Publish reports to a role and roles to user
Hi,
What does it mean ..
Publish reports to a role and roles to user
can anybody give a detail what exactly it mean ? In implementation which stage it comes into picture ?/
Thanks,
Debasish
Hi,
This publishing option is available to you when you open the query in Query designer as 8th button in top panel. To publish in a role , you should have that role to be assigned to you.
With rgds,
Anil Kumar Sharma .P
Message was edited by:
Anil Kumar Sharma
Similar Messages
-
Automatic Creation of Roles and Role Mappings in GRC
Hi,
we are planning to use SAP Identity Management and SAP GRC Access Management.
In SAP IDM we have defined several business roles that contain privilieges in SAP systems. When a user is requesting a role, the request will first be sent to SAP GRC for approval and risk checking.
In order to get this to work, we need to load the business roles of SAP IDM into SAP GRC and we also need to configure the role mapping between the business roles and the technical SAP privileges.
From what I understood, this could be implemented by loading the required information via Excel filles into SAP IDM.However, this is a quite cumbersome and error-rpone approach an we would like to automate this.
Is there a way to use e.g. web service calls to create/delete roles and role mappings in SAP GRC?
BTW: is a documentation of all available GRC web service calls and their parameters available?
Thanks for your help in advance!
Best regards
TomHi Tom,
as stated before, the web service description is in the config guide.
Unfortunately there is no web service to create roles or even mappings in CUP - this is one of many I would also like to se created
I don't think in your context you will be able to directly send Business Roles to CUP. The role mapping only happens after you send the request, so I'm not sure if that's in time for risk analysis - you will need to try that.
Are you a customer or a consultant - anyway, feel free to contact me if you need further help integrating CUP and IdM. This is an evolving interface with many possible scenarios, so it's not easy to give you good advise without seeing the full picture.
Frank. -
Hi all,
Please explain me about the Roles and Role List used in Projects...
Thanks
DineshHi
Roles are using in Projects for two goals -
A) a basis for project-based security. You might create roles as project roles and assign people to the role in a project. For example, project manger, project admin, project billing person, etc. You then might configure the security access to forms and functions of specific roles.
B) when implementing Proejct Resource Management, the project roles may be scheduled on a project and serve as a template for resource demand. In that case you might configure the team member role on a project, such as competencies, job information, and security.
You might want to review Oracle Projects Fundamentals and Projects Implementation Guide for more details.
Dina -
What are Roles and Role entry points in the context of windows azure?
I am just starting out with my journey towards understanding azure. I have a vague idea about the Web and Worker roles.
So when I am publish-deploying a website on azure from visual studio, am I doing something with respect to roles? Am I starting up a Web role?!
RoleEntryPoint: But this is actually related with the web/worker roles and services. My understanding is that the RoleEntryPoint is some code which is executed when you deploy "services" on the azure cloud. These services either have a web role or
a worker role.
What is "services" in this context? So what traditional (on-premise) app would be analogous to a service that has a web worker role? A WCF service or WebApi? Or can it be a website? So would a service having a worker role be something analogous to
a "windows service"?
And finally RoleEntryPoint. I don't get the use case. From what I've seen,
say you want to initialize some related services that support your main service, for e.g. a cache server, or a sql database, you have have the initialization logic written in these classes and make the code perform them.
There are definitely other ways to do this right? You don't need to necessarily tie the deployment of that main service with the initialization of the other services. They could be separate deployments, right?!
I am a bundle of mistakes intertwined together with good intentionsHi deostroll,
From you post I understand you've read quite a lot about Azure, but I'm affraid there's still some misunderstanding on what all these terms mean.
Azure is a cloud computing suite of services tiered into three categories: IaaS, PaaS and SaaS. IaaS stands for Infrastructure-as-a-service and is an offering where Microsoft allows you to run your own virtual machines. You will handle everything from software
patching, network connectivity (from the application level: virtual networks etc.), software installition and configuration etc. Basically everything you would do today on your own premise except for whatever concerns hardware (bare-metal). PaaS stands for
Platform-as-a-service, and is a middle offerint, where Microsoft selects some VMs and is responsible for periodically patching this machines. You don't have to care about IIS or whatever existing applications there are on the VM either, because it's Microsoft's
job to do this. Last but not least, SaaS stands for Software-as-a-service, and is the offering where you use a piece of software without even knowing what infrastructure exists behind it: I guess you've used some sort of webmail client before, right? That's
a SaaS.
When it comes to Windows Azure, IaaS is offered as Azure VM, PaaS is offered as Azure Cloud Services (formely known as Azure Hosted Services, should you get across documentation that uses that term instead) and SaaS is offered in the form of: Azure WebSites,
Azure Mobile Services, Azure Media Services and many more.
When you talk about either web roles or worker roles, you actually talk about two forms of roles that exist in the context of an Azure Cloud Service. Basically, when you create a cloud project from Visual Studio, you end up in adding either Web projects
which might (but not necessarily) be linked as a Web Role to your Azure Cloud Service. You may also add, to the same solution, Worker Role projects. As you've probably already guessed, whenever you add a Web role, the web project it references is a web project
in the literal term: ASP.NET Web Project, whether that is WebForms, MVC, MVC WebAPI that's all completely up to you. However, what is a worker role project, you might ask? A worker role project might be though of just as a console application. You basically
get absolutely no UI, but your code runs as long as it runs inside an infinite loop at some point. If the loop stops, just like a console application, your worker role will stop which will force the Azure FabricController to refresh your role. Consider the
FabricController has the guardian of all roles, which will auto-magically 'respawn' your roles whenever something goes wrong, whether that's a software issue in your app, in the OS or a hardware failure.
Moreover, keep in mind that every role in your cloud service project ends up in being created as a separate VM. What this means is that you will have separate VMs for each roles in your cloud service, so even if you create several web projects, you still
get one machine, with one IIS instances with a single web application (yours) for each of your cloud's roles. Same goes for worker roles.
I hope this information clears up some of the questions you might have.
Alex -
Navigation through a new role and persistence of user properties
Hi there,
I have a question related to roles and user-experience in the SAP Enterprise Portal.
Depending on the preference of the portal user I would like to offer a different navigation by assiging a new role to the user.
For example initially a role offers the navigation show below:
Role 1:
Toplevel navigation: Entry A Entry B Entry C
After a user request for a different navigation the order of the toplevel navigation changes.
Role 2:
Toplevel navigation: Entry B Entry C Entry A
In order to realize this, I created two worksets for Entry A. By using merge-ids and a difference in sorting I managed to move the Entry A to the end of the toplevel navigation bar after assiging role 2.
However I noticed that iView properties set by the portal users under role1 are lost after assigning the role2. Is there any way a user can keep the properties set under a previous role when getting assigned to a new role that has the same page?
Thanks in advance,
ArkoFacesContext context = FacesContext.getCurrentInstance();
context.getApplication().getNavigationHandler().handleNavigation(context,
null,
"<<NAVIGATION STRING>>");
Thanks,
Navaneeth -
Associate roles and permissions to users that existe on a database
Hi,
i want realise a secure authentification i used ADF Configuration but i found out that i cant bring my users from my database. i can just create new users with roles in Jdeveloper.
do you how we can bring users to Jdeveloper and associate to them roles and permission ?i found this tutorial that is that what i did :
1. Start up weblogic server (Run .. Start Server Instance)
2. Log on to weblogic console ( http://localhost:7101/console/ )
3. Use default username/password weblogic/weblogic1
4. Create a datasource to connect to the schema where the authenticating database tables are (Services .. JDBC .. Data Sources)
5. Use unique name for datasource. Use JINDI name of jdbc/
6. Enter database name, schema name and password and test
7. Add new Authentication provider (Security Realms .. myrealm .. Providers .. New)
8. Enter datasource name, type SQLAuthenticator click Ok
9. Going back into provider, change control flag to Sufficient
10. Select Provider Specific tab and choose Plaintext passwords, password algorithm SHA-1
11. Shut down weblogic
12. Edit config.xml file in JDEV_DIR/system11.1.1.2.36.55.36/DefaultDomain/config and replace sql authenticator sql statements with those from web blog
13. Restart weblogic.
14. Go to users/groups tab in securty realm and view users and groups imported from database
15. Set control flag for other providers to "Sufficient"
source : http://brent.hmdclinical.com/2010/03/using-database-tables-as-weblogic.html
but the step 12 i dont know what i need to change and with what ? -
HOW TO CREATE ROLE AND ASSIGN TO USER
Dear all
1- Create ROLE data_entry
2- Now open the Form Builder --> open Mennu.mmb --> F4,it open the property pallete --> Set use secturity option
YES and in Module Role option set Roles --> form_entry
5- Press F3 (Come back in Navigator Pane) then double click on Mennu, it open Mennu which is attached Forms then
double click on that one Form which attach Role with it --> click on Item Role --> and attach the Role
6- Go start Mennu --> Oracle Form6i-Admin --> Build after this it will ask
‘Enter System Passwors’ then Give the Local Password.
'Enter database connection ( e.g. t:node:SID) [LOCAL] ' Give ORCL ( but me confused what should i give over
here)
7- Create User DEO Identified By DEO
8- Grant DBA to DEO
9- Grant data_entry to DEO
When i run my application and get login by DEO user then i receive this Error:
FRM-10247: No activate items in root menu of application.
please let me know where i am making mistake
Thanks in advance
Regards,Hi,
Just check your second point.
- Now open the Form Builder --> open Mennu.mmb --> F4,it open the property pallete --> Set use secturity option
YES and in Module Role option set Roles --> form_entryHere, you are using "form_entry" role to the menu but you've granted data_entry role to the user.
Hence, at run time forms is expecting user with form_entry role, which it's not getting.
Hope it helps.
Please mark answer as helpful / correct, if it helps you
Navnit -
WLST 92 - How to Create Global Role and Role Condition?
I'm currently using WLS 9.2 and trying to use WLST to create a global role and defining a role condition. Anyone know how to do so using WLST for WLS 9.2?
Trying to:
- create Global Role, testRole
- create condition where 'username = testuser'
thanks!Did you find out a solution for this?
-
Trying to capture what reports are being run and by what users
Hi all,
A few months ago, we upgraded to Discoverer 11g. One of the fixes I was hoping for was the updating of the query statistics table to see what reports are being run and who was running them.
The problem is that most users are running Discoverer Plus but they are not "gracefully" closing Discoverer Plus via File -> Exit. They simply hit ths "X" to close the window. Oracle says that when users do this, their statistics are not written to the query statistics tables. I am finding that the EUL workbooks that we have installed are pretty useless due to this and really the only reason I have left the query statistics logging to be enabled. I am now seriously considering disabling this as it is very inconsistent (we do trim the query statistics table on a rolling 180 days of history via concurrent program that deletes stats older than 180 days).
I am wondering if anyone here has done any logging of what workbooks are being run through some trigger? I see there is a EUL trigger function that we have in place, called post save documents, it records the workbook name, sql, etc. But it does not record the date that it was run. Has anyone modified this trigger so that every time a report is run it logs the report, sql, user and when it was being run to the table?
I have an Oracle SR open, I've asked this in a couple different ways but they keep coming back to a canned answer of "if the user does not do File -> Exit, it will not log their session to the statistics table... blah blah blah".
I hope I am making sense in what I am asking for.
Thank you.
Regards,
JerryHi,
I have never found the Discoverer stats to be very useful for some of the reasons you have given.
I don't see that an EUL trigger will do what you want as unfortunately there is no open document trigger. So to get any information you have to rely on the user saving the workbook.
One option you could explore is to use a DBMS_FGA (fine grained access) policy to audit some of the Discoverer query statements. For example, you can add a FGA policy to the EUL5_DOCUMENTS table that records all SELECTs on the table. That will show you which users are opening the workbooks you have in the EUL. Or you could add a policy to the views/tables used in the Discoverer workbooks and then audit the selects with an audit condition to audit only Discoverer sessions.
How you do it depends on exactly what you want to audit.
Rod West -
I've just start as an intern in Change Management team that is helping to implement SD. My two tasks are to "develop SAP user roles specific to the new business processes" and "manage the role to position mapping for provision of security roles." None of the real employees in my team has ever done this, and my manager is now on three weeks leave. I'm new to SAP and I don't really know where to start. Can anyone offer any advice, or point me to some references? Thanks.
Intern,
Its a pretty cold manager who will dump a task on a inexperienced subordinate without any guidance or mentoring, and then take three weeks off.
Anyhow, you first need to get some insights as to what the expectations of the client are: What type of users will there be? What tasks will each user be responsible for carrying out?
You also will want to collect a list of names of the actual users. Your Basis people will tell you which bits of data will have to be collected in order to create users on the system
Next, you need to talk to the SD expert on your team about the solutions that will be implemented. Quotes? Consignment? Scheduling agreements? Pricing? Customer Service? Marketing? Customer Master? Material Master? The SD expert should be able to tell you at a very minimum which transactions should be made available.
There are standard roles available delivered in the system. These are pretty much un-usable as delivered, but they make a good starting point. Review http://help.sap.com/erp2005_ehp_04/helpdata/EN/b4/3f9c41919eae5fe10000000a1550b0/frameset.htm
and
http://help.sap.com/erp2005_ehp_04/helpdata/EN/06/57683801b5c412e10000009b38f842/frameset.htm
Once you have all the info needed from the client and your SD experts, you then design the supporting roles at a high level. I usually use an Excel Spreadsheet with two tabs: One tab listing roles to be developed, with all the transactions and authorization object limitations for each one; and another tab listing Users and the supporting data needed to create a user. If you are a Basis expert, you already know the next steps. If not, then you typically hand your designs to the Basis team for creation of the actual Roles.
Good luck. Remember not to treat your interns the same way you have been treated.
DB49 -
When to set iwtUser-role and other per user schema using custom athentication?
I have written my own authentication module and would like to set per user schema on login. Can I write iwtUser-role, iwtCalendarProvider-calendarUserPassword, etc from the authentication class?
Yes you can, after the authentication is complete you get the profile object and then set whatever value you want to set for particular attributes you want to set ..
-
Roles and authorizations in BI content
Hi experts,
I'm trying to define a very simple scheme of roles and authorizations for my queries.
So, i'm trying to limit the acess by infocube and DSO, but I'm missing the authorizations objects for Cube and DSO.
I know that authorization object for queries it's S_RS_COMP.
So my roles would be something like
BI_ROLE_FI
Authorization Object Autorization Object Value
Acess query (S_RS_COMP) NA
Infoobject (whats the object???) 0FIGL_C01
DSO (whats the object???) 0FIGL_O14
BI_ROLE_PUR
Authorization Object Autorization Object Value
Acess query (S_RS_COMP) NA
Infoobject (whats the object???) 0PUR_C01
Can you help me find out whats the missing information
Thanks and regards
JoanaHi,
Iu2019ve gave authorization to the object youu2019ve mentioned, but itu2019s still not working.
Basically what I have is the following:
One role that allows me to execute queries, workbooks, etc.
A second role, dependent on the area of work, that should allow me only to have access to queries from cubes/MP/DSO that are specific to users area.
I will then give each user role 1 + the adequate role 2, depending on their work area.
For role 1 I have got:
S_RFC
Activity: 16
Name of RFC to be protected: *
Name of RFC object to be protected: *
S_TCODE
Transaction code: RRMX
S_GUI
Activity: 16
S_USER_AGR
Activity: 01, 02, 03
Role Name: ANLG_BI_01
S_USER_TCD
Transaction code: RRMX
S_RS_AUTH
BI Analysis Authorization: BI_ALL
S_RS_COMP
Activity: 03, 16
InfoArea:*
InfoCube: *
Name (ID) of a reporting component: *
Type of a reporting component: *
S_RS_COMP1
Activity: 03, 16, 22
Name (ID) of a reporting component: *
Type of a reporting component: *
Owner (Person Responsible) for a reporting Component: *
S_RS_TOOLS
Logical Command Name: THEMES
Iu2019ve tested this role, and it works u2013 they can access queries, create workbooks, create permanent model workbooks
For role 2 u2013 Finance I have
S_USER_AGR
Activity: 01, 02, 03
Role Name: ROLE2
S_RS_ADMWB
Activity: 03,66
Data warehousing workbench Object: INFOAREA
S_RS_ODSO
Activity: 03
Infoarea: 0FIGL_ERP
DataStore Object: 0FIGL_014
SubObject for ODS Object: *
S_RS_ICUBE
Activity: 03, 66
Infocube SubObject: *
Infoarea: 0FIAP
InfoCube: 0FIAP_C02
S_RS_MPRO
Activity: 03
Infoarea: 0FIN_REP_SIMPL_1_ERP
MultiProvider: 0FIAP_M20, 0FIAP_M30
MultiProvider SubObject: *
I then gave to my test user this 2 roles, and with that user I can still see every infoarea, and access all reports.
I will have more specific roles u2013 to other areas (SCM, TV, etc), but I chose this one has an example.
First question I have: can I manage my requirement in 2 different roles: one for action that can be performed (role 1) and other for areas that they can access data from (role 2)?
What objects/restrictions am I missing in role 2?
Many thanks
Joana -
Previously I had created a role and added a user. The user
waited several weeks to try to login and now is receiving a message
that his role is no longer valid. When I login to administer the
site his role is not listed and when I re-created the role I can't
add him because his name is 'grayed' out and indicates that he is
currently assigned to the previous role.
Has anyone else had this problem? How can I fix it?When selecting "Database", a Planning Create will create (or recreate) the Planning application in Essbase. This will erase any Planing supporting detail, account annotations, etc. It will also (IIRC) blow away the Essbase database.
A Planning database refresh updates Essbase with metadata changes (if any).
You know, I've never tried doing a Create->Security Filters.
Now if you mean Administration->Manage Security Filters->Create -- that will just update the filters with whatever the latest and greatest dimensional security is. If you selected all of the filters, it is as if you did a Administration->Manage Database->Security Filters. The idea being you might want to target it if you have many users/large filters.
I think the first time that user logs in you will see the username in the Administration->Manage Security Filters list.
Going backwards, re your first question -- provision the username in SS with access to the Planning app (however you do that, groups, individually, etc.), and give him Essbase server access. Have him log in. All should be good to go.
Regards,
Cameron Lackpour -
I have setup a 11g Oracle database.
Can I please have some help to create some user accounts (3 levels, eg. Administrator, Power User, and Guest style users) as well as setting up appropriate levels of security implemented via ROLES and PRIVILEGES for Roles.
Thanks in advance996403 wrote:
I am wanting the Administrator to have control over everything, the Power User to be a User who also has the ability to create tables, triiggers etc, and the Guest to just be able to view data in the database without changing anything.
Can you correct me if I am wrong with the following suitable roles for the users:
Administrator
- All roles
Power User
- Connect
- Resource
Guest
- ConnectYou have to get out of this Administrator/Power User/Guest Windows security group paradigm. Windows security groups cannot be directly correlated to Oracle security groups, and that is why you are having so much trouble doing so. I recommend that you:
-stop comparing Oracle to Windows
-learn what security rights your database users need
-fully understand the predefined roles, and then assign users to those roles only if they require every right that those roles grant
-create your own application roles for any users that have requirements that do not align exactly with the predefined groups
We are only encouraging you to do things in a manner that follows best practices, and doing so will keep your headaches to a minimum later on down the road. -
Developing security Roles and profiles
Hi Team,
Can you guys let me know how to develop security roles and profiles. We are rolling out for a company in Japan, and the congif is completed. We are in the process of developing test cases ans also security roles and profiles for users? Can somebody guide and help me on this?
Regards,Hi,
Use Tcode = PFCG -->then create any customized roles and profiles for any users on module based.
user masters: USR01 to 09, UST04,
profiles: USR10, USR11, UST10S, UST10C,
authorisations: USR12, USR13, UST12.
password exceptions USR40.
History tables(may not be applicable but FYI): users: USH02, USH04,
profiles: USH10, auths USH12.
R/3 Security Tcodes
End User Transaction Code Menu Path Purpose
SU3 System > User Profile> Own Data Set address/defaults/parameters
SU53 System > Utilities > Display Authorization Check Display last authority check that failed
SU56 Tools --> Administration --> Monitor --> User Buffer Display user buffer
Role Administration Transaction Code Menu Path Purpose
PFCG
Tools --> Administration --> User Maintenance --> Roles Maintain roles using the Profile Generator
PFUD Work on SAP check indicators and field values
Select: Copy SAP check IDu2019s and field values
Installation
1. Initial Customer Tables Fill
Upgrade
2a. Preparation: Compare with SAP values
2b. Reconcile affected transactions
2c. Roles to be checked
2d. Display changed transaction codes
SU24
Same as for SU25:
Select: Change Check Indicators > Maintain Check Indicators>Maintain
Regards,
Srini Nookala
Maybe you are looking for
-
I'm trying to update my 4s to ios 7 but it is not working. I only have ios 5, is that bad?
I have ios 5, and have been trying to update to ios 7 but a message pops up saying it is unsuccessful. Do I need iOS 6 first? Why isnt it working?
-
Oracle Apps EUL Scheduling Trouble
Hi All, Here is my problem: I can go through all of the steps of setting-up scheduling in an Oracle Apps Disco environment, but here is the result: -No new table is created when the scheduled workbook has finished (if it has) -No visible sign that th
-
Array overrun in getZoneData() [ mdnsResponder 107.6 ]
Hello, References to msg->h.flags.b[2] are beyond the end of this 2 byts array. mDNSEmbeddedAPI.h 1205 typedef packedunion { mDNSu8 b[ 2]; mDNSu16 NotAnInteger; } mDNSOpaque16; uDNS.c 3684 if (msg && msg->h.flags.b[2] >> 4 && msg->h.flags.b[2] >> 4 !
-
How do I completely disable roaming on Nokia Belle...
Hey guys I found settings to prevent incoming calls from being answered (call barring) but I don't know how to disable roaming. I want to disable roaming and restrict my networks to WCDMA type only. Any help appreciated! Solved! Go to Solution.
-
pls my macbook air is not booting up,when i switch it on the apple logo blinks with a question mark in it.what do i do?, pls my macbook air is not booting up,when i switch it on the apple logo blinks with a question mark in it.what do i do?