Mapping security roles to other roles

Similar Messages

• How to delete a role from other role.....

  Hi All,
  I have a query like....
  I have created one new role ATH:MDC:INV3 and added two existing roles to that new role on DEV system ie Added ATH:MDC:INV2 + ATH:PUR:PMG0
  So,now i need to remove only one role ie ATH:PUR:PMG0 from ATH:MDC:INV3.
  All the 3 roles are single roles.
  Is there any way to remove/delete that role or do we need to do manually by deleting one by one authorisation,which is time taking process....
  Please give me if there could be any better way to approach....
  Thanks & Regards,
  Swapna.D
  Edited by: swapna devi on Feb 1, 2008 3:53 AM

  Doug,
  You gave me an idea. What if you create a new folder on the desktop. Select the roll above #20, which you said will also select #20, and move that roll to the desktop folder? Will roll #20 move with the one above it? If so, then you could go back to iPhoto, drag them both to the trash, delete trash (will it delete with the roll above it?), Import to Library the pictures where you put them on the desktop.
  Caution, you would probably lose some of the info from the roll you delete and re-import, like their dates, etc. So I wonder... can you select, say, half the photos in that roll and Create New Roll? Will the remaining roll still be linked to #20? If so, can you do it again and again until the linked roll only contains 1 picture? Then move it to desktop, trash in iPhoto, and re-import?
  What happens if you play with it like that?

• Map security roles to group within LDAP using external 3rd Party LDAP

  I'm haveing a problem mapping my logical role defined in my web.xml to a role within Active Directory. I'm currently authenticating using Active Directory succsfully, however after the user is authenticated I get a message from the OC4J container that my role can not be found. Can you map a logical role to group within Active Directory? Below are details about my configuration.
  Any help would be greatly appreciated.
  Log.xml log entry that confirms webtA is communicating successfully with AD.
  SG_TEXT>JAAS-LDAPLoginModule: authenticating user wmgraham</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  <MESSAGE>
  <HEADER>
  </CORRELATION_DATA>
  <PAYLOAD>
  <MSG_TEXT>JAAS-LDAPLoginModule: DN for user wmgraham is cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  <MESSAGE>
  <HEADER>
  Error reported in the log
  <MESSAGE>
  <HEADER>
  <TSTZ_ORIGINATING>2008-08-27T11:38:05.991-04:00</TSTZ_ORIGINATING>
  <COMPONENT_ID>j2ee</COMPONENT_ID>
  <MSG_TYPE TYPE="TRACE"></MSG_TYPE>
  <MSG_LEVEL>16</MSG_LEVEL>
  <HOST_ID>F2287032-W</HOST_ID>
  <HOST_NWADDR>30.30.16.14</HOST_NWADDR>
  <MODULE_ID>security</MODULE_ID>
  <THREAD_ID>14</THREAD_ID>
  <USER_ID>wmgraham</USER_ID>
  </HEADER>
  <CORRELATION_DATA>
  <EXEC_CONTEXT_ID><UNIQUE_ID>30.30.16.14:59560:1219851485804:6</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
  </CORRELATION_DATA>
  <PAYLOAD>
  <MSG_TEXT>for group=[JAZNGroupAdaptor: webta] there's no matching role found.</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  Web.xml Logical Role definition
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>allpages</web-resource-name>
  <url-pattern>/servlet/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>WEBTA_J2EE_USER</role-name>
  </auth-constraint>
  </security-constraint>
  <security-role>
  <role-name>WEBTA_J2EE_USER</role-name>
  </security-role>
  Orion-web.xml This file maps the logical role defined in webxml to a group within Active Directory.
  <security-role-mapping name="WEBTA_J2EE_USER">
  <group name="webta"/> <-- Group defined in AD -->
  </security-role-mapping>

  What is the name of the group in AD (provide the DN) that you want to map the j2ee logical role WEBTA_J2EE_USER? What are the group search base and group mapping attribute?
  When wmgraham logs into the app, the 3rd party ldap login module will attempt to query for the groups wmgraham is a member of - this is done using the group search base configuration for the provider.
  In this example, the DN is "cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and likely user search base is set to "ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi".
  Assuming group search base is (say) "ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and and group mapping attr is "cn", then the role mapping you mention should work for group DN "cn=webta,ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi"

• Row level Security for BI Author Role

  Hi All,
  We are using OBIEE 11.1.1.5 in our project. We have a requirement where we need to configure row level security on certain column.
  We are currently using external table and session variable approach to configure this. This security works fine for the users with BI Consumer
  roles. But we are facing issue with configuring row level security for BI Author role.
  BI Author can create any analysis in BI Answers and suppose he/she creates a report which does not contain the column on which row level
  security is applied than he can see all the data. For eg.
  We have one dimension Products having two levels Product Division and Brand. I want to configure security based on Product Division column.
  But if BI Author create a report with only Brand and Measures than row level security is not working.
  Does anyone has face this issue before.
  Please let me know if you want any other information from my side.
  Regards,
  Vikas

  If you are using a multidimensional cube you can use the "permit" command to control access to dimension members or provide cell level security within the cube. The OLAP database documentation provides on how to use the PERMIT command.
  If you are using relational tables and/or views with additional CWM metadata mapped using OEM then you need to refer to the database documentation relating to Virtual Private Databases and Label Security
  Business Intelligence Beans Product Management Team
  Oracle Corporation

• How to map Application Roles to Enterprise Roles

  Hello,
  i am having a problem with mapping Application Roles (from ADF Security) to the corresponding Enterprise Roles. I have already seen that it is possible with a tool called Enterprise Manager, but what if i do not have it??
  Can i map the roles in WebLogic Server itself? I have searched for such ability and did not found it. Also have not seen any tutorial on the internet. Someone help me pls.
  The version i am using is 12.1.2.0.0.

  Application roles and permissions defined within WebCenter Portal are stored in its policy store and, consequently, apply to the WebCenter Portal application only.
  Application Roles : Application roles control the level of access a user has to information and services in WebCenter Spaces. Specifically, application roles determine what a user can see and do in their personal space.
  Application Permissions : Again every application role has specific, defined capabilities known as permissions. These permissions allow individuals to perform specific actions in their personal Portal.
  Enterprise roles are different. Enterprise roles are stored within the application's identity store and do not imply any permissions within WebCenter Portal.
  2. How and where do we create these 5 Application Roles in WC 11.1.1.8 version ?
  You can create an application role from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> Roles -> Create Role
  See : Managing Security Across Portals for more info :
  http://docs.oracle.com/cd/E29542_01/webcenter.1111/e27738/wcadm_ps_security.htm#WCADM398
  3. Last, where and how do we MAP these Application Roles TO Enterprise Roles in 11.1.1.8 version ?
  First, You can grant privileges to a specified group (say sales group) of users by granting Enterprise Roles in Enterprise LDAP.
  Next, Create custom application roles (say Contributor, Moderator, UIDesigner, Application Specialist, etc) and assign the appropriate permissions as explained above.
  Then, You can assign one or more Application Roles to a specified group (say sales group) from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> users & Groups
  I hope it helps.

• How do one can upload a file (a PDF, doc etc) while filling a web form through chrome or safari? It is possible to upload a photo from the camera role, but other file types can not be uploaded.

  How do one can upload a file (a PDF, doc etc) while filling a web form through chrome or safari? It is possible to upload a photo from the camera role, but other file types can not be uploaded.

  For a variety of reasons, mostly related to security, the iOS operating system limits what can be done with respect to file uploading and downloading. But whenever you encounter a limitation like this always think, "There must be an app for this."
  Check the apps James Ward suggests.

• Mapping Roles to LDAP Roles

  Hi all I come with a new problem!!
  I have installed the following
  Oracle Database XE
  Weblogic
  RCU
  JDeveloper
  SOA Suite
  Everything is working fine however Im trying to map the roles I seeded to my SOA server into my application in Jdeveloper but it is not possible. Am I missing something? Do I have to install Webcenter and UCM?
  I can perfectly see I have the groups and roles uploaded in the console however I cannot seem to map them to the lane roles in Jdeveloper.
  Can any body give me some Ideas??
  Regards!!
  Edited by: 887976 on Oct 11, 2011 7:51 PM

  Hi Yasmena,
  Basically you can use the same configuration for an LDAP authentication server as an LDAP lookup servr - the differences are that one is used for authentication (which you are already doing by using AD SSO) and one is for mapping purposes.  So, if you're having problems with the mapping portion, you can duplicate the LDAP server and mappings as an authentication server, and then use the Auth Test to see what you're being mapped to.
  Thanks,
  Lauren

• Mapping SAP R3 role to EP role for WD ABAP Application

  Hi,
  I have a WD ABAP application which uses POWL component.
  I have assigned this application to a role in SAP R3 system.
  Now, I have created an iview in portal for this WD ABAP application.
  I want to map this SAP R/3 role to Portal Role so that only people having that role can see the application on portal.
  How do I handle this?
  Thanks and regards,
  Amey

  Hi,
  Scenario 1:
  You need to maintain 2 roles one from Portal and one from R/3
  On the portal end:
  Assign the role which have the WDA application to all the users who should have access.
  On the R/3 end:
  Assign the R/3 role which you have created to access the WDA application to all the users for whom you have added the Portal Role.
  Scenario 2:
  If using CUA (Central User Administration) as UME for Portal and also R/3 then you can maintain the roles from one place that is from CUA.
  You create a role in CUA and this role is shown as group in Portal now add the Portal role to the group or the CUA role.
  And create another role which gives access to the WDA application. Now add these 2 roles to all the users who are supposed to have access to the application.
  Hope this helps.
  Cheers-
  Pramod

• How do you created object level security in BI for roles.

  How do you created object level security in BI for roles.  For example if I want users to only execute reports in BI for a particular "object" report how would I do that.
  Thanks.

  Hi Maritza,
  Can you be more specific.
  If you are looking for BI Security concept, check this presentation:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
  Regards,
  Zaheer

• Security report with native roles and the roles they have access to.

  We need a security report that shows the Native/Custom Roles and the roles that they have access to.
  So, an example would be the role US_Acct, and the report would show what roles that has access to (Post Journals, Consolidate, etc).Can this be done?

  Export the Provision report from Shared Services.
  Upload report to Excel or Access.
  Build Tables to show what tasks each Role has access to.
  Build a report that links the provision report and the xref tables.
  You should also do this with Security Classes.

• Need to build the security roles (actual technical roles) with HRCON object

  I need to build the security roles (actual technical roles) with HRCON objectfor date driven security.
  Please help me that how could i learn and what should be the approach.
  i.e. What is the requirement for learing to build the security roles (actual technical roles) with HRCON object for date driven security.

  Hi marco,
  It is related to Context solution and I need to implement HR Security in terms of context solution.
  So Could you please describe Following points:
  1. What is context solution
  2. How can i implement this context solution and HR Basic security as well
  3 What is the prerequiest to learn about HR security
  4. I am new for HR Security, SO what would be the approach to implement HR Security.
  Thanks

• Map wls roles to application roles

  how can i map weblogic roles to my application roles ?
  already, i config db authentication in wls
  but how can i map it to jazen-data.xml file ?

  Hi,
  either you create the same roles in jazn-data.xml in which case they are automatically used after deployment or you have a look at how to map user groups (not application roles) created in jazn-data.xml to WLS groups using the weblogic.xml file
  Frank

• FM to create role derived from other role

  Hi,
  I have to create roles derived from other roles. i need FM which can create roles derived from other roles. can anybody help me.
  Thanks in advance.

  Try BAPI_BUPA_ROLE_ADD_2
  Refer: http://abap.wikiprog.com/wiki/BAPI_BUPA_ROLE_ADD_2

• Creating single role by copying profiles from other roles

  HI ,
  I am creating a single role from 4 roles. Ihave copied the authorizations of 4 roles and added into the new role. This is done by copying the profiles.
  Problems Faced :-->
  1. )In table AGR_TCODES i am not able to see the Tcodes for this new single role present in  the new role, whereas if i goto object S_TCODE i am able to see tcodes and have that access.
  2.) Some of the objects are not copied into this new role. Even from the roles whose all other objects are copied into this role.
  Can anybody help me on this and also if someone knows what other problems can be faced by doing this.
  <removed_by_moderator>
  Thanks,
  Rajesh
  Edited by: Julius Bussche on Oct 15, 2008 3:55 PM

  Hi Rajesh,
  If you have created a role by copying authorizations, then it is possible to get the t-codes provided your role contains the auth.obj S_TCODE which you might have copied manually from one or two among the 4 roles.
  If S_TCODE exists in your role then you can find out the t-codes belonging to this role through SUIM->Transactions->Executable for Roles-> Insert your role name
  or
  Go to SE16-> Table AGR_1251->
  In the field AGR_NAME, give the role name
  In the field OBJECT, enter S_TCODE and then
  Execute.
  Q.My second question THere is one role created by some user I am checking it in AGR_Tcodes and SUIM ....I am finding that the no. of Tcodes in both cases donot match....Can anybody tell where i can look for this and what is the possible reason.
  Possible reasons for this could be that some of the t-codes have been entered into the role manually and not through the menu in PFCG and as mentioned earlie that AGR_TCODES only shows the transactions that exists in the menu of the role.
  It could also be that the manually entered t-codes contains wildcards specifying a range of values.
  The best option would be to find it out from the AGR_1251 table.
  Hope this helps !
  Thanks,
  Saby..

• Copy sap_all profile to other role

  hi
  How i can copy sap_all profile to other role?

  Hii sorry for the last post!
  But don't just remove the transactions - make the objects display
  only. There are many ways into the functionality, but it's controlled
  ultimately by the objects
  Rohit