Project authorization at task level for a user

Similar Messages

• Authority Check at the T.Code level for the user in particular User Group

  Hi Friends,
  I have created a ZREPORT and assigned this report to a ZTRANSACTION CODE.
  Need to give Authority Check at the T.Code level for the user in particular User Group.
  I have searched in SCN, but not get suitable pages.
  How to solve this?
  Regards,
  Viji.

  Hi Viji.
  Saha way is actual way for authority tcode but user authority in TCODE:- SE38 he/she can run report(ZREPORT) wise program is run is no authority check.
  Another way is you have also check authority in program level.
  DATA: T_ROLE_USERS TYPE STR_AGRS OCCURS 0 WITH HEADER LINE.
     INITIALIZATION.
    CALL FUNCTION 'ESS_USERS_OF_ROLE_GET'
      EXPORTING
        ROLE       = 'ZROLE''  " Role define
      TABLES
        ROLE_USERS = T_ROLE_USERS.
    READ TABLE T_ROLE_USERS WITH KEY UNAME = SY-UNAME.
     IF SY-SUBRC NE 0.
     RETURN.
     ENDIF.
  Thanks & Regards
  Rahul

• Display Stock level for every user

  Hi
  I need to display the stock level for each user (partdetail.aspx). So they know how many they can order.
  I know it is only displaying for the superusers. Is there anyway of display the stock level for other users as well rather than just showing the message "in stock"
  Thanks
  Sanjaya

  Hey Sanjaya, that would probably require writing your own control ... but even if you do it, remember that stock levels in WebTools are not immediately reduced when an order is placed. For example if you have 10 in stock and someone places an order for 5, another customer will still see 10 in stock. It isn't until the next synch when the order is placed in SBO and its inventory is affected that the new inventory numbers are reflected in WebTools.
  I guess you could write a smarter control that looked up the last inventory and subtracted any orders that haven't synched yet to get a better "real-time" inventory count. However this still doesn't help if an order is placed directly in SBO and WebTools doesn't know about it.
  At least this is the way it worked the last time I looked into it.
  Steve

• Default Privilege Level for ASA users authenticated by Radius or TACACS when using ASDM

  Hello,
  I'm trying to figure out what the default privilege level is for users that are authenticated to the ASA via a remote authentication server when using the ASDM.
  the command "aaa authentication http console TACACS+ LOCAL" is used in the ASA config.
  The remote server is NOT setting any privilege levels for users.  There are also no aaa authorization commands present in the config.
  So what privilege level do the users receive when they login with the ASDM?  I'm being told that the users receive admin access which includes config write, reboot, and debug.  But I cannot find any documentation stating hte default level.
  Please advise.  And providing links to cisco documentation would be great too.
  Thanks,
  Brendan

  Hi Berendan,
  Hope the below exerpt from document clarifies your query. also i have provided the link to refer.
  About Authorization
  Authorization controls access per user after users authenticate. You can configure the security appliance to authorize the following items:
  •Management commands
  •Network access
  •VPN access
  Authorization controls the services and commands available to each authenticated user. Were you not to enable authorization, authentication alone would provide the same access to services for all authenticated users.
  If you need the control that authorization provides, you can configure a broad authentication rule, and then have a detailed authorization configuration. For example, you authenticate inside users who attempt to access any server on the outside network and then limit the outside servers that a particular user can access using authorization.
  The security appliance caches the first 16 authorization requests per user, so if the user accesses the same services during the current authentication session, the security appliance does not resend the request to the authorization server.
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/aaasetup.html
  Regards
  Karthik

• Getting the task list for a user

  i´ve created a bpel project in which all i do is a simple human workflow asssined to user1. Next i want to create a jsp in which i list the tasks assigned to that user for which i looked into the tutorial 10.UserTasks.
  The difference between the example in there is that the active bpel is the TaskManager in my case it just opens the TaskActionHandler.
  Now when i look into the exmple in listTasks.jsp it uses
  ITask[] tasks = worklist.listTasksByAssignee( "[email protected]" );
  when i set the user to user1 it returns no tasks, even though i can see 3 tasks opened.
  any clues? any pointers would be appreciated.
  gabriel

  Hi,
  In 10.1.2 the TaskManager is replaced with the TaskActionHandler.
  You don't necessarily have to build a JSP to access tasks - you can use the out of the box sample worklist. This can be accessed at:
  http://localhost:9700/integration/worklistapp/Login
  However, if you would like to create your own worklist, you will have to use the new 10.1.2 Worklist apis.
  These are documented in Chapter 14 and Chapter 16 of the BPEL developers guide.
  You can also find the javadoc at
  ORABPEL_HOME\integration\orabpel\docs\workflow
  To see a sample you can look at the VacationRequest or the HelpDeskRequest sample

• How to dynamically populate a manager name and level for any user who login

  Hi All,
  I need some help in doing this in my DB:
  Table 1 is the the manager hierarchy {which basically shows the structure of every employee's org).
  Table 2 is a list of all people manager ( all these usernames will also be in table 1). What i need to find is using the username from Table 2, the highest level that username exists in the manager hierarchy.
  For ex:
  Table 1: { What this shows is Sam is CEO and Jeff reports to him. So for Sam, he will exist on all 15 levels and Jeff will have Sam has his top level manager and then Jeff will repeat for all remaining levels till 15.
  Manager Level 0  Level 1  Level 2 Level 3...Level15
  Sam                       Sam     Sam     Sam         Sam
  Sam                        Jeff     Jeff        Jeff          Jeff
  Now in Table 2:
  User Name   Manager Level/Name
  Sam               Manager Level 0 Sam
  Jeff                 Manager Level 1 Jeff
  As you see, for each user name in Table i want to populate their high level from the manager hierarchy {their record in manager hierarchy).
  Hope This helps to clear the confusion.
  Thanks                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  Hello,
  this is the forum for the tool {forum:id=260}. Please mark this question as answered, so others know that they can ignore it.
  Then post again in {forum:id=75}
  Regards
  Marcus

• How to set an adapted project dashboard view as initial for all users?

  Hi all.
  We have the cProjects project dashboard active and have defined (via settings, save as) a custom view with the columns relevant in this particular installation. 
  I can however only save this view with assignment "user" meaning that it only applies to the user logged on when creating it. 
  We are however looking to have a common global customized view that all users should begin with. 
  Compare the R/3 functionality with layout management in reports where you can define whether the layout should be
  user specific or not
  default
  My question is therefore if it should be possible to save global views in the above example and if not how to achieve what we are looking for.
  I assume one option could be to see if one can use BADI DPR_EVE_DASHBOARD but it seems this should be possible to handle within the application given that the field "Assignment" is there when you save the view.  At the moment only with the value "user" available though ...
  Regards / Anders

  Hej Anders
  You can save a default view for all users under administration mode:
  http:<server>:<port>/sap/bc/webdynpro/sap/cprojects?sap-config-mode=X
  BR
  Matthias

• How to authorize a transaction code for a user?

  Hello,
  How can I authorize the user for a specific transaction code and how can I block it?
  I would appreciate if you can give some insight.
  Thank you.
  Hakan

  Hi Hakan,
  We can achieve this by using two T.Code SU01 and SUIM.
  First check in SUIM,the T.Code that you want to block  T.Code is belongs to which role.
  For finding it Click on roles.Click on transaction assignment.Enter your T.code and execute.
  After finding this goto SU01 and unassign that role for that user.
  In this way we can block the user to use one particular T.Code.
  For providing authorisation,add the role to the user id in SU01 T.Code.
  Run SU53 T.Code after running the failure T.Code to know all the errors.
  Please contact your BASIS person for all these.
  Regards,
  Krishna.

• Getting UWL task count for all users in a role.

  Hi.
  I recently posted a question regarding a very similar issue, but I haven't got any response yet. I think my question might have been somewhat poorly phrased, so I will try to do better at explaining what we need.
  We have a number of processes, most of which need to be dynamically assigned to a user when created. The way we want to assign those tasks is by executing a WebService which would receive a role name and get all the users for that role. Then, using the UWL API, it would check how many tasks each of the users have in their UWL, and return the UserID for whoever has the least tasks. I haven't been able to get this to work. I keep getting Logged in users context or session doesn't exist Exception.
  Please, any help on this will be greatly appreciated.
  Currently working with SAP NWDS 7.1 SP05 PAT0005

  Hi,
  Thank you for your response, however, that's not what I need.
  For you and anyone esle who might find this extra info useful...
  I know how to get a user's role(s), and how to get the users in a role.
  I also know how to assign a task to a specific user dynamically.
  Using the UWL API, I know how to get the tasks (or items) in a user's UWL from a WD application, I need to do that from a WebService and using pretty much the same code, with the necessary adjustments, I can't get it to work.
  Furthermore, I'm able to get the UWL tasks for ONE user, that user being the one I log into the application with. For example, if I write code to get the tasks for user testUser1, I need to log in with testUser1 to get it to work, if I log in with any different user or make it a non-authenticated application, it won't work.
  Again, help on this is much needed and will be appreciated.

• Can you retrieve a task list for a user without specifying that user's connection settings?

  Hi
  I would like to know if it is possible to obtain a list of workspace tasks for a user of my choice. In the following code, taken from the relevant quickstart, I am able to retrieve a list of tasks for "administrator" because it is the "administrator" settings specified in the connection properties when obtaining an instance of ServiceClientFactory. If I wanted to obtain a list of tasks for user "greg", for example, is there a way I can do this without having to specify the settings for "greg" in the connection properties? I tried to invoke the setUserId() method of the TaskFilter interface but no tasks are returned for user "greg" in that scenario. The aforesaid user has 3 tasks assigned to him. If I specify the user name and password for "greg" in connection settings, I am able to retrieve his list of tasks successfully. However, this is undesirable because I want to be able to retrieve a list of tasks for any user of my choice, by passing a parameter. Is that possible? Code follows:
  //Start of code
  import com.adobe.idp.dsc.clientsdk.ServiceClientFactory;
  import com.adobe.idp.dsc.clientsdk.ServiceClientFactoryProperties;
  import com.adobe.idp.taskmanager.dsc.client.TaskManagerClientFactory;
  import com.adobe.idp.taskmanager.dsc.client.TaskManagerQueryService;
  import com.adobe.idp.taskmanager.dsc.client.query.StatusFilter;
  import com.adobe.idp.taskmanager.dsc.client.query.TaskFilter;
  import com.adobe.idp.taskmanager.dsc.client.query.TaskRow;
  import java.util.Iterator;
  import java.util.List;
  import java.util.Properties;
  public class RetrieveTaskInfo {
      public static void main(String[] args) {
          try {
              //Set connection properties required to invoke LiveCycle                                                                                                                        
              Properties connectionProps = new Properties();
              connectionProps.setProperty(ServiceClientFactoryProperties.DSC_DEFAULT_EJB_ENDPOINT, "jnp://localhost:1099");
              connectionProps.setProperty(ServiceClientFactoryProperties.DSC_TRANSPORT_PROTOCOL,Service ClientFactoryProperties.DSC_EJB_PROTOCOL);          
              connectionProps.setProperty(ServiceClientFactoryProperties.DSC_SERVER_TYPE, "JBoss");
              connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_USERNAME, "administrator");
              connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_PASSWORD, "password");
              //Create a ServiceClientFactory object
              ServiceClientFactory myFactory = ServiceClientFactory.createInstance(connectionProps);
              //Create a TaskManagerQueryService object    
              TaskManagerQueryService queryManager = TaskManagerClientFactory.getQueryManager(myFactory);
              //Define search criteria by performing a search on 
              //Assigned tasks (tasks assigned to the user specified
              //in connection properties) 
              TaskFilter filter = queryManager.newTaskFilter();
              StatusFilter sf = filter.newStatusFilter(); 
              sf.addStatus(StatusFilter.assigned); 
              filter.setStatusFiltering(sf);
              //Perform the search
              List result = queryManager.taskList(filter); 
              //Create an Iterator object and iterate through
              //the List object
              Iterator iter = result.iterator();
              while (iter.hasNext()) {
                  TaskRow myTask = (TaskRow)iter.next();
                  //Get the task identifier value
                  long taskId = myTask.getTaskId();
                  //Get the status of the task
                  long taskStatus = myTask.getTaskStatus();
                  //Get the name of process on which this task is based
                  String processName = myTask.getProcessName();
                  //Get the task description
                  String taskDes = myTask.getDescription();
                  System.out.println("The task identifier is " + taskId + "\n" +
                          "The status of the task is " + taskStatus + "\n" +
                          "The name of the process on which the task is based is " + processName + "\n" +
                          "The task description is " + taskDes);
          } catch(Exception e) {
              e.printStackTrace();
  //End of code
  Thanks
  Darren

  Paul,
  Thanks very much, I never tried just asking for the parameter I was looking at the entire list coming back from a query with no filters. Using the DBMS_LDAP package you can in fact get their GUID.
  I understand your concern for the use of the field and for other reasons have moved to a different identifier to tie OID accounts to our internal application user accounts.
  Thanks very much, I'm still glad to know how to do get at the info.

• SharePoint 2013 check permissions unable to find permission level for AD user

  In our environment for SharePoint AD groups are associated with individual AD members and AD group is given access to SharePoint group with a permission level. When I want to check for a user who are part on the AD group using check permission to find their
  SharePoint permission level it returns "none", but when I check what permission level the AD group has check permission returns correct permission level.
  I am not sure if this is the right behavior for SharePoint 2013 not to display individual AD user permission using check permission, business users have to request IT every time they have to find a user permission level.

  Hi,
  As far as I know, the user permissions which set in AD Groups is not updated immediately to SharePoint Site. The AD group informations are converted into claims and packed into security token issued by the STS (Security Token Service).
  For troubleshooting your issue,you can configure the Token Cache to a smaller value and check the permission level of the user who is granted permissions through AD group:
  https://sergeluca.wordpress.com/2013/07/06/sharepoint-2013-use-ag-groups-yes-butdont-forget-the-security-token-caching-logontokencacheexpirationwindow-and-windowstokenlifetime/
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Task Privileges for Existing Users - Looking for a global update solution

  After some reading I understand that if you set the task privileges for the PUBLIC user in the Privileges section of Discoverer Administrator (10g), any new user created in the system will pick up the privileges you have assigned to the PUBLIC user.
  I currently have 4000+ users who have access to Discoverer Plus and the ability to create/edit queries. I want to limit who can access Discoverer Plus functionality to approximately 150 users.
  I have changed my PUBLIC user to NOT have privileges but this will only affect new users. Is there any way to restrict 4000+ users without having to go through each user individually and set the privileges.
  I am looking for a global update solution. I am wondering if this can be done through the back-end.

  Hi Mezzobella
  If you change the rights for the public user then other users, who have not been manually adjusted in any way, will automatically pick up the public rights. Therefore, if you have a lot of users that are not changing this means that at some point in their life you will have clicked OK or Apply on the screen with a user displayed. This now assigns the rights to that user as opposed to inheriting them from the public user.
  What you are describing is the perfect reason why you should not administer Discoverer using user accounts but to use roles or responsibilities instead.
  In your case you are now somewhat stuck. The programatic way to revoke these rights is to drop rows from the EUL5_ACCESS_PRIVS table but this could take longer than doing inside Discoverer. Basically, when a user has been granted privileges one row per privilege is inserted into this table. The column AP_EU_ID contains the ID of the user. The column GP_APP_ID is the one that tells you what privilege a user has. Here is a list of the privileges:
  1000 Desktop / Plus Privilege (U)
  1001 Create / Edit Query (U)
  1002 Item Drill (U)
  1003 Drill Out (U)
  1004 Grant Workbook (aka Sharing) (U)
  1005 Collect Query Statistics (U)
  1006 Admin Privilege (A)
  1007 Set Privilege (A)
  1008 Create / Edit Business Area (A)
  1009 Format Business Area (A)
  1010 Create / Edit Summaries (A)
  1011 Not used as far as can be determined
  1012 Schedule (U)
  1013 User is never required to schedule workbooks (U)
  1014 Save workbooks to database (U)
  1015 Managed scheduled workbooks (A)
  1016 This is an apps mode EUL
  1017 This is the user's assigned language
  1018 User is allowed to change password
  1019 to 1023 Not used as far as can be determined
  1024 Create Link (U)
  Note: A = Admin privilege, U = User privilege
  Theoretically you could manually delete rows from this table and that will revoke the rights. In reality, Oracle do not like it when inexperienced users manually the EUL as you could corrupt it. Therefore, any manual updates must be done with utmost caution after making sure you back up or have a copy of the table you will be updating - just in case.
  Try running this query to see the content:
  SELECT DECODE( AP_EU_ID, 104198, 'Viewer', 103697, 'Plus', 'Other' ) "Who" , AP_ID, AP_TYPE, AP_EU_ID, AP_PRIV_LEVEL, GP_APP_ID, GBA_BA_ID, GD_DOC_ID, AP_ELEMENT_STATE
  FROM EUL5_ACCESS_PRIVS
  Best wishes
  Michael

• Turn off log level for Individual Users

  Hi,
  we want to turn off logging level of individual users. We usually go to Identity and click on the user to set log level '0' but we have LDAP security setup so don't have idea how to do it.
  Any Ideas
  Thxs
  SYK

  Ok I will try to Set System Variable LOGLEVEL
  As we are using LDAP security we will not have users in RPD so i cant set to'0' in rpd.
  New Question: Suppose If I am able to set log level to '0' for a user i.e User1 and when he logs into OBIEE and get's a error  while running report like say table or view doesn't exist or non of fact table is compatible or number records exceed etc... and Error will show to user as Error Number and says "Please contact System Administrator for more details".
  Me considering as Admin if i want to debug that error that User1 is getting from above scenario  and when i open nqquery log file will I be able to see the log for that report which User1 is getting error or will it show NO LOGLEVEL Found.
  Thxs
  SYK

• How to get failed tasks list for a user in OIM.

  Hi All,
  Can anybody please suggest me a way to get list of task that got failed(when a user trying to provision to a resource) in OIM using java code.
  Thanks in Advance.
  SP.

  Use the code snippet below to get the task status. Based on this you can filter rejected tasks.
  userintf = (tcUserOperationsIntf) ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
  provintf = (tcProvisioningOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcProvisioningOperationsIntf");
  long userKey=100;
  tcResultSet userresultSet = userintf.getObjects(userKey);
  for(int i=0;i<userresultSet.getRowCount();i++)
       userresultSet.goToRow(i);
       long processKey = userresultSet.getLongValue("Process Instance.Key");
       tcResultSet provresultSet = provintf.getProcessDetail(processKey);
       for(int j=0; i<provresultSet.getRowCount();j++)
            provresultSet.goToRow(j);
            String taskName = provresultSet.getStringValue("Process Definition.Tasks.Task Name");
            String taskStatus = provresultSet.getStringValue("Process Instance.Task Details.Status");
  Let me know if you have any queries...

• Find Task usage for end user

  I want to use find task functionality on enduser interface. I configured a link for findtask.jsp on end user page. But on selecting the link; it redirect to admin user interface and prompts for login. Any idea why it's redirecting there and what can be done so that it works on the end user inteface only. The idea is to give this functionality to end user so that he is able to search any workflow task in IDM.
  Let me know if anybody has provided similar solution or used this feature on end user interface.

  Thank you for your posting. These forums are specific to the
  Acrobat.com website and it's set of hosted services, and do not
  cover the Acrobat family of desktop products. Please visit the
  following forums for any questions related to the Acrobat family of
  desktop products:
  http://www.adobeforums.com/cgi-bin/webx/.3bbeda8b/
  Note: Once Reader enabled certain functions like editing a
  PDF,inserting or deleting the pages will be restricted at end user
  part.Apart from this "Calculate" function will support both Acrobat
  as well as Reader application.