RETREIVING APPROVERS FOR A ROLE

I am tring to retieve the aproover for a particular role using a workflow.
But i am not able to retieve it, i have tried "get approvers" method but i am not very much familiar as to what condition should i give to make it run.
Any help in this regard will be great.

It seems like there is no solution, I have to use DBMS_LDAP package and lot of code in PL/SQL.
Suhail

Similar Messages

  • Different approvers for 2 roles of the same name in 2 different systems

    Hi experts,
    in our SAP landscape we have roles of the same name in different systems. I couldn't find any possibility to select different approvers for these two roles in GRC 5.3 SP08.
    For example role XYZ exists in system P1 and P2. In P1 I want to select only person A as role approver, in system P2 only person B.
    Is there any chance to select an approver for a combination role and system?
    Thanks,
    Manuel

    Hi Manuel,
    Yes. You can create a custom approver determinator. Go to CUP>>Configuration>>Workflow>>Custom approver determinators. Chose create new.
    CAD type: Attribute
    Workflow type: Access Enforcer
    Select your attributes and save.
    Go back. Select your new approver determinator in change mode.
    Click on the Approve button.
    Create logic between the attributes and approvers.
    Modify your role approval stage. Select your new custom approver determinator.
    Regards,
    Vit

  • How to retrieve the approvers for a role..???

    I am tring to retieve the approver for a particular role using a workflow.
    But i am not able to retieve it, i have tried "get approvers" method but i am not very much familiar as to what condition should i give to make it run.
    Any help in this regard will be great.

    If you have an app that doesn't work then have you tried deleting it and then redownloading it via the Purchased tab in the App Store app ? If that doesn't fix it then have you tried contacting the developer of the app (thereshould be a link to the developer's site on the app's description page in the store) ?
    If you don't get a reply from the developer then try the 'report a problem' page to contact iTunes Support (we are fellow users on here) : http://reportaproblem.apple.com
    If the 'report a problem' link doesn't work then you can try contacting iTunes support via this page : http://www.apple.com/support/itunes/contact/- click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption

  • Multiple Approvers for Role

    Hi,
    Is it possible to have 2 approvers (primary and secondary/back-up) for a role but only one them need to approve? Both should get the email notification but only one of them should approve. Escalation to alternate approver is not what I am looking for.
    When the roles are imported into GRC, do I need to a two entries for each role since I need have 2 approvers for the role? or is Delegation a better option?
    If Delegation is used, then do I have to setup both as role owners? or can delegated user approve with the need to setup as role owner?
    Thanks,
    Jay

    Hi Jay
    You can have 2 approvers for the same roles where either of the approvers can approve the request. You need to specify 2 entries for the same role in the import file. Both approvers will receive the email notification
    A delegate dosent have to be specified as an access control role owner.
    Thanks
    Anthony

  • Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]

    SCCM 2012 has been successfully installed on the server:
    SRVSCCM.
    The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
    Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
    The cluster service is running on the account: sqlclusteruser
    The account has the appropriate SPN are registered:
    setspn -L domain\sqlclusteruser
    Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
    MSSQLSvc/CLS-SQL4
    MSSQLSvc/CLS-SQL4.domain.local
    MSSQLSvc/CLS-SQL4:11434
    MSSQLSvc/CLS-SQL4.domain.local:11434
    After some time on the cluster hosts every day started appearing new folders with files inside:
    srvboot.exe
    srvboot.ini
    srvboot.log
    srvboot.log contains the following information:
    SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
    Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
    Copyright (C) 2011 Microsoft Corp.
    Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
    Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
    Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
    Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
    Failed to retrieve SQL Server service account.
    Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
    Disconnecting from Site Server.
    SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.

    The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
    Without successfull bootstrap the siteserver backup is not able to run successfully.
    Try grant everyone the read permisson on
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
    This worked for me.
    After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
    After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
    sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER"

  • Link is not working for one role. how to check please guide.

    Hi Expert,
    I have a simple question but as don;t aware of some of the techincal area not able to understand where to check.
    I have a link under document flow in offer( opportunity) where for one role sales support user the link is not happening. I have checked for other role its working fine.I understand that for this role the link  will not work as per the role maintianed.
    But where this link got maintained and how i will be able to check which link is tagged to which profile.
    rolewise mappeing with link.
    Please guide.
    Prem.

    Hello Prem,
    Please check the navigation bar profile from your business role.
    Then go to the navigation bar profile settings, you can find the details settings there.
    If it is a link under some work center, you need to start from the work center.
    If it is a direct link, then start from the derect link group.
    Hope this could be helpful.
    Best regards,
    'Maggie

  • Account Creation - Badi for Default values for BP Role and Sales Area

    Hi all,
    my requirement regards the possibility to create a new prospect (a link should be available in the navigation bar or create section).
    Logically, a bp role as "Prospect" and particoular sales area should be created automatically.
    I created an implementation for the BADI definition "BADI_CRM_BP_UIU_DEFAULTS". But don't know how to create the default values for BP role and Sales area:
    In my code
    assign cr_me->('VIEW') to <lv_view_name>.
      if sy-subrc ne 0.
        exit.
      endif.
      lv_viewname = <lv_view_name>.
      case lv_viewname.
        when 'AccountDetails.htm'.
    I obtain the viewname "AccountDetails" , the related context "Header". After I don't know how to proceed to obtain the related entities through the relationship BuilRolesRel and BuilSalesArrangementRel.
    Am I following the right way? Is there another solution to prepare the output for default values?
    Any kind of suggestion will be appreciated.
    Regards, Roberto

    go to spro>cross-application components>sap busines partner>business partner> basic settings>field groupings>Configure Field Attributes per BP Role
    Double click the business role which you want to customaze (e.g. 'A') and change the proper settings.
    Regards.

  • Problem creating Network ACL for a ROLE in Oracle 11gR2

    According to Oracle Documentation when you create a new Network ACL you can add privileges to a user or role.  I need to create a new ACL for the UTL_SMTP package for a specific role, but when I granted it the users who have that role are still getting the "ORA-24247: network access denied by access control list (ACL)" error when they try to send an email.  If I grant the ACL privilege to the same users directly it works fine.  Is there any step I'm missing?  This is the test I have made on my Solaris 10 - Oracle 11gR2 (11.2.0.3) Standard Edition server:
    SQL*Plus: Release 11.2.0.1.0 Production on Wed Aug 21 09:31:52 2013
    Copyright (c) 1982, 2010, Oracle.  All rights reserved.
    SQL> CONNECT system/******@testdb
    Connected.
    SQL> SET LINES 1000
    SQL> SELECT * FROM v$version;
    BANNER
    Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
    PL/SQL Release 11.2.0.3.0 - Production
    CORE    11.2.0.3.0      Production
    TNS for Solaris: Version 11.2.0.3.0 - Production
    NLSRTL Version 11.2.0.3.0 - Production
    SQL> COLUMN host FORMAT A20
    SQL> COLUMN lower_port FORMAT 99999
    SQL> COLUMN upper_port FORMAT 99999
    SQL> COLUMN acl FORMAT A40
    SQL> COLUMN acl FORMAT A40
    SQL> COLUMN principal FORMAT A15
    SQL> COLUMN privilege FORMAT A10
    SQL> COLUMN is_grant FORMAT A8
    SQL> COLUMN status FORMAT A10
    SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
    no rows selected
    SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
    no rows selected
    SQL> CREATE USER testacl IDENTIFIED BY testacl;
    User created.
    SQL> GRANT CONNECT TO testacl;
    Grant succeeded.
    SQL>
    SQL> BEGIN
      2     dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL',true,'connect');
      3     dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
      4     commit;
      5  END;
      6  /
    PL/SQL procedure successfully completed.
    SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
    HOST                 LOWER_PORT UPPER_PORT ACL
    localhost                    25         25 /sys/acls/test_smtp.xml
    SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
    ACL                                      PRINCIPAL       PRIVILEGE  IS_GRANT
    /sys/acls/test_smtp.xml                  TESTACL         connect    true
    After creating this ACL I test it like this:
    SQL> CONNECT testacl/testacl@testdb
    Connected.
    SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
    HOST                 LOWER_PORT UPPER_PORT PRIVILEGE  STATUS
    localhost                    25         25 connect    GRANTED
    SQL> DECLARE
      2     c utl_smtp.connection;
      3  BEGIN
      4     c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
      5     utl_smtp.helo(c, 'localhost');
      6     utl_smtp.mail(c, 'Oracle11.2');
      7     utl_smtp.rcpt(c, '[email protected]');
      8     utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
      9     utl_smtp.quit(c);
    10  END;
    11  /
    PL/SQL procedure successfully completed.
    SQL>
    This works fine and I receive the email correctly.  Now if I try to do the same thing for a role:
    SQL> CONNECT system/******@testdb
    Connected.
    SQL> BEGIN
      2     dbms_network_acl_admin.drop_acl('test_smtp.xml');
      3     commit;
      4  END;
      5  /
    PL/SQL procedure successfully completed.
    SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
    no rows selected
    SQL> CREATE ROLE testacl_role;
    Role created.
    SQL> GRANT testacl_role TO testacl;
    Grant succeeded.
    SQL> ALTER USER testacl DEFAULT ROLE ALL;
    User altered.
    SQL>
    SQL> BEGIN
      2     dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL_ROLE',true,'connect');
      3     dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
      4     commit;
      5  END;
      6  /
    PL/SQL procedure successfully completed.
    SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
    HOST                 LOWER_PORT UPPER_PORT ACL
    localhost                    25         25 /sys/acls/test_smtp.xml
    SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
    ACL                                      PRINCIPAL       PRIVILEGE  IS_GRANT
    /sys/acls/test_smtp.xml                  TESTACL_ROLE    connect    true
    SQL>
    And now I test it again with the same user:
    SQL> CONNECT testacl/testacl@testdb
    Connected.
    SQL>
    SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
    no rows selected
    SQL> DECLARE
      2     c utl_smtp.connection;
      3  BEGIN
      4     c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
      5     utl_smtp.helo(c, 'localhost');
      6     utl_smtp.mail(c, 'Oracle11.2');
      7     utl_smtp.rcpt(c, '[email protected]');
      8     utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
      9     utl_smtp.quit(c);
    10  END;
    11  /
    DECLARE
    ERROR at line 1:
    ORA-24247: network access denied by access control list (ACL)
    ORA-06512: at "SYS.UTL_TCP", line 17
    ORA-06512: at "SYS.UTL_TCP", line 267
    ORA-06512: at "SYS.UTL_SMTP", line 161
    ORA-06512: at "SYS.UTL_SMTP", line 197
    ORA-06512: at line 4
    SQL>
    I'm aware that role privileges doesn't apply inside procedures, functions or packages by default, but this is an anonymous block so it should use the active roles for the user.  I also tried adding a "dbms_session.set_role('TESTACL_ROLE');" at the beggining of the anonymous PL/SQL block but I got the same access error.
    Thanks in advance for any help you can give to me on this question, it would be very hard to grant the ACL to all the individual users as they are more than 1000, and we create more regularly.

    Thanks for your quick reply... I don't have a problem creating the basic ACL with the privileges granted for a user.  The problem appears when I try to create an ACL with privileges for a ROLE.  You can see here http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_networkacl_adm.htm#BABIGEGG than the official Oracle documentation states that you can assign the ACL principal to be a user or role:
    Parameter
    Description
    acl
    Name of the ACL. Relative path will be relative to "/sys/acls".
    description
    Description attribute in the ACL
    principal
    Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
    My issue is that when I try to create the ACL for a role it doesn't work.
    Have you ever created an ACL for a role? if so please send me an example or let me know which step I might be missing.  Cheers.

  • How to track the transport request number for the Role/Composit Role

    Hi,
    How to track the transport request number for the Role/Composit Role.
    Thanks,
    Ravi

    Use transaction SE03 Transport Organizer Tools
    Execute "Search for Objects in Requests/Tasks" with objects of types:
    R3TR     ACGR     Role
    R3TR     ACGT     Role - User assignment
    Regards

  • On the web how can I check the user role to display the form suitable for this role i

    Hello
    How can I check on the web the use role to display the a form for each role
    Example
    If the admin login I display admin_form.fmb and if user login I display
    user_form.fmb
    Thankx
    Tamer

    In my forms I hide tab pages according the role using something like the following script in the WHEN_NEW_FORM_INSTANCE trigger.
    So the user can not navigate to tabs which are vorbiden by his role.
    CURSOR users_roles_cur IS SELECT granted_role FROM user_role_privs
    WHERE username=(SELECT user FROM dual);
    user_roles_rec users_roles_cur%ROWTYPE;
    IF users_roles_cur%ISOPEN
    THEN
    CLOSE users_roles_cur;
    END IF;
    OPEN users_roles_cur;
    LOOP
    FETCH users_roles_cur INTO user_roles_rec;
    EXIT WHEN users_roles_cur%NOTFOUND;
    MESSAGE (user_roles_rec.granted_role);
    PAUSE;
    IF RTRIM(user_roles_rec.granted_role,' ') = 'BLA-BLA'
    THEN
    tb_pg_id := FIND_TAB_PAGE('activity');
    IF GET_TAB_PAGE_PROPERTY(tb_pg_id, visible) = 'FALSE' THEN
    SET_TAB_PAGE_PROPERTY(tb_pg_id, visible, property_true);
    END IF;
    END IF;
    END LOOP;
    CLOSE users_roles_cur;
    Other solution may be is to use an initial form which only will detect the user role and run the appropriate form.
    Other solutions are also possible.
    Joseph

  • Workflow Notifications not sending for AdHoc Role

    Hi,
    I am trying to send my workflow to multiple dynamic users, using the call createAdHocRole.
    Here is my code (I currently am using 2 user names for testing. This will be eventually be a variable) :
    +-- create role --+
    apps.wf_directory.createAdHocRole(v_role_name   -- role name
    +, v_role_name -- role display name+
    +, null -- language+
    +, null -- territory+
    +, null -- role description+
    +, null -- notification preference+
    +, 'JEHANSEN,DCDRIGGS' -- role users+
    +, null -- email addresses+
    +, null -- fax+
    +, 'ACTIVE' -- status+
    +, trunc(sysdate) + C_PURGE);+
    When I run the workflow, it runs with no errors, but I am not receiving any emails. I can view the workflow in the Status Monitor and I see the Notification being created and it shows my new role as the performer. Both usernames that I am using for the Role Users are setup as Users and Employees in the environment.
    I've queried the WF_USER_ROLES_ASSIGNMENTS table and I see my new role there, and both usernames are in the table. Both users are also in WF_USERS with email addresses, and also in WF_LOCAL_USER_ROLES. When I query WF_NOTIFICATIONS, I see the notification being created there, with a status of OPEN, receipient_role being my new role, mail_Status is blank, responder is blank, original_recipient is my new role, from_user is the supplier, and to_user is my role name .
    Can anyone see what I am missing? I thought if I create the role with a null email_address it then sends email to all users in that role? It probably doesn't matter, but these are being submitted upon the change of a PO in iSupplier (Oracle Apps).
    Thanks,
    Janel

    Hi,
    Once you have created the role, they can be referenced in your Workflow process in the same way as an other role. For example, create an ad-hoc role "MYTEST123" using the standard WF_DIRECTORY API. Then you can use this as the notification recipient in your process.
    If you are creating the roles dynamically within a process, then once the role has been created, set an item attribute (e.g. attribute NTF_RECIPIENT) to the name of the new adhoc role, and then have the notification recipient set to the value of the item attribute.
    HTH,
    Matt
    WorkflowFAQ.com - the ONLY independent resource for Oracle Workflow development
    Alpha review chapters from my book "Developing With Oracle Workflow" are available via my website http://www.workflowfaq.com
    Have you read the blog at http://www.workflowfaq.com/blog ?
    WorkflowFAQ support forum: http://forum.workflowfaq.com

  • Function Module not working for old Role

    Dears
    Function Module not working for old Role
    Function Module: /VIRSA/BAPI_AE_USERS_FOR_ROLES
    Before EHP4 upgrade this functional module working fine, but after updated users are not visible.
    We have chekced if the users are assigned directly users are visible but indirect (Position Based) assignment users are not apprearing.
    Pl check the fucntion module with given roles below and identify the root cause,
    EP_TRVL_ALL_CAB     - Old Role
    EP_TRN_TRVL_DRGC_V2 - New Role
    Regards
    Krishna Mohan CH
    9704500717

    Krishna,
    I do not think this BAPI is meant to be called by anyone but the application using it, and its functionality may therefore change without notice.
    What are you trying to achieve? Maybe there's a better way to do that...
    Frank.

  • Search for user role but help poppup display

    Anyone ever trying to search for user role from search action bar or user admin page?
    Whenever select role and clicked on the magnifying glass icon, help content displays instead of role selection.
    At first I think this is a bug. But when I asked Customer Care they said its an expected behaviour which means that this is how the engineers designed it.
    Dont you feel weird? because other field like status, correctly displays status info after clicking the icon.
    Hope u can try it this out and give your opinion here.

    Can you provide a little more detail on what you were trying to do.

  • Customizing display profile for a role ends with a blank portal

    I have a custom TabContainerProvider with 4 tabs (containers with two channels). I need one of them to be visible only to a specific role. So I created a role (static), assigned this role to users, and in portal console with the role selected I've put the 4th container with its two channels to the TabContainerProvider. When I log in as a user with the role, I see "The desktop you are using is not yet configured with any channel in it. To get started with deploying sample content, see below."
    When I do the same, but with the users selected (so I enable the container with its channels to all of the users with the role but not for the role itself), it works.
    What can be wrong? Where should I look for hints?

    Please make sure the Parent Container for the role is set correctly. When you create a new role, the Parent Container will be set to DefaultChannel by default. To verify this,
    1. launch the portal admin console, i.e. http://host/psconsole
    2. goto portals --> portalID --> specify your role for the Select DN drop down
    3. verify that the Parent Container setting for the role is not DefaultChannel, instead it should be set to the Parent Container used by your portal.
    Hope this helps. dean.

  • How to have separate template for each role in OIM

    Hi,
    We have multiple roles on a multiple AS400 boxes. In OIM we need a separate template for each role that has to be popped up during provisioning. How do we achieve this in OIM?
    Pls help me with the solution.
    Edited by: user8963056 on May 23, 2010 7:47 PM
    Edited by: user8963056 on May 24, 2010 9:47 AM

    Thanks for the reply
    for the second question; we need on the basis of role these forrms will have different informations.
    the AS/400 guys wants the below steps to be done on OIM side
    They want to make sure below plan works with OIM plan.
    1.Per System, create templates per role.
    2.Update the AS400 User Request form to include a section for each system. Add templates for each role to each system’s section.
    3.Provide ITSA with a menu option to create profiles by selecting the template they wish to copy.
    4.Create backend programs to automate additional 400 tasks required per role.
    a.Create directory entry
    b.Add to Privilege Manager
    c.Add to Menu System
    d.Add to third party software
    e.Other as required.
    If we automate the above on the 400, in OIM , we would need to create the same templates.

Maybe you are looking for