Regarding assignment of roles in SU01

Why People will add auth object in roles tab in SU01 instead of profiles tab very often? Is there any diff in that?
Edited by: mydhili talluri on Aug 14, 2008 8:04 AM

Let me explain you this to satisfy you.
Initially all sap systems had only one way to authorize or secure system through profiles and system security was based on profiles only.
Down the line SAP introduced the terms Role.
Role has many options and easy to manage than profile.
When you create roles in SAP and generate it .System automatically create profiles .
Still you can create profile with help of transaction su03 and maintain the user master data .
So initially I belive before 3.1i we had only option for security was profile.
Now we have to two options roles and profile both.
Roles are easy to manage than profiles.
Hope it helps.
Amit

Similar Messages

ABAP program/Function module to assign the roles in SU01

Hi,
Is there any ABAP program/function module to assign the roles in SU01. And program/function module which does all teh SU01 related activities.
Thanks and Regards,
Rashmi

Hello,
Check the function modules that start with BAPI_USER*
To assign roles :
BAPI_USER_ACTGROUPS_ASSIGN
To assign profiles :
BAPI_USER_PROFILES_ASSIGN
To change user's metadata (name, settings, ... other SU01 functions) :
BAPI_USER_CHANGE
Success.
Wim

Indirect pfcg role assignment - no roles in SU01

Hi experts,
I would like to assign PFCG roles via indirect assignment, this means i would assign roles with the organisational model (transation ppomw).
I did the assignment and i executed the transaction pfud for user master data reconciliation. But the pfcg roles are not assigned to the user (see roles in transaction SU01). Usually the roles should be displayed (in blue and with xflag for indirect assignment).
Are there any customizing configurations i have to keep in mind?
Hope you can help as fast as possible.
Thanks a lot and best regards,
Natali

Run PFUD if this is still an issue.

Assign biz role through CRM -SU01 and display page at portal

HI, SDN Fellows.
I am creating some custom portal roles at portal and mapped it to the custom business roles for some PCUI screens at crmc_blueprint_c --> "Assign Portal Role to Single Role" ("Assignment of CRM Role to Portal Role").
Currently, our portal UME data source is mapped to CRM system.
Right now, I have to assign both the CRM Role through SU01(to have access the CRM Object Method at CRM-PCUI application) and Portal Role through User Admin of WAS/portal (to access/display the PCUI iView in the portal).
My goal is to just assign role through CRM-SU01 and achieve the same output as I described above. Meaning can I just do the role assignment for the CRM role (through SU01) and able to access to the CRM-PCUI application through portal (able to see the pcui screen)?
Thanks,
Kent

What I want is when I assign a role (Sales Manager) said user A in CRM system, userA should able to see the related workset/page/iviews in the portal (without the need to assign the same: Sales Manager role in portal).
Now, what I have to do is assign the related objects into a single/composite roles in CRM (for backend data access), then I have to assign a portal role (through User Admin of Portal, so that they can see the portal content),
is that a way we can do it in one step?
Thanks,
Kent

CUA: Previously Assigned Job roles disappeared

Hello Dear!
Recently I have implemented CUA in our SAP System landscape.
I have one issue with it that I am unable to see the previously assigned Job roles to the users .
Can some one advice me how to resolve it?
Regards
Saqib

>
M.Saqib Ayub wrote:
> I have selected DEV Server as a CUA and others as Childs.
that is exactly what i would have avoided, if possbile. you say, you have a solution manager hanging around ... i strongly recommend you use this as the CUA master. the reasons being: if you have developers on your DEV and you are doing some development on roles etc, you will always disturb the others, since you have to run PFUD and whatnot jobs while develping roles, maybe ALE scenarios, IDOCs. your SolMan, on the other hand ... is independent. you would disturb no-one, downtimes for maintenance, developments etc. are fewer (in which time you would have no control over the users in your landscape). you could setup a totally different backup strategy, you could synchronize naming conventions/proceedings from the very beginning instead of having to re-design it some day in the future (and that day will come, it always does). since you are at the very beginning of your project, you might want to reconsider ...
but i am off-topic.
>
M.Saqib Ayub wrote:
> Now when I am going to see existing users assigned job role in CUA (DEV) thru SU01. Its not showing already maintained Job roles. The users are not complaining about any authorizations issue, it means the authorizations are intact in the system.
how did you set that up? are you adding single roles per system in DEV or do you have a composite in DEV the singles of which point to the other systems or do you attach them to PPOME? or something totally different?

How to assign CO roles to HR Adminstrtor?

Hi,
My company is currently working on Appraisal
System. The system is : The work review form will be
submitted by employee to the Reporting Officer (RO)and
then will be reviewed & rated by Counter-signing
Office (CO). In few of the cases, the HR administrator
has to work on this on behalf of CO.
She always does this, by taking user-id & pwd of CO of
ESS.
How to assign CO roles to HR Adminstrtor?
Regards,
Naddy.

Review the CO user roles in SU01D. Assign the role to the user using SU01.

Assign Portal Roles from R/3

Hi all,
We've here an EP6 SP14 SR1 with R/3 as data source, this R/3 is used to ESS and MSS implementation on portal. The users are created at R/3 using SU01 and then Logon portal with this same user. But we've to assign portal roles with portal administrator to have access to menus in portal. There's a way to, when create user in backend we can assign automatically portal roles to the user ?
We do not have CUA neither LDAP.
Thanks a lot for help.
Best Regards,
Pedro Rodrigues.

Jörg,
Thanks a lot, that's very helpfull, now I can see the roles in portal groups. But, we need to use dataSourceConfiguration_r3_rw.xml because when user have to change his own password first time they enter in portal.
How could we got this authorization ?
Could we assign to pfcg roles that we pretend to use this authorization ?? What authorization is it ??
Thanks,
Best Regards,
Pedro Rodrigues.

Portal Runtime error in assigning a role to a user by UME

Hi ALL,
I am assigning a role to a user through UME using this piece of code:
String uids = userFactory.getUserByUniqueName("Shilpa").getUniqueID();
String roleid = roleFact.getRoleByUniqueName("pcd:portal_content/administrator/content_admin/content_admin_role").getUniqueID();
roleFact.addUserToRole(uids,roleid);
The userid and role is beinf fetched successfully but at the assignment of the role to the user , I am gettign Portal runtime error.
The error log is following.
<b> java.lang.NoClassDefFoundError: com/sap/abc/network/util/InfEPLog
     at UserListeners.userAssigned(UserListeners.java:27)</b>
     at com.sap.security.core.imp.RoleFactory.assignUserPerformed(RoleFactory.java:1466)
     at com.sap.security.core.persistence.imp.DistributedTransaction.doCacheUpdateAndNotificationForMembers(DistributedTransaction.java:565)
     at com.sap.security.core.persistence.imp.DistributedTransaction.doCacheUpdateAndNotificationForMembers(DistributedTransaction.java:815)
     at com.sap.security.core.persistence.imp.DistributedTransaction.doCacheUpdateAndNotification(DistributedTransaction.java:465)
     at com.sap.security.core.persistence.imp.DistributedTransaction.afterCompletion(DistributedTransaction.java:252)
     at com.sap.engine.services.ts.jta.impl.TransactionImpl.commit(TransactionImpl.java:414)
     at com.sap.engine.services.ts.jta.impl.TransactionManagerImpl.commit(TransactionManagerImpl.java:316)
     at com.sap.engine.services.ts.transaction.TxManager.commitLevel(TxManager.java:581)
     at com.sap.engine.services.ts.transaction.TxManagerImpl.commitLevel(TxManagerImpl.java:63)
     at com.sap.transaction.TxManager.commitLevel(TxManager.java:237)
     at com.sap.security.core.persistence.imp.DistributedTransaction.commit(DistributedTransaction.java:2742)
     at com.sap.security.core.imp.Role.commit(Role.java:337)
     at com.sap.security.core.imp.RoleFactory.addUserToRole(RoleFactory.java:1338)
     at com.sap.user.UserAdded.doContent(UserAdded.java:63)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.doPreview(AbstractPortalComponent.java:240)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:168)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
     at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
     at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:645)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
     at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
     at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
     at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:524)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:407)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Please tell me where I am wrong.
Regards,
Shilpa.

Hi Shilpa,
The error "java.lang.NoClassDefFoundError" means that your classpath is not set correctly. This is likely due to a missing reference. The class file may be in the jar, but at runtime the component (your component) needs to have access to the jar file which contains the class.
Try adding the servlet.jar, activation.jar file in your project and also through your ADd external libraries at 'java build path'. also please ensure tht WAS and NWDS at the same SP level.
Hope this might help you.
Regards,
Shaila

Error while trying to assign a role via CUP in Portal

Hello Experts,
I am trying to create a request to assign a role in EP via CUP ( 5.3)
EP Connector is working fine as I have imported Portal roles etc
SPML service is working fine
I have done the mapping in the Provisioning tab for Portal system
logonname in portal is email address of an employee
So the I have done the following mapping
AC Field Application field
email addres-Stndard logonname
And I have the following error while trying to create a request which I grabbed form the log
ERROR Exception during EJB call, Ignoring and trying Webservice Call
LinkageError: loader constraints violated when linking com/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO class
ERROR com.virsa.ae.core.BOException: Exception from the service : Invalid System
com.virsa.ae.core.BOException: Exception from the service : Invalid System
ERROR : BO Exception in Save request
Any suggestions would be really appreciated
Regards
Kev

Kevin,
I was able to replicate your issue and there is a setting in the CUP that you have to disable, Goto the config tab in the CUP and select NO for the "Risk Analysis On Request Submission " under risk analysis.
Issue here is you did not create a connector for your EP in the RAR, I believe you have the above mentioned parameter to yes and so when you are submitting a request CUP is trying to do the risk analysis but RAR was not able to find any System, so it is thowing an error.
You can resolve this issue in two ways, one is to create a connector in RAR or the other is to disable the setting in the CUP.
Hope this helps.
Naveen

Assign Application Roles

Hi All,
I am new to SOA and I want to know how to assign application roles (Not global roles) through EM Console. As, I am unable to assign the roles through BPM workspace. I can go to the administrator tab and assign the roles to me. But in the task list I am unable to get the task.
Thanks and Regards,
Ram

Hi Ram,
Refer this doc:
http://docs.oracle.com/cd/E24628_01/doc.121/e36415/sec_features.htm#CJADDBGA
HTH
Mani

Assigning authorization role to position in PP02 (SRM 5.0) not working

Hi,
We've run into a problem in our SRM 5.0 system that we're not sure how to solve.
We defined a role where we only set the BBP_APPROVAL_LIMIT attribute in the Personalization tab. It has no other transaction authorizations.
When we assign this role to the user directly the user inherits the BBP_APPROVAL_LIMIT as expected.
When we attempt to assign this same role to a position through PP02 and run the PFUD, the attribute values are not transferred to the user personalization attributes. Doesn't matter what we do, we can't seem to be able to get it to work.
Does anyone one have any experience with this that they could share?
Regards,
Jerry Martinek

Hello Yann,
Thank you for the reply.
This is one of the things that I'm trying to confirm which is whether it can be done. I was told that it does work and that they use PP02. But as we can't get it to work I wanted to know if anyone else is using this process and if yes, how do you do it.
If people mainly use the explicit user assignment via PFCG, do they manage it manually or systematically?
Thanks,
Jerry

Assigning the role to the group using MAXL

Hi,
We are using Essbase 11.1.1.3 and Hyperion Financial Reports 11.1.13.
I have created a role called "Standard_user_HFR" in shared Services and assgined Explorer and viewer to the role and i need to assign the role to the groups and i have around 1600 groups to which i have assign the role. Is there any Maxl Script to assign the role to the groups. As of now i am manually adding the role to the group.
Regards,
VJ

Also look into Aggregated Roles to possibly reduce the number of Groups.
Oracle states:
Aggregated roles, also known as custom roles, aggregate multiple predefined application roles. An aggregated role can contain other aggregated roles. For example, a Shared Services Administrator or Provisioning Manager can create an aggregated role that combines the Planner and View User roles of a Oracle Hyperion Planning, Fusion Edition, application. Aggregating roles can simplify the administration of applications that have several granular roles. Global Shared Services roles can be included in aggregated roles. You cannot create an aggregated role that spans applications or products.
Thank you,
Todd Rebner

How to assign the role for created user thru dynpro App

Hi All
How to assign the role for currently created user from Webdynpro App.
when i enter into the portal after creating the user
i am getting the following messgae in the portal
"No portal roles are assigned for this user.If this problem persists, contact your system administrator."
how to assign the user defined role for the created user from dynpro App
Regards
Dhina Kar J
Edited by: Dhinakaran Jeyachandran on Feb 1, 2008 12:19 PM
Edited by: Dhinakaran Jeyachandran on Feb 1, 2008 12:35 PM

In the User Administration section of your portal find your newly created user and below select "Assigned Roles" tab then press <Modify> button and look through available roles on portal then just simply add and save. But if you want to do it programmatically see below:
IUserAcountFactory userFactory = UMFactory.getUserAccountFactory();
// IUser - read only but with IUserAccount is possible to set up user data
IUserAccountSearchFilter userFilter = userFactory.getUserAccountSearchFilter();
userFilter.setLogonUid("superuser", ISearchAttribute.LIKE_OPERATOR, false);
ISearchResult sr = userFactory.search(userFilter);
for (final Iterator i = new PrincipalIterator(sr); i.hasNext();) {
IUserAccount user = (IUserAccount) i.next();
Execute the same search for IRole (or IGroup if needed) get the unique id of them and use newRole(...) and addUserToRole(...) methods from IRoleFactory.
Of course you don't need search for this principals if you know uniqueness of them. Use appropriate factories to get'em all by this unique id.
All the features see in [javadocs|http://help.sap.com/javadocs/NW04S/current/se/index.html]

Assignment pfcg-role to user and assignment pfcg-role to business role

Hello, Gurus!
What is the difference between direct assignment pfcg-role to user and assignment pfcg-role to business role? What is the effect from assignment pfcg-role to business role?
As I see authrizations from pfcg-role assigned to business role have no effect to user...
Best regards,
Artuк Litvinov.

Artur,
The business role assignment does not give a user that PFCG role. Instead it is just a mapping table and does nothing more.
Therefore that UIU_COMP auth object must exist in the PFCG roles assigned to the user in order for them to use the webclient. In your scenario let's do the following:
You have pfcg roles:
RA
RB
You a have business role
B1
You have users:
Joe
Jack
Business Role B1 is assigned to role RA which contains UIU_COMP.
User Joe gets business role B1 and roles RB which does not have UIU_COMP. This will not let him use the webclient.
User Jack gets business role B1 and pfcg role RA. This will work because everything is there.
This means you need both the correct PFCG plus business role setup to make it work properly.
Take care,
Stephen

Assigning the role automatically when a user is created.

Hi all,
we are usign the EP 7.0 eph1 sp6 . we have a requirement that:
When we are creating a new user and click save, then a user is created and to that user automatically a role should get assigned (without manual assignment of role to user). the role will have the framework page etc.
and suppose we are assigning some role to the same user the above assigned automatic role should be deassigned automatically again.
is there any possible way.
Please help.
regards,
kavitha

Hi
When we are creating a new user and click save, then a user is created and to that user automatically a role should get assigned (without manual assignment of role to user). the role will have the framework page etc.
for the above one we can follow the simple process ,
as u need 2 assign the role automatically while creating the user it self, u have to do the following.
In user Adminstartion we have a button called Copy To New User.
u just slect a user already created and just click on the button above, the new user which is going to be created will get all the credntails and roles groups ,everything as the previous one.
Just have a try .
Sandeep

Regarding assignment of roles in SU01

Similar Messages

Maybe you are looking for