Portal Groups Assignement

Similar Messages

• Accessing Portal Groups using WDA application.

  I need to access the portal groups assigned to a user via the WDA application.
  I tried using the interface "if_wd_portal_integration"  but couldnt find any useful methods.
  Can anyone please help.

  It sounds like you need to implement SSO across your landscape.  Once you do that, you should be fine, assuming that the id you signed into the portal exists in the backend application.
  See these pages for more information:
  http://help.sap.com/saphelp_nw70/helpdata/en/4e/f5e9422edf7276e10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/en/4d/dd9b9ce80311d5995500508b6b8b11/frameset.htm

• Assigning Portal Group to CAF Process

  Hello Experts,
  I want to assign portal group to caf process.
  I am starting the process programmatically (Using Java Web Dynpro).
  And also I dont want to assign user by user of the group to the process.
  let me know if it is possible, and If Yes ( ) How ??
  Regards,
  Yogesh...

  Hi Yogesh,
  Yes, you can assign portal group to your process action.
  If you test your process from GP directly, Wile assigning users to the actions. you will see an option to assign a group and a role too(by selecting that dropdown).
  So if you directly pass the group name in your code while calling GP. It will assign all the users in that group for that selected action.
  Hope this resolves your query.
  Thanks,
  Tejaswini

• Regarding : How to add a user to portal group with the help of webdynpro .

  Hii ,
  I am working on an application in which with the help of an action( Button)  we r adding a user in Ztable in R/3 , as well as  group in portal.
  The user r successfully creating in Ztable but from portal side No user is assigned to Portal group.
  I need coding solution for " How to add a user to portal group with help of webdynpro"
  Any usefull link will also do.
  Pls anyone have any solution ??
  Thnks in advance.
  Rewards r waiting for u .

  Hi,
  Use UME api to add user to portal group.
  Using UME API:
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
  Regards,
  Naga

• Unable to delete Portal Group

  Hi Portal Knowledgeable ones.
  I get an exception when I attempt to delete a portal group. 
  <b>My first question is where do I look to find more information about the exception that was returned (eg; a log file)?  I can't click on it to see more details.</b>
  My guess is that I am getting this exception because of some existing "reference" to this group inside the portal.  No users are assigned to it.  No roles or other groups are contained in it.  However, I'm not sure if there is a folder permission tied to that group.
  <b>Is there some way to see where "customized folder permissions" exist?</b>  Otherwise, I'm stuck with looking at the permissions of every Portal object individually.
  Thanks
  Kevin

  Hi Kevin,
  <b>Ques 1)</b> My first question is where do I look to find more information about the exception that was returned (eg; a log file)? I can't click on it to see more details.
  <b>Ans:</b> Yes you can view the log file through log viewer.
  Please find the Visual Administrator in you installation directory. Visit:
  <b>usr\sap\P66\JC00\j2ee\admin\go.bat.</b>
  run this batch file and in the services see the log viewer. There you can view log information.
  or if you want to view the trace file directly then visit the path:
  <b>usr\sap\P66\JC00\j2ee\cluster\server0\log</b>
  there you will see the .trc file. Open the file and see the logs.
  <b>Ques 2)</b> Is there some way to see where "customized folder permissions" exist?
  <b>Ans:</b> For this you can write a code to check the permission of the portal object. There are various API's provided by SAP to check the properties and permissions of the Portal objects.
  I hope this will help you.
  Regards
  Praevsh
  PS: Please consider rewarding points if helpful.

• Access Portal groups in webdynpro ABAP component

  Hi Experts,
  I have a requirement to access portal group in web dynpro ABAP application and based on whether user is assigned to particular group or not further processing for application will be done.
  Are there any UME API or some other API's available to access portal groups in Webdynpro ABAP component?
  Thanks in Advance..!!
  Regards,
  Shruti Shah

  This might be a question better suited to the portal forum. The WDA Portal APIs do not have such functionality.  You might be able to take the Java Portal APIs and wrap them in a web service so that they are callable from ABAP.

• Automatic Group Assignment

  Hello,
  We are on NWDS 2004S(EP 7.0).
  Our Portal users from both LDAP and UME Database.
  Now, we have a requirement like... based on certain selection criteria, we need to assign a particular GROUP selected automatically.
  Is this requirement feasible ?
  Regards
  <i><b>Raja Sekhar</b></i>

  Hi Dareen and Marcos,
  Thanks a lot for the pointers.
  Well, I got few more doubts before closing this thread.
  1) Can I call an Adaptive RFC and access some employee information so that based on that ? Like see my requirement is, based on the Employee Sub Group of the employee attached I should assign the respective Portal groups. So my idea is, to create an JAAS Login Module which get the user attached using UME API and then call the needed BAPI that will get me the ESG of the employee attached to this person in ECC ? And then based on the ESG, I want to assign the respective group to the user?
  2) Will this JAAS Login module gets accessed for every login ?
  3) This is quiet different from JAAS login modules. Can we develop a custom Java WD which has some selection screen(with USER ID and GROUP name). On executing the application based on the selection criteria, it should list all the employees in that criteria and on click of BATCH ASSIGN button, I need to assign the selected group to these people. And I should deploy this application in PORTAL. Is this requirement really feasible? Am aboslutely new to these UME API's.
  Regards
  <i><b>Raja Sekhar</b></i>

• ISE Identity Group Assignment

  I need to avoid a large set of devices to get access to Internet through the Wireless Guest Service. I had made some test and know I can block a MAC address through the Policy Authorization (If Blacklist then DenyAccess).
  In order to blacklist a large set I would like to import the MAC list and include in the CSV the Identity Group Assignment. It appears it is not possible ... I can have an easy way to change the Identity Group Assignment instead of one by one?
  Regards.
  Daniel Escalante.        

  Additional Information and Question:
  Currently my Authorization Policy has this:
  The result is that any user trying to acesss the Guest Service can see the Guest Portal, introduce Credentials and if they are valid, the AUP is displayed, after that if the device is in the Blacklist, service is denied and the Guest Portal is displayed again, but any message about the situation is indicated to the user. I wonder if I can generate a message and even avoid the AUP if the device is in the blacklist.
  Any comment will be greatly appreciated.
  Regards.
  Daniel Escalante

• Can portal role assignment be transported to another portal?

  Hi, Gurus:
  i need to transport portent, role, uses, etc from one portal (EP6 on NW04 )to another (EP7 on NW04s).
  can you tell me that if portal role assignment can also be transported?
  same question to ume role.
  very confused at this area.
  hope i can get your advice
  Thank you
  Br,
  Nikko

  Strictly speaking the user/group/role assignment is not part of the normal transport process in that it will not make those mappings when you transport the content to the next system in your architecture.
  However - you can export users / groups which includes the mappings details.  This can be used in your downstream systems.
  Subsequent transports of objects do not "break" existing mappings.
  Haydn

• Portal Groups Creation

  Hi
  We are preparing to import a Portal into our UAT environment for testing. As part of the creation of the Portal we have created a number of Portal Groups which we intend migrating. As part of this we will also like to create a ldif file to assign the various users to the relevant Portal Groups.
  Therefore I have 2 questions
  1) Is is possible to export the Portal as well as the Portal Groups ?
  2) Is there a way to assign users to Portal Groups using, for example, LDIF. We will have 10,000 users to assign so need to find a way of doing this automatically.
  Any help will be much appreciated?
  Kevin

  #!/bin/sh
  # This script is used to export users/groups and portal groups from a
  # source OID to a target OID. The import into the target OID is done by
  # the import_oid.sh script.
  # The script:
  # 1) unsets NLS_LANG, sets ORACLE_HOME
  # 2) ldapsearch (output to ldif file) all users
  # 3) ldapsearch (output to ldif file) all portal groups
  # 4) Remove 'authPassword' fields from the ldif for users
  # 5) Change the Portal ID in the portal groups ldif file
  echo "************************ BEGIN ************************************"
  echo - This script will export users and groups from OID to ldif files.
  echo - This script will modify the portal ID, remove authPassword fields.
  echo Use import_oid.sh to import users and groups to target OID.
  echo "************************ BEGIN ************************************"
  #variables
  oh=/oracle/10.2/infra10
  source_hostname=""
  port=""
  target_dir="/oracle/10.2/oid_mig/"
  log_file_users=export_users.log
  log_file_groups=export_groups.log
  old_portal_id=""
  new_portal_id=""
  orcladmin=""
  orcl_pwd=""
  group=""
  echo "Please provide the source LDAP hostname: "
  read source_hostname
  if [ "$source_hostname" = "MyOIDServer" ]
  then
       port=389
       orcl_pwd="OrclAdminPassword"
       base_dn="dc=MyCompany,dc=com"
  fi
  echo "Please provide the group you want to export (*=all groups, group1*, group2*,...)"
  read group
  #echo "Please provide the LDAP port: "
  #read port
  #echo "Please provide the orcladmin password: "
  #read orcl_pwd
  # You can find the portal ID through OID Admin console. Go to
  # cn=groups,dc=oracle,dc=com you will find the ID there.
  echo "Please provide the old Portal ID: "
  read old_portal_id
  echo "Please provide the new Portal ID: "
  read new_portal_id
  ORACLE_HOME=/oracle/10.2/infra10
  export ORACLE_HOME
  cd $ORACLE_HOME/bin
  echo ORACLE_HOME = $ORACLE_HOME
  PATH=$ORACLE_HOME/bin:$PATH
  export PATH
  #NLS_LANG=american_america.UTF8
  #export NLS_LANG
  unset NLS_LANG
  #exporting users
  echo ----- exporting users "cn=users,dc=MyCompany,dc=com" -------
  ./ldapsearch -h $source_hostname -p $port -D "cn=orcladmin" -w $orcl_pwd -L -s one -b "cn=users,"$base_dn "(objectclass=orcluserv2)" "*" > /oracle/10.2/oid_mig/users.ldif
  #exporting groups
  echo ----- exporting groups "cn=groups,dc=MyCompany,dc=com" -------
  ./ldapsearch -h $source_hostname -p $port -D "cn=orcladmin" -w $orcl_pwd -L -s one -b "cn=groups,"$base_dn "(objectclass=*)" "*" > /oracle/10.2/oid_mig/groups.ldif
  #exporting groups portal
  echo ----- exporting portal groups "cn=portal."$old_portal_id",cn=groups,dc=MyCompany,dc=com" -------
  ./ldapsearch -h $source_hostname -p $port -X -D "cn=orcladmin" -w $orcl_pwd -s sub -b "cn=portal."$old_portal_id",cn=groups,"$base_dn "cn="$group > /oracle/10.2/oid_mig/groups_portal.xml
  #removing authpassword fields from users
  echo ----- removing authpassword fields from users -----
  cat /oracle/10.2/oid_mig/users.ldif | grep -v authpassword > /oracle/10.2/oid_mig/auth_removed_users.ldif
  # changing the PORTAL ID from $old_portal_id TO $new_portal_id
  echo ----- changing the portal ID -----
  cat /oracle/10.2/oid_mig/groups_portal.xml | sed -e "s/$old_portal_id/$new_portal_id/" > /oracle/10.2/oid_mig/groups_mod.xml
  echo "***************************************** END *********************************************"
  echo Users have been exported to /oracle/10.2/oid_mig/users.ldif
  echo Groups have been exported to /oracle/10.2/oid_mig/groups.ldif
  echo Portal Groups have been exported to /oracle/10.2/oid_mig/groups_portal.ldif
  echo Users have authPassword removed in /oracle/10.2/oid_mig/auth_removed_users.ldif
  echo Portal groups have their ID changed by this script and new groups are in /oracle/10.2/oid_mig/groups_mod.ldif
  echo "***************************************** END *********************************************"

• No Portal Roles assigned issue

  Hi Experts ,
  We had recently integrated CRM with portal , but some users inspite of having the portal roles assigned to their id were getting an Access Denied page (we had customized the "no portal roles assigned " error page ) . Knowing the dependency of portal on IE and browser settings , this issue is sometimes resolved by clearing cache , cookies , and changing a few browser settings etc on IE 6.0 . If this doesn't work then upgrading to IE 7.0 definetly helps . Since this is just a workaround , I would like to know if anyone has experienced such a thing before and has a solution for this . Your inputs will be highly appreciated .
  Regards
  Mayank

  Hi Mayank,
  This is an error which happens when there is No roles assigned to the user. I am not sure how your systems are designed for User Management. Say for example in some cases LDAP is used to maintain Group to User Relationships and Portal Roles are connected to Groups therfore all users in the group is assigned to the Role. In some cases UME is used.
  Having said that you can disable the cache for the browser. You have to compromise with the performance however, this will ensure that everytime the user logs in, the request will always go to the server.
  Regards
  Avik

• How can I disable portal logon by portal group

  Hi,
  I know it is possible to disable logon to the portal by individual users. However I would like to disable the logon for an entire portal group. This would allow members of other portal groups to continue using the portal.
  Simply removing the role from the group/user(s) is not an option.
  Has anyone successfully done something like that?
  Lets see if we can award some points

  Hi Darren,
  thanks for the quick reply. I guess I should qualify my requirement a bit more on what I want to achieve.
  There are a number of applications in use and accessible through the portal, amongst them also ESS / MSS. We have assigned the portal roles to the portal groups. The users are assigned to the groups in the Corporate LDAP which is used by the portal to authenticate the users. I can't remove the users from the group(s) because the user/group assignment is done in the Corporate LDAP through an IDM system which prevents me from making changes to the user/group assignments through the portal.
  So as an example this is what we want to achieve:
  1. Disable the logon for users that are in the ESS group and let them know something like "ESS is currently in maintenance - come back later". Meanwhile, users belonging to the MSS group can still continue to log on.
  2. After the maintenance was done, the logon for the ESS group is enabled again and the users that are in the ESS group can log on again.
  I am not quite familiar with JAAS, but how would it help me with this example? I don't want to remove the user(s) from the group but simply prevent a specific group of users to  logon for a chosen period of time or as an alternative disable on the fly the ability to perform certain actions (role based) within the portal short of re-assigning roles to groups?
  Thanks muchly.

• Oracle Portal Groups Issue

  I have an issue with oracle portal groups and privileges. We currently have approximately 150 groups with
  hundreds of users assigned to each group. We have delegated a user in each group as a local administrator.
  This user has been put into an in admin group that has create user, edit user and delete user privleges.
  The problem I have is that any local administrator can create, edit or delete users in any group which
  is not what I want. I'd like to know if groups/users in oracle portal/Oracle Internet Directory can be
  restricted so they can only create, edit or delete users in their defualt groups only (assigned groups).
  I have tried and cannot seem to find a way. Any advice would be greatly appreciated.
  Thanks

  User management is delegated to the Oracle Internet Directory server through the oiddas application. You may want to ask your question in one of the OiD/SSO forums.
  The Oracle White Paper [The Implementation of a Departmental Level User Provisioning Model in Oracle Portal 10g|http://www.oracle.com/technology/products/ias/portal/pdf/admin_security_deptmental_level_delegated_admin.pdf] might help as well.
  Thanks,
  EJ

• Accesing portal groups

  Hi.
  I'm trying to access portal groups using oid and i get
  oracle.portal.provider.v2.ProviderException: Could not get the OidInfo obj
  My <provider>.properties file has:
  oidManager=true
  aoidAdminClass=<my packages>.OidInfoImpl
  and OidInfoImpl is the class i implemented that extends OidInfo and has the necessary values to connect to the LDAP
  My jsp has the following code line:
  <%= oid.getUserProperty("NM09286","banvenez","givenname") %>
  where NM.. is an appropiate name of an user in the LDAP, banvenez is the susbcription name and
  givenname is just any property.
  I have been sooooome time trying to figure out how to resolve this, but i can't, i even has tried with different versions of the pdk (9.0.2.3.0 & 9.0.2.6) but the result is the same.
  Besides, the doc said that i should put <group></group> in the provider definition file (the .xml, right?) but if i do, it give an error :'(
  so, please anyone help me.
  Luis.-

  Hi Vijay,
  I have the same situation as you. My UME is LDAP and I also use Portal Group. Since your UME datasource is in LDAP, that means that the Security Groups in your LDAP will also be "replicated" (like your users), from LDAP to the Portal. Users in LDAP are "replicated" as users in Portal. Security Groups in LDAP are "replicated" as Group in Portal.
  To make it simple explanation, I do my user management in LDAP and also assignment of user to Security Groups (assignments are also "replicated" into the Portal) in LDAP. What needs to be done after the "replication" is to link Portal roles into the Group accordingly. This way, user management are done in LDAP and in the Portal admin, you work on only linking the relationship between Portal Groups to Portal Roles.
  There is also a hidden advantage with LDAP as UME datasource, that you can do mass user assignement/deletion/updates that the Portal has limited possibilities (thats the answer of your question actually  )  ).
  Make sure that your naming convention use in LDAP for teh Security Groups are linking to that in the Portal, this way, it will help you manage them in a more easy way (Role to Group relationship, so that you can identify which Group is link to which Portal Role).
  Also one important poiint for the above setup is that after all the setup is done and you have it working, ask your LDAP Admin NOT TO MOVE/EDIT any of those Security Groups without your permission. Any changes done will break the relationship link that you have created between the Group and the Portal role (heads up advise for you  )  ).
  Hope that helps and award points for helpful suggestions. Nic Weekend !!
  Ray
  Edited by: Raymond HENG on Oct 10, 2008 8:38 AM

• How do I create portal groups dynamically?

  Has anyone written code to use the
  WWSEC_APP_GROUP_MGR.CREATE_GROUP procedure to create portal
  groups programmatically? I understand alot of what I'm supposed
  to pass, but some of these parameters are pretty obscure and
  obfuscated.
  I'm not sure this can be called like a normal (non-htp) stored
  procedure at all. I now understand nearly all of the
  parameters. Looking at the page source behind the Create Groups
  page, I see that many of these parameters are involved in the
  page generation itself, for example p_back_url being a variable
  that is probably attached to the action of "Previous" buttons
  that appear as you go through the process of creating a group.
  Here is my call:
  wwsec_app_group_mgr.create_group(p_groupname => 'X',
  p_description => 'TEST GROUP',
  p_db_role => 'DBA',
  p_hide_group => 'N',
  p_styleid => 6,
  p_group_id => y,
  p_siteid => 0,
  p_site_id => 1);
  where "y" is the nextval of the group sequence.
  Inserting SQLERRM into a table, I end up with this:
  ORA-06502: PL/SQL: numeric or value error
  ORA-06512: at "SYS.OWA_UTIL", line 323
  ORA-06512: at "SYS.HTP", line 860
  ORA-06512: at "SYS.HTP", line 975
  ORA-06512: at "SYS.HTP", line 993
  ORA-06512: at "PORTAL30.WWUTL_HTP", line 25
  ORA-06512: at "PORTAL30.WWERR_API_ERROR_UI", line 182
  ORA-06512: at "PORTAL30.WWSEC_APP_GROUP_MGR", line 2891
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30.WWSEC_APP_GROUP_MGR", line 255
  ORA-01403: no data found
  I know that this procedure is responsible for generating the
  subsequent pages in the "create group" wizard. There's just no
  possible way to figure out how to use this procedure
  dynamically. I repeat we WILL NOT BE TYPING IN OVER 3500 GROUPS
  and 7000 USERS USING THE WIZARD. There must be a way.
  I don't want to just arbitrarily insert groups into tables
  behind the scenes without knowing what I'm doing. If this is as
  simple as inserting a row into wwsec_group$, wwsec_member$,
  etc., then great, but there's no way of knowing.
  Maybe an Oracle person can help me. Is there another API I can
  use, or is there a way to use this API as a stored procedure
  where I can just loop through a driving table to create a bunch
  of users and groups?
  I appreciate any help. I need to create over 3000 groups based
  on my client's organization. We REFUSE to do this by hand using
  portal's interface. Not that it's bad, it is just impractical
  in this instance.
  Adrian Klingel

  Never mind.