Portal Groups vs. Roles

Similar Messages

• Unable to delete Portal Group

  Hi Portal Knowledgeable ones.
  I get an exception when I attempt to delete a portal group. 
  <b>My first question is where do I look to find more information about the exception that was returned (eg; a log file)?  I can't click on it to see more details.</b>
  My guess is that I am getting this exception because of some existing "reference" to this group inside the portal.  No users are assigned to it.  No roles or other groups are contained in it.  However, I'm not sure if there is a folder permission tied to that group.
  <b>Is there some way to see where "customized folder permissions" exist?</b>  Otherwise, I'm stuck with looking at the permissions of every Portal object individually.
  Thanks
  Kevin

  Hi Kevin,
  <b>Ques 1)</b> My first question is where do I look to find more information about the exception that was returned (eg; a log file)? I can't click on it to see more details.
  <b>Ans:</b> Yes you can view the log file through log viewer.
  Please find the Visual Administrator in you installation directory. Visit:
  <b>usr\sap\P66\JC00\j2ee\admin\go.bat.</b>
  run this batch file and in the services see the log viewer. There you can view log information.
  or if you want to view the trace file directly then visit the path:
  <b>usr\sap\P66\JC00\j2ee\cluster\server0\log</b>
  there you will see the .trc file. Open the file and see the logs.
  <b>Ques 2)</b> Is there some way to see where "customized folder permissions" exist?
  <b>Ans:</b> For this you can write a code to check the permission of the portal object. There are various API's provided by SAP to check the properties and permissions of the Portal objects.
  I hope this will help you.
  Regards
  Praevsh
  PS: Please consider rewarding points if helpful.

• User= Group= SubGroup= Role: Now working when this link is used

  Hai,
  We are using EP 5.0 with LDAP 7.6 When a user id created it is attached to a group and the group is attached to a role. I introduced a nested group in this link as userid is attached to group, group is attached to sub group and subgroup is attached to role. When i did like this and login to the portal system the roles are not seen in the portal.
  Below are the things which i did,
  When a user id(Ex : MYTEST1) is created it is attached to a group(Ex : ESS_GE) by the below code.
         String group = "ESS_GE";
         String groupdn = "cn=" + group.toUpperCase() + "," + groupsRoot;
         String userdn = "cn=" + userid.toUpperCase() + "," + peopleRoot;
        // modifications for group and user
        LDAPModification[]  modGroup = new LDAPModification[2];
        LDAPModification[]  modUser  = new LDAPModification[2];
     // Add modifications to modUser
     LDAPAttribute membership = new LDAPAttribute("groupMembership", groupdn);
     modUser[0] = new LDAPModification( LDAPModification.ADD, membership);
     LDAPAttribute security = new LDAPAttribute("securityEquals", groupdn);
     modUser[1] = new LDAPModification( LDAPModification.ADD, security);
      // Add modifications to modGroup
      LDAPAttribute member = new LDAPAttribute("uniqueMember", userdn);
      modGroup[0] = new LDAPModification( LDAPModification.ADD, member);
      LDAPAttribute equivalent = new LDAPAttribute("equivalentToMe", userdn);
      modGroup[1] = new LDAPModification( LDAPModification.ADD, equivalent);
     // Modify the user's attributes
     lc.modify( userdn, modUser);
     // Modify the user's group attributes
      lc.modify( groupdn, modGroup);
  Group is attached to a role(EP_GE_USER_ROLE).  So the link is User =>Group=>Role which is MYTEST1=>ESS_GE=>EP_GE_USER_ROLE. This linke is working perfectly
  I introduced a nested group and changed the link as User=>Group=>Sub_Group=>Role  which is MYTEST1=>ESS_GE=>ESS_GE_ONLINE=>EP_GE_USER_ROLE.
  After this when I login with the user id MYTEST1 the Roles which are attached to ESS_GE_ONLINE is not shown. Any idea why the roles which are attached to group ESS_GE_ONLINE is not transferred to ESS_GE group. Should I have to add any other LDAP attributes apart from the one which are coded below.
    String group1 = "ESS_GE";
    String group2 = "ESS_GE_ONLINE";
    String groupdn1 = "cn=" + group1.toUpperCase() + "," + groupsRoot;
    String groupdn2 = "cn=" + group2.toUpperCase() + "," + groupsRoot;
    //Add ESS_GE_ONLINE group to ESS_GE group
    LDAPAttribute membership1 = new LDAPAttribute("uniqueMember", groupdn2);
    modGroup1[0] = new LDAPModification( LDAPModification.ADD, membership1);
    LDAPAttribute security1 = new LDAPAttribute("equivalentToMe", groupdn2);
    modGroup1[1] = new LDAPModification( LDAPModification.ADD, security1);
    //Add ESS_GE group to ESS_GE_ONLINE group
    LDAPAttribute membership2 = new LDAPAttribute("uniqueMember", groupdn1);
    modGroup2[0] = new LDAPModification( LDAPModification.ADD, membership2);
    LDAPAttribute security2 = new LDAPAttribute("equivalentToMe", groupdn1);
    modGroup2[1] = new LDAPModification( LDAPModification.ADD, security2);
    lc.modify( groupdn1, modGroup1);
    lc.modify( groupdn2, modGroup2); 
  Thanks & Regards,
  H.K.Hayath Basha.

  change that to the following and retest:
  Joshua Fowler wrote:
  I think you're correct. Under the Publish settings of the document, that's what "Class" points to.
  Here's the first main section of the code:
  package com.anselmbradford
    import flash.display.MovieClip;
    import flash.events.TimerEvent;
    import flash.utils.Timer;
    public class Main extends MovieClip
    * Create a new CountDown object, listen for updates and pass it the date to countdown to.
    public function Main()
    var cd:CountDown = new CountDown();
    cd.addEventListener( CountDownEvent.UPDATE , _updateDisplay );
    cd.init( new Date(2015,3,9,20,00) );
    * Update the display.
    private function _updateDisplay( evt:CountDownEvent ) : void
  Does this look correct?
  Thanks again!

• Portal Groups not Importing after Synchronization

  Hi all,
  I am currently running GRC 10 SP 15 and have completed the AC 10 EP Config guide. So far I have managed to complete all steps in the guide including the synchronization. However, when I try to import the roles the nwbc mass role import, I return 0 results. I have check the GRACLCONN table and the portal groups are definitely there. Does anyone know why the Mass Import would be failing?
  Thanks,
  James

  Hi,
  Only ABAP system based Technical roles can be imported via the Mass Import tool without the use of Import sheets. If you are using a import sheet already, just double check your entries. For EP groups, you will have to maintain and upload a sheet manually.
  Ensure that the role type is set to 'GRP' in the sheet and the roles have been synced in via the Repository Object Sync job first.
  Cheers.

• How can I disable portal logon by portal group

  Hi,
  I know it is possible to disable logon to the portal by individual users. However I would like to disable the logon for an entire portal group. This would allow members of other portal groups to continue using the portal.
  Simply removing the role from the group/user(s) is not an option.
  Has anyone successfully done something like that?
  Lets see if we can award some points

  Hi Darren,
  thanks for the quick reply. I guess I should qualify my requirement a bit more on what I want to achieve.
  There are a number of applications in use and accessible through the portal, amongst them also ESS / MSS. We have assigned the portal roles to the portal groups. The users are assigned to the groups in the Corporate LDAP which is used by the portal to authenticate the users. I can't remove the users from the group(s) because the user/group assignment is done in the Corporate LDAP through an IDM system which prevents me from making changes to the user/group assignments through the portal.
  So as an example this is what we want to achieve:
  1. Disable the logon for users that are in the ESS group and let them know something like "ESS is currently in maintenance - come back later". Meanwhile, users belonging to the MSS group can still continue to log on.
  2. After the maintenance was done, the logon for the ESS group is enabled again and the users that are in the ESS group can log on again.
  I am not quite familiar with JAAS, but how would it help me with this example? I don't want to remove the user(s) from the group but simply prevent a specific group of users to  logon for a chosen period of time or as an alternative disable on the fly the ability to perform certain actions (role based) within the portal short of re-assigning roles to groups?
  Thanks muchly.

• Assigning Portal Group to CAF Process

  Hello Experts,
  I want to assign portal group to caf process.
  I am starting the process programmatically (Using Java Web Dynpro).
  And also I dont want to assign user by user of the group to the process.
  let me know if it is possible, and If Yes ( ) How ??
  Regards,
  Yogesh...

  Hi Yogesh,
  Yes, you can assign portal group to your process action.
  If you test your process from GP directly, Wile assigning users to the actions. you will see an option to assign a group and a role too(by selecting that dropdown).
  So if you directly pass the group name in your code while calling GP. It will assign all the users in that group for that selected action.
  Hope this resolves your query.
  Thanks,
  Tejaswini

• How can I map LDAP departments to portal groups?

  Hi All,
  we connected our NW 7.0 Portal to the corporate LDAP server using the profile dataSourceConfiguration_novell_readonly_db.xml. Connection is up and running and the UME lists all users from the LDAP and they can logon.
  The LDAP cannot provide any groups or roles. However, it provides a department name for every user.
  My question is if it is possible to make a user automatically a member of a portal group named like the department he or she is working in and how this mapping can be achieved.
  I downloaded the XML-file and studied the SAP-help concearning this matter, but I'm a little lost because of all the different tags of the XML-file and I don't quite comprehend how the mapping is done exactly. I'm not that keen on experimenting with the different tags since this requires frequent portal restarts and there seem to be many possible combinations.
  I figure my request is not that exotic so maybe someone has done that before. Could someone out there help? It would be very much appreciated.
  Thanks a lot in advance,
  Jens

  Hi Jens,
  There is an easier way to do this. Since you provide a department name for every user, configure virtual groups to use the department attribute.
  http://help.sap.com/saphelp_nw04s/helpdata/en/43/fcfa2942ed7067e10000000a1553f6/frameset.htm
  Configure the department names you use and the UME will generate virtual groups based on the department names at runtime.
  -Michael

• Accesing portal groups

  Hi.
  I'm trying to access portal groups using oid and i get
  oracle.portal.provider.v2.ProviderException: Could not get the OidInfo obj
  My <provider>.properties file has:
  oidManager=true
  aoidAdminClass=<my packages>.OidInfoImpl
  and OidInfoImpl is the class i implemented that extends OidInfo and has the necessary values to connect to the LDAP
  My jsp has the following code line:
  <%= oid.getUserProperty("NM09286","banvenez","givenname") %>
  where NM.. is an appropiate name of an user in the LDAP, banvenez is the susbcription name and
  givenname is just any property.
  I have been sooooome time trying to figure out how to resolve this, but i can't, i even has tried with different versions of the pdk (9.0.2.3.0 & 9.0.2.6) but the result is the same.
  Besides, the doc said that i should put <group></group> in the provider definition file (the .xml, right?) but if i do, it give an error :'(
  so, please anyone help me.
  Luis.-

  Hi Vijay,
  I have the same situation as you. My UME is LDAP and I also use Portal Group. Since your UME datasource is in LDAP, that means that the Security Groups in your LDAP will also be "replicated" (like your users), from LDAP to the Portal. Users in LDAP are "replicated" as users in Portal. Security Groups in LDAP are "replicated" as Group in Portal.
  To make it simple explanation, I do my user management in LDAP and also assignment of user to Security Groups (assignments are also "replicated" into the Portal) in LDAP. What needs to be done after the "replication" is to link Portal roles into the Group accordingly. This way, user management are done in LDAP and in the Portal admin, you work on only linking the relationship between Portal Groups to Portal Roles.
  There is also a hidden advantage with LDAP as UME datasource, that you can do mass user assignement/deletion/updates that the Portal has limited possibilities (thats the answer of your question actually  )  ).
  Make sure that your naming convention use in LDAP for teh Security Groups are linking to that in the Portal, this way, it will help you manage them in a more easy way (Role to Group relationship, so that you can identify which Group is link to which Portal Role).
  Also one important poiint for the above setup is that after all the setup is done and you have it working, ask your LDAP Admin NOT TO MOVE/EDIT any of those Security Groups without your permission. Any changes done will break the relationship link that you have created between the Group and the Portal role (heads up advise for you  )  ).
  Hope that helps and award points for helpful suggestions. Nic Weekend !!
  Ray
  Edited by: Raymond HENG on Oct 10, 2008 8:38 AM

• How do I create portal groups dynamically?

  Has anyone written code to use the
  WWSEC_APP_GROUP_MGR.CREATE_GROUP procedure to create portal
  groups programmatically? I understand alot of what I'm supposed
  to pass, but some of these parameters are pretty obscure and
  obfuscated.
  I'm not sure this can be called like a normal (non-htp) stored
  procedure at all. I now understand nearly all of the
  parameters. Looking at the page source behind the Create Groups
  page, I see that many of these parameters are involved in the
  page generation itself, for example p_back_url being a variable
  that is probably attached to the action of "Previous" buttons
  that appear as you go through the process of creating a group.
  Here is my call:
  wwsec_app_group_mgr.create_group(p_groupname => 'X',
  p_description => 'TEST GROUP',
  p_db_role => 'DBA',
  p_hide_group => 'N',
  p_styleid => 6,
  p_group_id => y,
  p_siteid => 0,
  p_site_id => 1);
  where "y" is the nextval of the group sequence.
  Inserting SQLERRM into a table, I end up with this:
  ORA-06502: PL/SQL: numeric or value error
  ORA-06512: at "SYS.OWA_UTIL", line 323
  ORA-06512: at "SYS.HTP", line 860
  ORA-06512: at "SYS.HTP", line 975
  ORA-06512: at "SYS.HTP", line 993
  ORA-06512: at "PORTAL30.WWUTL_HTP", line 25
  ORA-06512: at "PORTAL30.WWERR_API_ERROR_UI", line 182
  ORA-06512: at "PORTAL30.WWSEC_APP_GROUP_MGR", line 2891
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30.WWSEC_APP_GROUP_MGR", line 255
  ORA-01403: no data found
  I know that this procedure is responsible for generating the
  subsequent pages in the "create group" wizard. There's just no
  possible way to figure out how to use this procedure
  dynamically. I repeat we WILL NOT BE TYPING IN OVER 3500 GROUPS
  and 7000 USERS USING THE WIZARD. There must be a way.
  I don't want to just arbitrarily insert groups into tables
  behind the scenes without knowing what I'm doing. If this is as
  simple as inserting a row into wwsec_group$, wwsec_member$,
  etc., then great, but there's no way of knowing.
  Maybe an Oracle person can help me. Is there another API I can
  use, or is there a way to use this API as a stored procedure
  where I can just loop through a driving table to create a bunch
  of users and groups?
  I appreciate any help. I need to create over 3000 groups based
  on my client's organization. We REFUSE to do this by hand using
  portal's interface. Not that it's bad, it is just impractical
  in this instance.
  Adrian Klingel

  Never mind.

• Programmatically adding/deleting users to/from portal groups

  I am using the following PDK api, to delete an user from a portal group (otp_sales).
  I get the following error which doestn make sense. I tested the following api from a
  script shown below. In my application, this gets called from a trigger, and fails
  because it sees a ROLLBACK getting used in the API.
  <<<<<<<<<<<<< delete_from_group.sql >>>>>>>>>>>>>>>>>>>>>>
  DECLARE
  BEGIN
  moc.wwsec_api.delete_user_from_list (p_group_id
  =>MOC.wwsec_API.GROUP_ID('OTP_SALES')
  ,p_member_person_id =>73);
  END;
  <<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  SQL> @delete_from_group.sql
  Input truncated to 1 characters
  DECLARE
  ERROR at line 1:
  ORA-01086: savepoint 'DELETEUSERFROMLIST_SAVEPOINT' never established
  ORA-06512: at "MOC.WWSEC_API", line 2467
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "MOC.WWCTX_SSO", line 849
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "MOC.WWCTX_SSO", line 669
  ORA-06502: PL/SQL: numeric or value error
  ORA-06512: at line 3
  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  Thanks
  regards
  -Ananth

  We had the same problem and it turned out that deleting a portal user(delete_portal_user), removing a portal user from a list (delete_user_from_list) or updating a portal user, the "savepoint xxxx never established message" came up when there was no context set. If the procedure is called from within a portal page (or as user portal30) ,and the context is set and it works. The solution is to check to see if the context was set, and then set it if not.
  if not portal30.wwctx_api_private.is_context_set then
  portal30.wwctx_api_private.set_context(p_user_name => 'portal30');
  end if;
  Hope this helps
  Tania

• Regarding : How to add a user to portal group with the help of webdynpro .

  Hii ,
  I am working on an application in which with the help of an action( Button)  we r adding a user in Ztable in R/3 , as well as  group in portal.
  The user r successfully creating in Ztable but from portal side No user is assigned to Portal group.
  I need coding solution for " How to add a user to portal group with help of webdynpro"
  Any usefull link will also do.
  Pls anyone have any solution ??
  Thnks in advance.
  Rewards r waiting for u .

  Hi,
  Use UME api to add user to portal group.
  Using UME API:
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
  Regards,
  Naga

• MDG-S BP Grouping,BP Role,BP Categeory and ERP Vendoe Account Group

  Hi
  Can anybody explains me releationship between MDG-S BP Grouping,BP Role,BP Categeory and ERP Vendoe Account Group?
  It seems there is no requried field except Change Request Description.If we input value for CR Description only, we can still able to sumbit and activate CR and Bussiner Partner ID (Which is internally generated) will be stored in MDG stagging table for entity type BP_HEADER.
  My question is then what is use of BP Grouping,BP role in this as it contains blank value? Also it observed that for new ERP Vendor the Account Group field is always in non editable mode,Any reason for this? Same issue with Company Code after selecting CC it displayed as non editable field before submitting CR as well.

  Hi Sanjay,
  When you select New -> Organization, below screen comes, In Grouping drop down you need to select Vendor Account Group and in Role list enter role.
  Follow same procedure when you want to create next vendor.
  Under new pushbutton, you will get three options:
  Organization means when you want to create vendor.
  Person means you are creating person not vendor, these person you can assign as a contact person to the vendor in Relationship tab.
  Regards,
  Sudhir

• Assign SQ03 Abap Query User Group to role

  Please advise how to assign SQ03 Abap Query User Group to a role. Thanks.
  Moderator message: please do more research before asking.
  [Rules of engagement|http://wiki.sdn.sap.com/wiki/display/HOME/RulesofEngagement]
  [Asking Good Questions in the Forums to get Good Answers|/people/rob.burbank/blog/2010/05/12/asking-good-questions-in-the-forums-to-get-good-answers]
  Edited by: Thomas Zloch on May 12, 2011 5:40 PM

  Hello Sunil,
  The problem is that I have hundreds of users to maintain user groups.
  found out that it is possible to assign user group to role and role to user groups. implementing hr authorization with in-direct assignment of auth. So if I could use sq10, user groups could also be link to position in the org chart.
  sq10 does allow you to assign a user group to a role but when you assign the role to a user and the user runs a query, it reports that no user group has been assigned.
  Suspect that there must be a parameter or switch that is not turned on
  Regards

• What id the DIT of the portal groups in OID? - never mind. found it

  Does anyone know the DIT of the portal groups in OID? I cannot seem to find it It does not appear to be under cn=Oraclcontext,cn=groups
  Message was edited by:
  ss396s

  Keith,
  Welcome to the forums.
  Are you saying that the procedures require you to check out
  all the application or site code in addition to your RH source
  because RH may change some of that external code? To my knowledge,
  RH source is not connected to anything else in a way that it will
  make automatic changes to anything outside the project. I don't
  know about an official list, but I have seen (by using the Tortoise
  client for both CVS and SVN) that if you make edits to RH source
  files, those files change of course, and then I believe the .cpd
  file is about the only other thing that changes.
  You could try downloading and installing Tortoise if it works
  for the version control system you use. Tortoise shows graphically
  within Windows Explorer which files have changed since the last
  time you checked a directory into the repository. If you change
  nothing besides your RH source, Tortoise would plainly show that RH
  isn't touching the application or site's code.
  Hope this helps,
  Ben

• Access Portal groups in webdynpro ABAP component

  Hi Experts,
  I have a requirement to access portal group in web dynpro ABAP application and based on whether user is assigned to particular group or not further processing for application will be done.
  Are there any UME API or some other API's available to access portal groups in Webdynpro ABAP component?
  Thanks in Advance..!!
  Regards,
  Shruti Shah

  This might be a question better suited to the portal forum. The WDA Portal APIs do not have such functionality.  You might be able to take the Java Portal APIs and wrap them in a web service so that they are callable from ABAP.

• Users based on Portal Group

  Hi all,
  Is there any table or RFC which contains the Users based on Portal Group in ECC.I need to writa a programme which extracts the users based on poratal group.
  Thanks and Regards,
  Venkat

  Hi Venkat,
  To get users of a group:
  boolean b =false;
  String name = null;
  IGroup grp = UMFactory.getGroupFactory().getGroupByUniqueName("GroupName entered by User as a input");
  if(grp.equals("<Name of Group>"))
         Iterator i = grp.getUserMembers(true);
         grp.getGroupMembers(true);
         for (int a= 0; i.hasNext(); a++)
                name = i.next().getClass().getName();
                //Print / Store Name
  Regards,
  Vaibhav