Question about authorizations in SRM + cFolders

Similar Messages

• A question about authorization of "me29n".

  I have a question about authorization of "me29n".
  In the screen of me29n, after I choose "cancel release" option,  there are several button I can use, such as "delete","lock","unlock" and so on.    now I want the "delete" button become unavailable after I choose "cancel release".    how can I archive ?   Is there any authorization object to use?   thanks a lot.

  Hello Victor,
  It is possible through Transaction code "SHDS".
  try to create new variant for it.Also you need to take
  ABAP'rs help in this .Try it.All the Best.
  Regards,
  Manjula.

• 2 questions about authorization filter...

  Hi guys,
  i need your help to solve my question..
  i'm developing a jsf application and i've created an authorization
  filter...
  My filter must checking for each page access if a registered user is
  stored in the session,if not redirect to login page. I've a bit
  experience on servlet and filter and i've solved this question with
  this filter.
  import java.io.IOException;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class AuthorizationFilter implements Filter {
           * @uml.property name="config"
           * @uml.associationEnd
          FilterConfig config = null;
           * @uml.property name="servletContext"
           * @uml.associationEnd
          ServletContext servletContext = null;
          public AuthorizationFilter() {
          public void init(FilterConfig filterConfig) throws ServletException {
                  config = filterConfig;
                  servletContext = config.getServletContext();
          public void doFilter(ServletRequest request, ServletResponse response,
                          FilterChain chain) throws IOException, ServletException {
                  Utils.log(servletContext, "Inside the filter");
                  HttpServletRequest httpRequest = (HttpServletRequest) request;
                  HttpServletResponse httpResponse = (HttpServletResponse) response;
                  HttpSession session = httpRequest.getSession();
                  String requestPath = httpRequest.getPathInfo();
                  Visit visit = (Visit) session.getAttribute("visit");
                  if (visit == null) {
                          System.out.println("Visit Nullo");
                          session.setAttribute("originalTreeId", httpRequest
                                          .getPathInfo());
                          Utils.log(servletContext, "redirecting to "
                                          + httpRequest.getContextPath() + "/faces/Login.jsp");
                          httpResponse.sendRedirect(httpRequest.getContextPath()
                                          + "/index.jsp");
                  else {
                          chain.doFilter(request, response);
                  Utils.log(servletContext, "Exiting the filter");
          public void destroy() {
  } in my authentication bean,after user has logged in i've
  loggedIn=true;
  User newUser = new User(loginName, password,teamName, role);
  Visit visit = new Visit();
  visit.setUser(newUser);
  visit.setAuthenticationBean(this);
  visit.setLoggedIn(loggedIn);
  setVisit(visit);
  getApplication().createValueBinding("#{sessionScope.visit}").setValue(faces�Context,visit); to store values into visit object.
  and this is my logout function
  FacesContext facesContext = getFacesContext();
                  Utils.log(facesContext, "Executing AuthenticationBean.logout()");
                  HttpSession session = (HttpSession) facesContext.getExternalContext()
                                  .getSession(false);
                  session.removeAttribute("sessionScope.visit");
                  if (session != null) {
                          session.invalidate();
                  } My 2 questions are:
  1) how can i redirect to login page a user that tries to log in with
  the same data of a user stored in the session?
  2) how can i handling browser closing?I need a listener?
  Please help me,i'm trying to learn about it and i need your help.
  Thanks

  hi,
  1. use the copy - paste functions in the drop down menu.
  2. same menu, save setting as........
  DR9.

• Questions about authorizations of tables/change requests/badis/locks/lang

  Hi ,
  Few questions I have not been able to find out .
  1) HOw can we ensure that every time we do any change in a table including adding/changing content a change request is generated .Basically to ensure any changes being done are being stored in  a change request .
  2)How to give authorizations to/for a database table ?
  3)can/how we add water marks in scripts and smartforms ?
  4) Can we create and place our own BADIs in SAP standard code?
  5)different LOCK types/categories with clear difference (not the standard SAP help please..)
  6) tips on handling two table controls on one screen.
  7) WHat are the things required if we want to use objects(scripts,texts,smartforms) in different languages ?
  8)multilingual scripts ?
  9) how to have a search help in module pool without using Process on value request ?
  Moderator message - Please - one question per thread and please ask a specific question - post locked
  Edited by: Rob Burbank on Dec 3, 2009 4:29 PM

  FSKB     G/L Account Posting
  this transaction is not working

• Questions about SAP's SRM capabilities

  SRM Experts, I have two questions:
  In SAP, is it possible:
  1. To have "Amount Only Requisitions", that is, specify requisitions that enable requesters to order goods and services specifying only a dollar amount and not quantity.
  2. Reopen Closed Requisitions and Purchase Orders, that is,  re-open ANY previously closed requisition or purchase order, not only those from the last batch of the Close
  Reconciliation process.
  Thanks!

  Ok let me try...
  1) One of the Key building blogs will be the SAP NetWeaver Process Integration 7.1. Its provides the ES Repository for Service Metadata and the ES Registry for the Service Endpoints. The Registry you use for finding and classifcation of your services. Any yes XI/PI could be used as ESB.
  Another keybuilding block is the SAP NetWeaver Composition Enviroment 7.1. This one is used at Design and Runtime for Composite Process, Composite Views and Composite Application which consume Enterprise Services.
  2) WS-Poilcy, WS-Adressing and BPEL is defenetly supported with PI 7.1(release planned for september 2007)
  3) This a part of the NetWeaver Composition Enviroment. For Monitoring you need brokered Service communication... in this case you can use PI as integration Broker which is able to monitor your communication.
  4) Exacutable Business Process(BPEL) are supported by PI 7.1
  You are able to Design these processes with the Design tools of the PI.
  For Highlevel Process modeling ARIS for SAP Netweaver is integrated.
  So from High Level Process models drill down to theService Operations are all part of the Enterprise Service Repository and can be used to realise you business tasks.
  5) SAP provide the ES Workplace and SAP Discovery System for Enterprise SOA
  regards,
  Robin

• Questions about authorization variable customer user exit

  Dear all,
  To reduce the authorization maintenance effort, I found from the web that we can use authorization variable with customer user exit RSR00001.
  When I use the transaction CMOD to display the maintain the user exit RSR00001, the user exit does not found. I would like to know how can I use thie user-exit?
  My SAP version is R/3 4.7
  The information of authorization variable  from web is as follow:
  http://help.sap.com/saphelp_nw04/helpdata/en/6d/58f438114ee836e10000000a114084/frameset.htm
  Would anyone have some ideas to solve my questions?
  Many thanks
  Sunny
  Edited by: LI Sunny on Aug 3, 2010 12:08 PM

  Dear Bala Duvvuri,
  Firstly, many thanks of your reply.
  Actually, what I want to do is to call some user-exit when performing authorization checking. I want to add some logic to the authorization checking and the user exit can be called automatically when performing authorization checking.
  I mainly use this checking in the FI module.
  Are there any ways I can perform this checking?
  One more findings, I have another machine containing SAP XI, I can search the user exit RSR00001. but it doesn't exit in SAP R/3 4.7. Is it version issue or my SAP R/3 4.7 doesn't contain the BI module?
  Many Thanks again.
  Sunny

• Questions about SRM PO in Classic scenario

  Hello All
  I have a number of questions about the SRM PO in classic scenario.
  1) If the Backend PO is changed in ECC i.e. if any quantity is added , can we have an approval workflow
  for the same?
  We currently have release strategies for other PO's in ECC. How do we accommodate the PO changes only?
  Our requirement is not have an approval initially once the PO is created, but only for the changes
  2) If the PO is sent as XML to the Vendor, is it possible to capture the PO response in ECC? What are the Pre-requisites
  for this to happen. Should SAP XI be required for this?
  3) In case the PO is cancelled/ reduced , does the Balance goes back to SRM sourcing cockpit?
  We are using SRM 7.0
  Regards
  Kedar

  Hi,
  1) If the Backend PO is changed in ECC i.e. if any quantity is added , can we have an approval workflow
  for the same?
  We currently have release strategies for other PO's in ECC. How do we accommodate the PO changes only?
  Our requirement is not have an approval initially once the PO is created, but only for the changes
  Sol: In ECC6.0 if the P.O is changed and release strategy is there in ECC6.0 then it follows the ECC6.0 Approval Route.
  2) If the PO is sent as XML to the Vendor, is it possible to capture the PO response in ECC? What are the Pre-requisites
  for this to happen. Should SAP XI be required for this?
  XI is mandatory
  3) In case the PO is cancelled/ reduced , does the Balance goes back to SRM sourcing cockpit.
  Once P.O is created in ECC 6.0 for the P.R in Sourcing Cockpit, cancelling/reduction will not have a updation in the sourcing cockpit in SRM.
  Eg  100 nos P.R is in SRM sourcing cockpit for which  you have createdaa P.O for 40 nos is ECC6.0
  for the remaining 60 nos PR ,you can create a P.O in ECC6.0
  Regards
  Ganesh

• Some question about the renegotiation function in SRM Contract (GOA)

  Hi All Expert,
  We are on SRM 5/4.6,  there is a question about the renegotiation function in SRM GOA.
  Can we renegotiate the price for some parts in the GOA items with this function ( e.g. Only renegotiate one item in the contract) ?
  Will the item price updated automatically after the renegotiation?
  Many thanks in advance!!!
      Wendrin

  Hi Sanjeev,
  Many thanks for your help.
  One more question, if I add a new item when we renegotiation, will it be transfered to contract and create a new item after that?
  Thanks and best regards
  Wendrin

• Question about  SAP's predefined authorization roles and responsibilities

  Hi,
  Is  there  a document (like a best practice document) that talks about what are the SAPu2019s predefined roles to be assigned to different responsibilities(like Basis, ABAP Developer, ABAP Developer for HR etc, Functional Configuration etc)?. If anybody have seen this document, please send the URL for that.
  I am seeing SAP AUTHORIZATION SYSTEM and SAP AUTHORIZATION MADE EASY books in the market.
  But these books talk  about authorization concept up to 46C only( I might be wrong).
  Please advise about any latest book on SAP Authorization that talks about NW(ABAP + JAVA)  also.
  Thanks.
  Raj.

  Hi
  The following link help your requirement on documentation.
  http://help.sap.com/saphelp_banking463/helpdata/en/23/07d128f31011d296330000e82de14a/content.htm
  Regards
  Shan

• Question about using multiple iPods on the same PC

  I've read the FAQs on this subject but I still have a couple of questions about multiple users with separate iPods using the same PC.
  I want to use my family's desktop (A new Gateway with Vista, if it matters) for my new iPod Classic, but my father already has an iTunes account on there for his iPod. I know I can create a new user account on the PC and move iTunes to a shared folder so that we can share music, but will this second account be able to purchase music from the iTunes store or am I going to have to switch between Windows User accounts to make purchases and then move new songs into my separate iTunes account via the shared folder? Will it be its own separate iTunes account (separate user name, separate credit card used, etc.) or will it just be a second library that's dependant on the first?
  I want to be able to have my own iTunes account, make my own purchases in it, and maybe occasionally share tv shows or something with my father.
  If this can't be done, would I be better off just creating new playlists for our two iPods from the same library, or creating a second library on my Father's account?
  Also, if I want to access things I've purchased from iTunes on this desktop in iTunes on my notebook, will I be able to?
  I hope that made sense.
  Sorry if these seem like silly questions. This will be my first iPod as I'm really excited about the 160gig and want to know if these things are possible.
  Thanks in advance for any help

  Hi, Wes.
  Congratulations on your new iPod Classic and Welcome to the Apple Discussions.
  For no particular reason, let's answer your last question first ...
  ... if I want to access things I've purchased from iTunes on this desktop in iTunes on my notebook, will I be able to?
  The iTunes Store operates on a one download per purchase policy so you will have to copy the purchases from one computer to the other and make sure that you authorize the laptop to play the songs.
  As to your first question ...
  ... will this second account be able to purchase music from the iTunes store or am I going to have to switch between Windows User accounts to make purchases ...
  Whatever XP User Account you are logged in to doesn't really matter. What's important is which Apple Account you sign in to ... yours or your Dad's or - if you had my Apple ID and password - The Mimico Kid's for that matter. You can sign in to any Apple Account on any XP User Account. Or any computer for that matter.
  Where the XP User Account comes into play is that it will determine where on your computer the purchases are downloaded. Files will be sent to the iTunes Music folder as specified in the iTunes Edit menu > Preferences > Advanced tab > General sub-tab. Default settings will have a different location for each User Account - C:\Documents and Settings\ user name \My Documents\My Music\iTunes - but if you've read this article in the Apple Knowledge Base, you will know you can change the location of the iTunes Music folder in each XP Account to a common location such as C:\Documents and Settings\All Users\Documents\My Music\iTunes.
  Post back if all this hasn't been as clear as mud and you need anything clarified.

• Question about restoring a backup.

  Question about restoring a backup. I want to restore an old back up to recover messages and photos. If I restore my iPhone with this old backup, will it delete any CURRENT text messages that I currently have on my phone? Same concern current photos on my phone. Thanks!

  Hello,
  I'm having a problem ....
  My phone was giving me trouble and I had to completely wipe everything from it. I had backup on my PC , but when I connect my wiped phone back to my PC, it couldn't recognize it , so I got a question...something like "this phone is connected first time....do you want to authorize this computer...blah,blah" ,
  but than I've got next question, something like "do you want to merge data or you want to overwrite your phone" and I've pressed "merge" by accident
  Now....is there any way back from it? How I can get data from all apps back to my phone ?
  All app's are there, but all of them are empty ! Please help!

• Few questions about apex + epg and cookie blocked by IE6

  Hi,
  I would like to ask a few questions about apex and epg.
  I have already installed and configured apex 3.2 on oracle 10g (on my localhost - computer name 'chen_rong', ip address -192.168.88.175 ), and enable anonymous access xdb http server.
  now,
  1. I can access 'http://chen_rong' , 'http://localhost' , 'http://192.168.88.175' without input username / password for realm 'XDB' in IE6;
  2. I can access 'http://localhost/apex/apex_admin' , 'http://192.168.88.175/apex/apex_admin' , and I can be redirected into apex administation page after input admin/<my apex admin password> for realm 'APEX' in IE6;
  3. I can access 'http://chen_rong/apex/apex_admin' in IE6, but after input admin/password , I can not be redirected into administation page, because the cookie was blocked by IE6.
  then, the first question is :
  Q1: What is the difference among 'http://chen_rong' , 'http://localhost' , 'http://192.168.88.175' ? I have already include site 'chen_rong' into my trusted stes! why the cookie was blocked by IE6. I have already tried firefox and google browser, both of them were ok for 'chen_rong', no cookie blocked from site 'chen_rong'!
  and,
  1. I have tried to use the script in attachment to test http authentication and also want to catch the cookie by utl_http .
  2. please review the script for me.
  3. I did:
  SQL> exec show_url('http://localhost/apex/apex_admin/','ADMIN','Passw0rd');
  HTTP response status code: 401
  HTTP response reason phrase: Unauthorized
  Please supplied the required Basic authentication username/password for realm XDB for the Web page.
  Web page http://localhost/apex/apex_admin/ is protected.
  MS-Author-Via: DAV
  DAV: 1,2,<http://www.oracle.com/xdb/webdav/props>
  Server: Oracle XML DB/Oracle Database
  WWW-Authenticate: Basic realm="XDB"
  Date: Tue, 04 Aug 2009 02:25:15 GMT
  Content-Type: text/html; charset=GBK
  Content-Length: 147
  ======================================
  PL/SQL procedure successfully completed
  4. I also did :
  SQL> exec show_url('http://localhost/apex/apex_admin/','ANONYMOUS','ANONYMOUS');
  HTTP response status code: 500
  HTTP response reason phrase: Internal Server Error
  Check if the Web site is up.
  PL/SQL procedure successfully completed
  SQL> exec show_url('http://localhost/apex/apex_admin/','SYSTEM','apexsite');
  HTTP response status code: 401
  HTTP response reason phrase: Unauthorized
  Please supplied the required Basic authentication username/password for realm APEX for the Web page.
  Web page http://localhost/apex/apex_admin/ is protected.
  Content-Type: text/html
  Content-Length: 147
  WWW-Authenticate: Basic realm="APEX"
  ======================================
  PL/SQL procedure successfully completed
  my second questions is :
  Q2: After I entered into realm 'XDB', I still need went into realm'APEX'. how could I change the script show_url to accomplish these two tasks and successfully get the cookie from site.
  the show_url script is as following:
  CREATE OR REPLACE PROCEDURE show_url
  (url IN VARCHAR2,
  username IN VARCHAR2 DEFAULT NULL,
  password IN VARCHAR2 DEFAULT NULL)
  AS
  req UTL_HTTP.REQ;
  resp UTL_HTTP.RESP;
  name VARCHAR2(256);
  value VARCHAR2(1024);
  data VARCHAR2(255);
  my_scheme VARCHAR2(256);
  my_realm VARCHAR2(256);
  my_proxy BOOLEAN;
  cookies UTL_HTTP.COOKIE_TABLE;
  secure VARCHAR2(1);
  BEGIN
  -- When going through a firewall, pass requests through this host.
  -- Specify sites inside the firewall that don't need the proxy host.
  -- UTL_HTTP.SET_PROXY('proxy.example.com', 'corp.example.com');
  -- Ask UTL_HTTP not to raise an exception for 4xx and 5xx status codes,
  -- rather than just returning the text of the error page.
  UTL_HTTP.SET_RESPONSE_ERROR_CHECK(FALSE);
  -- Begin retrieving this Web page.
  req := UTL_HTTP.BEGIN_REQUEST(url);
  -- Identify yourself.
  -- Some sites serve special pages for particular browsers.
  UTL_HTTP.SET_HEADER(req, 'User-Agent', 'Mozilla/4.0');
  -- Specify user ID and password for pages that require them.
  IF (username IS NOT NULL) THEN
  UTL_HTTP.SET_AUTHENTICATION(req, username, password, 'Basic', false);
  END IF;
  -- Start receiving the HTML text.
  resp := UTL_HTTP.GET_RESPONSE(req);
  -- Show status codes and reason phrase of response.
  DBMS_OUTPUT.PUT_LINE('HTTP response status code: ' || resp.status_code);
  DBMS_OUTPUT.PUT_LINE
  ('HTTP response reason phrase: ' || resp.reason_phrase);
  -- Look for client-side error and report it.
  IF (resp.status_code >= 400) AND (resp.status_code <= 499) THEN
  -- Detect whether page is password protected
  -- and you didn't supply the right authorization.
  IF (resp.status_code = UTL_HTTP.HTTP_UNAUTHORIZED) THEN
  UTL_HTTP.GET_AUTHENTICATION(resp, my_scheme, my_realm, my_proxy);
  IF (my_proxy) THEN
  DBMS_OUTPUT.PUT_LINE('Web proxy server is protected.');
  DBMS_OUTPUT.PUT('Please supply the required ' || my_scheme ||
  ' authentication username/password for realm ' || my_realm ||
  ' for the proxy server.');
  ELSE
  DBMS_OUTPUT.PUT_LINE('Please supplied the required ' || my_scheme ||
  ' authentication username/password for realm ' || my_realm ||
  ' for the Web page.');
  DBMS_OUTPUT.PUT_LINE('Web page ' || url || ' is protected.');
  END IF;
  ELSE
  DBMS_OUTPUT.PUT_LINE('Check the URL.');
  END IF;
  -- UTL_HTTP.END_RESPONSE(resp);
  -- RETURN;
  -- Look for server-side error and report it.
  ELSIF (resp.status_code >= 500) AND (resp.status_code <= 599) THEN
  DBMS_OUTPUT.PUT_LINE('Check if the Web site is up.');
  UTL_HTTP.END_RESPONSE(resp);
  RETURN;
  END IF;
  -- HTTP header lines contain information about cookies, character sets,
  -- and other data that client and server can use to customize each
  -- session.
  FOR i IN 1..UTL_HTTP.GET_HEADER_COUNT(resp) LOOP
  UTL_HTTP.GET_HEADER(resp, i, name, value);
  DBMS_OUTPUT.PUT_LINE(name || ': ' || value);
  END LOOP;
  -- Read lines until none are left and an exception is raised.
  --LOOP
  -- UTL_HTTP.READ_LINE(resp, value);
  -- DBMS_OUTPUT.PUT_LINE(value);
  --END LOOP;
  UTL_HTTP.GET_COOKIES(cookies);
  dbms_output.put_line('======================================');
  FOR i in 1..cookies.count LOOP
  IF (cookies(i).secure) THEN
  secure := 'Y';
  ELSE
  secure := 'N';
  END IF;
  -- INSERT INTO my_cookies
  -- VALUES (my_session_id, cookies(i).name, cookies(i).value,
  -- cookies(i).domain,
  -- cookies(i).expire, cookies(i).path, secure, cookies(i).version);
  dbms_output.put_line('site:'||url);
  dbms_output.put_line('cookies:');
  dbms_output.put_line('name:'||cookies(i).name);
  dbms_output.put_line('value:'||cookies(i).value);
  dbms_output.put_line('domain:'||cookies(i).domain);
  dbms_output.put_line('expire:'||cookies(i).expire);
  dbms_output.put_line('path:'||cookies(i).path);
  dbms_output.put_line('secure:'||secure);
  dbms_output.put_line('version:'||cookies(i).version);
  END LOOP;
  UTL_HTTP.END_RESPONSE(resp);
  EXCEPTION
  WHEN UTL_HTTP.END_OF_BODY THEN
  UTL_HTTP.END_RESPONSE(resp);
  END;
  /

  I use oracle database enterprise edtion 10.2.0.3. I have already figured out the epg on 10.2.0.3 to support apex 3.2.
  And as I described above, the apex site works fine for ip address , and localhost. but the cookie will be blocked by IE6, if I want to access the site by 'http://computername:port/apex/apex_admin'. This problem does not occured in firefox and google browser. Could someone give me answer?

• STS: Few Questions about STS ?

  Hi All,
  Right now, I'm working on STS for IP.
  I have some questions about it:
  1. Every time I execute t-code BPS_STS_START, it launch the STS Web Application with different port and HTTP.
  The port should be 8444, and HTTP should be HTTPS .
  I've already checked on t-code: SE80 to TUNGUSKA htm, and see on the properties on it. I got it has correct port and HTTPS.
  How do I fix up this problem ? Do you know what the solution is ?
  2. When I execute sending email initially, why does it always send the email to manager ?
  Whereas It doesn't have the upper level.
  How can I setup it? Is it setup with the Authorization ?
  Thanks a lot all . Appreciate your suggestion about my questions.
  Best regards,
  Daniel N.

  Hi Lucimar,
  Thanks a lot for your kind help.
  If you don't mind, I have another questions.
  When I run t-code: BPS_STS_START. It will launch the browser with this url: https://sapdsb6.xxx.yyy.com:8606/sap/public/myssocntl?sap-client=100
  But it just gives me blank web-page.
  My question is whether it's normal behavior from STS ? I thought it will distribute email notification to start planning, but it's not, when I check on t-code: SOSV, it doesn't give any email queue to be distributed.
  2.
  Btw, regarding my question no. 2, how can I setup it in t-code: BPS_TC at Determine date, Person Resp., Layouts ? Where can I setup it ?
  Would you kindly help me what I have to do ?
  Thanks a lot and have a good day,
  Best regards,
  Daniel N.

• Basic questions about JAAS capabilities

  I've never used JAAS for authentication or authorization in a Java app before. Can somebody that has (or at least has some experience and knowledge about JAAS) please answer the following couple of basic questions about it? (I know I could probably answer these myself with a few hours of reading.)
  1. Can I use JAAS to restrict the users that can execute specific methods of my code?
  2. If the answer to #1 is yes, is there a way to programmatically determine if a JAAS login user has the permissions to run a method before actually calling that method. In other words, can I ask something like canUserExecute(method) or do I have to just put the call to the method in a try/catch and catch a security exception of some type?
  3. Is it fairly simple to have JAAS authenticate against a Windows Domain or a LDAP server?
  4. Are there programmatic ways to add or edit user information in JAAS?
  Answer to any of these questions are greatly appreciated. I'll even toss a couple of Dukes to the people that answer each question. Thanks in advance.

  You might look at the AfterthoughtSoft-Secure product at http://www.advancedmodelingconcepts.com. It is designed to do just that and will easily allow you to connect to users/group repositories that are in anything from a simple text file all the way up to Kerberos V.
  You can contact the author of the product (me) at bart dot jenkins at gd-ais dot com.
  bart

• Questions about Access Manager tutorials available in netbeans site

  Hi
  Thank you for reading my post
  I have some questions about two tutoral which i find in :
  http://www.netbeans.org/kb/55/amsecurity.html and
  http://www.netbeans.org/kb/55/amsecurity-liberty.html
  here is my problem :
  we have some web services, now we want to have authentication applied for consumer who try to access our web services.
  we need to have most possible flexibility because we may deploy the server for a customer with an already established Identity database ( Database Table with user details)
  Also we need to have Transport level security using SSL.
  I read and studied both of them and now i have some questions :
  -I think Securing Web Services Using the SAML or UserNameToken is what we need for authentication and autorization of web service consumers?
  is that right?
  -Does Sun Java System Access Manager provide flexibility to authenticate user/password with a database table content?
  -How we can apply roles in Sun Java System Access Manager when we authenticate users ?
  Thanks

  Imagine that we want to have an end to end security for our web services
  we thought that we could use message level encryption to protect the soap message and also we should protect our web services from un-authenticated acess,
  we will use userName token for this.
  Our customer has large database which contains many user/password and role of those users.
  some of web services should be available to higher role (manager) and not for all users.
  so we should check a user role before we allows him/her to access a web service.
  my question is whether Sun Access manager can help us with this? or there are other configuration or packages that we should apply to have this feature.
  to explain more :
  our client side is a swing application, users enter username/password to login into system. after they loged in, we send user/pass every time user want to request some data from some services. (is it good to send user/pass every time?)
  We want Sun Access Manager to handle users authentication .
  We also need to handle role related authorization, can Sun access manager handle this?
  Thanks