Need to Assign read-only roles to a user in EP

Similar Messages

• Unable to assign all security roles to a user with a new custom security role

  Dear All,
  Happy New Year.!
  I have a query regarding the assignment of Security Roles to new users in CRM. Normally we assign the security roles to new users via an Admin user who has 'System Administrator' security role assigned to him/her. This works perfectly fine, and we can assign
  any desired security role to the new user.
  However, in our case, we need to delegate the user creation rights to some of the client partners. We do not want to give them access to all the Administration functions; hence we created a new Security Role, lets say 'Support User Role'. We have provided
  'Create', 'Append', 'Append To', and 'Assign' rights on 'User' entity for this new security role. With this security role, we are able to create new users now, but we are only able to assign 'Agent' security role, not any other security roles.
  For example, if user 'x' has Security Role defined as 'Support User Role'. If 'x' tries to add a new user 'y', then 'x' is only able to assign 'Agent' security role to 'y', but not any other security role. As per business requirement, 'x' should be able
  to assign some other security roles, including 'Support User Role', to new user 'y'.
  I believe that there is something missing in Security Role configuration, which is causing the above problem. We compared both 'Support User Role' and 'System Administrator' security roles, but not able to figure out which minimum rights we can provide to
  'Support User Role' so that users with this security role can only add new users (with any security role), and that they are not having access on any other Administration features as well.
  Appreciate any help that you can provide on the above issue.
  Thanks in anticipation.

  Hi,
  Can you check if you have organization level Read access for Securitity Role and Organization level Assign access for Security role.
  Refer:-
  http://www.magnetismsolutions.com/blog/paulnieuwelaar/2013/04/22/permissions-required-to-manage-roles-in-dynamics-crm-2011
  Hope this helps!!!
  Thanks,
  Prasad
  Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question

• Error while assigning the fallowing role to the user

  Hi,
  ERROR 2007-01-18 14:13:25
  CJS-30196  Role SAP_BC_JSF_COMMUNICATION_RO is not assigned to user SAPJSF
  i am getting the fallowing error while trying to assigning the fallowing role to the user any body through some light in to it.
  Thanks
  kiran.B

  Hi,
  Standard roles are not assigned to users directly.Make sure that copy the role from standard roles then change naming convention like your company specification.
  Ex: standard role : SAP_BC_JSF_COMMUNICATION_RO
  Step:1: go to t-code: PFCG and give the role name in role tab SAP_BC_JSF_COMMUNICATION_RO
  Step:2: press copy button and change the naming convention.
  Step:3: Assign to the user.
  I hope it will help you.
  kiran kumar.v

• How to retrieve the Role of a custom sharepoint Group Progrmatically and also assigning the same roles to new user?

   I want to retrieve the roles assigned to custom group progrmatically and assigning the same roles to new user?

  Hi,
  According to your post, my understanding is that you want to retrieve the Role of a custom sharepoint Group Progrmatically and also assigning the same roles to new user.
  To retrieve the Role of a custom sharepoint Group, you can refer to:
  http://www.sharepointfix.com/2011/05/find-rolepermissions-of-currently.html
  To assign the same roles to new user, you can refer to:
  http://msdn.microsoft.com/library/Microsoft.SharePoint.SPRoleAssignment
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Read-Only Role For User Admin

  Hi, I am trying to implement a role that would enable a user to have the same functionality as the out-of-the-box User Admin role, but that this user would not be able to actually create or modify users, roles assignments, etc.
  The idea is to have a 'Display' role - with read-only access.
  The solution we are comtemplating right now involves getting the source code from SAP, copying it, and modifying it - disabling any interaction. We would then create new iviews, pages, etc from there only for this role. This is a tedious task.
  Any ideas on how else this can be done?
  Thanks

  I have only managed to do this by creating a role and assigning the relevant User Admin iViews to the role and then changing the End User Permissions on the role.
  I assigned the ReadAll Premission. That did the trick for me.
  Groups unfortunately require the manage_groups Permission, so we do not allow the viewing of groups.

• Nakisa TF & SP : Read-only Roles

  Hi Experts,
  I am currently using Nakisa SuccessionPlanning 3.0 SP1 0701027700 and Nakisa Talent Framework  3.0 SP1 0701021700.
  My question is, the user currently can log in to TalentFramework and SuccessionPlannning to display & maintain data.
  Is it possible to setup a role that can be assigned to a group of user, so that they are only allowed to display the data (read-only) and not allowed to maintain it?
  Please help to give some insight on this.
  Thanks,

  Hi Aimey00,
  For the STVN solutions the authroizations are all controlled in the backend. I would recommend speaking to a consultant with experience of authorizations who can help you restrict this data access.
  In theory you could introduce application security roles to do this, but the effort required would be significant and would require a great deal of customizing. I recommend going through the backend authorization approach.
  Best regards,
  Luke

• How to assign read only access for a database to a single user?

  Hi All,
  I have created a login for one of the user , and i used deny view to deny that user access to any of the databases to be shown.Now, he cannot see any databases in the explorer window.
  My question is now i want to give this user permission ( read-only) to a single database. How can i do that? I have googled around and found some solutions but nothing is working.
  Can someone please help me with any suggestions.
  Thanks a lot for your time and suggestions in advance.
  Thanks

  Hi Bhanu,
  Thanks for your reply, I am not sure i got it. I have a user created with the name of 'msam_test' and if i login into management studio with this userid and password i dont see any databases showing up because i used the DENY View command to hide which is
  working fine.Now i just want to see only 1 database named 'suresh3_test' with a read only access to this database.
  I tried using your code in the below way
  USE [suresh3_test]
  CREATE USER [<msam_test>] FOR LOGIN [<msam_test>] WITH DEFAULT_SCHEMA=[dbo]
   exec SP_ADDROLEMEMBER 'DB_DATAREADER','<msam_test>'
  But i receive an error saying
  Msg 15007, Level 16, State 1, Line 3
  '<msam_test>' is not a valid login or you do not have permission.
  Msg 15410, Level 11, State 1, Procedure sp_addrolemember, Line 75
  User or role '<msam_test>' does not exist in this database.
  Can you please help me on this.
  Thanks

• XL Reporter Reports Generation needs to be read only

  Dear Experts,
  I want to know that when I make an report in XL reporter is it possible that whenever the report is generated it is READ ONLY so that the generated report cannot be changed or modified.
  As in XL Reporter the reports generated gets transfered to Ms-Excel and it is possible to change the values or figures easily.
  Is there any way to block this option of change.
  Waiting for an positive response from your end.
  Regards,
  Kawish
  Edited by: Kawish Junaid Mazhari on Apr 6, 2008 10:00 AM

  You could try turning on data protection in the definition once it has been completed, then saving the sheet. I'm not sure if this would then stop it executing or not?
  If this doesn't work, you could run a macro on execution on the report that protects the sheet before it saves.

• Read only access to few users & RW to others for Web Dynpro App in EP

  HI All,
  I am creating few Iviews using custom development and able to display on the EP fine.. Now customers want to have red only to few users and read/write access to few users.. Can any one point me to the right documentation or the steps to be performed to acheinve this.
  Thanks
  Rajeev

  Hi Rajeev,
  Please create role/group for WD applciation which you want to assign read/read & write to the users. Access the role/group in WD application and restrict the access to UI Element properties.
  Refer to below documents for protecting Access to the Web Dynpro Application Using UME Permissions.
  [help.sap.com|http://help.sap.com/saphelp_nw04/helpdata/en/f3/a64d401be96913e10000000a1550b0/content.htm]
  [Exmaple|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/297f35cf-0201-0010-00b2-fe2f3e23d360?QuickLink=index&overridelayout=true]
  Hope it will helps
  Regards
  Arun

• How to assign select only privilage to a user application wise..?

  1-i have a function checking for a user_id and password it works fine.
  2-i have a procedure checking for the user privilage
  Both 1 and 2 stored in a package library,both called from 'ok' button on the main form as follows:
  DECLARE
       V_USER_ID users_codes.USE_ID%TYPE;
       V_PASSWORD users_codes.use_pass%TYPE;
       V_EXIST BOOLEAN;
       v_insets USERS_PRIVILAGES.I%TYPE;
       v_deletes USERS_PRIVILAGES.D%TYPE;
       v_retrieves USERS_PRIVILAGES.R%TYPE;
       v_saves USERS_PRIVILAGES.S%TYPE;
       AL_ID NUMBER;
  BEGIN
            V_USER_ID :=:TI_USRCOD;
            V_PASSWORD :=:TI_USRPSW;
       :GLOBAL.USR_CODE :=V_USER_ID;
       :GLOBAL.PASSWORD :=V_PASSWORD;
       V_EXIST :=SECURITY_NEW.LOGON_AUTH ( V_USER_ID ,
       V_PASSWORD );
       IF V_EXIST = TRUE THEN
                 SET_ALERT_PROPERTY('NOTE',ALERT_MESSAGE_TEXT,'V_EXIST = 1 ');
                 AL_ID := SHOW_ALERT('NOTE');
  ELSE
                 SET_ALERT_PROPERTY('NOTE',ALERT_MESSAGE_TEXT,'V_EXIST = 0 ');
                 AL_ID := SHOW_ALERT('NOTE');
  END IF;
       IF V_EXIST =TRUE THEN
                      SECURITY_NEW.Menu_Status ( V_USER_ID ,
            v_insets ,
            v_deletes ,
            v_retrieves,
            v_saves );
                 MESSAGE(' Priv Exist' ||V_USER_ID||', '|| v_insets||' , '|| v_deletes||' , ' ||v_retrieves||' , ' ||v_saves);      
       :GLOBAL.insets :=v_insets;
       :GLOBAL.retrieves :=v_deletes;
       :GLOBAL.deletes :=v_retrieves;
       :GLOBAL.saves := v_saves;
       END IF;
       CALL_FORM('F_Frame_MDC');
  END;
  ==========================================================
  Above code returns my parameters just fine.
  My doubt now is:
  1-how can i give alll privilages to user1.
  2-how can i give Select only privilage to user2.
  ==========================================================
  For clarification i used the following code in a when-new-record-instance
  --when_new_block_instance
  --result protected to be updated
  DECLARE
  BEGIN
  -- MESSAGE(' Priv' ||:GLOBAL.insets ||', '|| :GLOBAL.retrieves||' , '|| :GLOBAL.deletes||' , ' ||:GLOBAL.saves );
  --     MESSAGE(' Priv' ||:GLOBAL.insets ||', '|| :GLOBAL.retrieves||' , '|| :GLOBAL.deletes||' , ' ||:GLOBAL.saves );                    IF :GLOBAL.insets =0 THEN
  IF :GLOBAL.insets =0 THEN
                                Set_Block_Property('MISSION_CODE1',INSERT_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',UPDATE_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',DELETE_ALLOWED,PROPERTY_FALSE);
                                MESSAGE('ÚÝæÇð ÇáãÓÊÎÏã ÑÞã'|| ' ' || :GLOBAL.USR_CODE || 'ÛíÑ ãÓãæÍ ÈÇáÅÏÎÇá Ãæ ÇáÊÚÏíá ');
            RAISE Form_Trigger_Failure;
                      ELSIF :GLOBAL.insets =1 THEN
                                Set_Block_Property('MISSION_CODE1',INSERT_ALLOWED,PROPERTY_TRUE);
                                Set_Block_Property('MISSION_CODE1',UPDATE_ALLOWED,PROPERTY_TRUE);
                                Set_Block_Property('MISSION_CODE1',DELETE_ALLOWED,PROPERTY_TRUE);
                      END IF;
                      IF :GLOBAL.retrieves =0 THEN
                           Set_Block_Property('MISSION_CODE1',QUERY_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',DELETE_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',UPDATE_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',INSERT_ALLOWED,PROPERTY_FALSE);
                                MESSAGE('ÚÝæÇð ÇáãÓÊÎÏã ÑÞã'|| ' ' || :GLOBAL.USR_CODE || 'ÛíÑ ãÓãæÍ áå ÈÇáÅÓÊÚáÇã ');
            RAISE Form_Trigger_Failure;
                      ELSIF :GLOBAL.retrieves =1 THEN
                           Set_Block_Property('MISSION_CODE1',QUERY_ALLOWED,PROPERTY_TRUE);
                           Set_Block_Property('MISSION_CODE1',DELETE_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',UPDATE_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',INSERT_ALLOWED,PROPERTY_FALSE);
                      END IF;
                      IF :GLOBAL.deletes =0 THEN
                      Set_Block_Property('MISSION_CODE1',DELETE_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',UPDATE_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',INSERT_ALLOWED,PROPERTY_FALSE);
                                MESSAGE('ÚÝæÇð ÇáãÓÊÎÏã ÑÞã'|| ' ' || :GLOBAL.USR_CODE || 'ÛíÑ ãÓãæÍ áå ÈÇáÅáÛÇÁ ');
            RAISE Form_Trigger_Failure;
                      ELSIF :GLOBAL.deletes =1 THEN
                      Set_Block_Property('MISSION_CODE1',DELETE_ALLOWED,PROPERTY_TRUE);
                                Set_Block_Property('MISSION_CODE1',UPDATE_ALLOWED,PROPERTY_TRUE);
                                Set_Block_Property('MISSION_CODE1',INSERT_ALLOWED,PROPERTY_TRUE);
                      END IF;
                      IF :GLOBAL.saves =0 THEN
                           Set_Block_Property('MISSION_CODE1',DELETE_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',UPDATE_ALLOWED,PROPERTY_FALSE);
                                Set_Block_Property('MISSION_CODE1',INSERT_ALLOWED,PROPERTY_FALSE);
                                          RAISE Form_Trigger_Failure;
                      ELSIF :GLOBAL.saves =1 THEN
                                Set_Block_Property('MISSION_CODE1',DELETE_ALLOWED,PROPERTY_TRUE);
                                Set_Block_Property('MISSION_CODE1',UPDATE_ALLOWED,PROPERTY_TRUE);
                                Set_Block_Property('MISSION_CODE1',INSERT_ALLOWED,PROPERTY_TRUE);
                      END IF;
            END;
  ========================================================
  I even tried to take the concerned parts in key commit and key-delrec
  but it was only disabled 4 both users and then when press exit button it saves alll changes...
  ========================================================
  It's urgent,immediate help will be much appreciated
  Thanks in advance,
  Regards,
  Abdetu..
  ==========================================================

  Hello Christain,
  i am so sorry but there was problems in the internet connections so i wasn't able to reply to u immediately..
  Well,ur guidelines to Globals as they r always charaters was a new info to me that make me change:
  -the query,the return values when checked or unchecked it now returns n or y in the privilage forms which affects the behaviour of the select statment in my priivilage procedure instead of returning 0 or 1 it is now returning n or y.
  -most importantly,either it was n or 0 i called themas characters from any form in the (WNFI Trigger) if :GLOBAL.INSERTS ='Y'
  THEN SET_ITEM_PROPERTY.....etc.
  -->what do you mean with "NULL values"? plz clarify...
  i am displaying messages with the returned values from the called parameters assigned to the Globals in my loginForm,so if there is a privilage checked it returns with y if not it was previously returned with null.
  --i aslo changed the where condition in my privilage procedure instead of :
  BEGIN
                           SELECT I
                           INTO v_inserts
                           FROM USERS_PRIVILAGES
                           WHERE USER_ID = P_USER_ID
                           AND ( I = 'Y'
                                                    p_i :=v_inserts;          
  to the following :
  ===========
  BEGIN
                           SELECT I
                           INTO v_inserts
                           FROM USERS_PRIVILAGES
                           WHERE USER_ID = P_USER_ID
                           AND ( I = 'Y'
                                or I = 'N');
                      p_i :=v_inserts;          
  ============================================================
  Then i yahoooooo it returns with both n and y values then a college at work made the following function:
  ===============
  FUNCTION Change_Block_Property( Block_Name In Varchar2 , Process Varchar2 , Val_Flag     Varchar2)
  RETURN BOOLEAN
  IS
       Block_ID BLOCK;
  BEGIN
       --WRONG_ALERT('WRONG_PASS','íÌÈ ÊÕÍíÍ ÅÏÎÇá ÇáÈíÇäÇÊ');
            Block_ID := Find_Block( Block_Name);          
            IF Process = 'Insert' And Val_Flag = 'N'Then
                      Set_Block_Property(Block_ID , INSERT_ALLOWED , PROPERTY_FALSE);
                      Set_Block_Property(Block_ID , UPDATE_ALLOWED , PROPERTY_FALSE);
                      Set_Block_Property(Block_ID , DELETE_ALLOWED , PROPERTY_FALSE);
            End IF;
            IF Process = 'Query' And Val_Flag = 'N'Then
                      Set_Block_Property(Block_ID , QUERY_ALLOWED , PROPERTY_FALSE);
                      Set_Block_Property(Block_ID , DELETE_ALLOWED , PROPERTY_FALSE);
                      Set_Block_Property(Block_ID , UPDATE_ALLOWED , PROPERTY_FALSE);
                      Set_Block_Property(Block_ID , INSERT_ALLOWED , PROPERTY_FALSE);
            End IF;
            IF Process = 'Delete' And Val_Flag = 'N'Then
                      Set_Block_Property(Block_ID , DELETE_ALLOWED , PROPERTY_FALSE);
                      Set_Block_Property(Block_ID , UPDATE_ALLOWED , PROPERTY_FALSE);
                      Set_Block_Property(Block_ID , INSERT_ALLOWED , PROPERTY_FALSE);
            End IF;
       Return True;
  End;
  =========================================================
  and called this Function from (wnfi Trigger) as:
  ==================================
  Declare
       V_EXIST Boolean;     
  BEGIN
       IF :GLOBAL.Insets = 'N' THEN
                 V_EXIST := ATT_SECURITY.Change_Block_Property ( 'EMP_MISSIONS' , 'Insert' , 'N' );                                   
       End IF;
       IF :GLOBAL.Retrieves = 'N' THEN
                 V_EXIST := ATT_SECURITY.Change_Block_Property ( 'EMP_MISSIONS' , 'Query' , 'N' );
       End IF;     
       IF :GLOBAL.Deletes ='N' THEN
                 V_EXIST := ATT_SECURITY.Change_Block_Property ( 'EMP_MISSIONS' , 'Delete' , 'N' );
       End IF;
  End;
  =======================================================
  To Handel the only case that return with no privilage assigned to a user
  and it finallyyyy on the dead moments of losing hope the darkness of don't know how turns to light and i works fine..
  ==========================================================
  thank u Christian u r a friend indeed,i reappologize for not beeing on line with u..
  Thank u very much for the loyal help u offered to me and the useful tips to refine and optimize my code...
  Kissess and Hugs Christian
  ====================
  Best regards,
  Abdetu.
  =========================================================

• Tabular Form - Read only condition for certain users

  Is it possible to make a select list field in a tabular form read-only to certain users? Here's the situation:
  The tabular form lists the users who need to select "Approve" or "Reject" in that field (they are approving or rejecting an engineering change)
  I want all of them to see the approval/rejection of their team, but only have access to edit the select list associated with their record.
  Thanks in advance.
  Apex 4.0.0.00.46

  You could use either "authorisations" tab or "conditional display" for the relevant column attribute.
  Report Attributes->Column Attributes->authorisationsIt would be better to have some more detail about what you are trying to get (maybe a quick mock up of the form, for example) but, I can envision something along the lines of the following:
  For each approval/rejection field:
  1. Create an authorisation appropriate for access to to each approval/rejection field e.g. authorisation scheme "FOO"
  2. In the relevant fields column attributes, set the authorisation to "FOO"
  3. now create a read only "public" copy of the above field, using the "display as text (based on LOV does not save state)" - set the authorisation for this field as "{NOT FOO}"
  (if you don't want to use authorisations, you could build an equivalent using "conditional display" instead, which is basically the same thing, except column specific)
  The downside is of course that you're duplicating fields in your query, which creates a bit of redundancy. There may be better ways to achieve this (maybe you could make use of the APEX_ITEM api, for example) but this is fairly easy to set up IMO.

• Read-Only cell for all users

  Hi,
  We're running an 11.1.1.2 Planning application.  A member in the Account dimension is read-only for all users including the Admin account.
  The member is read only when accessed through a Data Form or through Smart View.
  We addressing the Account dimension at level 0 on the data form.
  The member is not Dynamic.
  The member is only locked for EUR and GBP currencies.
  The member has previously been moved to a new location in the Account dimension however we have run multiple database refreshes since the move.
  Let me know if you need any more info.  Any help which can be provided would be greatly appreciated.
  Thanks
  Jim

  Hyperion Planning and More...: Why My Data Form is Still Read Only...!!!
  See if any of the points mentioned here is any help.
  Cheers..
  Rahul S.

• Unable to save Word documents when accessing them directly from the site because the document never converts from a read-only even though the User chooses to enable editing

  Issue has only popped up recently and cannot reproduce in a Test environment.  Unaware of any SharePoint changes, so hoping someone can point me in the correct direction.
  Previously Word document did not have to be physically checked out, but rather the editing of the doc also checked out the doc in a document library. This is the way we want it to remain –
  no manual check-out process. Now if a doc is edited without being checked-out, there is an issue with the process as the application thinks the doc is read-only (message received when trying to save the doc) even if enable editing is selected. The
  following message appears when you try to save the document:
    This message can appear if you have been editing a file that was opened as read-only. A file opened as read-only will have (Read-Only) appended to the file name as it appears in the title bar of Word. You can still save the document, but you must
  save it by using a different file name. If you use Windows Explorer to change the read-only properties of the file, while the file is open in Word, it will not enable Word to save the file. Word must open a non-read-only version of the file in order to save
  it by using its original file name. If you have not made any changes to the file, you can close it, and then use the following steps to make the file writeable. 1. Click the File tab, and then click Open. 2. Browse to the file and right-click it. 3. Click
  Properties, and then clear the Read-Only check box. 4. Reopen the file. If you have made changes to a read-only file, you can save it, and then use the following steps to give the modified file the original file name. 1. Click the File tab, and then click
  Save As. 2. Enter a different file name, and then click Save. 3. NOTE: Adding "Rev1", or "Mod1" to the original file name may help you to remember it later. 4. Click the File tab, and then click Close. 5. Open Windows Explorer. 6. Browse
  to the original read-only file. 7. Rename the read-only file. 8. Browse to the new file. 9. Rename the new file to the name of the original file. Do not delete the read-only file until after you have determined you no longer need it.
  Previously, when check-out was optional, a file was checked out automatically when someone opened it for editing, unless it was already checked out. The editing commands notified the User that the file is being/was checked out.  The real issue is the
  word doc can no longer be saved as the application still believes the doc is read-only.

  Hi, 
  According to your description, you give the domain admin full control over files on the old file server, but you cannot move the files to the new file server. After pull the files from the old to the new file server, the domain admin can only read the files
  on the new file server.
  How did you move the files from the old file server to the new file server? Did you setup replication between the two file server or use robocopy? 
  Please check the files permissions on the new file server to see if the permissions are changed, then share the folder on the new file server to everyone to see the result.
  Regards, 
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to program shift register to read only when a new user is detected from user?

  Hi,
  I'm currently developing a program for position control in labview. The program is quite simple, whereby user will input the distance that he wants the table to be in the labview program, and labview will send signal to move a motor that will turn a ball screw to move a table horizontally to the targetted position. The criteria is that the profile of the motor depends on the distance it needs to move, whether a two-phase (acceleration and deceleration) or three-phase (acceleration, constant velocity, deceleration) to reach the target position.
  The problem occurs when the user wants to enter a new position (second input) for the table, as the input by user is position the table needs to be but the input required to determine which profile the motor follows depends on the distance that the table will move to get to the targetted position. Therefore, I would need a function to store the input by user temporarily, and recall it only when a new input from user is detected. By this, I would be able to use the difference of the input (input [n+1] - input[n]) and feed it to determine which profile the motor follows and the input by user can be kept as the position he wants the table to travel to (to compare with encoder).
  I thought of using shift registers to do this, but I am not able to make it to perform the deduction ([n+1] - [n]) only when it detects a new input. When i try using shift register, it travels to the targetted position, and one it reaches it will travel back to the original position. For example, when a user input 90, it means the table needs to move to point 90. As the shift register is initialized to 0, it will move to point 90 (90-0 = 90) but upon reaching 90, the shift register sends a signal of 90 (90-90 = 0) and the table returns to it's initial position.
  Is there any way that I can delay the reading of shift register only when a new input is detected or is there another way for me to achieve what i want?
  I've tried searching the discussion forum and ni website but couldn't find similar problems. Thanks for your help in advance.
  Solved!
  Go to Solution.

  Hi,
  I've managed to get what I needed by using a shift register + event structure as suggested by Adnan. However, I face another problem after implementing SR+event. I've attached two files, first the original program and second the updated program using SR + event. (it's only the jpg file as I've forgotten to save the labview program, will upload the program by tomorrow.
  In the original program, I have an elapsed time that is able to run continuously when I run the program. In the updated program, my elapsed time don't seem to run continuously when I run the program (as shown by elapsed time indicator). I need the elapsed time to run continuously as a input to calculate my motor profile.
  I suppose this is caused by the introduction of the event structure, will adding a case structure to wrap the event structure solve the problem or is there another way to get pass this. Appreciate if someone could drop me a pointer or two.
  Thanks
  Attachments:
  Mar 16 - continuous elapsed time.png ‏12 KB
  Mar 16 - elapsed time not continuous after introducing shift register + event structure.png ‏17 KB

• Assign Access Manager roles to end users?

  Hello,
  I am looking for information on how to assign an AM role to an end-user that is provisioned from IDM 7 to AM 7.1 using the AM resource adapter.
  We are modeling our IDM to AM provisioning based on this BigAdmin guide:
  http://www.sun.com/bigadmin/features/articles/id_access_integration.pdf
  However, in that document, it appears that the end user role is manually assigned to the user after provisioning to AM. We wish to do this role assignment in IDM, and have IDM push the assignment to AM (and by extension, the LDAP directory).
  Is this possible when using the AM resource adapter?
  Regards,
  Dillon

  Certainly.
  My role definitions look like this in the RoleAttributes section (you can configure this through the GUI in Roles > [rolename] > Set Attribute Values)
  <RoleAttribute name='RoleName:#ID#SunAccessManagerResource:roleMemberships'>
  <AttributeName>roleMemberships</AttributeName>
  <AttributeValueString>
  <List>
  <String>AMRoleName</String>
  </List>
  </AttributeValueString>
  <Requirement>Authoritative merge with value, clear existing</Requirement>
  <ResourceRef>
  <ObjectRef type='Resource' id='#ID#SunAccessManagerResource' name='SunAccessManagerRealm'/>
  </ResourceRef>
  </RoleAttribute>
  What this will do is set the nsRoleDN attribute (renamed as 'roleMemberships' by the adapter) in the assigned resource account for the user; the requirement field I've set to auth-merge-with-value, but you may want to play about with other settings.