Obtaining url patterns for a user Role/Group

I am looking for a way to find out how to obtain a the list of accessible urls (url
patterns) for a role/group defined in weblogic.
I have gotton as far as if checking if a user is in a group using: javax.ejb.SessionContext
isCallerInRole(java.lang.String roleName)
After checking if a user is in a role/group I want to access the url pattern authorised
for a particular role under weblogic.
Can this be done.

Similar Messages

Dynamic User,Role,Group rather than use jazn.xml

Hi everyone
For Jdev 11..
can anybody tell me how to make application wich can make user,group,role dynamically...
rather than use jazn.xml...
I thought if i use jazn.xml for register user and group its very static...
I cannot make it dinamycally....
I read OPSS and I cannot found the idea behind it...
thanks...

Hi,
You can achieve this by using a sql authentication provider. It gets the users and their roles & credentials from the db tables which you can configure in WLS. In JSF, you can create a creation form based on the table (which you configured for authentication), which can be used for the users to register.
Check out this doc for more information.
Regards,
Arun

What is the SYNTAX for the user and group filters??? Is the HTML Ampersand token Amper A m p semicolon required in the filter

There seems to be quite a bit of confusion over the actual syntax for the user and group filters on the Forms Based Authentication Ldap Role and membership providers.. MSFT isn't really clear and there is a universal confusion in the blogsphere.
I the filters should the prefix be the ACTUAL Ampersand or the HTML token for an AMPERSAND.. I realize the in many cases the blogger might have inadvertently specified the html token when the bare naked ampersand was intended.. The question
therefore is : can a filter be taken directly from and ADSIEdit query and used as a filter or must the filter be made HTML safe by swapping out the AMERSAND with the HTML Token for AMERSAND before putting it into the configuration
for the LDAPRole/membership provider...
All science is either physics or stamp collecting

Hi GUYO,
I am not quite sure how we implement this on sharepoint side, as I did research and sharepoint may not have this feature to do this.
most of the LDAP for sharepoint may need to follow these steps in this article:
http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
http://blogs.msdn.com/b/sridhara/archive/2010/01/07/setting-up-fba-claims-in-sharepoint-2010-with-active-directory-membership-provider.aspxhttp://blogs.msdn.com/b/kaevans/archive/2013/01/31/configuring-ldap-for-fba-in-sharepoint-2010-or-sharepoint-2013-with-powershell.aspx
here is an example :
http://blogs.msdn.com/b/sharepoint__cloud/archive/2011/12/20/achieving-fba-with-adlds-amp-sharepoint-2010.aspx
if should this questions was at the ADSIEdit part, perhaps you can help us by opening a new thread at the AD foum
https://social.technet.microsoft.com/Forums/en-US/home?category=windowsserver
Regards,
Aries
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Different url-patterns for same servlet running in 2 different environments

Hi All,
I have a question about url mappings in my web.xml file and I hope somebody can help. The situation is that I�m putting together a web app using a combination of JSPs and servlets. I can�t develop on the machine that it will be hosted on, so I�m working and testing on my own machine and will transfer to the host machine when finished. However, the host machine is set up to map serlvets to http://�/servlet/MyServlet but the copy of tomcat I have installed locally maps to http://�/MySerlvet. My question is, when I get ready to transfer my application do I have to go through all my code and find serlvet references and insert the �servlet/� path info required by the hosting service, or can I just change the url patterns for the servlet mappings of the web.xml file on the host machine ? In other words:
Local install of Tomcat where servlets are accessed at http://�/MyServlet
<servlet-mapping>
<servlet-name> MyServlet </servlet-name>
<url-pattern>/MyServlet </url-pattern>
</servlet-mapping>
Host machine install of Tomcat where servlets are accessed at http://�/servlet/MyServlet
<servlet-mapping>
<servlet-name> MyServlet </servlet-name>
<url-pattern>/servlet/MyServlet </url-pattern>
</servlet-mapping>
I guess my thinking is that it would be better/easier to have a remote and local version of the web.xml file that reflects the environment each one resides in and have only one codebase rather than 2 codebases and 1 web.xml file. Am I thinking about this in the right way, or have I misunderstood something?
Thanks,
Peter

What you�re suggesting is logical, but won�t that
effect all the other stuff I�ve got running on my
local Tomcat install that expects servlets to be
accessed at http://.../ServletName ?
in web.xml, you decide of your mapping, so you could use the /servlet/ServletName pattern for your application that needs to be remote, and /ServletName for the rest of your stuff. You can even define more than one mapping for a servlet...
In fact, you should probably put your whole application that is going to be on a remote server in it's own context, and to be ahead of dufymo :-) , learn to put it a war file for deployment.

OIA webservice for removing user role

Hi,
I need information regarding web services exposed in OIA for removing roles etc. We need it in our environment wherein we may not be having priviledge to make database query directly for removing user roles.
(the use case is as follows:
when user id disabled in OIM, assosciated database resource (DBAT, OIA database is used;rbx_users) is disabled ,and user's role is to be removed)
how this can be achieved via web-service call.
any pointers will be helpful
regards,
chhavi

Hi Pallavi,
i have the same problem, can you provide me more specific details?
-exactly oimjdbc.properties location please?
-which is what I have to modify?
Thanks in advance!

Support parameters for downloadable user-role in the Aruba controller

Q:
What are the supported parameter for downloadable user-role that can be pushed from the cppm to the controller?
A: The downloadable user-roles are pushed from the CPPM server to the Aruba controllers after successful authentication.
The below parameters are only supported to be pushed from the cppm to the controller and rest all are not supported.
Net service
Net destination
mac/eth/session ACL
user-role
The other parameters in the cppm are intended for MAS and not for controllers.
If we try to push the unsupported parameters from the cppm server to the controller then we will the following error logs in the controller.
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line 'qos-profile HIGH-Q', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Itraffic-class 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idrop-precedence low', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idscp 63', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idot1p 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1492: Dldb Role aruba-3106-9: Rejected line '^Ivlan 100', contains unsupported keyword 'vlan'

Q:
What are the supported parameter for downloadable user-role that can be pushed from the cppm to the controller?
A: The downloadable user-roles are pushed from the CPPM server to the Aruba controllers after successful authentication.
The below parameters are only supported to be pushed from the cppm to the controller and rest all are not supported.
Net service
Net destination
mac/eth/session ACL
user-role
The other parameters in the cppm are intended for MAS and not for controllers.
If we try to push the unsupported parameters from the cppm server to the controller then we will the following error logs in the controller.
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line 'qos-profile HIGH-Q', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Itraffic-class 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idrop-precedence low', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idscp 63', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idot1p 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1492: Dldb Role aruba-3106-9: Rejected line '^Ivlan 100', contains unsupported keyword 'vlan'

E-Recruiting - Recruiter URL works for one user and doesn't for another

Hi
I am new to e-Recruiting, so any help will be greatly appreciated.
We are in the process of configuring the SAP e-recruiting module on an existing HCM system. It is only a demo system.
We started off with the IDES, with SAP sample data.
We activated the BSPs via SICF.
We generated the BSP URLs via program rcf_generate_urls.
We picked two existing employees (PERNRS) in the system and linked test IDs (USERID1, USERID2) to them in infotype 105. Both USERID1 and USERID2 have BASIS/Superuser authorizations.
When USERID1 runs the recruiter startpage it displays the page correctly. Pernr of USERID1 has a Candidate(NA Object) linked to it's CP object.
When USERID2 runs the recruiter start page it gives an internal error. This Id's pernr does not have a candidate object.
Should there be a NA object for every CP object? Does any one have some business process guides that may help us understand the relationships between the objects?
Please advise.
Thank you
Amina

Hello Amina,
not everyone should have a candidate (NA) object, every one MUST have a candidate object. No matter which role someone plays within the e-recruiting system (recruiter, manager, admin, internal candidate, external candidate, talent manager, ...) he needs a candidate to work with the system.
Assuming you have an ERP2005 (= E-Recruiting 600) you can use report RCF_USER_CREATE to create users for test purposes. For the productive environment you have to set up HR -> E-recruiting integration and can run HRALXSYNC to create candidates for existing employees.
I am not sure how much business process documentation there is in sap help. I have to admit I prefere learning from the system. Perhaps a very rough overview:
e-rec brings the following objects:
NA - Candidate
NB - Requisition / Application Group
NC - Posting
ND - Application
NE - Candidacy
NF - Talent Group
furthermore e-recruting uses some additional objects from the hr base and other components (P Employee, CP Central Person, US User, BP Business Partner, O OrgUnit, S Position, QK qualification group, Q qualification, VA/VB/VC Questionaire and its elements)
NA - The candidate is the central representation of everyone in e-recruiting. A Candidate is always linked to a CP which is linked to a BP and a US. If the person is an employee the CP is linked to the P object, too. (Hint: for integrated systems the user for an employee is not linked in HRP1001 but retrieved from IT0105 directly, e-recruiting uses a standard function of HR here, the hr function modules for reading object releations virtualize this assingment as hrp1001 relation).
NB - The NB object has currently 3 slightly different tasks. As requisition it is the internal view for an internal/external hiring request, it defines what you are looking for e.g. "ABAP programer, 40 hours/week, place of work London, ..". As application group it allows to accept applications for "areas" where you have currently no exact position to hire but regularely look for canditates. Application groups channalize unsolicited applications e.g. Interns, Engineers. Third usage is the requisition for succession planning - not really important.
NC - Posting is supposed to be the outside view. It contains the texts for the requisition published in the different channels. as you might to use a different text for the different media a requisition can have several postings. A posting has one or more posting instances / publications. They are not an hr object type, they define the channel with publication duration and language where you publish your posting.
ND - The application can be compared with the hardcover application. If a candidate applies he creates an application. The application is linked to the candidate of course and as the candidate applies through a certain channel the application is linked to the posting.
NE - The candidacy is the assignment to a requisition. You could say it is the task / intention to check a candidate for the requisition so it is linked to the requisition and the candidate. As the candidate applies for the job described by the requisition (application group are treated the same here) an application is always linked to at least one candidacy. If a recruiter decides based on the candidates profile that he is interesting for another open positions he can add more candidacies to the application to check the candidate for these requisitions. There is also the posibilit that you create a candidacy w/o application. Every external who applied and every employee is in the system even if he has no active application. External candidates can even register to the system w/o applying. You can check this pool for suitable candidate an assign them to a requisition. This is a candidacy w/ an application. You can later request a candidate to apply to this requisition but it is theoretical possible to process the complete hiring just with a candidacy.
NF The Talent group is used to structure the huge amount of candidates in the pool. E.g. you can form a talent group "High Potentials - Design Engineers". You can use these groups to easier find suitable known candidates if a matching requisition is opened. But they are also needed for pool development. For short applicant groups you can track them and try to stick with your company till you get the right opening for them.
The other object are linked to this core. Qualifications are linked to requisitions as requirement and linked to candidates of course. OrgUnits and Positions can be linked to requisitions to link to OM. Questionaires are assigned to candidates at all for general appraisal or to candidacies to appraise the suitability for the requisition or to track interview, assessment results.
There ore other "objects" in e-recruiting which are not represented by an OTYPE. One example is mentioned above the publication. Others are recruiting team and recruiting plan. If you need information to one of these just post another reply.
Hope that gives some basic overview about the objects.
Best Regards
Roman Weise

Request Offerings not showing up for custom User role in SMPortal

Hello All,
I've created a custom End User role and scoped it to the domain users group.
To this role I want to show a specific set of Request Offerings on the portal
For that Purpose I created a new Service Offering and added these Request Offerings to it.
I then went on to create a Catalog Group and added the Service Offering to it.
I then created the custom user role based on the EndUser role and allowed them to see all Forms, all Queues, All CI's and on the Catalog group I select that they could only see the Catalog Group which I just created.
I then logged in into the SMPortal and was expecting that my Service Offering would be shown to them.
However, they don't see the service offering.
What could cause this?
Is there something I'm missing?
Thanks in advance!
Filip

You have to add the Service Offerings and the Request Offerings in the Catalog Group. Nesting doesn't work because Service Offerings and Request Offerings are different types of objects.
This offers the option the manage the access to Service Offerings and Request Offerings very granular if needed. For instance you can control access to a Service Offering in one Catalog Group related to one user role (A) and use two additional Catalog Groups
with different Request Offerings related to other user roles (B) and (C). Result will lead to:
User in Role A and B -> Can see Service Offerings A containing Request Offerings B
User in Role A and C -> Can see Service Offerings A containing Request Offerings C
User in Role A, B and C -> Can see Service Offerings A containing Request Offerings B and C
User in Role A only -> Don's see anything because of the missing permission on any Request Offering. So the "empty" Service Request won't show up in the portal.
Hope his helps.
Andreas Baumgarten | H&D International Group

url-pattern for extension mapping in security-constraint not working

I'm trying to use extension mapping in a <security-constraint> configuration,
According to:
http://download.oracle.com/otn-pub/jcp/servlet-3_1-fr-eval-spec/servlet-3_1-final.pdf?AuthParam=1429824454_de04222eab1b8…
Section 12.2:
A string beginning with a ‘*.’ prefix is used as an extension mapping.
But WebLogic does not take in consideration my configuration. If I use path mapping exact mapping it work.
My configuration is:
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Unsecured</web-resource-name>
        <url-pattern>*.wsdl</url-pattern>
        <url-pattern>*.xsd</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>HttpAuth</web-resource-name>
        <url-pattern>/ws/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ws-user</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>INTEGRAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Test1</realm-name>
</login-config>
<security-role>
    <role-name>ws-user</role-name>
</security-role>
WebLogic Server 12c (12.1.3)
Has anybody used extension mapping with security-constraint? Is that a WebLogic issue?

Hi nikita,
I have delt with the same problem before. As you say, most JSF actions all get posted back to the original page, and the faces servlet internally redirects according to the navigation rules and actions. This can mean the URL seen by the browser does not always correspond to the actual JSP (wrapped by JSF) that produced the content.
Generally adding the "<redirect/>" tag to all your navigation rules (in faces-config.xml) remedies this, so the actions are still posted back to the original page, but then the JSF servlet sends an http-redirect to the browser before invoking the new page. This way, the URL is always in sync, and the security constraints defined in your web descriptor always get invoked properly.
regards,
tony

Weblogic API for modifying users/roles

I need to write an application which will enable adding users to weblogic
domain and configuring roles.
Does Weblogic provide such API?
If so, what are the relevant packages?
P.S.
I wasn't sure which exact newsgroup my question belongs to.
If anyone has a better suggestions please provide it.

I searched the newsgroup and found that somebody addressed this issue.
"Andrey" <[email protected]> wrote in message
news:[email protected]...
>
WebLogic 7.0
I have read a number of questions on how to do these but not many answers,so
after figuring it all out, I thought I would post a message describing allthese
tasts (It would be great if BEA would start something like 'HOW-TOs forLinux'
for WebLogic)
-1. Imports required :
import weblogic.jndi.Environment;
import weblogic.management.MBeanHome;
import weblogic.management.WebLogicObjectName;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.security.RealmMBean;
importweblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.GroupEditorMBean;
import weblogic.management.security.authentication.UserEditorMBean;
importweblogic.management.security.authentication.UserPasswordEditorMBean;
import weblogic.security.providers.authentication.*;
0. Code to retrieve DefaultAuthenticatorMBean (this code is running insideWebLogic
server - I have it inside EJB):
DefaultAuthenticatorMBean authBean;
Context ctx = new InitialContext();
MBeanHome mbeanHome = (MBeanHome)ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
>
//Find UserEditorMBean
DomainMBean dmb = mbeanHome.getActiveDomain();
SecurityConfigurationMBean scmb =dmb.getSecurityConfiguration();
RealmMBean rmb = scmb.findDefaultRealm();
AuthenticationProviderMBean[] providers =rmb.getAuthenticationProviders();
>
for (int i = 0; i < providers.length; i++) {
if (providers[i] instanceof DefaultAuthenticatorMBean) {
authBean = (DefaultAuthenticatorMBean) providers;
break;
1. Create/Drop/Update users
to perform these tasks, the user must be logged in into weblogic and be in
Administrators
group. Then, the code is as follows:
create user: authBean.createUser(username, password, description);
remove user: authBean.removeUser(username);
change user's description: authBean.setUserDescription(username,newDescription);
>
remove user from group: authBean.removeMemberFromGroup(groupname,username);
>
add user to group: authBean.addMemberToGroup(groupname,username);
>
2. Change other users' passwords (MUST BE ADMIN TO DO THIS - by Admin Imean be
a member of Administrators group)
authBean.resetUserPassword(username, newPassword);
3. Change your own password:
this is a bit trickier, because if you are not an admin, you can't changeyour
own password!!!! This is a part that I personally don't understand - seemslike
a screw up on BEA's part. So, to allow users to change their ownpasswords, you
must change security context in the middle of processing to that of Adminuser
and run this function as Admin user. Although a bit ackward, it's veryeasy to
do. Suppose you have two EJBs - EJB A and EJB B. EJB A does normalprocessing
for the user and always runs in logged in user's security context. Now,suppose
you want to add a method to EJB A to change current password. The methodmay
look like:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
Now, there is no way to do it in EJB A, because for most users, it willrun in
a 'non-admin' security context. So, to get around it, you create another
EJB - EJB B. This EJB has one method:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
and one major difference - this EJB always runs in a secrity context ofadmin
user. To get an EJB B running 'as admin user', all you have to do in EJBA is
the following
EJB A:
public void changePassword(String logon, String oldpwd, String newpwd)
Hashtable props = new Hashtable();
props.put(Context.SECURITY_PRINCIPAL, "wlmanager");
props.put(Context.SECURITY_CREDENTIALS, "password");
// get context that with different credentials
Context ctx = new InitialContext(props);
EJBBHome home = (EJBBHome) ctx.lookup("EJBBHome");
EJBBLocal adminEJB = home.create();
adminEJB.changePassword(logon, oldpwd, newpwd);
adminEJB.remove();
of course, this poses a problem of hardcoding user id and password foradmin user
in your application - you can come up with your own ways to secure that.
THAT's IT!!! You can use the method explained in part 3 to allownon-admin users
to do pretty much everything, however for the sake of security, I woulddefinetly
vote against it and use part 3 to ONLY allow users change their ownpasswords
>
Enjoy
Andrey
"Yonatan Taub" <[email protected]> wrote in message
news:[email protected]...
I need to write an application which will enable adding users to weblogic
domain and configuring roles.
Does Weblogic provide such API?
If so, what are the relevant packages?
P.S.
I wasn't sure which exact newsgroup my question belongs to.
If anyone has a better suggestions please provide it.

Enabling calendaring for a user or group not working

Am having an issue getting ical server/sharing and webcalandars working. Think it is all related.
First a description of my server environs. One xserve acting as OD master, fileserver, vpn, DNS and DHCP server as well. Second xserve acting as DNS, mail, web and ical server. Second server is OD replica.
DNS is working. All OD functions including kerberos are working. Mail and webmail are working as well.
The hostname in iCal Server Admin settings is the FQDN of my second xserve. icalxserve.domain.com. I can start iCal. Then I get this error in the logs:
twistedcaldav.directory.appleopendirectory.OpenDirectoryInitError: Open Directory has no /Computers records with a virtual hostname: icalxserve.domain.com
Remember this server is a OD replica. It is listed in the Computers pane under Workgroup Manager and its name is server.domain.com$. All the computers have $ at the end so I assume this is normal. All services are set for access from all users in Server Admin -> server -> Access. In Server Admin Web -> Sites -> (default site highlighted) Web Services webmail, wiki and blog and web calendaring are all checked as well. I have also tried to enable wiki and blog and web calendar for groups in Workgroup Manager. The only choices in the pop up are none and wiki host for domain.com. Strange.
I cannot enable calendaring for any user. I check the Enable calendaring box under Advanced in the Accounts pane in Workgroup Manager and no server is listed in the pop up menu. It only reads No calendar host selected without any other choices. It should show me icalxserve.domain.com.
When I goto http://icalxserve.domain.com site I get the default homepage and webmail works. If I click on the Groups button I see the 2 groups I have enabled services for. But when I click on the groupname I get the following error page:
Not Found
404: No group with that name (thomas) hosted on this server
Not sure what to do next. OD doesn't seem to be working like I would expect. Any advice would be greatly appreciated.
Thanks in advance.
Please note I am posting this late on Sunday night and have jury duty tomorrow. I will obviously try to check back as soon as I can but maybe not until Monday night. Thanks again.

Hi
+"I don't see this option. Am I doing doing something wrong?"+
Your Rider seems to indicate 10.6? If you're not seeing this option in WorkGroup Manager I'm guessing you're using 10.6 Server? In which case you've posted in the wrong forum with a question that's not applicable anymore. Apple removed those options in 10.6. Another possibility is you're trying to manage a 10.5 Server using 10.6 Server Admin Tools and it's giving unpredictable results? The Server Administration Applications cab behave oddly if you're trying use a newer version on an older server. You should use the version of the Tools that came with the Server.
The 10.6 iCal Server Admin Manual is here:
http://manuals.info.apple.com/enUS/iCalServerv10.6.pdf
Tony

BI : Portal User roles & groups

Hi Experts,
I have below doubt.
when we login into the SAP - NetWeaver portal , in the portal management screen. under the tab user administartion, when we enter the user say maxis , we actually see the various tabs which describes the respective details reg the user. There are are two tabs under the detail section of it ; Assigned Roles and Assigned Groups.
say for user Maxis , under the assigned roles , want to know that there is below assigned role :
pcd:portal_content/com.sap.zttcbi/com.sap.zroles/com.sap.zsalesreports
and under the assigned groups , there is below assigned group :
SAP_BW_SBO_SM
Want to know how and where to create this assigned roles and groups.
Kindly advise ,
Thanks & regards,
M.S

Hi,
The groups are created as mentioned above, it is basically to group the users from a department or to group them with respect to permissions etc.
Refer to the help document to learn more on the same.
http://help.sap.com/saphelp_nw04/helpdata/en/70/9be23d44d48e5be10000000a114084/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/90/6a2d8f54efdc46a865e1b05599bafa/content.htm
Good Luck!
Sandeep Tudumu

Looking for a tutorial/design-pattern for Manage User and Permissions.

Hello,
I wonder if anyone knows a good tutorial/blog with reference to security - howto Manage Users and Permissions.
In my application I have GROUPS and each group has access to different RECORDS and CASES.
Example:
Groups: Alfa, Beta, Gamma
Record: R1, R2, R3...
Case: C100, C200, C300
Group Alfa can view: R1, R2 and C300
Group Beta can view: R1, R3, C200, C100, C300,
Group Gamma can view: R3
My question is this: what should be the best way (design-pattern?) to force a policy to securing the Records/Cases?
What should every case/record implemented to verify that a user (part of a group) has the right to access the entity.
Thank You!

Sorry if this one is too basic for you but as I do not know your level of experience try:
http://www.adobe.com/devnet/dreamweaver/articles/first_dynamic_site_pt3_print.html
HTH
There are also many other tutorials on:
http://www.adobe.com/devnet/dreamweaver/application_development.html

'Design Patterns' for Application User Interfaces

I'm currently trying to unstick an architectural mess centred around a relatively simple user interface. The problem is thus:
The application has a number of toolbar buttons and menus, some of which require a specific frame or class of frame to be enabled. Some conditions are quite simple, others more complicated.
(Without going into any more detail, it should be possible to appreciate that this is a fairly common problem.)
For this application, I've created a large listener that accepts events from all over the program, converting them into state changes for UI controls. It feels messy, and (although it isn't finished) I suspect it'll be rather fragile.
JBuilder 4 does it by constant querying of application state - but this results in excessive CPU usage and apparant lag.
TogetherJ does it for menus by checking state immediately before showing the menu. This seemed like a good plan, but it's unsuitable for the Action/Button/MenuItem lashup I like to use.
My question is this:
In your opinion, how should an application be structured to reliably maintain the correct UI state at all times?

Check out the mediator pattern. It is pretty close to what you are describing, maybe the details you dig up on it will give you some new ideas?

How-to: Disable syncing of document library for individual users or groups

Currently, as far as I know, disabling syncing for a document library is all or nothing - everyone with access can sync, or nobody can sync.
Ideally, there would be an independent list permission, "disable syncing," which appears when assigning permissions to a permission level. (Syncing is allowed by default if access to document library is granted, opposed to an alternative
approach of having "enable syncing" which would set the default the other way).
Given that this level of granularity is not provided out of the box (yet?),
is there any way (SPD?) to disable syncing for individuals? (Or to disable syncing for the entire library, then enable syncing to individual users? Depends on who there is more of, 'syncers' or 'nonsyncers'.)
* I know that syncing can be disabled across the board. This is not an option.
(2) "Open with Explorer" seems to be tied in with syncing, disabling syncing disables "Open with Explorer". Is there a way to keep "Open with Explorer" functionality while disabling syncing?

Hi,
According to your post, my understanding is that you want to disable sync option in library.
To disable sync option, and keen the open with explore option, we can use the JavaScript to achieve it.
I have made a code demo below to disable sync option for a particular user, it works like a charm, you can modify it to fit your scenario.
<script src="../jquery-1.11.0.min.js" type="text/javascript"></script>
<script src="../jquery.SPServices-2014.01.min.js" type="text/javascript"></script>
<script type="text/javascript">
var userid= _spPageContextInfo.userId;
var requestUri = _spPageContextInfo.webAbsoluteUrl + "/_api/web/getuserbyid(" + userid + ")";
var requestHeaders = { "accept" : "application/json;odata=verbose" };
$.ajax({
url : requestUri,
contentType : "application/json;odata=verbose",
headers : requestHeaders,
success : onSuccess,
error : onError
function onSuccess(data, request){
var loginName = data.d.Title;
//alert(loginName);
if(loginName=="Administrator"){
$("a[id='ctl00_SyncPromotedAction']").hide();
function onError(error) {
alert("error");
</script>
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support

Obtaining url patterns for a user Role/Group

Similar Messages

Maybe you are looking for