Role assignment API
Hi,
Does anyone know the API for user - role assignment ?
Thanks,
Elad.
Hi,
Run thru,
https://media.sdn.sap.com/javadocs/NW04/SPS15/um/index.html
and the blog,
User management API in WebDynpro
and the thread,
Re: Getting Portal Runtime information from webdynpro
Regards
Srinivasan T
Similar Messages
-
Role Assignment Discovery Issue for Files and Folders through Sharepoint REST services
To preface, I am a decided Sharepoint newbie in every sense. I am trying to use the Sharepoint REST services (Sharepoint 2013) to walk the folder and file structure of my Sharepoint server and, determine as I go, the Role Assignments (and subsequently
Permissions) on those folders and files. I'm using an Administrator credentials and I'm actually able to successfully do it but I've run into some caveats. All the caveats begin with this; when I'm examining a folder, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/ListItemAllFields
I receive either an empty list or an error response doc when following the link supplied for ListItemAllFields. When following that kind of link for folders, I either get:
<d:ListItemAllFields
m:null="true"
/>
or an error response document that says "The object specified does not belong to a list." When I hit the /ListItemAllFields endpoint for files, I receive a response with a link for Role Assignments which subsequently also works and I get the
info I need. So, is this a bug? Why does the link returned from Sharepoint work for files and not folders? So, google, google, google, and I discover that there is another possible way to get at the Role Assignments (and that the object does, indeed, belong
to a list!).
If I know the Title (or the guid) of the folder in question, I can use the following endpoint:
/_api/Web/Lists/GetByTitle('Development')
If I use that endpoint, I get the information I would have expected to get from following /ListItemAllFields and the subsequent Role Assignments links all work and I get what I need. If there's a bug and this is how I have to work around it, that's fine
but I have yet to discover how to dynamically determine the Title of a given folder nor am I sure if all Titles are supposed to be unique within a given Sharepoint server. I'm assuming that the folder name as represented in the server relative URL and the
Title may be different and this is where my newbishness may start to shine if I'm misunderstanding what a "List" is supposed to be in Sharepoint. Anyway, I did find that I could use the Properties endpoint to perhaps get the Title, for example:
/_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/Properties
gives me:
<d:vti_x005f_listtitle>Development</d:vti_x005f_listtitle>
whose value I assume I could then supply to the /GetByTitle endpoint and be golden. However, "vti_x005f_listtitle" just sounds a little too deep to be something I should be relying on but maybe that's kosher. That's part of what I'm trying to
find out. Also, if there is a way to use the Sharepoint REST API to discover the guid of a given object, then I could look it up in that way.
So, in summary:
1. Am I going about getting folder Role Assignment information in the wrong way? Based on the CSOM examples I've seen, I believe I'm doing it correctly and that the answer to #2 below is a resounding "Yes!" :)
2. Is it a bug if I'm not able to use /ListItemAllFields on folders using the server relative url?
3. If I'm supposed to use GetByTitle as a workaround, am I discovering that Title correctly through /Properties? Seems quite circuitous and awkward. Are Titles required to be unique throughout a given Sharepoint server?
4. If I'm supposed to use the guid, how can I use the REST interface to discover an object's guid? Once we get down to the Role Assignments and other links, the guid appears in those links but I don't know how to discover it independently if that's the
path I should use to get the data I described above.Upon further research, I'll answer my own question for the benefit of some other potential future newbie. The answer to question number 1 above is "Not exactly.". The server relative URLs I was using corresponded to lists (which are
returned as a collection through /_api/web/lists). I was treating them mentally like regular folders. That, coupled with the fact that accessing their data as I showed above returns a ListItemAllFields link, made me think that was the way to get
the Role Assignments just as I would for files and, as it turns out, "real" folders and sub-folders created under these lists. That was the other problem with thinking of these lists as regular folders. So, ListItemAllFields works on
all files and folders in a list. However, if you want Role Assignments for the lists themselves, you can keep track of the Titles and\or Guids from the /_api/web/lists that you're interested in (in my case, all non-hidden "document library"
type lists) and then access those Role Assignments as I discussed in questions 3 and 4 above. For example, from the /_api/web/lists collection from my test server, the "Development" document library Role Assignments are accessable via /_api/Web/Lists(guid'cd242eeb-aafa-4efa-aecc-9bbdf8e3d459')/RoleAssignments
or /_api/Web/Lists/GetByTitle('Development')/RoleAssignments. -
OBPM 10gR3 Dynamic Role Assignment at user login
Hi,
For all the great integration with LDAP in 10gR3, unfortunately, the system is unable to deal with dynamically-defined LDAP groups.
Our goal is to apply a BPM Role to ALL humans defined in our LDAP.
All humans happen to already be defined by a dynamically-defined LDAP group called 'AllPeople'.
It would have been perfect if we could simply assign our BPM Role, 'Employee', to the LDAP group, 'AllPeople'. Sadly you can't (one for the next release pls).
So as a workaround, what we want to do instead is assign the BPM Role 'Employee' to each individual user dynamically when they first login.
Since the FDI library is useless outside of a BPM context (you'll find that some of the familiar methods of RoleAssignment are missing), We opted to create an actual BPM process to conduct role assignments, and we would then trigger it via PAPI.
The question then was, where/when do we invoke the process such that it does the role assignment quickly and soon enough for the appropriate views and applications to appear in their workspace straight after login?
We opted for a customised implementation of the SSOWorkspaceLoginInterface class.
However, we tried making the invocation in the setupAuthenticatedSession() and the processRequest() methods but, although the role assignment was successfully done in either case, sadly the user's session was loaded without the new changes - perhaps loaded quicker than the role assignment could be fed back through the directory.
Therefore, we dumped the invocation in the actual constuctor - and this seems to work for the most part. Yet on the odd ocassion, the role assignment is not quick enough to be realised in the user's workspace session - the user has to logout and back in before the changes are realised.
We've even tried to get the execution to sleep for a second or two, while the PAPI thread goes about doing the role assignment - again not much success.
So I really have 2 questions:
1. Where during login can we make a PAPI call to do a role assignment so that it should be picked up by the time the session is created? perhaps we already are doing it in the right place.
2. How could we refresh/request a new session cookie without explicitly logging out and back in again? Note, page refresh is not enough.
Thanks for reading.Sorry for the belated response - I don't get notified of replies.
The code for my custom SSOLoginModule class is:-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Properties;
import fuego.workspace.security.SSOWorkspaceLoginInterface;
import fuego.papi.Arguments;
import fuego.papi.CommunicationException;
import fuego.papi.InstanceInfo;
import fuego.papi.OperationException;
import fuego.papi.ProcessService;
import fuego.papi.ProcessServiceSession;
import fuego.sso.SSOLoginException;
import fuego.sso.SSOUserLogin;
import fuego.jsfcomponents.Util;
import fuego.workspace.model.common.WorkspaceApplicationBean;
public class CustomSSOWorkspaceLogin extends SSOUserLogin implements SSOWorkspaceLoginInterface {
private ProcessService pService;
private ProcessServiceSession pServiceSession;
private Properties properties;
public SSOWorkspaceDBLogin() {
//Do the role assignment here because it works, and does not work in the ideal location of setupAuthenticatedSession method
pService = createProcessService();
pServiceSession = createProcessServiceSession();
assignDefaultRole(Util.getHttpServletRequest().getRemoteUser());
private ProcessService createProcessService() {
return WorkspaceApplicationBean.getCurrent().getProcessService();
private ProcessServiceSession createProcessServiceSession() {
return pService.createSession("yourdirectoryusername","yourdirectorypassword",null);
//This method is used to remotely invoke a BPM process to do the role assignment - no external API to do this directly!
private void assignDefaultRole(String email) {
try {
String processId = "myRoleAssignmentProcessId";
String argumentName = "argumentName"; //the name of the input argument to feed in the participant
String argumentValue = email;
Arguments arguments = Arguments.create();
arguments.putArgument(argumentName, argumentValue);
InstanceInfo instance = pServiceSession.processCreateInstance(processId, arguments);
Long waitTime = new Long(1000);
Long timeLimit = new Long(5000);
boolean roleAssigned = false;
boolean timeLimitExceeded = false;
Long startTime = System.currentTimeMillis();
//Allow role assignment thread to complete
while (!roleAssigned && !timeLimitExceeded) {
try {
Thread.sleep(waitTime);
if (pServiceSession.processGetInstance(instance.getId()).isCompleted()) {
roleAssigned = true;
if (System.currentTimeMillis() - startTime > timeLimit) {
timeLimitExceeded = true;
} catch (InterruptedException e) {
e.printStackTrace();
//close process service session
pServiceSession.close();
//Do not close the service itself as it is shared with the Workspace itself!
//pService.close();
} catch (Exception e) {
e.printStackTrace();
public void setupAuthenticatedSession(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws SSOLoginException {
//Unfortunately, the below does not work here because the role assignment is not fast enough
//The result is that the user logs in but cannot see any applications because the role assignment has not been made in time.
//Therefore, we run the below statements from the constructor - ugly but functions.
//pService = createProcessService();
//pServiceSession = createProcessServiceSession();
//assignDefaultRole(httpservletrequest.getRemoteUser());
public void processRequest(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws SSOLoginException {
} -
Hello,
Scenario: portal uses an LDAP as its UM store in read only mode.
As I understand it:
Users and Groups are stored on the LDAP
Roles are stored in the Portal database
Is this correct so far?
Secondly:
Where is the actual User/Role or Group/Role assignment held? I believe it is also in the database. Is this right? If this is the case then usage of the UME API to programmatically do these assignments should be possible
But what if either of these assignments are held in the LDAP does this mean that usage of the UME API to programmatically do these assignments will not be possible?
Thanks
Mr.THello,
I'm assuming that you are talking about EP6. Your understanding of the scenario is correct. The actual User/Role and Group/Role assignments are stored in the database. I would say your assumption about the UME API is correct but since I really don't know anything about the API, we will have to see if anyone else knows for sure.
John -
Dynamic role Assignment in Portal using Web dynpro Java?
Hi All,
We have following requirement for dynamic role assignment.
1) User Login to Portal.
2) User Clicks on Home Tab in Portal, through RFC/BAPI, get Role from Backend(ECC) and compare the role ID with Portal Object ID through UME.
Role gets assigned in Portal after comparison, if it exists in Portal.
Can you please let me know what all steps I need to do to complete the above assignment.
Thank you
RaviThanks Tobias.
To be precise I will explian my requirement.
1) User Login ( User ID will be input to RFC)
2) RFC will get Role for that user ID from Backend(ECC) and return that role ID to Portal.
3) Now With the help of UME API, need to search role ID in Portal, If it exists, no action.
If Role ID does not exists, then it shuld assign that role in Portal.
Sorry for tedious comment.
I am a bit new to webdyn pro.
Can you please tell me each step i need to follow to complete the above requirement.
Many Thanks,
Ravi -
Assigning Role Assigner Permission
Hi,
I've been going through the Enterprise Portal APIs for a way to assign Role Assigner Permission on a Role to a User, but i haven't been able to find one.
Can someone please guide me on how to do it?
Thanks,
MayankThanks Michael,
I tried with the following code:
initPcdCtx = new InitialContext(env);
initPcdCtx = BRUtil.GetPCDContext(csc.Persistence);
IPcdContext myPcdContext =(IPcdContext)
initPcdCtx.lookup(Role); // Loading the context with the Role
IAclHandle myHandle = myPcdContext.getAclHandle();
IAcl ownAcl = myHandle.getOwnAcl();
if (ownAcl == null)
msg = "Currently no ACL - attempting to create it";
myHandle.createAcl(LoginID,myHandle.getParentAclHandle().getOwnAcl());
ownAcl = myHandle.getOwnAcl();
ownAcl.createAclEntry(LoginID, Role, "allow");
But it's failing in the createAcl statement. I get a java.lang.ClassCastException.
If I load the myPcdContext object with the user loginID instead of the role, then I get an exception saying "Child not found" .
Am I missing something here? Thanks for all your help.
- Mayank -
Need procedure for creation of BW Roles, Assigning Queries,Publishing Roles
Hi Experts,
Could you please let me know the procedure for creation of BW Roles, Assigning Queries,Publishing Roles in Business Explorer (BEx - BW 3.5)
Thanks in advance,
AndyHi,
Creating BW Roles
http://help.sap.com/saphelp_nw04/helpdata/en/52/6714b6439b11d1896f0000e8322d00/frameset.htm
Assigning Queries
After creating the query, save the query to a role from the query designer.
Publishing Roles in Business Explorer
https://websmp101.sap-ag.de/~sapdownload/011000358700002894802003E/HowToBIPortal1.pdf
Hope this helps you..!
-Pradnya -
I am not able to assign job_id in my Assignment api
Hi
Can anybody help me
I am created one for create job using hr_job_api
What am trying to assign my job_id to assignment api
logic is
If the job is not it creates job using job api,
If job is already exists it assign to assignment api
CREATE OR REPLACE PROCEDURE xxhr_job_proc IS
l_assignment_number number;
l_assignment_id number;
v_special_ceiling_step_id number;
v_object_version_number number;
V_concatenated_segments number;
V_soft_coding_keyflex_id number;
V_comment_id number;
v_effective_start_date date;
v_effective_end_date date;
V_no_managers_warning boolean;
V_other_manager_warning boolean;
v_num number;
v_seg_conc VARCHAR2(2000);
l_change_reason varchar2(50);
l_date_probation_end date;
l_default_code_comb_id number;
l_set_of_books_id number;
G_USER_ID number;
G_LOGIN_ID number;
v_resp_id number;
v_resp_APPL_id number;
v_assignment_id number;
v_org_id number;
l_object_version_number number;
l_effective_date date;
v_job_id NUMBER;
v_job_definition_id NUMBER;
v_business_group_id NUMBER;
v_name VARCHAR2(240);
l_job_id number;
l_job_group_id number;
CURSOR Job_emp Is
SELECT empl_id
,empl_rcd_nbr
,effective_date
,effective_sequence
,rehire_date
,probation_date
,department
,supervisor_id
,direct_manager_id
,location_code
,reason_code
,action
,salary_grade
,job_code
,full_or_part_time
,hr_responsible_id
FROM xxhr_job_all;
BEGIN
G_USER_ID := FND_PROFILE.VALUE('USER_ID');
G_LOGIN_ID := FND_PROFILE.VALUE('LOGIN_ID');
v_org_id := FND_PROFILE.VALUE('ORG_ID');
v_resp_id := FND_PROFILE.VALUE('RESP_ID');
v_resp_APPL_id := FND_PROFILE.VALUE('RESP_APPL_ID');
v_business_group_id := FND_PROFILE.VALUE('PER_BUSINESS_GROUP_ID');
FND_GLOBAL.APPS_INITIALIZE(G_USER_ID,v_resp_id,v_resp_APPL_id);
-- Open the Cursor for Validation
FOR v_job_emp IN job_emp LOOP
SELECT fnd_flex_ext.get_ccid('PER',
'JOB',
101,
TO_CHAR(SYSDATE, 'DD-MON-YYYY'),
v_job_emp.job_code)
INTO v_job_definition_id
FROM dual;
SELECT job_group_id
INTO l_job_group_id
FROM PER_JOB_GROUPS
WHERE master_flag = 'Y';
-- Validation for job code
BEGIN
SELECT job_id
INTO v_job_id
FROM per_jobs
WHERE name = v_job_emp.job_code;
EXCEPTION
WHEN NO_DATA_FOUND THEN
FND_FILE.PUT_LINE(FND_FILE.LOG,'There is no job id Exist For this job code'||v_job_emp.job_code);
WHEN OTHERS THEN
FND_FILE.PUT_LINE(FND_FILE.LOG,'Error While Inserting a Record'||SQLCODE||SQLERRM);
END;
if v_job_id is null then
hr_job_api.create_job
(p_validate => FALSE
,p_business_group_id => v_business_group_id
,p_date_from => SYSDATE
,p_job_group_id => l_job_group_id
,p_segment1 => v_job_emp.job_code
,p_job_id => v_job_id
,p_job_definition_id => v_job_definition_id
,p_object_version_number => v_object_version_number
,p_name => v_name
ELSE
-- Validation for assignment id
SELECT assignment_id
,effective_start_date
,object_version_number
INTO l_assignment_id
,l_effective_date
,l_object_version_number
FROM per_all_assignments_f
WHERE person_id =
(SELECT person_id
FROM per_all_people_f
WHERE employee_number = v_job_emp.empl_id);
-- Validation for set of book id
SELECT ho.org_information3
INTO l_set_of_books_id
FROM gl_sets_of_books gsb,
hr_organization_information ho
WHERE gsb.set_of_books_id = ho.org_information3
AND ho.org_information_context='Operating Unit Information'
AND ho.ORGANIZATION_ID = v_org_id;
-- Validation for code combination id
SELECT fnd_flex_ext.get_ccid('SQLGL',
'GL#',
50268,
TO_CHAR(SYSDATE,'DD-MON-YYYY'),
'50001.1820000281.7501.0000000000.00000.00000'
) INTO l_default_code_comb_id
FROM dual;
hr_assignment_api.update_emp_asg
(p_validate => FALSE
,p_effective_date => sysdate
,p_datetrack_update_mode => 'CORRECTION'
,p_object_version_number => l_object_version_number
,p_assignment_number => NULL --l_assignment_number
,p_supervisor_id => NULL
,p_assignment_id => l_assignment_id
,p_default_code_comb_id => l_default_code_comb_id
,p_set_of_books_id => l_set_of_books_id
,p_title => NULL
,p_ass_attribute_category => v_business_group_id
,p_ass_attribute1 => v_job_emp.empl_rcd_nbr
,p_ass_attribute2 => v_job_emp.effective_date
,p_ass_attribute3 => v_job_emp.effective_sequence
,p_ass_attribute4 => v_job_emp.rehire_date
,p_ass_attribute5 => v_job_emp.probation_date
,p_ass_attribute6 => v_job_emp.department
,p_ass_attribute7 => v_job_emp.supervisor_id
,p_ass_attribute8 => v_job_emp.direct_manager_id
,p_ass_attribute9 => v_job_emp.location_code
,p_ass_attribute10 => v_job_emp.reason_code
,p_ass_attribute11 => v_job_emp.action
,p_ass_attribute12 => v_job_emp.salary_grade
,p_ass_attribute13 => v_job_emp.full_or_part_time
,p_ass_attribute14 => v_job_emp.hr_responsible_id
,p_effective_start_date => v_effective_start_date
,p_effective_end_date => v_effective_end_date
,p_no_managers_warning => v_no_managers_warning
,p_other_manager_warning => v_other_manager_warning
,p_comment_id => V_comment_id
,p_soft_coding_keyflex_id => v_soft_coding_keyflex_id
,p_cagr_grade_def_id => v_num
,p_cagr_concatenated_segments => v_seg_conc
,p_concatenated_segments => V_concatenated_segments
END IF;
DBMS_OUTPUT.PUT_LINE('Ex:'||v_job_id||','||v_object_version_number);
END LOOP;
COMMIT;
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('Error:'||SQLERRM);
END;
Regards
Samarpan
Message was edited by:
Deekshitulu ManthaYou are not passing the THE CORRECT out parmeters P_JOB_DEFINITION_ID,P_NAME , as looks in your calling API.
Pass the following parameters
P_JOB_DEFINITION_ID => l_JOB_DEFINITION_ID
P_NAME => L_NAME
Take a note,
1)P_JOB_DEFINITION_ID is 'In & Out ' parameter in API's.
If p_validate is false, uniquely identifies the Job Key flexfield combination for this job. If p_validate is true, set to null.
2)P_NAME Out is OUT paramter in API's
If p_validate is false, concatenation of all key flexfield segments. If p_validate is true, set to null.
Hope it works -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
FPN - error trying to lookup object - remote role assignment not working
Hello everyone,
We have implemented a Federated Portal Network connection in our landscape between our portals.
We use only remote role assignment functionality.
Everything was working fine, but since 2 days we encounter the following error in the Default trace.
Error trying to lookup object: alias: <role name>
It is possible to open the producer portal in the Portal Content Administration and also searching for the Producer portal roles is possible in User administration. But when we assign the remote role the tab is not displayed in the portal only the above mentioned error is shown in the default trace. Our portals run SP 12 and BI Java SP14.
Is there a solution or workaround for this issue ?
MartinHi,
I have the same issue as you, I cannot see role tabs in Consumer portal and I get the same error in the defaulttrace as you.
What did you do to resolve this issue?
Many thanks
Gordon -
Report to see user type and roles assigned to users in EP?
Hi,
a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
b) If the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.By default Portal UME comes along with the installation of portal.
Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories. But you can also create users in the portal UME. The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
You can check them in user administration->identity management and search for the users.
THere you can see some users will be from UME and some from LDAP.
User Admin tool is nothing but User Administration only.
Raghu -
Mass Change for Indirect Role Assignment
Hi all,
I am in the process of changing the companys authorisations from a standard SU01 role assignment to a position based indirect role assignment.
At the moment I am using PFCG going to the Org Mg button under the User tab then attaching the position that way. Is there a way of assigning more than one role to a position at the same time?
Is there a Mass Assignment option in PFCG or is there a separate transaction available to make this process quicker??
Thanks for your help
Ianyou can mass-assign people and roles if you go to transaction PPOME instead of PFCG. to make role assignments from PPOME please apply note 578271 first. be careful whilst implementing this <insert nasty word here> note because some of those view-clusters tend to refuse to load your changes = you can see them, but they don't work - might be you will have to flush table buffers for the changes to take effect.
-
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
How to get the list of roles assigned to a user in all the child systems
how to get the list of roles assigned to a user in all the child systems from CUA SYSTEM
Try transaction SUIM in your CUA system. Go to user, cross-system information, users by roles. If you run it wide open, you'll get all users and all roles assigned for all systems managed in your CUA.
Krysta -
Role info not appearing once role assignment request is submitted from UI
Hi Everyone,
We have a strange problem in our project in IDM 7.2 SP8 where IDM role concept is used which contains privileges (could be role/profile) of backend systems.
Usually when ever a role (i.e IDM role) assignment request is submitted from UI, the activity with the associated info (like user details, role details, audit ID) should be stored in MXI_LINK table from where the info will be fetched and used in next stages of the processing
Even though the information is getting available for most of the cases for all users but some times for few users once the role assignment request is initiated from UI there is no info is getting available in MXI_LINK table corresponding to this activity which is strange.
Because of this problem even though user submits role assignment request no role info getting passed to IDM, set to pending state for the user which is getting meaning of user not submitted any role assignment request at all.
Can any one suggest what are the things that gets involved between these two steps and any troubleshooting hints are highly appreciable.
Regards,
Venkata BavirisettyIs this a situation you recreate at will? In other words, is it always happening on the same users? If so, you could put a trace on that user's account then try to add the role and see what that trace log shows. Additionally, you could just follow the links in the chain of the various tasks that kick off when you do a role assignment and check each task / job's job log and see what that tells you. There's got to be an error somewhere along the way that's preventing this from executing properly.
Maybe you are looking for
-
G4 Quicksilver freezes at desktop screen requiring PRAM reset.
Hi, I recently got a used G4 dual 1 GHZ Quicksilver with two internal hard drives(80 & 40GB). I made some mistakes when I first received it, being used to running OS 9 on a blueberry G3 with one hard drive, and now it frequently freezes after a cold
-
Problem with JSP taking long time to load.
Hi, we have three server of oracle apps 10.1.3. only on one server we are getting problem. the problem is some jsp pages are taking long time to load and ssome times they dont evn load completly. half of the page is loaded and dont give any error mes
-
Is it possible to add extra browsers?..
There doesn't seem to be any answer to this question to be had by the FAQ, searching the forum, or Google search in general. So, guessing the answer is probably no, but figured I'd throw this out there in hopes of soliciting some detail for those who
-
JScrollPane scroll setting first column is not visible?
Hi All, i am using jtable and jscrollpane. in this my first column of 70 pixal width and rest 125 pixal width.set focus is on 1 cell(1 row, 1 column) in table. but due to this scrollbar is slightly on right side whice coz first column not visible.(ne
-
Problem with finding directory
Hi, I built an application on Windows and I have to find a document within another directory. I am using getAbsolutepath and I am having problems with the following type of path: File test = new File("u1/usr/my program/myFile/") if(test.isDirectory()