Navigate to Different role(Group)

Hi,
I have two roles role1 and role2,role3.
role1 is assigned to everyone and has iview1 .
and role2 is assgined to everyone and has iview2.
role3 is assigned to specific group and has iview3.
if the "Testuser" has role1, role2 and role3.
i have to navigate from role2 and role3 to role1, and its working from role2 to role1. but from role3 to role2 is not working.
code:
WDPortalNavigation.navigateAbsolute("ROLES://<PCD path>",WDPortalNavigationMode.SHOW_INPLACE,null,null,WDPortalNavigationHistoryMode.ALLOW_DUPLICATIONS,null,null,null);
is this b'cos of role3 and role1 are assigned to different groups, but testuser is assigned to both groups and he can see all three role tabs.
any suggestions?
Thanks,
Murali.

You'll want to set the OnSelect property of the button to the
Navigate function, as the function reference describes. If only two gallery items link to two screens, you might try:
If(Gallery!Selected!ItemName="ItemWhite", Navigate(ScreenName, ScreenTransition!Fade), Navigate(ScreenName2, ScreenTransition!Fade))
But how many items does the gallery show, and does each link to a different screen? Also, are they really different screens (different layouts, different kinds of information, etc.), or is it one screen that shows the same information for different
items? For example, you could create 10 screens that show the same kinds of information about 10 items, or you could have one screen that shows the same kinds of information about whichever gallery item is selected.

Similar Messages

GRC CUP - How to add a custom field in "Select Roles/Groups" form

Hi Forum,
I created a custom field "REGION" in CUP configuration. I used this field in "Role Attributes"
In "New Account" workflow, when i click on Select Roles/Groups" a screen for Select Roles/Groups will display to select the roles by different combinations.
I need this "REGION" field in the above selection creria to select roles by REGION.
How to make this field "REGION" appear in above selet cretiria.
Thanks,
RAM
Edited by: Ram.Sathish on Apr 21, 2011 3:46 PM

you can not add custom fields in the search, have you thought about using the company field as the fied for location?
Regards,
Chinmaya

Different field groups in the different account groups

Dear IT Experts,
I´m working on restructuring authorization in roles concerning the IC and TP customers.
The goal of this changes is be able to have different field groups in the different account groups (TP and IC), for give you some more detail a good example can be, the same AMS user should be able to change general data and sales views for TP customers but for IC he should only be allowed to change the sales views, however when the changes are made in the roles they are being ignored because as far as I could check the system does not have as a rule that the field groups are or can be dependent from the account group...
I can give you a clear example:
Role A
F_KNA1_AEN -> VGRUP = 10-16
F_KNA1_GRP -> ACTVT = 01, 02, 03
F_KNA1_GRP -> KTOKD = INTR
Role B
F_KNA1_AEN -> VGRUP = 16
F_KNA1_GRP -> ACTVT = 01, 02, 03
F_KNA1_GRP -> KTOKD = THIR
Despite it looks fine, the system is not validating the account group with the correspondent field group in each role, so the field groups that the system use is unique, it means it the content of the object F_KNA1_AEN in total independently of used account group!
So my question is, can we apply any other object that makes the field group being directly depending of the account group, as we can see for example activities for each account group having something similar for field group and account group?
Can someone please explain me step-by-step how I can do this work even if by another method?
I´m quite new on this issues and I really need your wisdom to find a solution for this.
Many thanks
Katjia

Hi Manoj
The debate is each inidividual business unit has defined different account groups for the same vendor in their respective systems.
The question is : What is the best practice-- Should we keep Vendor account group as main table field and define Vendors with one unique account groups OR we maintain the account group in qualified table each pointing to different business unit.
In my opinion this is going to be very complex solution. Ideally we need to define all the Harmonization rules before syndicating data to different target systems.
Is this possibel that the same vendor record which is existing as vendor of different account groups in different systems have same set of attributes. If yes then enabling the remote key for Account group Lookup field is one option and defining a unique Account group 'AG" (which is mapped to say AG1 from remote system1, AG2 from remote system2 and so on..)..
Managing this via Qualified table will be very complex and not advisabel. As Rajesh also mentioned Account Group in MDM should be considered as Global attribute and all such harmonization rules should be defined in your project. AG1=AG2=AG in above exmaple.
Hope this clarifies.
Thanks-Ravi

Different role types. Was: "Hi sap gurus"

define and differentiate the following types of roles
1.single role
2.composite role
3.derived role
4.child role
5.parent role
Message was edited by: Moderator
Please use meaningfull thread subject titles.

Hi
There are 5 types of Roles:
1) Single Role.
2) Composite Role. (Max 164 Single Roles can be attached to one Composite Role)
3) Derived Roles.
4) Orphans Role.
5) Reference Roles.
Composite roles 
A composite role is a container with several different roles. For reasons of clarity, it does not make sense and is therefore not allowed to add composite roles to composite roles. Composite roles are also called roles.
Composite roles do not contain authorization data. If you want to change the authorizations (that are represented by a composite role), you must maintain the data for each role of the composite role. Creating composite roles makes sense if some of your employees need authorizations from several roles. Instead of adding each user separately to each role required, you can set up a composite role and assign the users to that group. The users assigned to a composite role are automatically assigned to the corresponding (elementary) roles during comparison.
The menu tree of a composite role is, in the simplest case, a combination of the menus of the roles contained. When you create a new composite role, the initial menu tree is empty at first. You can set up the menu tree by choosing Read menu to add the menus of all roles included. This merging may lead to certain menu items being listed more than once. For example, a transaction or path contained in role 1 and role 2 would appear twice. If the set of roles contained in a composite role changes, the menu tree is also affected. In such a case, you can completely rebuild the menu tree or process only the changes. If you choose the latter option, the Profile Generator removes all items from the menu, which are not contained in any of the roles referenced. It is possible (and often necessary) to change the menu of a composite role at any time. You adjust these menus in the same way as the menus for roles.
Derived roles 
Derived roles refer to roles that already exist. The derived roles inherit the menu structure and the functions included (transactions, reports, Web links, and so on) from the role referenced. A role can only inherit menus and functions if no transaction codes have been assigned to it before.
The higher-level role passes on its authorizations to the derived role as default values, which can be changed afterwards. Organizational level definitions are not passed on. They must be created anew in the inheriting role. User assignments are not passed on either. Derived roles are an elegant way of maintaining roles that do not differ in their functionality (identical menus and identical transactions) but have different characteristics with regard to the organizational level.
The menus passed on cannot be changed in the derived roles. Menu maintenance takes place exclusively in the role that passes on its values. Any changes immediately affect all inheriting roles. You can remove the inheritance relationship, but afterwards the inheriting role is treated like any other normal role. Once a relationship is removed, it cannot be established again.
In real time scenario Roles and Authorizations are primarily based on Company codes in many cases and in some scenarios are also based on Cost centers or divisions etc. IN such scenario, a Master role is created and many child roles are created with relevant Organizational levels added to the same. So any change to the master role would be drilled down to Child roles and hence it would avoid a lot of Maintenance overhead.
E.g.: Master Role -- Z_SAP_FI_BUYER_000
Child Role1 -- Z_SAP_FI_BUYER_CC1
Child Role 2 -- Z_SAP_FI_BUYER_CC2
Child Role 3 -- Z_SAP_FI_BUYER_CC3
Orphans Role
Orphans Roles are Stand-alone roles and are many a times required for IS uses/. So a System Admin role, a Security Auditor role and many other special roles mainly not used in Business side are created as ORPHANS. This role limits the user to a particular organization.
Reference Role
They are SAP standard Roles.
Reward points if helpful

Access control for different user groups in APEX 4.0

Hi guys,
in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

Hi Errol,
to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
Regards
Andre

How to send notifications to different user groups based on payload value

Hi Gurus,
I have a scenario in BPM where i have to send notifications to different user groups based on the payload value.
ex:
Payload sample:
<employees>
<emp1>
<state>TX</state>
</emp1>
<emp2>
<state>AZ</state>
</emp2>
</employees>
Requirement: I have to send notification through Humantask to users of TX and AZ as mentioned in payload.
Can you please help me out in achieving this in BPM?
Thanks,
Raju
Edited by: user0808 on Mar 1, 2013 12:58 PM
Edited by: user080811 on Mar 4, 2013 11:06 AM
Edited by: user080811 on Mar 4, 2013 11:07 AM

Hi Daniel,
thanks a lot for your quick response.
I went through your blog and tried implementing the same.
But in my case i have to send parallel notifications to both the states.
Please correct me if i am wrong, using if conditions in rules is allowing me to send to only one state.
I also tried the following approach
1) setting the organization units in bpm workspace
2) passing values using human task parametric roles
3) and looping the subprocess that has the humantask for the count of states.
I am able to loop the subprocess but i am not able to change the parametric role value for the next iteration of the subprocess.
Can you please help me in resolving this?
thanks,
Raju

Provision Unix accounts/roles/groups to Directory server using OIM

Hi,
I have a requirement to integrated large number of Unix servers with LDAP (OID or Sun Directory Server) for Centralized Authentication and Authorization and to provision Unix accounts/roles/groups to Directory server using OIM, I have following queries.
1. If using PAM_LDAP then what are the schema changes required in ldap to support it ?
2. Does OIM's out of box connector for OID or Sun Directory Server supports Unix accounts/roles/groups provisioning to Directory server ? If not, can it be extend ? or do I need to write a custom connector ?
3. If I use Oracle Authentication Services for OS for centralized unix account management then OIM provisioning is same as #2 or different ?
Thanks
Nitin

yes. iPlanet connector support for multivalued attribute. Go through the connector doc. It will let you know how to extend its functionality.
--nayan

Avoid to have several different Roles to maintain

Hi ,
I'm new to the portal admin/development. Until now when we have a new "functionality" we copy a existent portal role and remove or add "pages"/"i-views" to it . So we have many roles which are very similar and that become challenging to be maintained .
Is there another solution (Portal framework) to hide or allow some "pages"/"i-views" to users without having to create and assign different roles .
For the moment role A can have pages 1,2,3,4,5,6,7 role B will = role A without page 7 .
Any presentations or information will be welcome .
Regard's

This seems to be a design related problem, Think about your deign carefully. You can group the users in Groups and assign roles to the Groups.
I won't call it a solution, because it will have very high performance impact but you can keep a role with common content, and then at runtime you can add iView/Page.
regards
Prashant

Transactions available to different roles

Hi all,
I've been asked to do some research on the transactions available to different roles and would greatly appreciate any help anyone can give.
What I am looking for is a full list of transactions/rights attached to
SAP_CA_AUDITOR_SYSTEM user
SAP* user
DDIC user
If anyone could point me in the right direction that'd be great

As far as i know...T.Code --> SUIM should give you your desired results.
I am working on 4.6 B so change the nomanclature of Authorization Group as Roles in your system.
Just follow the path
SUIM --> Activity Groups --> By Activity Group Name --> enter your activity group "SAP_CA_AUDITOR_SYSTEM" --> Execute (F8) --> then click on "User Assignment" option.
Reward Points if it helps,
Regards,
N

Role Groups

Hi,
Can someone explain role groups and what they are useful for? I know you can add a bunch of Roles into a group. It seems like just creating a role with other roles is more useful.
I can't see what use they are when you are dealing with setting up your TLN and Detail Nav. You can't put the inserted roles in any order so there is no way to control how they would appear in the navigation to the user.
Can anyone help me out why I would use groups vs. setting up a role within role type organization?
Thanks!

Hi everybody,
From the image you sent ("Assigned" roles, as already written before), Kenneth, as well as from the ongoing discussion, it's just what I already said: Role are "assigned" to groups, and that from the hierarchies point of view, is: Roles "have" groups.
> roles in groups has its own purpose
That is a wrong termonology. If anything is "in" something, groups are "in" roles. Sometimes people also talk of groups "assigned" to roles, as this also makes sense from the hierarchie's point of view. Anyhow, the other way round makes more sense from a semantic point of view (groups, as users, may "play" different "roles", so roles are assigned to these principals) and is the common one. Nevertheless, draw some UML class diagram, and you'll see that a role "has" groups (and users) and a group has groups and users.
> how to control what level an item will appear on
At this point, the discussion should reflect the differences between UME roles and PCD role objects. It's also not necessary (and not advised at all officially by SAP) that the roles themselve are the entry points (but the workset(s) under a role, in most cases).
Anyhow, as I have described in my second posting, the hierarchy is used within the UME, so that in most cases there will be a 1:1 relationship between groups and roles (this is not necessary, and sometimes other combinations do make sense, but it is a (quite general) advise).
Hope this brings some light into it...
Best regards
Detlev

Stock report for single material contains different material groups

Hi Experts,
              I have a scenario.I want to maintain material group for a material at the time of po creation.In next time i will maintain different material group for the same material.
               But I want to view the the stocks for material group wise which i entered in po.Is it possible to achieve this?
              Please suggest solution.
Thanks & Regards,
Deepika.

Please read the KBA document 2012912 - Changeablility of the field "material group" in purchasing documents
It clearly says that material group can't be changed in case you will use material master in purchase order.
So, it is clear that you can't use different material group for material master in purchase order.
For stock report, system will only show you the material group which is assigned to the material master (MARA-MATKL). System will not look into the purchase order section (like EKPO).

Same number range for two different series groups?

Dear all,
There are two scenarios
1.Normal export under bond case, series group is 20 and number range maintained,running number is 300016
2.Another scenario,where ARE1 document generation for Deemed exp customer(already customised) , series group is 30.
But, client requirement is , for this second scenario also, system should pickup running number range of series group 20(under bond case) as per excise legal requirement
Ie running number is for series group 20 is 300016
For the above deemed exp case (second scenario)it should pickup 300017
And again when they do under bond case(first scenario), it should pick up 300018 like that
Is it possible to maintain the same number range for two different series groups(20 and 30)?
Even if you maintain the same number range for 30, as per running number range of 20
Will the system update simultaneously the same number range for 20 and 30 series groups?
Please suggest the way.

With two different series groups, it is not possible to have the same number range. Even if you maintain it, they will be treated independently.
Normally, you should not use different series groups if the same number range has to be used. In fact, the concept of series group has been developed to ensure that number ranges can be maintained separately.
Regards,
Aroop

Can I deploy 2 computer GPO for 2 different Security Groups to the same machine?

Hi
this is my scenario
I have 2 different security group ( in a domain ) and i would like to deploy 2 different Computer GPO depends by the user SG membership
this is a terminal server ( 2k12) and I would like have the computer GPO policy/admin template/windows components/remote desktop session host/profile different for each security group.
thanks
Marco

> I have 2 different security group ( in a domain ) and i would like to
> deploy 2 different Computer GPO depends by the user SG membership
Not really, but for some settings there is a workaround... ->
http://evilgpo.blogspot.de/2012/03/how-to-save-my-screen.html
> this is a terminal server ( 2k12) and I would like have the computer
> GPO policy/admin template/windows components/remote desktop session
> host/profile different for each security group.
For THIS setting, it definitely does NOT work. The profile path must be
known BEFORE the user is logged on and this means BEFORE any user
specific settings can be processed.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))

Is it possible to deploy 2 SCOM 2012 R2 reporting in a SQL server which already has SCOM reporting of a different management group but with 2 different reporting instance.

Hi Experts,
I have a typical situation in the LAB environment. Hope some one helps. I have Installed a SCOM 2012 R2 with SQL 2012 SP1 in a single server (Management group 1). I have installed another management group on another server using this SQL server for its database
so i have everything going fine.
The first management group has its reporting installed in the SQL server. For the second i created a new named instance for that. But i cannot run the SCOM setup in the SQL server (Also holding the Management group 1 MS) as 1 st reporting is already there.
When i run the setup it is asking me to repair it. I don't get the install option so i can install the reporting for management group 2 in the named instance.
Default instance is being used by the 1st management group.
Can any one figure a possibility for installing 2 SCOM reporting services for different management groups in a same SQL 2012 server please.
Gautam.75801

Hi Yan Li,
Thank you for the reply. So as you are aware If i need to instal reporting, i need to run the SCOM 2012 R2 setup in the SQL server and select reporting and select the
instance and then mention the management server there right. I am not getting that option there it is asking me to remove or repair the existing installation as there is already a SCOM entire setup including reporting there. As it is a lab there is no problem
in testing. I have 2 reporting instances. Any suggestions for me on how to overcome this issue and deploy the second reporting in the new named instance ?
Below is the screenshot of the error what i am talking about when i run SCOM 2012 R2 setup to install reporting in the SQL server
When i click on add feature reporting is greyed out (As already 1st management groups reporting is installed)
When i click on remove or repair it
uninstalls the existing one. But i want both SCOM 2012 r2 reporting to be there(For both Management group). Is it possible ? If yes What is the trick to run the setup ?
Gautam.75801

Mass creation of common folders for different user groups

Hello Experts,
We are using Portal 7.0 SP12 and we have 10 different user groups created in Portal.
Based on this group structure, we need to create two common folders in each of the user's personnel documents in KM.
Is there is any way to achieve this kind of requirement ?
Can we do mass creation of these two common folders which will be assigned to all of the groups. This needs to be done in user's personnel documents and not in Public documents.
Any help in this context would be highly appreciated. points assured.
Thanks in advance,
Anil Kumar.

For every user a folder is created in userhome. One approach is to capture this folder creation event and create the folder structure you need. You need to develop a portal service which will listen to events from userhome repository.
1. Capture folder creation event for user home
2. Create the folder structure you want in this event handler
Check this documentation on how to do this.
https://media.sdn.sap.com/html/submitted_docs/nw_kmc/howto/rf/client_api/rf_client_api.html
Regards,
Prasanna Krishnamurthy

Navigate to Different role(Group)

Similar Messages

Maybe you are looking for