Role Assign Permission
I am trying to check programmatically if a user has Role assign permission for a Role. The below code returns false even if the user has Role assign permission.
IAclManager mgr = UMFactory.getAclManager();
mgr.hasPermission(iRole.getUniqueID(),iUser, "com.sap.portal.pcd.roleservice.roles.Assign")
Also, using getPermissionStatus() returns an undefined permission status.
In addition to the above if the user is an administrator then the above methods return true always.
Any help is appreciated.
Thanks.
Hi Raghav,
Thanks for your response.
The target user is a demand planner and would require to change alpha, beta and gamma factors based on changing sales trends.
In production system, it will be risky to give model configuration permission to such users.
Regards,
Aditya G
Similar Messages
-
Assigning Role Assigner Permission
Hi,
I've been going through the Enterprise Portal APIs for a way to assign Role Assigner Permission on a Role to a User, but i haven't been able to find one.
Can someone please guide me on how to do it?
Thanks,
MayankThanks Michael,
I tried with the following code:
initPcdCtx = new InitialContext(env);
initPcdCtx = BRUtil.GetPCDContext(csc.Persistence);
IPcdContext myPcdContext =(IPcdContext)
initPcdCtx.lookup(Role); // Loading the context with the Role
IAclHandle myHandle = myPcdContext.getAclHandle();
IAcl ownAcl = myHandle.getOwnAcl();
if (ownAcl == null)
msg = "Currently no ACL - attempting to create it";
myHandle.createAcl(LoginID,myHandle.getParentAclHandle().getOwnAcl());
ownAcl = myHandle.getOwnAcl();
ownAcl.createAclEntry(LoginID, Role, "allow");
But it's failing in the createAcl statement. I get a java.lang.ClassCastException.
If I load the myPcdContext object with the user loginID instead of the role, then I get an exception saying "Child not found" .
Am I missing something here? Thanks for all your help.
- Mayank -
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
Federation, remote role assignment based on ABAP roles on producer
Hi all,
We have implemented the federated portal solution for our ESS users. We use the ABAP stack of the producer portal as user store for consumer and have no problems in assigning portal roles on our consumer based on ABAP roles in the backend (displayed as groups in the portal).
Now we want to add some extra functionality (eg SRM and eRec) and we encounter some problems. These systems all have their own ABAP stack as user store. We have maintained the functional authorization model in the ABAP roles for instance in SRM. So an example:
System I: ABAP + JAVA --> ECC 6.0
Here we have the standard R/3 functionality and the producer portal (A) installed. Roles created on producer portal and assigned based on ABAP roles.
System II: JAVA --> NW 7.0 Portal
Our consumer portal (B) where we use roles created on the producer portal (A) on System I.
System III: ABAP + JAVA --> SRM
Our SRM system with SRM producer portal (C). In the ABAP stack of this sytem the functional SRM roles have been assigned to the users. We have created functional SRM Portal roles in order to use remote role assignment on consumer portal (B).
+PROBLEM+
We want to remotely assign portal roles created on the SRM Producer (C) to users on the consumer portal (B), based on the ABAP role assignment in the backend of system III. How can we achieve this in a fast and efficient way?
Looking forward to your ideas. Anything helpfull will be gladly awarded with SDN points.
Best regards,
Jan LarosJan,
Interesting question. Let me share my experience and hope that's of some use to you.
We started off federating corporate NetWeaver Portal (lets say B, parallel to your convention) as consumers to BI Portals (Lets say A).
- B's UME points to Active Directory
- A's UME points to BI ABAP user store
- User ids are identical in both systems
We ran into the problem of dual administration ((de)assigning portal role on both portals instead of just one) for a long time. The issue was because of different reasons at different times as we patched B's and A's. At one point we were on SP15 on both portals and we were told by SAP that RRA can be done on B for remote roles and the assignment propagates to A automatically if the following configuration is set up on both A and B.
- A's permissions are relaxed allowing "Everyone" group checked for "End User" access as per ([http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/content.htm|http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/content.htm]
However, we chose not to do the permission relaxation as enabling "Everyone" group with "End User" access can allow anyone to launch an iView (if the URL is known somehow) and the user would be able to see the layout of the iView, which can include text, etc. The user won't be able to access any data though, however, there is certain compromise on security which we decided that its not okay. So, we digressed in SAP's suggested practice because of security reasons.
Today we, manage security on B using Active Directory groups and on A using Java groups (ABAP roles).
In your case, I suggest investigating the option of relaxing the security on producer portal like in the above link. If you think its okay, all you have to do is, provision users on B by assigning remote roles from C and A.
Either my story is applicable or I must have got you totally wrong,
Kiran -
Role assignment and FDI polling interval for participant info
Hi,
When a role is added to a participant in Portal Admin console how long it takes to take effect meaning how soon he can login and use the role. Inother words what is the FDI polling interval time to get participant info? I am getting "fuego.portal.exception.WapiOperationException: Participant 'XYZ' does not have execution permissions for role 'ABC' though the Execute permission was given to the user.
Will this role assignment applies for In Flight instances too?
Regards,
XavierAfter you have assigned a particpant to a role and if you are sure you have given execute permission to the partcipant and still if the change doesnt reflect in your application, just try restarting engine. Even if the problem persists then try restarting the weblogic server. The role assignment applies to inflight instances also. for eg : if there are two instances that belong to the role say'ABC' and you have mapped 'XYZ' for that role, then you can see the instances of that role in 'XYZ''s inbox.
Hope this helps.
Regards,
Charan -
Mutually-Inclusive Role Assignment
I don't know if anyone has had this requirement before or if there is even a way to do it, but I thought I would throw it out there.
What I am looking for is a way to assign 'mutually inclusive' role/security assignments within KM.
Here is the scenario.
- You have 2 roles: RoleA and RoleB
- I want to require that users be in BOTH RoleA and RoleB to get access to a KM folder.
- If a users is only in RoleA or only in RoleB they should not see the content.
Any ideas?Hi
will ellaborate with an example
assume there are 2 folder
folder A -- should be visible to only Group A
folder B -- should be visible to only Group B
So some special user who need to access Group A & B , so assign this user to both these groups so only these user cana access both the folder.
or another way
create group c assign these special user here and assign read access to both the folder to this group c
this way sound bit childish to me
now coming to search part.
in order to make things simple just index these folders and do not assign any permission during indexing , just leave that area empty.
the fact that if u r not assigning permission it will by default assign read permission to these folders and while displaying during search result it will filter the document according to the permission u set in km level.
my suggestion is to implement a pilot project for test purpose based on this concept and u can achieve what u want.
Regards,
vijay. -
Assigning permission to SharePoint 2013 group using REST API
Hi All,
I was trying to assign permission to a group using REST but it failing with error message "Bad Request". Below is my REST code to assign Contribute permission to group with ID 95, It would great help if someone can help me to fix this.
// Set permission on a specific group
$.ajax({
url: "<Site URL>/_api/web/roleassignments/addroleassignment(principalid=95, roledefid=1073741827)",
type: "POST",
contentType: "application/json;odata=verbose",
headers: { "Accept": "application/json; odata=verbose","X-RequestDigest": $("#__REQUESTDIGEST").val(),"X-HTTP-Method": "POST" },
success: function (data) {
// Returning the results
alert('Contribute permission set on group');
alert("Error: " + JSON.stringify(data));
error: function (data) {
alert("Error: " + JSON.stringify(data));
~HarishHi Harish,
I have same problem and I just find solution for this error.
You must set body/data to null value --> It's work for me !!! :)
See my code with RequestExecutor (I develop an SharePoint App)
// Set the new role assignment for the group on the list.
this.setNewRoleForGroup = function (listTitle, newRoleDefId, groupId) {
var deferred = $.Deferred();
//First we must call the EnsureSetup method
JSRequest.EnsureSetup();
var hostweburl = decodeURIComponent(JSRequest.QueryString["SPHostUrl"]);
var appweburl = decodeURIComponent(JSRequest.QueryString["SPAppWebUrl"]);
//Tip to have a title formated to REST call
var arrayTitle = decodeURIComponent(listTitle).split("'");
var restQueryUrl = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/GetByTitle('" + arrayTitle.join("''") + "')/roleassignments/addroleassignment(principalid=" + groupId + ",roledefid=" + newRoleDefId + ")?@target='" + hostweburl + "'";
var executor = new SP.RequestExecutor(appweburl);
executor.executeAsync({
url: restQueryUrl,
body: null,
method: "POST",
headers: {
"Content-Type": "application/json;odata=verbose",
"Accept": "application/json; odata=verbose",
"X-HTTP-Method": "POST"
success: function (data, textStatus, xhr) {
deferred.resolve({ updated: true });
error: function (xhr, textStatus, errorThrown) {
deferred.reject(JSON.parse(xhr.body).error.message.value);
return deferred; -
EP role assignment to user id's deleted
Hi,
We have Windows Active directory server and the id's created there will be created in EP as well. (or both share the same db).
Our Portal team will assign the roles to the newly created userid's using IMPORT function.
1. Nearly we have 15k users. and today we have used the import functionality to assign roles to the 60 newly created users.
2. The role assignment for 14k users which share the same domain(LDAP1) deleted.
3. The role assignment for other users who use other domain(LDAP2) exists.
What would be the root cause of the problem?
Is it possible to take System log from EP system -> system admin ? or we need to ask the basis admin to retrieve issue log?
Thanks!
DhiyuHello Shabir,
Initially all the contents can be viewed only if u have super_admin role. If u want to give access of any folder to a particular user, just open the permission editor of the folder and assign any particular role (say content_admin role) and select the end user checkbox.
Now assign the user the same role u have specified in the permission editor of the folder. Then the user can view that folder.
This will solve ur problem.
Regards
Deb
[Reward points for helpful answers] -
Why security-role-assignment is required ?
Hi all.
We develop EJB application which uses:
* declarative security using <method-permission> in ejb-jar.xml
* our own RoleMapper SSP, which take mapping data from DB
(our Mapper doesn't use weblogic-ejb-jar.xml at all)
When I deploy my app without <security-role-assignment>
in weblogic-ejb-jar.xml I receive the deployment exception:
<quote>
The security-role MY_ROLE, defined in ejb-jar.xml,
is not correctly mapped to a security principal.
Make sure the security-role has a corresponding
security-role-assignment element in the
weblogic-ejb-jar.xml descriptor.
</quote>
Yes, this is absolutely correct --
I didn't define the mapping in *.xml advisedly,
because of it is defined in DB and my own Mapper
retrieves data required for role mapping from DB,
not from descriptor *.xml
Questions are:
==============
1. why <security-role-assignment> is so strictly required ? :(
2. is it possible to use declarative security with own RoleMapper ?
3. if `yes` then how to get rid of the exception ?
I have one workaround:
to add to weblogic-ejb-jar.xml fake mapping for
each EJB role used in ejb-jar.xml:
<security-role-assignment>
<role-name>MY_ROLE</role-name>
<principal-name>FaKe_Blah_bLAH</principal-name>
</security-role-assignment>
In this case all works fine,
but workaround smells very very bad :(
Thanks in advance.
Best regards,
Eugene VoytitskyHello,
could you provide addition information on the server version and the facets installed in the dynamic web and EAR project ?
thanks
Raj -
Need procedure for creation of BW Roles, Assigning Queries,Publishing Roles
Hi Experts,
Could you please let me know the procedure for creation of BW Roles, Assigning Queries,Publishing Roles in Business Explorer (BEx - BW 3.5)
Thanks in advance,
AndyHi,
Creating BW Roles
http://help.sap.com/saphelp_nw04/helpdata/en/52/6714b6439b11d1896f0000e8322d00/frameset.htm
Assigning Queries
After creating the query, save the query to a role from the query designer.
Publishing Roles in Business Explorer
https://websmp101.sap-ag.de/~sapdownload/011000358700002894802003E/HowToBIPortal1.pdf
Hope this helps you..!
-Pradnya -
BI Publisher - SuperUser not able to acces Roles and Permission Page
I have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
But
1. SuperUser is not able to access Roles and Permission.
2. I'm not able to access the BI Answers Catalog.
I also have a doubt about the BI Server Admin. Is it the RPD Admin?
Kindly HelpI have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
But
1. SuperUser is not able to access Roles and Permission.
2. I'm not able to access the BI Answers Catalog.
I also have a doubt about the BI Server Admin. Is it the RPD Admin?
Kindly Help -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
Regarding assigning permission to dashboard to a catalog group in obiee 11g
Hi All,
i have a dashboard : trainee .
i have created one catalog group that is: GroupA
now i have assign some user to it.
now i want to assign permission to the trainee dashboard to the groupA.
i tried to do that but when i am doing login obieee by using any user that has assigned to group A.
but i am not able to see trainee dashboard.
can anyone tell me the steps for doing it.Hi,
http://www.varanasisaichand.com/2011/03/obiee-11g-security-creating-users-and.html
hope it helps
Thanks,
satya -
Role Assignment Discovery Issue for Files and Folders through Sharepoint REST services
To preface, I am a decided Sharepoint newbie in every sense. I am trying to use the Sharepoint REST services (Sharepoint 2013) to walk the folder and file structure of my Sharepoint server and, determine as I go, the Role Assignments (and subsequently
Permissions) on those folders and files. I'm using an Administrator credentials and I'm actually able to successfully do it but I've run into some caveats. All the caveats begin with this; when I'm examining a folder, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/ListItemAllFields
I receive either an empty list or an error response doc when following the link supplied for ListItemAllFields. When following that kind of link for folders, I either get:
<d:ListItemAllFields
m:null="true"
/>
or an error response document that says "The object specified does not belong to a list." When I hit the /ListItemAllFields endpoint for files, I receive a response with a link for Role Assignments which subsequently also works and I get the
info I need. So, is this a bug? Why does the link returned from Sharepoint work for files and not folders? So, google, google, google, and I discover that there is another possible way to get at the Role Assignments (and that the object does, indeed, belong
to a list!).
If I know the Title (or the guid) of the folder in question, I can use the following endpoint:
/_api/Web/Lists/GetByTitle('Development')
If I use that endpoint, I get the information I would have expected to get from following /ListItemAllFields and the subsequent Role Assignments links all work and I get what I need. If there's a bug and this is how I have to work around it, that's fine
but I have yet to discover how to dynamically determine the Title of a given folder nor am I sure if all Titles are supposed to be unique within a given Sharepoint server. I'm assuming that the folder name as represented in the server relative URL and the
Title may be different and this is where my newbishness may start to shine if I'm misunderstanding what a "List" is supposed to be in Sharepoint. Anyway, I did find that I could use the Properties endpoint to perhaps get the Title, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/Properties
gives me:
<d:vti_x005f_listtitle>Development</d:vti_x005f_listtitle>
whose value I assume I could then supply to the /GetByTitle endpoint and be golden. However, "vti_x005f_listtitle" just sounds a little too deep to be something I should be relying on but maybe that's kosher. That's part of what I'm trying to
find out. Also, if there is a way to use the Sharepoint REST API to discover the guid of a given object, then I could look it up in that way.
So, in summary:
1. Am I going about getting folder Role Assignment information in the wrong way? Based on the CSOM examples I've seen, I believe I'm doing it correctly and that the answer to #2 below is a resounding "Yes!" :)
2. Is it a bug if I'm not able to use /ListItemAllFields on folders using the server relative url?
3. If I'm supposed to use GetByTitle as a workaround, am I discovering that Title correctly through /Properties? Seems quite circuitous and awkward. Are Titles required to be unique throughout a given Sharepoint server?
4. If I'm supposed to use the guid, how can I use the REST interface to discover an object's guid? Once we get down to the Role Assignments and other links, the guid appears in those links but I don't know how to discover it independently if that's the
path I should use to get the data I described above.Upon further research, I'll answer my own question for the benefit of some other potential future newbie. The answer to question number 1 above is "Not exactly.". The server relative URLs I was using corresponded to lists (which are
returned as a collection through /_api/web/lists). I was treating them mentally like regular folders. That, coupled with the fact that accessing their data as I showed above returns a ListItemAllFields link, made me think that was the way to get
the Role Assignments just as I would for files and, as it turns out, "real" folders and sub-folders created under these lists. That was the other problem with thinking of these lists as regular folders. So, ListItemAllFields works on
all files and folders in a list. However, if you want Role Assignments for the lists themselves, you can keep track of the Titles and\or Guids from the /_api/web/lists that you're interested in (in my case, all non-hidden "document library"
type lists) and then access those Role Assignments as I discussed in questions 3 and 4 above. For example, from the /_api/web/lists collection from my test server, the "Development" document library Role Assignments are accessable via /_api/Web/Lists(guid'cd242eeb-aafa-4efa-aecc-9bbdf8e3d459')/RoleAssignments
or /_api/Web/Lists/GetByTitle('Development')/RoleAssignments. -
FPN - error trying to lookup object - remote role assignment not working
Hello everyone,
We have implemented a Federated Portal Network connection in our landscape between our portals.
We use only remote role assignment functionality.
Everything was working fine, but since 2 days we encounter the following error in the Default trace.
Error trying to lookup object: alias: <role name>
It is possible to open the producer portal in the Portal Content Administration and also searching for the Producer portal roles is possible in User administration. But when we assign the remote role the tab is not displayed in the portal only the above mentioned error is shown in the default trace. Our portals run SP 12 and BI Java SP14.
Is there a solution or workaround for this issue ?
MartinHi,
I have the same issue as you, I cannot see role tabs in Consumer portal and I get the same error in the defaulttrace as you.
What did you do to resolve this issue?
Many thanks
Gordon
Maybe you are looking for
-
Hard Disk Upgrades on Satellite 2410
I know that I can just stick any drive that will fit in, but my question is: Can I just use the recovery CD that came with my laptop to re-install windows XP onto the new hard disk, or do I have to get a seperate copy of XP? The model of laptop is a
-
I'm using dynamic text and in works fine until I refresh the page. After I refresh it displays all the html code and instead of rendering it.
-
Software/Hardware Inventory not completing back to the SCCM server
I am currently experiencing issues with our SCCM clients not completing Hardware\Software Inventory. I have started by checking the InventoryAgent.log files on the client machines, and get the following: Inventory: *********************** Start of me
-
Loading of Microsoft Word Documents
Hi Guys, I am having trouble with the INSO filter. I have created the HDOCS table as in the documentation, and inserted the file locations, and when I run the create index I get the correct DR$HDOCS$x tables created. But there are no entries in them?
-
0xE8000084 hi above error code is preventing me connecting my iphone 5s to itunes ?? any help or advice to re set Sim Locked password number of tries has expired and the phone is lpcked