Moving roles with user assignment

Hi There,
Need your help...
We have roles and users created in QA for training, now we want to move roles from QA to Production with user assignment.
Users that are created in QA for training have also been created in Production, is it possible to move the roles from QA to Production with the user assignment.
Thanks and Regards,
Azher.

Table PRGN_CUST does'nt contain any entries, its an empy table in QA.
USER_REL_TRANSPORT entry with value NO locks system from TR imports with User assignment. So you have to ensure your target system-Production does not has that entry in PRGN_CUST.
TR is geting created in Local change request which cannot be moved to Production.
This TR request are created in Local Change request only when you do not specify a target system/group . All you need to do is specify the "Target" while creating the TR in PFCG (subsequent screen after you hit Create request) and release your TR via SE10. Once released, the TR would be added to the import queue of Production. You/your Basis team can import it manually via STMS_IMPORT (Extras>Other requests>Add TR and CTRL+F11 to import). If there are any errors please have Basis team to review the transport logs.
P.S:  You can only transport direct user assignments of roles via PFCG transport option described in my post. In case of indirect user assignments that were created using Organizational Management (HR-Org), you will have to use transport functionality in Organizational management.
Thanks
Sandipan

Similar Messages

  • Restrict Moving roles with user assignment

    Hi There,
    Need your help...
    How to restrict to move roles from dev->QA with user assignment. (want to disable the user assignment restirction)
    Thanks and Regards,
    Gnanaprakasam

    Unfortunately this is not the default installation setting, so you need to go into the security settings customizing and change the USER_REL_IMPORT switch to 'NO'.
    This does however NOT make the checkbox disappear in the transport source system. It prevents the import in the target... so you must set it and transport it there first, then it works.
    Cheers,
    Julius

  • Transport roles and analysis authorization with user assigned

    Hi expert,
    I face with this problem transport roles and analysis authorization with user assigned. When I have created a transport request to move the roles and analysis authorization from development system to test system. I couldnu2019t maintain the user assigned, after transport I have to assigned manually all of user or create a program to fill AGR_USER table or there are other way.
    Thanks for your time,
    Luis

    Hi,
    In role administration, you have the following options for transporting roles:
    You can download the roles from one system and upload them into another  
    You can import the role from a remote system using RFC  
    You can transport the roles with the transport function.
    Role upload loads all role data, including authorization data from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case.
    Transporting Roles with the Role Transport Function
           1.      Start the role administration function by choosing Tools ® Administration ® User Maintenance ® Role Administration ® Roles (transaction PFCG).
           2.      Enter the role to be transported and choose Transport Role.
    The Mass Transport of Roles screen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport generated profiles for roles using Customizing switches (see Role Administration Functions in the section Functions of the Utilities Menu).
    You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate them for the first time, transport the entire role again afterwards.
    For more information go thrpugh the below link
    http://help.sap.com/saphelp_nw70/helpdata/EN/6d/7c8cfd410ea040aadf92e1f78107a4/content.htm
    Regards,
    Marasa.

  • Transporting role with user assignments

    Hi Guru's,
    When we transport a role with user assignments then in the target system, the role will wipe out all the existing assignment and show the the users in the original released request.
    eg. D->Q
    In dev:
    role-A has userA, userB
    In Qas;
    Role-A has UserA and userC
    ......after import of request:
    the roleA will have userA and userB
    What I have noticed is even if userB does not exist in Qas, the assignment will be reflected in AGR_USERS. A PFUD or user compare in a role does not remove the ghost entries. Is there any way to remove these inconsistencies ?
    I saw note 534010, which is applicable for UST04.
    Thank you
    Abhishek

    Hi Matt,
    Yes, I do agree this is not a best practice. However, for a particular requirement, we thought this was the best way to solve the problem. Infact, this was the first time I ever did this
    We have a role that needs to ONLY be assigned to every person in a particular team. With more than 30 systems present( out of the production landscape, just the testing systems), we thought this would be the only fast way out than going in each system and assigning this role. This would also ensure unassignment of this role to any other person too
    Any other alternative?
    Thank you
    Abhishek

  • Problem with User Assigned Bundles on Win7 x64, ZCM 10.3.4

    Greetings,
    We are experiencing an issue with user assigned bundles in our environment. Specifically we are seeing the following problem on some, but not all, workstations running Windows 7 Pro x64 with ZCM 10.3.4. Some users do not get new, user assigned bundles until they log out of ZENworks Adaptive Agent, via the system tray "Z" icon, and then log back in to the agent. A simple refresh does not grab the new user assigned bundles. One has to perform this logout/login routine to get all user assigned bundles. The problem seems to be machine specific. The server shows that the missing bundles are, in fact, properly associated with the user. If the affected user logs onto a different machine, their user assigned bundles populate as expected. Any ideas?
    In addition to rebooting our ZCM servers, we performed the following on the affected workstations:
    zac unr
    zac unr -f
    zac cc
    zac reg -g
    Uninstalled/reinstalled ZENworks Adaptive Agent 10.3.4
    Deleted affected user's local machine profile
    Repaired CASA installation

    Originally Posted by spond
    Sirhw1,
    what do you see in the zmd-messages.log (set to debug level) when you
    do that initial refresh?
    Shaun Pond
    Shaun,
    The following is an excerpt from our zmd-messages.log after doing a refresh-only on an affected machine. This data was generated approximately 2 minutes after performing the refresh. Thanks for your assistance.
    [DEBUG] [04/04/2012 11:29:58.579] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [objInfo.db SqliteCommand.ExecuteReader.prepare returned error: ERROR] [] []
    [DEBUG] [04/04/2012 11:29:58.579] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [(objInfo.db) Throwing sqlite exception from ExecuteReader(sql, want_results, err, errMsg): (select e.id as entryId, e.localPath, d.id as descriptorId, d.name, d.value, d.owner from Entry e, EntryDescriptor d where e.id = d.entryId and e.key='registration:primaryUserInfo' and e.owner='0d6a500efee6a219c74358cb244dc2f1', True, ERROR, )] [] []
    [DEBUG] [04/04/2012 11:29:58.580] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [Sqlite Exception getting object record for key registration:primaryUserInfo on attempt 1
    Type: Novell.Zenworks.Cache.Sqlite.SqliteException
    Message: Sqlite Error: 1
    Stack Trace:
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader (CommandBehavior behavior, Boolean want_results, System.Int32& rows_affected) (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader (CommandBehavior behavior) (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader () (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.System. Data.IDbCommand.ExecuteReader () (0x00000)
    at Novell.Zenworks.Cache.SqliteEntryInfoProvider.GetC acheEntry (IDbConnection dbConn, System.String key, Novell.Zenworks.Cache.UserContext owner, System.Type type) (0x00000)
    at Novell.Zenworks.Cache.SqliteEntryInfoProvider.GetO bjectEntry (System.String key, Novell.Zenworks.Cache.UserContext owner) (0x00000)
    [DEBUG] [04/04/2012 11:29:58.580] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [Validating dbSchema...] [] []
    [DEBUG] [04/04/2012 11:29:58.582] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [objInfo.db SqliteCommand.ExecuteReader.prepare::ExecuteNonQue ry returned error: ERROR] [] []
    [DEBUG] [04/04/2012 11:29:58.582] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [(objInfo.db) SqliteCommand.ExecuteReader.sqlite3_exec(no_want_r esults) returned error: ERROR] [] []
    [DEBUG] [04/04/2012 11:29:58.582] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [(objInfo.db) Throwing sqlite exception from ExecuteReader(sql, want_results, err, errMsg): (create table Entry (
    id integer primary key autoincrement,
    key text not null collate nocase,
    owner text not null collate nocase,
    localPath text not null collate nocase,
    unique (key, owner));
    create table EntryDescriptor (
    id integer primary key autoincrement,
    entryId integer not null references FileEntry,
    name text not null collate nocase,
    value text not null collate nocase,
    owner text not null collate nocase,
    unique (entryId, name, owner));
    , False, ERROR, )] [] []
    [DEBUG] [04/04/2012 11:29:58.583] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [Failed to create cache database file /var/opt/novell/zenworks/zmd/cache/ZenCache/metaData/objInfo.db
    Type: Novell.Zenworks.Cache.Sqlite.SqliteException
    Message: Sqlite Error: 1
    Stack Trace:
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader (CommandBehavior behavior, Boolean want_results, System.Int32& rows_affected) (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute NonQuery () (0x00000)
    at Novell.Zenworks.Cache.SqliteEntryInfoProvider.Crea teDatabaseSchema (System.String dbPath, System.String schema) (0x00000)
    [DEBUG] [04/04/2012 11:29:58.585] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [ValidateSchema() returned: True] [] []
    [DEBUG] [04/04/2012 11:29:58.585] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [objInfo.db SqliteCommand.ExecuteReader.prepare returned error: ERROR] [] []
    [DEBUG] [04/04/2012 11:29:58.585] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [(objInfo.db) Throwing sqlite exception from ExecuteReader(sql, want_results, err, errMsg): (select e.id as entryId, e.localPath, d.id as descriptorId, d.name, d.value, d.owner from Entry e, EntryDescriptor d where e.id = d.entryId and e.key='registration:primaryUserInfo' and e.owner='0d6a500efee6a219c74358cb244dc2f1', True, ERROR, )] [] []
    [DEBUG] [04/04/2012 11:29:58.586] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [Sqlite Exception getting object record for key registration:primaryUserInfo on attempt 2
    Type: Novell.Zenworks.Cache.Sqlite.SqliteException
    Message: Sqlite Error: 1
    Stack Trace:
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader (CommandBehavior behavior, Boolean want_results, System.Int32& rows_affected) (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader (CommandBehavior behavior) (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader () (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.System. Data.IDbCommand.ExecuteReader () (0x00000)
    at Novell.Zenworks.Cache.SqliteEntryInfoProvider.GetC acheEntry (IDbConnection dbConn, System.String key, Novell.Zenworks.Cache.UserContext owner, System.Type type) (0x00000)
    at Novell.Zenworks.Cache.SqliteEntryInfoProvider.GetO bjectEntry (System.String key, Novell.Zenworks.Cache.UserContext owner) (0x00000)
    [DEBUG] [04/04/2012 11:29:58.587] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [objInfo.db SqliteCommand.ExecuteReader.prepare returned error: ERROR] [] []
    [DEBUG] [04/04/2012 11:29:58.587] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [(objInfo.db) Throwing sqlite exception from ExecuteReader(sql, want_results, err, errMsg): (select id from Entry where key='registration:primaryUserInfo' and owner='0d6a500efee6a219c74358cb244dc2f1', True, ERROR, )] [] []
    [DEBUG] [04/04/2012 11:29:58.587] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [Exception getting sqlite entry id for registration:primaryUserInfo
    Type: Novell.Zenworks.Cache.Sqlite.SqliteException
    Message: Sqlite Error: 1
    Stack Trace:
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader (CommandBehavior behavior, Boolean want_results, System.Int32& rows_affected) (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader (CommandBehavior behavior) (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader () (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Scalar () (0x00000)
    at Novell.Zenworks.Cache.SqliteEntryInfoProvider.Look upEntryId (IDbConnection dbConn, System.String key, Novell.Zenworks.Cache.UserContext owner) (0x00000)
    [DEBUG] [04/04/2012 11:29:58.588] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [objInfo.db SqliteCommand.ExecuteReader.prepare::ExecuteNonQue ry returned error: ERROR] [] []
    [DEBUG] [04/04/2012 11:29:58.588] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [(objInfo.db) SqliteCommand.ExecuteReader.sqlite3_exec(no_want_r esults) returned error: ERROR] [] []
    [DEBUG] [04/04/2012 11:29:58.588] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [(objInfo.db) Throwing sqlite exception from ExecuteReader(sql, want_results, err, errMsg): (insert into Entry (key, owner, localPath) values ('registration:primaryUserInfo', '0d6a500efee6a219c74358cb244dc2f1', '/var/opt/novell/zenworks/zmd/cache/ZenCache/11796bbf-b14c-4f6d-9c39-a2f5a487e4b9'), False, ERROR, )] [] []
    [DEBUG] [04/04/2012 11:29:58.588] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [Sqlite Exception putting file record for key registration:primaryUserInfo on attempt 1
    Type: Novell.Zenworks.Cache.Sqlite.SqliteException
    Message: Sqlite Error: 1
    Stack Trace:
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader (CommandBehavior behavior, Boolean want_results, System.Int32& rows_affected) (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute NonQuery () (0x00000)
    at Novell.Zenworks.Cache.SqliteEntryInfoProvider.PutC acheEntry (IDbConnection dbConn, IDbTransaction dbTransaction, Novell.Zenworks.Cache.CacheEntry entry) (0x00000)
    at Novell.Zenworks.Cache.SqliteEntryInfoProvider.PutO bjectEntry (Novell.Zenworks.Cache.ObjectCacheEntry& objectEntry) (0x00000)
    [DEBUG] [04/04/2012 11:29:58.589] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [Validating dbSchema...] [] []
    [DEBUG] [04/04/2012 11:29:58.590] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [objInfo.db SqliteCommand.ExecuteReader.prepare::ExecuteNonQue ry returned error: ERROR] [] []
    [DEBUG] [04/04/2012 11:29:58.590] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [(objInfo.db) SqliteCommand.ExecuteReader.sqlite3_exec(no_want_r esults) returned error: ERROR] [] []
    [DEBUG] [04/04/2012 11:29:58.590] [3428] [ZenLinuxDaemon] [4523] [] [Sqlite] [] [(objInfo.db) Throwing sqlite exception from ExecuteReader(sql, want_results, err, errMsg): (create table Entry (
    id integer primary key autoincrement,
    key text not null collate nocase,
    owner text not null collate nocase,
    localPath text not null collate nocase,
    unique (key, owner));
    create table EntryDescriptor (
    id integer primary key autoincrement,
    entryId integer not null references FileEntry,
    name text not null collate nocase,
    value text not null collate nocase,
    owner text not null collate nocase,
    unique (entryId, name, owner));
    , False, ERROR, )] [] []
    [DEBUG] [04/04/2012 11:29:58.591] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [Failed to create cache database file /var/opt/novell/zenworks/zmd/cache/ZenCache/metaData/objInfo.db
    Type: Novell.Zenworks.Cache.Sqlite.SqliteException
    Message: Sqlite Error: 1
    Stack Trace:
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute Reader (CommandBehavior behavior, Boolean want_results, System.Int32& rows_affected) (0x00000)
    at Novell.Zenworks.Cache.Sqlite.SqliteCommand.Execute NonQuery () (0x00000)
    at Novell.Zenworks.Cache.SqliteEntryInfoProvider.Crea teDatabaseSchema (System.String dbPath, System.String schema) (0x00000)
    [DEBUG] [04/04/2012 11:29:58.593] [3428] [ZenLinuxDaemon] [4523] [] [ZenCache] [] [ValidateSchema() returned: True] [] []

  • Fail to create roles with users in LDAP

    I installed and configured two Directory Services one for AM and one for identity. I created an LDAP Data Store for the root realm and can see the LDAP users in the Subjects->User tab in AM. I can create Subjects->Groups and add LDAP users successfully, but I cannot create Subjects->Roles with LDAP users. I get the following error:
    Plug-in com.sun.identity.idm.plugins.files.FilesRepo: Unable to find entry: C:\SFU\app\ironscale\amserver\idRepo\user\awhite
    Any ideas? I also found it odd that my new Group was created in the FileRepo under idRepo/group. I thought it would have been written to the AM DS.
    I deleted the flat file Data Store and the Group/Roles tabs disappeared. Must I import additional LDIFS to my LDAP Identity DS to store roles and groups it that DS?

    Update.
    I deleted LDAPv3 Plug-in Supported Types and Operations values group, user, and role, based on Sun's Access Manager training class examples. I re-added them and deleted the File Data Store and groups now get created in the LDAP Identity repo. However when I create a role and add users the operation sucessfully completes. But I cannot find the roles using an LDAP browser. I can grep the role name from the LDAP database and the roles remain after restarting the db and AM. It appears AM is adding roles in a way other tools cannot see them.

  • SIngle riole that belong to composite role with user

    HI,
    There is option when user are belong to single role and also belong to composite roles (that include the single role ) ?
    BR
    Nina

    There is option when user are belong to single role and also belong to composite roles (that include the single role ) ?
    SIngle role is created by pfcg where you assign the role name n safe it as single role n then after t codes been provided the user has been assigned accordingly
    Composite role is same just it contains many roleson to one and similarly the user has been assigned
    Thx
    Mysterious

  • Room role and user assignment

    Hi ,
    We are on EP6 SP10 and have a strange issue involving
    collaboration rooms.We are having MS-AD UME.
    Now after changing from one ldap to another , some users
    are displayed as ldap id's in the rooms while some are not.
    They are displayed properly with name itself.
    Why is this so? Is this because they have been deleted in the
    ldap but not in the room , something like that.
    Also there is no way to remove these id's from the room too,
    this generates  a runtime error.
    Any help on this would be appreciated
    Regards
    Vineeth

    Hi Vineeth,
    Why is this so? Is this because they have been deleted in the
    ldap but not in the room , something like that.
    Sound reasonable, if this is in fact your situation.,
    Also there is no way to remove these id's from the room too,
    this generates a runtime error.
    Ýou could try to remove the users from the corresponding group via the UME. For each room, there is a group created in the UME with the name "ROOM_[roomname]_MAIN" and the ID "ROOM_[roomid]_MAIN". Open that group and try to remove the user entries in question from there.
    Hope it helps
    Detlev

  • Assign single role to composite role with alternate logsys assignments

    Dear gurus,
    In a moment of weakness I created a composite role (shame on me) and then noticed something about them which I had not noticed before... -> I was in a CUA master system and in the composite role I noticed that on the (single) roles tab of it, there was a field called "logical system". But it is greyed out.
    Now composite roles from the child logical systems are known to the CUA master system and have a logical system assigned by the text comparison. Assigning the composite in the master system will assign the composite in the child system and that assigns the local single roles in the child system as well -> so far so good and by the book.
    But is there some way to assign a composite role to a user in the master system which is assigned also to the master system, but the single roles of that composite have logical systems which differ from the logical system of the master system? So basically the field is not greyed out in the central composite roles and this composite role then represents an assignment beyond logical system boundaries - much like a "business role" in IDM.
    Has anyone ever done that before and survived? Any pros and cons? Is it at all possible what I am seeing here before my eyes (bar that the field is greyed out)?
    Cheers,
    Julius

    Hi Martin and others,
    I experimented a bit further with this, albeit rather unsuccessfully from the view of useful results.
    While the "target system" field is intended for navigation to the corresponding trusted RFC connection, it is also possible to turn the user menus off. So such a remote role is not going to go anywhere in navigation. If additionally the CUA is active and you create all the target system single roles in the CUA master system as well and assign them to the "target" they are intended for... then the single role menu is transferred to the child system which the role has as a target. But only the menu, and leaves the role in the target as status red. That also means it is only useful for component neutral roles.
    Now comes the hack: If you create a composite role in the master system with local single roles as well but the single roles are assigned to "targets destinations", then when assigning the user to the composite role in the master system, then it also assigns the single roles in the target systems to the user as well as the local system (the master as a child of itself). So it is in fact a halfway business role in the IDM sense, with some naming convention strings attached.
    You also dont see this in the code of SU01, as the USERCLONE Idoc processing seems to be the guilty one to also send aditional Idocs for these single roles with targets assigned to the roles and not the user.
    There is only one major show-stopper in the design of the thing: You can only assign 1 target RFC connection to a single role in the central CUA master system but have to maintain the roles in the target logical system still. That means that roles must be maintained logical system specifically. That also means that you have to maintain the roles directly in production and have a completely different set for development and never transport any roles. They are as unique as their CUA master system "target destination" value and that is the logical system name as well.
    That is a bit of a bummer because it means that you also cannot ever test anything...
    Did anyone ever try to actually use this?
    Cheers,
    Julius

  • SECATT - Mass creation of users with different assigned roles

    Hello! I've been tasked with creating an eCATT to do a mass creation of users and each user will have a different role assigned (besides the general roles). We're doing this to test out the different roles we have created. I've done some searching through the forums and found some different ideas but I'm not sure they are exactly what I need. One suggestion was to use SU10 to make the role assignement but I'm guessing I would still need to setup a parameter for each role so I would initially need to know how many roles would be entered. I would like for the eCATT to be able to handle assigning multiple roles to a user with each user possibly getting a different number of roles. Would anyone be able to suggest a way to assign different roles to different users through an eCATT?
    Thank you!

    Hi Wendy,
    To create users, maybe SU01 or SU10 can be used.  To assign users to a role, maybe you can try with PFCG.
    SU01 and SU10 have the view from the user - for each user, different roles can be selected and assigned to that user. 
    PFCG has the view of roles - for each role, different users can be selected and assigned to that role. 
    Hence if you know which roles should be assigned to which users, PFCG might be easier.
    Hope such information is helpful for you.
    Kind Regards, Qian

  • Report to see list of roles with no user assignment

    Hi Gurus,
    I need to know the transaction/Report where i can see list of roles which doesnt have any user assignment.
    Pls help me

    HII,
    To search for  roles with no users assignment u can run a report RSUSR070 AFTER EXECUTING TCODE SA38 in the progran field enter the name of the report and click execute button u get roles by complex selection criteria    then scroll down and in the selection according to user assignments  select  without user assignment then cli ck execute button u will get the roles with no user assigments............
                          Thanks and regards

  • List of Portal users with the assigned Roles.....

    Hello All,
    I am working on EP6 SP9 and want to know from where can I get a list of all Portal users along with the assigned roles for each of them.
    One way I found is by searching for all users in User Administration role and along with the searched users, there is also an icon for Assigned roles.
    Apart from the above mentioned way, is there any other way by which I can get a direct list of the same. Is there a Java sample code for this.....?
    Please help.
    Awaiting Reply.
    Thanks and Warm Regards,
    Ritu R Hunjan

    Hi Ritu,
    Yes it is possible to get the roles of the users. You can try the following java code.
    package com.hcl.user;
    import java.util.Iterator;
    import java.util.Vector;
    import com.sap.security.api.IRole;
    import com.sap.security.api.IRoleFactory;
    import com.sap.security.api.IRoleSearchFilter;
    import com.sap.security.api.ISearchResult;
    import com.sap.security.api.IUser;
    import com.sap.security.api.IUserAccount;
    import com.sap.security.api.IUserFactory;
    import com.sap.security.api.UMFactory;
    import com.sapportals.portal.prt.component.AbstractPortalComponent;
    import com.sapportals.portal.prt.component.IPortalComponentRequest;
    import com.sapportals.portal.prt.component.IPortalComponentResponse;
    public class role_member extends AbstractPortalComponent {
    public void doContent(
    IPortalComponentRequest request,
    IPortalComponentResponse response) {
    try {
    IUserFactory userfactory = UMFactory.getUserFactory();
    IRoleFactory rolefactory = UMFactory.getRoleFactory();
    IRoleSearchFilter rolefltr = rolefactory.getRoleSearchFilter();
    rolefltr.setMaxSearchResultSize(2000);
    ISearchResult result = rolefactory.searchRoles(rolefltr);
    while (result.hasNext()) {
    response.write("<table border=0>n");
    String uniqueid = (String) result.next();
    IRole role = rolefactory.getRole(uniqueid);
    response.write("<tr><td bgcolor=Red>"+ role.getDisplayName()+ "</tr></td>n");
    Iterator users = role.getUserMembers(true);
    while (users.hasNext()) {
    String unique_user = (String) users.next();
    IUser user = userfactory.getUser(unique_user);
    IUserAccount account[] = user.getUserAccounts();
    response.write(
    "<tr><td>" + account[0].getLogonUid() + "</tr></td>n");
    response.write("</table>n");
    response.write("</br>n");
    } catch (Exception e) {
    This code gives you the list of all the users of your portal along with the roles assigned to them.
    Apart from this if you want you want to know all the roles assigned to the user on portal itself then the way you mentioned is the correct method.
    Regards
    Pravesh
    PS: Please consider awarding points.

  • Table to find the assigned Roles with my User ID

    Hello Experts,
    1.Is there any specific table to find out the assigned roles to my User ID?
    If there is no table, let me know is there any transaction to find out the assigned roles to my User ID?
    2. When I assigned Marketing Pro role to my user id in Organization Unit, I am not able to see in webui screen.
    when I click on webui transaction, it is displaying some selection screen, there it is not displaying the role I have assigned?
    Could you help me to sort out these two queries?
    Thanks and Regards
    Madhu

    Hi Madhu,
    1.Is there any specific table to find out the assigned roles to my User ID?
    If there is no table, let me know is there any transaction to find out the assigned roles to my User ID?
    Sol'n : You have so many Class Methods for finding your requirement else FM aslo.
    Go to SE84 there u will find search ClassMethods. There u type getuserRole or userRole* and press F8. Pick the one which you feel it may give you the result
    ie you have to execute the class...if it showing instance on the tool bar click on that then press execute the method which you feel relevant to you, and give input parameters.
    Sol'n for 1 point is: CL_CRM_UI_ROLE_ASSIGN->GET_BUSINESSROLES_FOR_USER.
    2. When I assigned Marketing Pro role to my user id in Organization Unit, I am not able to see in webui screen.
    Sol'n: Go and check in T-code : BP. Dispay Ur BP and check for Employee Meantaied -- Identification Tab..Did u maintained ur Userid over there or not
    when I click on webui transaction, it is displaying some selection screen, there it is not displaying the role I have assigned?
    Sol'n: Need clarification on this point.
    Regards,
    Lokesh
    Edited by: Lokesh on Mar 8, 2010 7:37 AM

  • Hide Top level navigation if user assigned only one role

    Hi,
    I would like to hide the top level navigation if user assigned with only one role.
    I can create role based rule to show desktop using Master rule collection, but is it possible by doing to with role count.
    If user has multiple roles show desktop1 else show desktop2

    not sure if this possible ,you may check feasibility of creating  a application which checks user role count and if role count is = 1 load the Portal url (URL alais) which had TLN iview invisible in the same window else do nothing and load the portal with the desktop which has tln.
    Put the application in framewrk page which has TLN visible.
    create a URL alias and create a desktop -framework page which dont have TLN ,assign this desktop to this URL alias in rule collection set its priority before user conditions check in rule collection so that it has high priority before user or group check in rule collection.
    you can create a poc in sandbox and check if it wiorks?

  • Assigning roles to users programmatically

    Hi,
    I want to programmatically create roles, assign roles to users etc.
    I saw at this thread
    ADF Security Policy Store
    the folowing scriptlet by Frank Nimphius
    try {
    IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore();
    try {
    UserManager userManager = idstore.getUserManager();
    RoleManager roleManager = idstore.getRoleManager();
    Role adminRole = idstore.searchRole(Role.SCOPE_APPLICATION,"admin");
    // create user
    //TODO check for empty username and password
    User newUser = userManager.createUser(this.username,this.password.toCharArray());
    roleManager.grantRole(adminRole,newUser.getPrincipal());
    } catch (IMException e) {
    // TODO
    } catch (JpsException e) {
    // TODO
    return null;
    this is a TP3 scriptlet, is it still working on the 11g production?
    I try it and i get a JpsException
    oracle.security.jps.JpsException
         at oracle.security.jps.internal.common.util.JpsCommonUtil.getValidIdStore(JpsCommonUtil.java:1004)
    do I have to replace "idstore.xml.provider" with something else depending on my configuration?
    thanks
    Tilemahos

    Hi Frank thanks for the answer,
    I check this functionality at WLS embeded LDAP and I shaw your "How-to configure OID for authentication in WebLogic Server" post.
    I manage to add users and assign them roles that i created at my application.
    But what if I want to have a super user that can create new roles and assign them member roles?
    eg.
    Developer created roles (policy store):
    accessPage1 ( granted all the necesery principals to access page1 )
    accessPage2 ( granted all the necesery principals to access page2 )
    Super user created roles
    Role1 member roles :accessPage1,accessPage2
    If i want my application to have that functionallity i must create roles programmatically wont I?
    If there another way?
    By the way I followed the advices at the following useful links
    Chris Muir: http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html
    Frank Nimphius's How-to configure OID for authentication in WebLogic Server
    Edwin Biemond's Using OpenLDAP as security provider in WebLogic
    Andrejus Baranovskis: Practical ADF Security Deployment on WebLogic Server
    And I manage to add users of the Microsoft LDAP at the WLS
    but I could't mekae them group members of my application groups (roles)
    is this possible?
    Thanks

Maybe you are looking for

  • Opening stock and closing stock required

    hi experts,               i am preparing daily report for material consumption .where i am getting BOM consumption for each material . material    opening-stock      issues      closing-stock material1 item1       1000                    1           

  • Screen is black out

    I just reinstalled Leopard and idvd, update to the latest version, start a new idvd project, no matter what theme I choose, the screen is black out, I can only hear background music, any idea? Thanks Alex

  • I have a 5.4 tb external hard (1.87 tb used) drive, which seems to take a very long time when the Time Machine is in the cleaning up phase, why?

    I am wondering why the Time Machine gets stuck during the Cleaning Up phase of Backing Up???

  • Autosave Vault files are corrupt

    My project file has gone corrupt ("unknown file" message appeared and I was unable to save) so I had to close the file without saving. I tried to open a file in the Autosave Vault, but ALL of these files have gone corrupt as well! (message: "unable t

  • WebLogic MBean help

    Hi I want to know what is the value or how to get the value for "cursorHandle" parameter in the weblogic.management.runtime.JMSDestinationRuntimeMBean.getCursorSize() and value for "selector" parameter in weblogic.management.runtime.JMSDestinationRun