Portal Groups Assignement
Hi all,
by a customer, it were created some groups in BI portal and users, created in SAP BW, were assigned to this groups.
Each group gives right to some queries.
I need to create a BEX report with the information of what query a single user can execute.
Is there some file, table or something like this that I can use to create a datasource in BW system?
Thank You
USe tables below to create a custom view and then build your generic extractor based on that.
AGR_USERS -> Assignment of roles to users
MANDT SYMANDT CLNT 3 0 Client ID of Current User
AGR_NAME AGR_NAME CHAR 30 0 Role Name
UNAME XUBNAME CHAR 12 0 User Name in User Master Record
FROM_DAT AGR_FDATE DATS 8 0 Date of validity
TO_DAT AGR_TDATE DATS 8 0 Date of validity
EXCLUDE AGR_EXCL CHAR 1 0 Exclusive
CHANGE_DAT MENU_DATE DATS 8 0 Date of menu generation
CHANGE_TIM MENU_TIME TIMS 6 0 Time when the menu was generated last
CHANGE_TST RSTIMESTMP DEC 15 0 UTC Time Stamp in Short Form (YYYYMMDDhhmmss)
ORG_FLAG AGR_ORG CHAR 1 0 Flag: Assignment Comes From HR Organization Management
COL_FLAG AGR_COL CHAR 1 0 Flag: Assignment from composite role
POWL_QUERY_ROL -> Query - Role assignment
MANDT MANDT Client
APPLID POWL_APPLID_TY Application ID
ROLE AGR_NAME Role Name
QUERY POWL_QUERY_TY Query ID
ACTIVE POWL_ACTIVATION_TY Activation
CATEGORY POWL_CATEGORY_TY Category
CAT_SEQUENCE POWL_CAT_SEQ_TY sequence number for POWL query category
CAT_QUERY_SEQ POWL_QUERY_SEQ_TY sequence number for a query
TABS_QUERY_SEQ POWL_TAB_SEQ_TY sequence number for a query tabstrip
Similar Messages
-
Accessing Portal Groups using WDA application.
I need to access the portal groups assigned to a user via the WDA application.
I tried using the interface "if_wd_portal_integration" but couldnt find any useful methods.
Can anyone please help.It sounds like you need to implement SSO across your landscape. Once you do that, you should be fine, assuming that the id you signed into the portal exists in the backend application.
See these pages for more information:
http://help.sap.com/saphelp_nw70/helpdata/en/4e/f5e9422edf7276e10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw70/helpdata/en/4d/dd9b9ce80311d5995500508b6b8b11/frameset.htm -
Assigning Portal Group to CAF Process
Hello Experts,
I want to assign portal group to caf process.
I am starting the process programmatically (Using Java Web Dynpro).
And also I dont want to assign user by user of the group to the process.
let me know if it is possible, and If Yes ( ) How ??
Regards,
Yogesh...Hi Yogesh,
Yes, you can assign portal group to your process action.
If you test your process from GP directly, Wile assigning users to the actions. you will see an option to assign a group and a role too(by selecting that dropdown).
So if you directly pass the group name in your code while calling GP. It will assign all the users in that group for that selected action.
Hope this resolves your query.
Thanks,
Tejaswini -
Regarding : How to add a user to portal group with the help of webdynpro .
Hii ,
I am working on an application in which with the help of an action( Button) we r adding a user in Ztable in R/3 , as well as group in portal.
The user r successfully creating in Ztable but from portal side No user is assigned to Portal group.
I need coding solution for " How to add a user to portal group with help of webdynpro"
Any usefull link will also do.
Pls anyone have any solution ??
Thnks in advance.
Rewards r waiting for u .Hi,
Use UME api to add user to portal group.
Using UME API:
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
Regards,
Naga -
Hi Portal Knowledgeable ones.
I get an exception when I attempt to delete a portal group.
<b>My first question is where do I look to find more information about the exception that was returned (eg; a log file)? I can't click on it to see more details.</b>
My guess is that I am getting this exception because of some existing "reference" to this group inside the portal. No users are assigned to it. No roles or other groups are contained in it. However, I'm not sure if there is a folder permission tied to that group.
<b>Is there some way to see where "customized folder permissions" exist?</b> Otherwise, I'm stuck with looking at the permissions of every Portal object individually.
Thanks
KevinHi Kevin,
<b>Ques 1)</b> My first question is where do I look to find more information about the exception that was returned (eg; a log file)? I can't click on it to see more details.
<b>Ans:</b> Yes you can view the log file through log viewer.
Please find the Visual Administrator in you installation directory. Visit:
<b>usr\sap\P66\JC00\j2ee\admin\go.bat.</b>
run this batch file and in the services see the log viewer. There you can view log information.
or if you want to view the trace file directly then visit the path:
<b>usr\sap\P66\JC00\j2ee\cluster\server0\log</b>
there you will see the .trc file. Open the file and see the logs.
<b>Ques 2)</b> Is there some way to see where "customized folder permissions" exist?
<b>Ans:</b> For this you can write a code to check the permission of the portal object. There are various API's provided by SAP to check the properties and permissions of the Portal objects.
I hope this will help you.
Regards
Praevsh
PS: Please consider rewarding points if helpful. -
Access Portal groups in webdynpro ABAP component
Hi Experts,
I have a requirement to access portal group in web dynpro ABAP application and based on whether user is assigned to particular group or not further processing for application will be done.
Are there any UME API or some other API's available to access portal groups in Webdynpro ABAP component?
Thanks in Advance..!!
Regards,
Shruti ShahThis might be a question better suited to the portal forum. The WDA Portal APIs do not have such functionality. You might be able to take the Java Portal APIs and wrap them in a web service so that they are callable from ABAP.
-
Hello,
We are on NWDS 2004S(EP 7.0).
Our Portal users from both LDAP and UME Database.
Now, we have a requirement like... based on certain selection criteria, we need to assign a particular GROUP selected automatically.
Is this requirement feasible ?
Regards
<i><b>Raja Sekhar</b></i>Hi Dareen and Marcos,
Thanks a lot for the pointers.
Well, I got few more doubts before closing this thread.
1) Can I call an Adaptive RFC and access some employee information so that based on that ? Like see my requirement is, based on the Employee Sub Group of the employee attached I should assign the respective Portal groups. So my idea is, to create an JAAS Login Module which get the user attached using UME API and then call the needed BAPI that will get me the ESG of the employee attached to this person in ECC ? And then based on the ESG, I want to assign the respective group to the user?
2) Will this JAAS Login module gets accessed for every login ?
3) This is quiet different from JAAS login modules. Can we develop a custom Java WD which has some selection screen(with USER ID and GROUP name). On executing the application based on the selection criteria, it should list all the employees in that criteria and on click of BATCH ASSIGN button, I need to assign the selected group to these people. And I should deploy this application in PORTAL. Is this requirement really feasible? Am aboslutely new to these UME API's.
Regards
<i><b>Raja Sekhar</b></i> -
I need to avoid a large set of devices to get access to Internet through the Wireless Guest Service. I had made some test and know I can block a MAC address through the Policy Authorization (If Blacklist then DenyAccess).
In order to blacklist a large set I would like to import the MAC list and include in the CSV the Identity Group Assignment. It appears it is not possible ... I can have an easy way to change the Identity Group Assignment instead of one by one?
Regards.
Daniel Escalante.Additional Information and Question:
Currently my Authorization Policy has this:
The result is that any user trying to acesss the Guest Service can see the Guest Portal, introduce Credentials and if they are valid, the AUP is displayed, after that if the device is in the Blacklist, service is denied and the Guest Portal is displayed again, but any message about the situation is indicated to the user. I wonder if I can generate a message and even avoid the AUP if the device is in the blacklist.
Any comment will be greatly appreciated.
Regards.
Daniel Escalante -
Can portal role assignment be transported to another portal?
Hi, Gurus:
i need to transport portent, role, uses, etc from one portal (EP6 on NW04 )to another (EP7 on NW04s).
can you tell me that if portal role assignment can also be transported?
same question to ume role.
very confused at this area.
hope i can get your advice
Thank you
Br,
NikkoStrictly speaking the user/group/role assignment is not part of the normal transport process in that it will not make those mappings when you transport the content to the next system in your architecture.
However - you can export users / groups which includes the mappings details. This can be used in your downstream systems.
Subsequent transports of objects do not "break" existing mappings.
Haydn -
Hi
We are preparing to import a Portal into our UAT environment for testing. As part of the creation of the Portal we have created a number of Portal Groups which we intend migrating. As part of this we will also like to create a ldif file to assign the various users to the relevant Portal Groups.
Therefore I have 2 questions
1) Is is possible to export the Portal as well as the Portal Groups ?
2) Is there a way to assign users to Portal Groups using, for example, LDIF. We will have 10,000 users to assign so need to find a way of doing this automatically.
Any help will be much appreciated?
Kevin#!/bin/sh
# This script is used to export users/groups and portal groups from a
# source OID to a target OID. The import into the target OID is done by
# the import_oid.sh script.
# The script:
# 1) unsets NLS_LANG, sets ORACLE_HOME
# 2) ldapsearch (output to ldif file) all users
# 3) ldapsearch (output to ldif file) all portal groups
# 4) Remove 'authPassword' fields from the ldif for users
# 5) Change the Portal ID in the portal groups ldif file
echo "************************ BEGIN ************************************"
echo - This script will export users and groups from OID to ldif files.
echo - This script will modify the portal ID, remove authPassword fields.
echo Use import_oid.sh to import users and groups to target OID.
echo "************************ BEGIN ************************************"
#variables
oh=/oracle/10.2/infra10
source_hostname=""
port=""
target_dir="/oracle/10.2/oid_mig/"
log_file_users=export_users.log
log_file_groups=export_groups.log
old_portal_id=""
new_portal_id=""
orcladmin=""
orcl_pwd=""
group=""
echo "Please provide the source LDAP hostname: "
read source_hostname
if [ "$source_hostname" = "MyOIDServer" ]
then
port=389
orcl_pwd="OrclAdminPassword"
base_dn="dc=MyCompany,dc=com"
fi
echo "Please provide the group you want to export (*=all groups, group1*, group2*,...)"
read group
#echo "Please provide the LDAP port: "
#read port
#echo "Please provide the orcladmin password: "
#read orcl_pwd
# You can find the portal ID through OID Admin console. Go to
# cn=groups,dc=oracle,dc=com you will find the ID there.
echo "Please provide the old Portal ID: "
read old_portal_id
echo "Please provide the new Portal ID: "
read new_portal_id
ORACLE_HOME=/oracle/10.2/infra10
export ORACLE_HOME
cd $ORACLE_HOME/bin
echo ORACLE_HOME = $ORACLE_HOME
PATH=$ORACLE_HOME/bin:$PATH
export PATH
#NLS_LANG=american_america.UTF8
#export NLS_LANG
unset NLS_LANG
#exporting users
echo ----- exporting users "cn=users,dc=MyCompany,dc=com" -------
./ldapsearch -h $source_hostname -p $port -D "cn=orcladmin" -w $orcl_pwd -L -s one -b "cn=users,"$base_dn "(objectclass=orcluserv2)" "*" > /oracle/10.2/oid_mig/users.ldif
#exporting groups
echo ----- exporting groups "cn=groups,dc=MyCompany,dc=com" -------
./ldapsearch -h $source_hostname -p $port -D "cn=orcladmin" -w $orcl_pwd -L -s one -b "cn=groups,"$base_dn "(objectclass=*)" "*" > /oracle/10.2/oid_mig/groups.ldif
#exporting groups portal
echo ----- exporting portal groups "cn=portal."$old_portal_id",cn=groups,dc=MyCompany,dc=com" -------
./ldapsearch -h $source_hostname -p $port -X -D "cn=orcladmin" -w $orcl_pwd -s sub -b "cn=portal."$old_portal_id",cn=groups,"$base_dn "cn="$group > /oracle/10.2/oid_mig/groups_portal.xml
#removing authpassword fields from users
echo ----- removing authpassword fields from users -----
cat /oracle/10.2/oid_mig/users.ldif | grep -v authpassword > /oracle/10.2/oid_mig/auth_removed_users.ldif
# changing the PORTAL ID from $old_portal_id TO $new_portal_id
echo ----- changing the portal ID -----
cat /oracle/10.2/oid_mig/groups_portal.xml | sed -e "s/$old_portal_id/$new_portal_id/" > /oracle/10.2/oid_mig/groups_mod.xml
echo "***************************************** END *********************************************"
echo Users have been exported to /oracle/10.2/oid_mig/users.ldif
echo Groups have been exported to /oracle/10.2/oid_mig/groups.ldif
echo Portal Groups have been exported to /oracle/10.2/oid_mig/groups_portal.ldif
echo Users have authPassword removed in /oracle/10.2/oid_mig/auth_removed_users.ldif
echo Portal groups have their ID changed by this script and new groups are in /oracle/10.2/oid_mig/groups_mod.ldif
echo "***************************************** END *********************************************" -
No Portal Roles assigned issue
Hi Experts ,
We had recently integrated CRM with portal , but some users inspite of having the portal roles assigned to their id were getting an Access Denied page (we had customized the "no portal roles assigned " error page ) . Knowing the dependency of portal on IE and browser settings , this issue is sometimes resolved by clearing cache , cookies , and changing a few browser settings etc on IE 6.0 . If this doesn't work then upgrading to IE 7.0 definetly helps . Since this is just a workaround , I would like to know if anyone has experienced such a thing before and has a solution for this . Your inputs will be highly appreciated .
Regards
MayankHi Mayank,
This is an error which happens when there is No roles assigned to the user. I am not sure how your systems are designed for User Management. Say for example in some cases LDAP is used to maintain Group to User Relationships and Portal Roles are connected to Groups therfore all users in the group is assigned to the Role. In some cases UME is used.
Having said that you can disable the cache for the browser. You have to compromise with the performance however, this will ensure that everytime the user logs in, the request will always go to the server.
Regards
Avik -
How can I disable portal logon by portal group
Hi,
I know it is possible to disable logon to the portal by individual users. However I would like to disable the logon for an entire portal group. This would allow members of other portal groups to continue using the portal.
Simply removing the role from the group/user(s) is not an option.
Has anyone successfully done something like that?
Lets see if we can award some pointsHi Darren,
thanks for the quick reply. I guess I should qualify my requirement a bit more on what I want to achieve.
There are a number of applications in use and accessible through the portal, amongst them also ESS / MSS. We have assigned the portal roles to the portal groups. The users are assigned to the groups in the Corporate LDAP which is used by the portal to authenticate the users. I can't remove the users from the group(s) because the user/group assignment is done in the Corporate LDAP through an IDM system which prevents me from making changes to the user/group assignments through the portal.
So as an example this is what we want to achieve:
1. Disable the logon for users that are in the ESS group and let them know something like "ESS is currently in maintenance - come back later". Meanwhile, users belonging to the MSS group can still continue to log on.
2. After the maintenance was done, the logon for the ESS group is enabled again and the users that are in the ESS group can log on again.
I am not quite familiar with JAAS, but how would it help me with this example? I don't want to remove the user(s) from the group but simply prevent a specific group of users to logon for a chosen period of time or as an alternative disable on the fly the ability to perform certain actions (role based) within the portal short of re-assigning roles to groups?
Thanks muchly. -
I have an issue with oracle portal groups and privileges. We currently have approximately 150 groups with
hundreds of users assigned to each group. We have delegated a user in each group as a local administrator.
This user has been put into an in admin group that has create user, edit user and delete user privleges.
The problem I have is that any local administrator can create, edit or delete users in any group which
is not what I want. I'd like to know if groups/users in oracle portal/Oracle Internet Directory can be
restricted so they can only create, edit or delete users in their defualt groups only (assigned groups).
I have tried and cannot seem to find a way. Any advice would be greatly appreciated.
ThanksUser management is delegated to the Oracle Internet Directory server through the oiddas application. You may want to ask your question in one of the OiD/SSO forums.
The Oracle White Paper [The Implementation of a Departmental Level User Provisioning Model in Oracle Portal 10g|http://www.oracle.com/technology/products/ias/portal/pdf/admin_security_deptmental_level_delegated_admin.pdf] might help as well.
Thanks,
EJ -
Hi.
I'm trying to access portal groups using oid and i get
oracle.portal.provider.v2.ProviderException: Could not get the OidInfo obj
My <provider>.properties file has:
oidManager=true
aoidAdminClass=<my packages>.OidInfoImpl
and OidInfoImpl is the class i implemented that extends OidInfo and has the necessary values to connect to the LDAP
My jsp has the following code line:
<%= oid.getUserProperty("NM09286","banvenez","givenname") %>
where NM.. is an appropiate name of an user in the LDAP, banvenez is the susbcription name and
givenname is just any property.
I have been sooooome time trying to figure out how to resolve this, but i can't, i even has tried with different versions of the pdk (9.0.2.3.0 & 9.0.2.6) but the result is the same.
Besides, the doc said that i should put <group></group> in the provider definition file (the .xml, right?) but if i do, it give an error :'(
so, please anyone help me.
Luis.-Hi Vijay,
I have the same situation as you. My UME is LDAP and I also use Portal Group. Since your UME datasource is in LDAP, that means that the Security Groups in your LDAP will also be "replicated" (like your users), from LDAP to the Portal. Users in LDAP are "replicated" as users in Portal. Security Groups in LDAP are "replicated" as Group in Portal.
To make it simple explanation, I do my user management in LDAP and also assignment of user to Security Groups (assignments are also "replicated" into the Portal) in LDAP. What needs to be done after the "replication" is to link Portal roles into the Group accordingly. This way, user management are done in LDAP and in the Portal admin, you work on only linking the relationship between Portal Groups to Portal Roles.
There is also a hidden advantage with LDAP as UME datasource, that you can do mass user assignement/deletion/updates that the Portal has limited possibilities (thats the answer of your question actually ) ).
Make sure that your naming convention use in LDAP for teh Security Groups are linking to that in the Portal, this way, it will help you manage them in a more easy way (Role to Group relationship, so that you can identify which Group is link to which Portal Role).
Also one important poiint for the above setup is that after all the setup is done and you have it working, ask your LDAP Admin NOT TO MOVE/EDIT any of those Security Groups without your permission. Any changes done will break the relationship link that you have created between the Group and the Portal role (heads up advise for you ) ).
Hope that helps and award points for helpful suggestions. Nic Weekend !!
Ray
Edited by: Raymond HENG on Oct 10, 2008 8:38 AM -
How do I create portal groups dynamically?
Has anyone written code to use the
WWSEC_APP_GROUP_MGR.CREATE_GROUP procedure to create portal
groups programmatically? I understand alot of what I'm supposed
to pass, but some of these parameters are pretty obscure and
obfuscated.
I'm not sure this can be called like a normal (non-htp) stored
procedure at all. I now understand nearly all of the
parameters. Looking at the page source behind the Create Groups
page, I see that many of these parameters are involved in the
page generation itself, for example p_back_url being a variable
that is probably attached to the action of "Previous" buttons
that appear as you go through the process of creating a group.
Here is my call:
wwsec_app_group_mgr.create_group(p_groupname => 'X',
p_description => 'TEST GROUP',
p_db_role => 'DBA',
p_hide_group => 'N',
p_styleid => 6,
p_group_id => y,
p_siteid => 0,
p_site_id => 1);
where "y" is the nextval of the group sequence.
Inserting SQLERRM into a table, I end up with this:
ORA-06502: PL/SQL: numeric or value error
ORA-06512: at "SYS.OWA_UTIL", line 323
ORA-06512: at "SYS.HTP", line 860
ORA-06512: at "SYS.HTP", line 975
ORA-06512: at "SYS.HTP", line 993
ORA-06512: at "PORTAL30.WWUTL_HTP", line 25
ORA-06512: at "PORTAL30.WWERR_API_ERROR_UI", line 182
ORA-06512: at "PORTAL30.WWSEC_APP_GROUP_MGR", line 2891
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "PORTAL30.WWSEC_APP_GROUP_MGR", line 255
ORA-01403: no data found
I know that this procedure is responsible for generating the
subsequent pages in the "create group" wizard. There's just no
possible way to figure out how to use this procedure
dynamically. I repeat we WILL NOT BE TYPING IN OVER 3500 GROUPS
and 7000 USERS USING THE WIZARD. There must be a way.
I don't want to just arbitrarily insert groups into tables
behind the scenes without knowing what I'm doing. If this is as
simple as inserting a row into wwsec_group$, wwsec_member$,
etc., then great, but there's no way of knowing.
Maybe an Oracle person can help me. Is there another API I can
use, or is there a way to use this API as a stored procedure
where I can just loop through a driving table to create a bunch
of users and groups?
I appreciate any help. I need to create over 3000 groups based
on my client's organization. We REFUSE to do this by hand using
portal's interface. Not that it's bad, it is just impractical
in this instance.
Adrian KlingelNever mind.
Maybe you are looking for
-
Adobe Bridge overrides Windows Explorer functions?
Since installing Adobe Bridge CS3, I am unable to rename/copy/move folders within Windows explorer...If I want to do it, I have to use Bridge. This is particularly annoying when new folders have to be renamed/copied/moved within OTHER programs. Examp
-
How do I poll multiple email accounts?
Hi. I'm switching from a Linux based PC to a Mac mini as my primary computer. (One reason only, a silent computer) In my Linux system I have several accounts that I poll through fetchmail with cron. Now I'm wondering if there is available in OSx an e
-
Hi friends, I want to turn off my sound of a Intro SWF while pressing Enter button on the intro. Every thing is going on finely but the intro sound is also playing along with the sound of main website. Can any buddy help! How to do that. The code to
-
Transferring files into new computer
I have a new MBP on order. Upon arrival, I would like to copy my "Safari" bookmarks & "RSS" feeds, and my "iTunes" podcasts into the new computer. I use an external backup, so I can copy these files (settings) onto the drive, then on to the new lapto
-
Additional Tabpage for Production Order CO03
Hi all, I would like to know if it is possible to create additional tab screen for the production order header screen. CO03? And if there is any user exit / BADI to update the Production Order Long Text when a production order is saved? Thanks. Best