Role and groups ?

What is the difference between roles and groups in Identity Server

The main difference between roles and groups in Identity Server 5.1 is that you cannot assign policy to groups, only to roles.
Roles in Identity Server are used to define management permission via ACIs and to allow attribute inheritance via CoS and roles.

Similar Messages

WEB UI account creation with role and grouping

Hi All,
I can create account in SalesPro->Account Management-> Account - New
I don't have an option of selecting BP Role or Grouping for number range...
Should i be using any other WEBUI Role in order to create Account with an option of BP Role and Grouping
Thanks
Amish

Hello there,
The BP Role which will be used and even the number ranges are generally not used for Web UI usage. Instead we provide different configurations of the same Account Creation view based on the Component Usage and three different keys.
The functionality you are looking for can be achieved by creating different configurations.
To create different configurations of the same view in Web UI please search on the below link :
[http://wiki.sdn.sap.com/wiki/display/CRM/CRMWebClientUIFramework|http://wiki.sdn.sap.com/wiki/display/CRM/CRMWebClientUIFramework]
Please reply if this helps.
Best regards,
Vinamra.

Get inf. about user, rol and group, which shows and works on my webdynpro ?

Hi everybody,
Can someone help me? I need the information about rol and group of the user, who's show and work on my webdynpro?

Hi,
You can use the below code to get the information you need. You need to add the jar file com.sap.security.api.jar to your Web Dynpro project's build path.
     IRoleFactory roleFactory= UMFactory.getRoleFactory();
    IGroupFactory groupFactory = UMFactory.getGroupFactory();
    try
     IWDClientUser wdUser = WDClientUser.getCurrentUser();
     IUser user = wdUser.getSAPUser();
     Iterator assignedRoles = user.getRoles(true); // true means all the roles are searched recursively
     Iterator assignedGroups = user.getParentGroups(true); // true means all the groups are searched recursively
     while(assignedRoles.hasNext())
          String roleID = (String)assignedRoles.next();
          IRole role = roleFactory.getRole(roleID);
          String roleName = role.getUniqueName();
     // Fill your model node with the role
     while(assignedGroups.hasNext())
          String groupID = (String)assignedGroups.next();
          IGroup group = groupFactory.getGroup(groupID);
          String groupName = group.getUniqueName();
     // fill your model node with group.
    catch(Exception ex)
         messageManager.reportException(ex.getLocalizedMessage(),false);

Whant is the difference between role and group?

in fact. a group means the a special role that have no any assigned functions

Hi Kang
The difference betwen Roles and Groups:
Roles
Roles are the largest semantic unit within the content objects. A role is a folder hierarchy comprising other content objects (worksets, pages, iViews). The contents of a role are based on the company structure and information requirements of the users of a company. Roles are assigned to users. This means that users can only access the content that is relevant for them if they have the appropriate role.
Groups
Groups contain users falling under the same catagory. For example let's say that you have a set of roles, role x and role y. You have to assign role x to users of type a (let these be users who can only view your portal and cannot make changes) and role y to users of type b (let these users be administrators). Then you can add the users of type a to a group and assign the role x to them. Similarly you can add the users of type b to another group and assign the role y to them. This rids you of the task of having to assign the two roles to each user type individually.
Hope you got the difference now.
Warm Regards
Priya

How to find Shared Serivces Roles and Groups using scripts in IR?

hi all,
I am in IR 9.3.1 environment.
I am trying to see if I can find a user's shared service group or role when they come into a BQY file, and I can code my IR accordingly to provide different needs.
I know I can create a simple query using those V8 tables to do so in version 8, but in 9.3.1, it is not the same anymore. so is there a way that I can do this easily?
I just need to be able to set users into different groups and provide different front-end screens and/or dfferent data results according to the groups they belong to.
thanks.

http://social.technet.microsoft.com/forums/sharepoint/en-US/87129bee-4cd5-47d7-8fe0-adcb3260570c/remove-share-option
These links are displayed using the Promoted Actions Delegate Control. You can remove these by overriding the control, there is no other conventional way available to have them removed. Please use the below link for more details:
http://www.learningsharepoint.com/2013/02/19/add-links-to-promoted-actions-sharefollowsync-in-sharepoint-2013/
There is a way to do away with the SharePoint ribbon altogether. Using this method you can expose the top ribbon only to users having 'FullControl' level privilege (or any other level you want).
1. Locate your master page (below example is for Seattle.html) and wrap your ribbon control with a 'SPTrimmedControl'

<div id="ms-designer-ribbon">

<div class="DefaultContentBlock" style="background:rgb(0, 114, 198); color:white; width:100%; padding:8px; height:64px; overflow:hidden;">In true previews of your site, the SharePoint ribbon will be here.</div>
</div>

Refer to below link for more details:
http://social.technet.microsoft.com/Forums/en-US/sharepointcustomization/thread/6d78ac4a-82a1-4221-b2ad-2b47e506d929
Also try
http://www.eliostruyf.com/hiding-the-social-actions-follow-share-from-the-document-libraries-in-sharepoint-2013/
hide all people group
Here is one solution:
http://msdn.microsoft.com/en-us/library/ff650031.aspx
If this helped you resolve your issue, please mark it Answered

Can Drill-down paths being made dependent on the user roles and groups

Hello Experts
Is it possible to restrict user after certain level of drill down. Here I mean after drilling upto country level from Total World , can we restrict the user to further drill down upto state level.
OR we can say that we need to restrict certain user to look into transaction level details
thansk and appreciate any hlep on this.

i Guess u can...by setting object level security? suppose if you dnt want to drill to state... you can restrict the state column inpresentation laye... so when the user uses the the report he cannot see state and also in drill down....hope this is helpful/answered...

UME Role and Action

I am developing a recursive tree in a Web Dynpro App. My tree has some nodes and subnodes. Under the subnodes i have documents. Depending to the permission of the users should be decided what can the user do with the documents, for example, create, upate, delete and so on. I need to check the authorization of users. I want to follow the conzept like the Web Dynpro tutorial RentCar APP with Actions und Permissions. If a user logs on, i can get his UME role and group. My question is: if it is possible to list the permissions behind of one specific role, which is assigned to the user or a group.
In short I want to list the permissions and not only check if the user has it or not.
Please help me.
Regards
Hairong Zhao

Hi Sudhir,
thank you very much for your quick answer. But it can't resolve our problem really.If we only use hasPermission() method to check if the user has right, the efford to check user in our case is too great .
I try to describe our problem exactly. In our case, thers is possible that tausend documents can be attached to a node. we can't create a permission for every document. We create for every node a role, but for document we haven't role. If we don't use the conzept with Actions and Permissions, how can we check the permission of the users, have you another idea?
Regards,
Hairong Zhao

Configuring roles and users (adf security) application context wise.

Dear All,
I referred this tutorial (http://biemond.blogspot.com/2008/12/using-database-tables-as-authentication.html) which shows how to hook up adf security with database schema but at domain level which will be common to all applications in that domain. I want to make it different to each application. (i.e each application will use differene database schema for storing user credientials i.e enterprise roles,application roles and users.)
Can any one please point me to proper way..
Regards,
Santosh
jdev 11.1.1.2.0

Dear Frank,

Instead you have a single identity management system and have the application policies being different for the applications.Using ADF Security, users and groups can have different privileges in different applications

suppose i have 3 applications that use adf security, the users will be common to all applications. right..?Roles and group can be different for applications.
application polices means roles and group..?
So how it(application polices) can be made different for applications? is it inbuilt or some configurations needed ?. Can you point me to some blogs or tutorials for more reference.
Bet: Incase i hook up adf security with database schema.
Regards,
Santosh.

Roles and Database

Hi All,
When ever u create roles and groups where these are getting stored ?
What is the use of MAX DB or Oracle What exactly we are storing in these databases?
Thanks and Regards,
Phanikumar

Hi Phanikumar,
The portal users, roles and groups are stored in the UME Datasource configured in your portal.
If your UME Datasource is database, then All user, user account, role, and group data is stored in the database of the SAP NetWeaver Application Server (AS) Java.
For more on UME Data Sources:
http://help.sap.com/saphelp_nw70/helpdata/EN/7e/a2d475e5384335a2b1b2d80e1a3a20/frameset.htm
Database Only as Data Source:
http://help.sap.com/saphelp_nw70/helpdata/EN/38/caeaf49cce45d0a11fb8d7fef151b0/frameset.htm
So it all depends how you configured your UME.
Regards,
Praveen Gudapati

Hi,report like roles with groups display?

i am having roles /groups like following
String arrRoles = {"devloper","admin","manager","clerk","other"};
String arrGroups={"grp1","grp2","grp3","grp4","grp5","grp6"};
each groups having separate access
grp1 roles manager,developer
grp2 roles manager,clerk,other
grp3 roles clerk,admin
grp4 roles other
grp5 roles manager,develoepr,admin,clerk,other
grp6 roles clerk,other
finally after reading two array values and each group roles ,
i need to values in report like this
report
role grp1 grp2 grp3 grp4 grp5 grp6
devloper yes no no no yes no
admin no no yes no yes no
manager yes yes no no yes no
clerk no yes yes no yes yes
other no yes no yes yes yes
i need to display values if the group having role need to display
yes otherwise no.
can any one help me how to do and display
here roles and groups are not fixed values both are dynamicaly
created arry objects
thanks in addvance
sai

hi,
thanks for your example.
any way i solved this issue my self another way.
class Report3Test
 public static void main(String str[])
 String[] arrRoles = {"develop","admin","manager","clerk","other"};
 String[] arrGroups = {"grp1","grp2","grp3","grp4","grp5","grp6"};
 String arGrp1[] ={"manager","develop"};
 String arGrp2[] ={"manager","clerk","other"};
 String arGrp3[] ={"clerk","admin"};
 String arGrp4[] ={"other"};
 String arGrp5[] ={"manager","develop","admin","clerk","other"};
 String arGrp6[] ={"clerk","other"};
 String DELIMINATOR = "\t";
 String strGroups = "";
 strGroups = "Roles"+DELIMINATOR;
 for(int i =0; i<arrGroups.length;i++)
 strGroups = strGroups+arrGroups[i]+DELIMINATOR;
 System.out.println(strGroups);
 for(int i =0; i<arrRoles.length;i++)
 String groupStatus1 = "No";
 String groupStatus2 = "No";
 String groupStatus3 = "No";
 String groupStatus4 = "No";
 String groupStatus5 = "No";
 String groupStatus6 = "No";
 for ( int k =0; k<arGrp1.length;k++)
 if(arGrp1[k].equals(arrRoles))
 groupStatus1 = "Yes";
 for ( int k =0; k<arGrp2.length;k++)
 if(arGrp2[k].equals(arrRoles[i]))
 groupStatus2 = "Yes";
 for ( int k =0; k<arGrp3.length;k++)
 if(arGrp3[k].equals(arrRoles[i]))
 groupStatus3 = "Yes";
 for ( int k =0; k<arGrp4.length;k++)
 if(arGrp4[k].equals(arrRoles[i]))
 groupStatus4 = "Yes";
 for ( int k =0; k<arGrp5.length;k++)
 if(arGrp5[k].equals(arrRoles[i]))
 groupStatus5 = "Yes";
 for ( int k =0; k<arGrp6.length;k++)
 if(arGrp6[k].equals(arrRoles[i]))
 groupStatus6 = "Yes";
 String roleParam = (String)arrRoles[i];
 System.out.println(roleParam+DELIMINATOR+groupStatus1+DELIMINATOR+groupStatus2+DELIMINATOR+groupStatus3+DELIMINATOR+groupStatus4+DELIMINATOR+groupStatus5+DELIMINATOR+groupStatus6);
===================
sai

Assigning Roles to Users and Groups

Hi,
We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
it is an urgent assignment for me..help can be appreciated...
sudhir

Sudhir,
You can assign the roles to users and groups as below.
1. Select the System Administration in the top level navigtion
2. Select user administration
3. You can search for a specific user or a group from this iView.
4. Use the edit button to edit the profie of the user or group.
5. Search for the role in the search iView.
6. Add the role to the user of group and save.

Business Partner Role and Business Partner Grouping

Hello Everybody!
Business Partner Role and Business Partner Grouping.
Which correlation ist between this attributes existing.
In which table are this infos stored, In order create I can use
e.g. BUPA_CREATE_FROM_DATA
but how is the way inversely. Suppose I want to abtain the information
about a existing business partner which group he has etc.
Regards
sas

Dear Sas,
Business Partner Grouping is used to determine the number ranges to be used by the business partner at the time of creation.
Business Partner Role determines the subset of all the data available to be shown and edited.
I will give you a very simple (but imaginary) example for understanding the role concept: the business partner in a role of employee might allow you to enter a department id. So this field should be available to you for input when you edit the business partner in the role of employee. But suppose the same business partner is also a person who is your customer. And your customer will require a default payment term. So this field should be available for input when you edit the business partner in the role of a customer. Also, some applications use these roles to determine if the business partner is suitable for particular transaction. In the above example, Payroll application will only allow those Business Partner to be used if they are maintained as an employee. Similarly the sales application can mandate that you can only sell a product to a business partner if he is maintain in a 'customer' role.
Please understand the example above is not real but given for the understanding of the concept of role.
You can use the function module 'BUPA_CENTRAL_GET_DETAIL' to find the business partner group. And you can use the function 'BUPA_ROLES_GET' to find the role assigned to a Business Partner.
Regards, Rakesh

Oracle BI Groups, Roles and permission through external Table

Hi,
We are using SSo integration with Oracle BI 10g. We need to fetch the roles , permission and groups through an external table to our Oracle BI Dashboard. Please let me know if this is possible.
Thanks,
Aditya Arya

Thanks a lot shru.
I have achieved this User authentication through external table but the roles, groups and permissions are assigned inside Oracle BI only. I need to get the roles from an external database table and map the users in that database only. I do not want to use the administration screen in Oracle BI to achieve this.
Also, I need to know what is the OBIEE variable i can use to override roles, as we use USER for adding a new user and the values that can be used to map the permissions.
Thanks,
Aditya Arya

Portal roles and AD-groups

Hi,
anyone that can fill me with info on mapping between portal roles and Active Directory groups.
Thankful for config.help!
Kind regards,
Hilde Bakkemyr

hi,
look at this document.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
hope it helps.
regards,
rohin

Role, user and group

Hi, folks:
In order to have separate PROD and DEVL services, I created a role to include all production databases/listeners require 7*24 paging support. Then I assign a user(Administrator) to this role and subscribe to my own notification rule (This rule only checks for important metrics). And this user has a pager for its email address. As for the other DBs, I simply let the OEM provided notification rule take care of it and have some important alerts send to an email address. In the future, if I need have any new database requires 7*24 paging support, I can simply add the DB in this role. Is this a good approach. Can GROUP be used in this setup, like putting all important stuff (Listener, hosts, DB) in this group and simply assign the group to the role??

Yes. Allen. Group is for that purpose only .. simply you can segregate your whole application in to diffrent area .. either or PROD/DEV/UAT or into diff region for eg NA/EMEA/APAC or with diff applications ...

Role and groups ?

Similar Messages

Maybe you are looking for