Provisioning EP roles and user groups through CUP

Similar Messages

• Provide Rights to User Group through SDK

  hello all,
  Please help me to provide some rights or role to the User Group through using Business Objects SDK classes not using
  setting in CMC.
  please help me.
  Thanks,
  Prashant Joshi

  Hi Prashant,
  There are few samples available.
  The JSP sample below shows setting advanced rights on a user group for root folder using Enterprise SDK.
  https://boc.sdn.sap.com/node/18903
  Another sample in set_Rights folder in sample collection at following link. Similar to above samples but it sets rights on a user not a user group and also shows how to set permissions on subfolders.
  https://boc.sdn.sap.com/node/3211
  Tks
  Aasavari

• Configuring roles and users (adf security) application context wise.

  Dear All,
  I referred this tutorial (http://biemond.blogspot.com/2008/12/using-database-tables-as-authentication.html) which shows how to hook up adf security with database schema but at domain level which will be common to all applications in that domain. I want to make it different to each application. (i.e each application will use differene database schema for storing user credientials i.e enterprise roles,application roles and users.)
  Can any one please point me to proper way..
  Regards,
  Santosh
  jdev 11.1.1.2.0

  Dear Frank,
  <i>
  Instead you have a single identity management system and have the application policies being different for the applications.Using ADF Security, users and groups can have different privileges in different applications
  </i>
  suppose i have 3 applications that use adf security, the users will be common to all applications. right..?Roles and group can be different for applications.
  application polices means roles and group..?
  So how it(application polices) can be made different for applications? is it inbuilt or some configurations needed ?. Can you point me to some blogs or tutorials for more reference.
  Bet: Incase i hook up adf security with database schema.
  Regards,
  Santosh.

• Structural authorization : role, profile, user group

  Dear All,
  I am working in OM in Structural authorization, can anyone tell me difference among Roles, profile, user group.
  I am mainly concerned with roles and profiles, What exactly is role and what is profile.
  Pl give me practical example....
  Regards,
  Kumar

  Hi kumar,
  Roles: It is divided in to single role and Composite Role. It is used to maintain your list of allowed transactions and reports as a menu. Once you assigned this role to the user, he / she can access only those transactions, what you maintained in the menu.
  Profile: It is based on the authorization object. Unless untill, you generate the profile, the system will not consider the authorization for the assigned menu. You can provide the authorization based on various objects like infotype, transaction code, master record, org key,..
  User Group: Used to set the unique set of rules for the specific user. How system should react in case of specific user group.
  Good Luck
  Om
  Reward it, if u feel helpful.

• Assigned Role in user Group

  Dear All
    Please help me assigned Role in user Group  . I create user Group  (  SURG ) . But i can't assigned Role ?
  Regards , Thanks
    Lannguyen

  Hello,
  You cannot assign user groups directly to Roles, however you can do the following.
  Use PFCG transaction
  1. Select the role and switch to change mode.
  2. Switch to user tab.
  3. Put the cursor in the blank line and hit F4
  4. You should get a popup window which asks you to provide search criteria for the user.
  5. Switch to 2nd tab Users by Logon criteria, here you should be able to find the selection field User group.
  6. Select the group you created and hit the green tick.
  7. All the users in that group will be listed in the User list tab on the main screen.
  8. Now to complete the user assignment hit the User comparisor button ( it should turn green once done).
  Regards,
  Siddhesh

• How does schedule with RESTful API a Webi report for a group of users ("Schedule For" to "Schedule for specified users and user groups" with one or more users/groups)?

  SAB BO 4.1 SP1
  Does it have an RESTful API to schedule a Webi report with the parameter to specify a group of users ("Schedule For" to "Schedule for specified users and user groups" with one or more users/groups)?

  Hello Ricardo,
  have you try a call like this one ?
      <schedule>
        <name>"test"</name>"
        <format type=\"webi\"/>
        <destination>
          <inbox>
           <to>userId1,userId2,userId3,groupId1,groupId12</to>
          </inbox>
        </destination>
      </schedule>
  Regards
  Stephane

• Is it possible to export and import the roles and users tables?

  Hi,
  is there any possibility to export and import the role and user definitions?
  We have a SAP MDM repository with a lot of roles and users and also with a lot of changes.
  And now I'm searching for a fast and efficient way of managing the roles and users.
  Thanks and Regards, Melanie

  Hi Melanie,
  There is no export/import functionality for roles and users.  The only way to manage these in an automated way would be to write a program that uses the Java or ABAP APIs.  Both APIs expose functionality to create, update and delete roles and users.
  Hope this helps,
  Richard

• Table that stores the business role and user id mapping

  Hi,
  i want to know the table that stores the Business role and the business role and user id mapping in CRM system.
  Thanks in Advance.
  Regards,
  Pricy

  Hi Mary,
  There is no direct table but there is a way to find it.
  HRP1263 is the table where business roles are stored when maintained at org level. These are stored against the Position.
  For getting user ID and position linkage refer table HRP1001.
  In HRP1001 table use below criteria to get the User and Position.
  OTYPE = CP
  SCLAS = US
  SOBID = User ID
  ENDDA = 31.12.9999
  Get the OBJID
  Query the HRP1001 table again with following
  OTYPE = CP
  OBJID = OBJID from above Query
  ENDDA = 31.12.9999
  SCLAS = S
  SOBID = Thats Position.
  Pass the position to HRP1263 as below.
  OTYPE = S
  OBJID = POSITION
  PROFILE - Thats business role assigned for the given position and user.
  Hope this is helpful.
  Regards,
  Naresh

• Migrate Rpd Catalog and User ,Groups from OBIEE 11.1.1.3.0 to 11.1.1.5.0

  hi Guys,
  I have got a setup of OBIEE 11.1.1.3.0 on windows 32bit machine and now i am planning to have a setup of 11.1.1.5.0 on windows 64 bit machine.
  please tell me the Detailed steps for Migrating the Rpd Catalog and User ,Groups from OBIEE 11.1.1.3.0 to 11.1.1.5.0
  Like
  1. Do i have to copy the RPD and Catalog Directly to 1.5 or some Upgrade Assistance is to be done
  2. If i am Using the Export Provided in the myrelam ( in 1.3) and taking it to obiee 1.5 (as it already contains some inbuilt policies and groups) does it going to give me error
  Regards
  Ankit

  Check the Oracle reference I have provided earlier. Concept goes like this:
  Important difference is that upgrading from 10g to 11g is called an "out-of-place upgrade" while upgrading to another 11g is called an "in-place upgrade," because the upgrade operates on existing files. Moving from one 11g release to another 11g release is sometimes referred to as "patching."
  http://download.oracle.com/docs/cd/E21764_01/bi.1111/e16452/bi_plan.htm#BABECJJH
  Follow patching and not out-of-place upgrade as you are required to upgrade component
  http://download.oracle.com/docs/cd/E21764_01/doc.1111/e16793/patch_set_installer.htm#PATCH789
  Hope this is clear now

• All Users and User Groups member count 0

  I've setup SCCM 2012 R2, configured the AD User Discovery. But my Member count for All Users and User groups is 0, Memebers Visible on Site is 968. 
  I'm not sure how to get the Member count working. 

  Hi,
  Please check Smsprov.log to see whether there are any errors when you open Device Collections.
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Identify system defained roles and user defained roles

  Hi,
  I have an issue.
  Oracle Version : 9.2.0.1.0
  Operating system: Windows 2000 server
  How can we identify system defained roles and user defained roles?
  Please help me to solve this.
  Regards,
  Mat.

  Check yourself these views
  DBA_ROLES
  DBA_ROLE_PRIVS
  USER_ROLE_PRIVS
  ROLE_ROLE_PRIVS
  ROLE_SYS_PRIVS
  ROLE_TAB_PRIVS
  SESSION_ROLES
  For default predefined roles in the database, take a look at the below url.
  http://youngcow.net/doc/oracle10g/network.102/b14266/admusers.htm#i1008784
  Regards,
  Sabdar Syed.

• How to send a Workitem to User Group through WorkFlow

  Hi,
  I am developing a WorkFlow, in this i have an issue that i have to send a WorkItem to User Group on Certain condition. On Agent Assignment I want to assign User Group not a single or multiple Users.
  Could anyone resolve this issue. How can i resolve in WorkFlow.
  Harkesh Dang

  hi Harkesh,
  During agent assignment use Organizational unit -> All users in that organizational unit will receive workitem.
  Use Role -> All users having that role will receive workitem.
  Use Job/Position -> All users assigned to job/position ca receive workitem.
  Or else use expression -> Pass the user name through some selection criteria using a background method. Loop it. Create a task and workflow container and make sure that in properties tab multiline is checked.
  Hope it works.
  Regards,
  Raj

• Role and User not listed

  Previously I had created a role and added a user. The user
  waited several weeks to try to login and now is receiving a message
  that his role is no longer valid. When I login to administer the
  site his role is not listed and when I re-created the role I can't
  add him because his name is 'grayed' out and indicates that he is
  currently assigned to the previous role.
  Has anyone else had this problem? How can I fix it?

  When selecting "Database", a Planning Create will create (or recreate) the Planning application in Essbase. This will erase any Planing supporting detail, account annotations, etc. It will also (IIRC) blow away the Essbase database.
  A Planning database refresh updates Essbase with metadata changes (if any).
  You know, I've never tried doing a Create->Security Filters.
  Now if you mean Administration->Manage Security Filters->Create -- that will just update the filters with whatever the latest and greatest dimensional security is. If you selected all of the filters, it is as if you did a Administration->Manage Database->Security Filters. The idea being you might want to target it if you have many users/large filters.
  I think the first time that user logs in you will see the username in the Administration->Manage Security Filters list.
  Going backwards, re your first question -- provision the username in SS with access to the Planning app (however you do that, groups, individually, etc.), and give him Essbase server access. Have him log in. All should be good to go.
  Regards,
  Cameron Lackpour

• What is the Advantage of creation of user group through SUGR?

  Hello Masters,
  As per audit requirement I have maintained user groups for different sets of users through SUGR, but I am not getting except differenciating users (based on group), is there any other advantage? Can we assign role to a user group instead of assigning to list of users  or can we do any mass changes to an user group by giving only user group name.
  Regards,
  Nilutpal.

  Dear Neels,
  Apart from maintaining user group for Differnciation purpose you can also take the advantage on the following sectors:
  1. Follow the http://help.sap.com/saphelp_nw04/helpdata/en/ce/17533e5ff4d064e10000000a114084/content.htm link . From this you will come to know the use of user group in the authorisation area.
  2. User Groups also allow segregation of user maintenance, this is especially useful in a large organisation as you can control who your user admin team can maintain - an example would be giving a team leader the authority to change passwords for users in their team. 
  3. The authorization user group is used in conjunction with S_USER_GROUP authorization object. It allows to create security management authorization by user group. e.g. you can have a local security administrator only able to manage users in his groups, Help-Desk to reset password for all users except users in group SUPER, etc... 
  In case any issue, please feel free to reply.
  Regards,
  Nilutpal.

• WL 6.1 LDAPRealm -- Can't see users, groups through console

  I'm having some troubles setting up an LDAPRealm correctly. I've been
  searching through the ng, and have read the cnfgsec.html doc closely
  several times, but must be missing something. Here is the situation:
  Running WLS 6.1 on Win2k. What I want to do is create an LDAPRealm for
  authentication. Right now I have Iplanet/Netscape Directory server
  6.01 with the default schema. I have set up an LDAPRealm through the
  console.
  ie Security -> Configure a new LDAP Realm V1 (Deprecated)... uses
  class weblogic.security.ldaprealmv1.LDAPRealm. Filled out the
  appropriate user groups entries:
  Group DN:ou=topologymanagement,o=netscaperoot
  Group Name Attribute: cn
  Uncheck Group is Context
  Group Username attribute:groupOfUniqueNames
  User Auth: bind
  User Password Attribute: userPassword
  User DN: ou=SpecialUsers
  Username attribute: uid
  Then created the appropriate caching realm. The resulting related
  changes to config.xml are as follows:
  <LDAPRealm AuthProtocol="simple"
  Credential="eNcRyPtEdPaSsWoRd"
  GroupDN="ou=topologymanagement,o=netscaperoot"
  GroupIsContext="false" GroupNameAttribute="ou"
  GroupUsernameAttribute="groupOfUniqueNames"
  LDAPURL="ldap://machineName:389"
  Name="MyLDAP Realm V1 (Deprecated)" Notes="hi"
  Principal="Directory Manager" UserDN="ou=SpecialUsers"
  UserNameAttribute="uid" UserPasswordAttribute="userPassword"/>
  Now, I bounce the weblogic server and it comes up no complaints. But
  when I go to the console, to Security->Groups (mydomain> Realms>
  wl_default_realm> Groups is the title), I do not see any of the groups
  listed in the Directory server. Same for the users. Checking the
  directory server logs, I see the following each time I start the
  console:
  [22/May/2002:15:34:12 -0400] conn=0 op=20 SRCH base="cn=config"
  scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))"
  attrs="nsslapd-accesslog nsslapd-accesslog-list"
  [22/May/2002:15:34:12 -0400] conn=0 op=20 RESULT err=0 tag=101
  nentries=1 etime=0
  So it looks like it is connecting. Any suggestions, tips or pointers
  would be greatly appreciated. Does anybody have a doc of a simple walk
  through setting up LDAP realms? I've been unable to find a tutorial.
  I've read Weblogics docs, but I need an example to look at to put all
  the pieces together. Thanks for the help
  -k

  i got ldapv1 able to work with this following config.
  " <LDAPRealm AuthProtocol="simple" Credential="{3DES}nJfj4lzp6IM="
  GroupDN="o=abc.com,ou=Groups" GroupIsContext="false"
  GroupUsernameAttribute="uniquemember"
  LDAPURL="ldap://localhost:389"
  Name="MyLDAP Realm V1 (Deprecated)"
  Principal="uid=admin, ou=Administrators,ou=TopologyManagement,
  o=NetscapeRoot"
  UserAuthentication="bind" UserDN="o=abc.com,ou=people"
  UserNameAttribute="uid"/>
  thx
  kiran
  kj" <[email protected]> wrote in message
  news:[email protected]...
  I'm having some troubles setting up an LDAPRealm correctly. I've been
  searching through the ng, and have read the cnfgsec.html doc closely
  several times, but must be missing something. Here is the situation:
  Running WLS 6.1 on Win2k. What I want to do is create an LDAPRealm for
  authentication. Right now I have Iplanet/Netscape Directory server
  6.01 with the default schema. I have set up an LDAPRealm through the
  console.
  ie Security -> Configure a new LDAP Realm V1 (Deprecated)... uses
  class weblogic.security.ldaprealmv1.LDAPRealm. Filled out the
  appropriate user groups entries:
  Group DN:ou=topologymanagement,o=netscaperoot
  Group Name Attribute: cn
  Uncheck Group is Context
  Group Username attribute:groupOfUniqueNames
  User Auth: bind
  User Password Attribute: userPassword
  User DN: ou=SpecialUsers
  Username attribute: uid
  Then created the appropriate caching realm. The resulting related
  changes to config.xml are as follows:
  <LDAPRealm AuthProtocol="simple"
  Credential="eNcRyPtEdPaSsWoRd"
  GroupDN="ou=topologymanagement,o=netscaperoot"
  GroupIsContext="false" GroupNameAttribute="ou"
  GroupUsernameAttribute="groupOfUniqueNames"
  LDAPURL="ldap://machineName:389"
  Name="MyLDAP Realm V1 (Deprecated)" Notes="hi"
  Principal="Directory Manager" UserDN="ou=SpecialUsers"
  UserNameAttribute="uid" UserPasswordAttribute="userPassword"/>
  Now, I bounce the weblogic server and it comes up no complaints. But
  when I go to the console, to Security->Groups (mydomain> Realms>
  wl_default_realm> Groups is the title), I do not see any of the groups
  listed in the Directory server. Same for the users. Checking the
  directory server logs, I see the following each time I start the
  console:
  [22/May/2002:15:34:12 -0400] conn=0 op=20 SRCH base="cn=config"
  scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))"
  attrs="nsslapd-accesslog nsslapd-accesslog-list"
  [22/May/2002:15:34:12 -0400] conn=0 op=20 RESULT err=0 tag=101
  nentries=1 etime=0
  So it looks like it is connecting. Any suggestions, tips or pointers
  would be greatly appreciated. Does anybody have a doc of a simple walk
  through setting up LDAP realms? I've been unable to find a tutorial.
  I've read Weblogics docs, but I need an example to look at to put all
  the pieces together. Thanks for the help
  -k