to turn on permission checks in my web service and passed the credentials via logon ticket.
    Regards, Bernd

  • Access enforcer and User Data Source for HR

    We are on Access Enforcer 5.2 - service pack 2:
    My problem is that when creating a new request in AE, I able to get a list of all users when I point my User Data Source to either SAP or UME. However when I attempt to create a request whilst pointing the User Data Source at the SAPHR system, I do not get any users back (and we have user set up in the SAP HR system).
    I’ve changed the connector to ‘YES’ under the HR System box, I’ve changed the Data Source Type and Details Source Type to point at the SAPHR and still it fails to fetch any users.
    I've tried looking at the log, but can't get much out of it.
    I would appreciate it, if anyone could provide any assistance.
    Thanks you in advance.
    Amarjit
    Message was edited by:
            amarjit singh

    Hi Micheal,
    Thanks for your reply.
    I'm pointing both Data Source Type and Details Source Type to the same system SAPHR and to the same system name (which is our dev system)
    Regards,
    Amarjit

  • User Data Source - Access Enforcer

    Hi,
    I currently have my User Details Data Source and Search Data Source in AE pointed to the UME. In the UME I have my requestors and approvers set up. However when I go to raise a request to change a user account and want to search for an SAP user, the search only returns the requestors and approvers set up in the UME and does not show user data from SAP. How can set up AE so that it shows me user data from SAP and requestor/approver data from the UME?
    Thanks,
    Gary

    What you can do is... to point your UME to your SAP system,  where you can find all users.....
    And keep your configuration of AE the way you have it....
    Another way is, to change your configuration of User Details Data Source pointing to SAP.
    Youy User Details Data Source have to point to the system that have all the new users....
    For example, in my company before giving the SAP access we give LDAP access, so my User Details Data Source  are pointing to my LDAP system.... this way i can find easily the  user that need to request access..
    Hope this help.
    Regards,

  • Managing users to provide access on multiple lists having unique permissions.

    I have 20 lists in a site coll and all are having unique permissions and the reason of why i have stop inheritance is to not giving users edit access on site pages but should have full access on lists. If i used inherited permission and want to give full
    access to list, i have to check 'manage lists' in the permission level which provides user edit permission or some unauthorized access in to the page.
    So, because in order to overcome this i have created two permission level: for
    page view & for list/library view and stop inheritance on library and give users
    list/library view access in it to let them access the lists/library.
    it makes the management very high in terms of new user access. For this i have to go to  more than 20 places and grant permission to that particular user. How can i manage and use it in effective way...please help me on this..!!

    Hello Mohit,
    I would suggest to create groups based on permission level you have given and add the users to those groups.
    For all the lists you will add the groups for the permissions, so whenever you want grant/remove access to users you will add/delete the user from that group.
    My Blog- http://www.sharepoint-journey.com|
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

  • TS2529 The error msg "The iPad "User's iPad" cannot be synced.  You do not have enough access privileges for this operation." appears when I connect my ipad to itunes.  How to resolve?

    The error msg "The iPad "User's iPad" cannot be synced.  You do not have enough access privileges for this operation." appears when I connect my ipad to itunes.  How to resolve?

    If you're running Windows, close iTunes, right-click on the iTunes icon and choose Run as Administrator, then try syncing again.

Maybe you are looking for