Nakisa TF & SP : Read-only Roles
Hi Experts,
I am currently using Nakisa SuccessionPlanning 3.0 SP1 0701027700 and Nakisa Talent Framework 3.0 SP1 0701021700.
My question is, the user currently can log in to TalentFramework and SuccessionPlannning to display & maintain data.
Is it possible to setup a role that can be assigned to a group of user, so that they are only allowed to display the data (read-only) and not allowed to maintain it?
Please help to give some insight on this.
Thanks,
Hi Aimey00,
For the STVN solutions the authroizations are all controlled in the backend. I would recommend speaking to a consultant with experience of authorizations who can help you restrict this data access.
In theory you could introduce application security roles to do this, but the effort required would be significant and would require a great deal of customizing. I recommend going through the backend authorization approach.
Best regards,
Luke
Similar Messages
-
Need to Assign read-only roles to a user in EP
Hello,
I am currently facing a situation wherin I need to assign read-only roles to a user. I need to assign the user admin, system admin and content admin roles to him, but all with read only permissions. Could someone kindly direct me as to how this can be done in EP7.0?
Thanks in advance and best regards,
Karthik.Hi Karthik,
first, welcome on SDN!
About your question:
Ganesh already showed the way for the PCD. Anyhow, the content admin also can accedd the KM content (if installed); so for KM the settings have to be done, too, i.e. defining only read-permissions for this user on all repositories.
The same holds for System-Admin - Permissions - Portal Permissions, here under the different sections only read access permissions would have to be set.
Anyhow, some areas cannot be restricted in this way, for example the User Management. This could be done only via http://yourserver/useradmin and there via ROLE actions (and not per user).
Still, some areas certainly will stay problematic, so that one maybe would have to strip down the standard roles (create a delta link copy of the content and then remove the problematic areas).
Hope it helps
Detlev
PS: Please consider rewarding points for helpful answers on SDN. Thanks in advance! -
Hi, I am trying to implement a role that would enable a user to have the same functionality as the out-of-the-box User Admin role, but that this user would not be able to actually create or modify users, roles assignments, etc.
The idea is to have a 'Display' role - with read-only access.
The solution we are comtemplating right now involves getting the source code from SAP, copying it, and modifying it - disabling any interaction. We would then create new iviews, pages, etc from there only for this role. This is a tedious task.
Any ideas on how else this can be done?
ThanksI have only managed to do this by creating a role and assigning the relevant User Admin iViews to the role and then changing the End User Permissions on the role.
I assigned the ReadAll Premission. That did the trick for me.
Groups unfortunately require the manage_groups Permission, so we do not allow the viewing of groups. -
Business Connector - Read only - Administrator role
Hi Community,
We've currently got SAP 4.8 running in our environment.
The situation is that often developers need to check the extended settings, logs, or what jobs are scheduled.
The two main roles are Developer or administrator.
The only way to get access to the web GUI admin page is to assign the administrator role.
Does anyone know how to assign a "read-only" role for the web admin page?
I would then assign this to a developer rather than give them full administrator access on business connector.
Kind Regards,
ChrisTo the best of my knowledge thats not an option.
But like to hear it if otherwise.
Regards
Juan -
In wls8.1 or in wls6.1/wls7.0 ..........is there any way out to make the console
to be "READ-ONLY" ....any field or parameter that i need to set ?
any workaround may be ???
-sabgitaThis concept has been introduced in 7.0 and you'll find that a read-only
role is available called Monitor.
http://e-docs.bea.com/wls/docs70/adminguide/secsysadm.html
Patrick
"chris" <[email protected]> wrote in message
news:3d908557$[email protected]..
>
Hi all!
I would like to introduce a read-only console user on our weblogic 6.1 SP1app
server! Does anyone know how to configure such a user (respectively cananyone
give me a docu reference according to this problem)?
Is it possible anyway?
Thanks for every serious response,
Chris. -
Create Read Only User in Oracle 10.2.0.4
Hi., Friends,
I want to create an user in Oracle 10.2.0.4 with read only rights of my hole database. I am not having Enterprise Manager Console so i want create from command prompt.Can u please explain me the step for create and assign read only role to user.
Regards
MahendranHi Mahendra,
I am happy with Surendrajain's reply, but with this sql you will not able to view the data present in SAP Schema,
The entire sql query with the comments in bracket is given below
1) create user PPMTEST identified by program1;
2) Create role PPMROLE; { PPMROLE is the role name which will be later assigned to the user PPMTEST}
3) Grant CONNECT to PPMROLE; { CONNECT role allows the user to connect to oracle database}
4) Grant SELECT_CATALOG_ROLE to PPMROLE; { SELECT_CATALOG_ROLE role allows the user to view the oracle data dictionary}
5) GRANT SELECT ANY TABLE to PPMROLE; { "SELECT ANY TABLE" privilege allows the user to view the table which is present in the SAP schema}
6) Grant PPMROLE to PPMTEST; { Assigning the role PPMROLE to the user PPMTEST}
7) COMMIT;
Thanks and Regards
Debdeep -
How to provide Read only / Execute access to an existing schema?
Hi,
My instance version details are as follows:-
Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - 64bi
PL/SQL Release 10.2.0.5.0 - Production
"CORE 10.2.0.5.0 Production"
TNS for Solaris: Version 10.2.0.5.0 - Production
NLSRTL Version 10.2.0.5.0 - Production
I have 50 users in this instance. One of the user is USR1. I want to create another user say USR1_RO, who should have full access to his schema and Read and Execute privilege for all the existing and new objects in USR1 schema alone.
I am new to oracle security concept. When I checked with my DBA he is suggesting me that the USR1_RO can have only read access to existing objects.and newly added objects to USR1 schema after the USR1_RO creation won't be visible to USR1_RO.
If read only access is given to all object to USR1_RO user then he will be able to see other user objects also say USR2, USR3. Which I don't want to happen.
Is there any work around available to get my wish fulfilled? A new user with Read and Execute Privs on another specific user objects (old and new). The issue I am facing with the suggested approach is when ever I add a new object to the usr1 schema I have to chase the DBA to grant the privs to USR1_RO. Also I don't want USR1_RO to see everything in my instance.
Regards,
Subramanian S.For your read only role/username you can:
set up this procedure to run for any new user to grant RO rights on Schema Owner ( powner ):
CREATE OR REPLACE PROCEDURE SYS.GRANT_SX_SCHEMA (
powner varchar2 ,
puser varchar2)
IS
fnd NUMBER := 0;
sqlstr varchar2(500);
BEGIN
FOR obj in ( SELECT object_name, object_type from dba_objects
WHERE owner= powner
AND object_type not in
('SYNONYM','TRIGGER','INDEX',
'PACKAGE BODY',
'TYPE BODY','LOB','LOB SEGMENT','DATABASE LINK')
AND object_name not like 'BIN$'
LOOP
BEGIN
sqlstr := '' ;
IF obj.object_type = 'TABLE' then
fnd := 0;
SELECT count(*) into fnd FROM dba_external_tables
WHERE table_name= obj.object_name ;
IF fnd = 0 then
IF substr(obj.object_name,1,2)='GT' THEN
sqlstr := sqlstr ||'GRANT SELECT,INSERT,UPDATE,DELETE ON ';
ELSE
sqlstr := sqlstr ||'GRANT SELECT ON ' ;
END IF;
ELSE
sqlstr := sqlstr ||'GRANT SELECT ON ' ;
END IF;
ELSIF obj.object_type = 'VIEW' then
sqlstr := sqlstr || 'GRANT SELECT ON ' ;
ELSIF obj.object_type = 'MATERIALIZED VIEW' then
sqlstr := sqlstr || 'GRANT SELECT ON ' ;
ELSIF obj.object_type = 'PACKAGE' or obj.object_type ='PROCEDURE' or
obj.object_type = 'FUNCTION' or obj.object_type ='TYPE' then
sqlstr := sqlstr || 'GRANT EXECUTE,DEBUG ON ' ;
ELSIF obj.object_type = 'TYPE' then
sqlstr := sqlstr ||'GRANT EXECUTE ON ' ;
ELSIF obj.object_type = 'SEQUENCE' then
sqlstr := sqlstr ||'GRANT SELECT, ALTER ON ' ;
ELSE
sqlstr := sqlstr ||'--unhandled--'||obj.object_type;
END IF ;
sqlstr := sqlstr ||powner||'.'||obj.object_name ||' to '||puser ;
execute immediate sqlstr;
END;
--- AS for automatically running this whenever new object is added , avoid BUT IF YOU HAVE TO DOIT --
then try calling this with TRIGGER on CREATE ANY OBJECT at Database level, But better you call it from
script that creates the objects to refresh all objects grants in original owner schema. -
SOA Suite read only console in 11g
Hi All,
Is there a possibility to create a user with read only role on EM in 11g? We want to create a user to monitor production environment with out having options for deploy/undeploy.
Thank You.By assigning an appropriate role to a user, you can limit his access -
http://download.oracle.com/docs/cd/E17904_01/integration.1111/e10226/appx_roles_privs.htm#BABIHDFJ
http://download.oracle.com/docs/cd/E17904_01/web.1111/e13747/secroles.htm#i1206135
Regards,
Anuj
Edited by: Anuj Dwivedi on Feb 22, 2011 9:12 PM -
Visual Administrator Read Only Access
Hi All,
I need to give Visual Admin read only access to a developer.
1. Is it possible ?
2. If so what is the role to be given and where to configure this role ?
Please help
Thanks
SouravHi sourav,
If you want to give read access to the developers with regards to configurations details of the system or application modules and resources then this would be best accomplished through the use of NWA(Netweaver Administrator). Here you should be able to create a user and give them read only access.
You can access it via http://hostname:5<system number>00/nwa of you Web AS Java.
You can use the SAP_JAVA_NWADMIN_LOCAL_READONLY role or the central read-only role depending on your needs and configuration.
Regards,
Nelis -
E-Recruiting "Read-Only" Transactions
We would like to make some for the E-Recruiting functionality that is available to recruiters from the recruiter start page available to support staff in a "read-only" mode. Our immediate need is for read-only version of the Candidate Overview available from Application Management, although a read-only version of the Requisition Maintenance and Candidate Shortlist would be helpful as well. I have tried to create a read-only role for the Candiate Overview by playing with the standard authorization objects P_RCF_APPL, R_FCF_VIEW, P_RCF_POOL and P_RCF_STAT but have had no luck.
Does anyone have any suggestions?
Thanks!This cannot be handled via authorizations in e-recruiting, because it is a non-exspected behaviour.
You can only realize this by development or modification.
regards -
Hello Everyone
Is there something like read-only OIM Admin role?. My manager wants to just see everything done by a system administrator or xelsysadmin . He doesn't want to modify any date, but he just wants to access everything added by the administrator.
Thank YouHi,
I hope you are using OIM 11g R2.
If yes, then OOTB OIM provides many Admin Roles under organization section. For example: User Viewer, HelpDesk, Org Admin etc.
You can use any of the OOTB admin roles to fulfill your requirement.
HTH
J -
Role properties are in read only mode
Hello
I have created a role in portal and now i am trying to make it's ENTRY POINT Property as Yes. But folders and worksets are in read only mode, how to make it an edit mode. Can anyone help please?
I have super_admin_role assigned to my username (group: Administrators)
Thanks
DubravkaDubravka,
Please check the button "Edit Mode" is enabled for the role when try to modify role's properties. If its enabled then press the button "Edit Mode" to change the read only mode.
Ram -
Role to access PFCG in "read-only mode"
Hi,
I've created a role to access transaction PFCG in "read-only mode", because some functional consultants asked for it.
However, it still gives them access to perform the "User Comparison" and I would like to remove that as well.
The role has the following authorization objects and values:
S_TCODE-TCD = PFCG
S_USER_AGR-ACTVT = 03
S_USER_AGR-ACT_GROUP = Y-, Z- (these are the allowed role names)
I really don't know what to do... any ideas?
thanksHello Gary,
Yes, I also noticed that. The restriction of a user compare in PFCG in the F4 help in PRGN_CUST, is the same SAP note as that for activity 22 (assigning the user to the role)...
You could have posted this on Sunday evening, that way Monday morning is closer to test it
Cheers,
Julius
PS: We now have at least two "Gary Morris" at SDN and have for some time been trying to contact the "real one(s)" to determine who-is-who. Another "name sake" is: https://forums.sdn.sap.com/profile.jspa?userID=3618541&start=0 for example.
If you have any concerns, feel free to email me (see my business card) or SDN (at) SAP (dot) COM. -
Role for User Administrator(Read only)
Hi All,
I want to create a role just like the role ofUser Administrator.But I want to make it read only.I want that the end user can perform search operation,can see the locked user,can see the roles but can't delete the user.Basically ,they shouldn't able to do the modification.
Any suggestions will be appreciated.
ParitoshI have only managed to do this by creating a role and assigning the relevant User Admin iViews to the role and then changing the End User Permissions on the role.
I assigned the ReadAll Premission. That did the trick for me.
Groups unfortunately require the manage_groups Permission, so we do not allow the viewing of groups. -
Role for system data dictionary read-only access
[NOTE: this is for 9i]
What grants must a role have to have read-only access to
the system data dictionary tables (e.g.: ALL_SOURCE,
ALL_OBJECTS, ...)?
Or, is there somewhere in the docs that talks about this
kind of role?
Thanks in advance,
RobertWell, the answer to your explicit question would be that it would need SELECT on each of the data dictionary views that do not have SELECT granted to PUBLIC. To find out what those are, you could do:
SELECT table_name, privilege
FROM dba_tab_privs
WHERE grantee = 'SELECT_CATALOG_ROLE'however, it would probably be easier just to grant it SELECT_CATALOG_ROLE :-)
John
Maybe you are looking for
-
Problem with Windows Media Player since installing Firefox 4.0
Problems with Window Media Player. When I am using Windows Media Player to view a video from another source I am having problems. When I hit pause and then go back to hit play it does not have any sound. The player is not on mute and it keeps going f
-
How can I let Pages '09 and Pages 5.0.1 coexist in my Mac?
I'm using an iMac with Mavericks 10.9.1. I 'upgraded' my copy of Pages to 5.0.1, but I'm working with someone who doesn't have it (his machine can't be upgraded to Mavericks, so no Pages 5.0.1 for him). In order to exchange documents and edits with h
-
hello, i am forwarding my codes here, and pls let me know how to write the loop conditions regarding this. *& Report ZGOM1 REPORT ZGOM1. CALL SCREEN 200. *& Module USER_COMMAND_0200 INPUT text MODULE USER_COMMAND_0200 INPUT. tables : Z
-
I lost my password and can not unlock my ipod
How can I unlock my ipod, I forgot my password
-
Datafile lost. No backups or archivelogs
DB version: 11.2.0.2 In our newly created DB which is in NOARCHIVELOG mode, we lost a datafile in one of our tablespaces (accidently removed). We don't have RMAN backups or archivelogs since the DB creation. What is the most we could do ?