Role based on the username

Similar Messages

• How to check Role based on the User ID

  Hi All,
    Based on the User ID how to check the role of the particular person[ex Employee / Manager etc].In HR module in which table the details are present.
  Thanks.
  Regards
  Tina

  Hi Tina,
  Use FM: <b>HR_GETEMPLOYEEDATA_FROMUSER</b>
  This will give you all info related to User ID.
  In parameter EMPLOYEESUBGROUP , you will get position of this employee.
  Hope this helps.
  Regds,
  Akshay Bhawgat
  Note: Some points would be nice if it helps.
  Message was edited by: Akshay Bhagwat

• BW Roles based on the department

  Hi,
    My requirment is to creat a roles that restricts data access according to department.
  We had nearly 20 different Detartments and my requirment is to create roles so that users can be granted access according to their department.
  Could you please update me detailed process on how i can create roles.
  I am the DEPARTMENT char as authorisation relevent
  Thanks

  Hello,
  Please see these docs,
  [Field Based Authorizations in BW BEx Queries|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4753ed83-0e01-0010-e186-f98413f868cb]
  [An Expert Guide to new SAP BI Security Features|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea]
  [Advanced Features of SAP BW Reporting Authorizations|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06]
  Thanks
  Chandran

• Create a directory on the server based on the username logged in the client

  hello everybody,
  All my files which are transferred from client to server are stored in a directory called "workspace".Before the user sends the files, he is authenticated.How can I create a directory on the user name who is logged in on the server???
  Say, user1 has logged in and tries to send files to server.Now, I'd like to create a sub-directory user1 under work space so that all the files which he uploads will be stored under his name.When the user1 is logged in the first time, a directory will be created on his name else all files will be stored under his directory.
  I'm using JDBC with my-sql.
  ANy ideas??
  Thanks for your time.

  Well, it wouldn't matter what DB you are using....
  You have the user name, correct?
  You have the File object refering to the main directory, correct?
  File userDir = new File(mainDir, username);
  if(!userDir.exists()) {
     if(!userDir.mkdirs()) {
         throw new IOException("Can't make directory " + userDir.getAbsolutePath());
  // use userDir to write any files...

• CUP question - Possible to restrict available roles based on the requester?

  Helo all,
  One of our customers wants to put restrictions on the access requester in the CUP module: meaning that some requesters should only be able to request roles assigned to functional area u2018Procurementu2019, while other requesters should only be able to request roles that are assigned to all functional areau2019s except for u2018Procurementu2019.
  Do you know if this is possible or do you see an alternative solution?
  Thanks in advance,

  There is no real way to restrict people from doing that, but you could use the buisness process in role attributes to ensure if the select the correct buisness process only roles listed under a particular buisness process are listed when being searched.
  You could make the buisness process field mandatory on the main screen and than that gets carried over when searching for roles, obviuosly that can always be changed by the user.
  regards,
  Chinmaya

• EAM ID based or Role based? Why settle for just one?

  G'Day All,
  I've raised a question in the following blog, however I would like to open it up to other people as well so they might get something out of it and in the process might share their own thoughts on the matter at hand.
  ID-Based Firefighting vs. Role-Based Firefighting
  So this is where I am at this point:
  From what I can gather so far, my understanding of EAM ID/ROLE based is as follows:
  - Id Based: Logs in using own U.ID and through GRAC_SPM accesess FFID from the GRC Server and logs into the system assigned to them (ECC, SRM, CRM etc)
  Only one user at a time can use a FFID.
  Firefighter need not exist in every system assigned to them due to central logon however they need to exist in the GRC system
  Knows exactly when FFID is being used as he/she has to login so has a psychological effect (good thing)
  Better tracking of FF tasks - Specific log reports with Reason Codes. Bonus point from Auditors!
  Two Log ins so potential to commit fraud. (1 action using own UserID and 1 action using FFID)
  Could be hard to track and find out when a fraud has been committed so can be a problem with auditors.
        ID Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFIDs assigned to you
        ID Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> You can see  the FFIDs assigned to you
  - Role Based: Logs into the remote system only using U.ID, so everything gets logged against that one ID. 
  Multiple users can use the FFROLE at once.
  Firefighter has to exist in every system assigned to them - so multiple logons.
  Hard to differentiate between FF tasks and normal tasks as no login required  So easy to slip up
  Time consuming to track FF tasks - No Specific log reports. No Reason Codes
       R.Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFROLEs
       R.Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> Not applicable so wont work
  So based on this there are pros and cons in both however according to SAP only one can be used. To me personally,  it makes more sense to get the best of both the worlds right? So here is my question why can’t we just use both?
      . Really critical tasks -> FFID
      . Normal EAM tasks -> FFRole
  Alessandaro from the original post pointed this out:
  "Per design it isn't possible to achieve both types of firefighting at the same time. It's a system limitation and hence to configurable."
  Well this is what I can't seem to get my head around. For a FFID, there is a logon session so it has to be enabled and as far as I can tell there is no way around it.
  However for FFRole, there isn't such limitations/restrictions like starting a separate session. FFRole is just assigned to an end user for him/her to perform those tasks using their own user ID.
  So in what way is it different from any of their other tasks/roles, other than the fact that they've got an Owner/Controller assigned to the FFRole? and
  What is stopping us from using it when ID based is the default?
  If I were to do the following does it mean I can use both ?
      . Config Parameter: 4000 = 1 (GRC System) -> ID Based
      . Config Parameter: 4000 = 2 (Plug-In)  - > Role Based
  Please excuse me if my logic is a bit silly, Role Based firefighting is only done on Plug-in systems so the following should work just fine:
     . Config Parameter: 4000 = 2 (Plug-In)  - > Role Based
  However for ID based, it is a Central Logon, so the following is a must:
      . Config Parameter: 4000 = 1 (GRC System) -> ID Based
  Which means both ID/Role based can be used at the same time, which seems to be working just fine on my system. Either way I leave it you experts and I hope you will shed some light on it.
  Cheers
  Leo..

  Gretchen,
  Thank you for thoughts on this.
  Looks like I'm failing to articulate my thoughts properly as the conversation seems to be going in a different direction from what I am after. I'll try once more!
  My query/issue is not in regards to if/what SAP needs to do about this or why there isn't more support from Companies/Organizations and not even, which one is a better option.
  My query is what is stopping us(as in the end users ) from using both ID/Role based at the same time?
  Now before people start referencing SAP documentation and about parameter 4000, humour me with the following scenario please. Again I would like to reiterate that I am still in the learning phase so my logic might be all wrong/misguided, so please do point out to me where I am going wrong in my thought process as I sincerely would like to know why I am the odd one out in regards to this.
  Scenario
  I've created the following:
  FFID
  FFROLE
  Assigned them to, two end users
  John Doe
  Jane Doe
  I set the Configuration Parameters as follows: 
  IMG-> GRC-> AC-> Maintain Configuration Settings -> 4000:1 - ID Based
  IMG-> GRC (Plug-in)-> AC-> Maintain Plug-In Configuration Settings-> 4000:2 - Role Based
  User1
  John Doe logs into his regular backend system (ECCPROD001)-> executes GRAC_SPM-> Enters the GRC system (GRCPROD001)-> Because the parameter is set to ID based in the GRC Box, so he will be able to see the FFID assigned to him-> and will be presented with the logon screen-> Logs in -> Enters the assigned system (lets say CRMPROD001) At this point the firefighting session is under progress
  User2
  Jane Doe logs into her regular backend system (ECCPROD001) -> (can execute GRAC_SPM to check which FF Role has been assigned to her but she can see that in her regular menu, so there is no point) -> Executes the transactions assigned in FFROLEThis is done at the same time while FFID session is in progress
  So all I want to know is if this scenario is possible? if the answer is No, then why not?
  I physically carried out this scenario in my system and I had no problems(unless I am really missing the plot here), which brings me back to my original question: Why settle for just one?
  Again to reiterate I am not getting into the efficacy or merits of this or even if one should use this. Just want to know if it is possible/feasible or not.
  So there you have it. That's the whole enchilada(as they say there in Texas). I tried to word my thoughts as concisely as I can, if there are still any clarifications, more information you or anyone else reading this would like, please do let me know.
  Regards,
  Leo..

• How to make NWBC Role based

  Hi SAP Experts,
  I am trying to connect NWBC Version: 10000.1.12.806 with ECC 6.0 ehp ABAP system , Its connecting and able to execute transaction codes.
  But I want to define NWBC role based for the users. I have followed note 1163891but role based display not coming.
  How it is possible , kindly help.

  Solved through NWBC Guide

• Re: Role based on request.remoteUser being null ?

  Claus,
  You can't test for a null. SP2 (a couple months) includes out-of-the-box
  visitor roles which do exactly what you want. They are based on the magic
  "users" group and can't be directly created via the admin tools.
  -Phil
  "Claus Ljunggren" <[email protected]> wrote in message
  news:3f6880ad$[email protected]..
  Group,
  How do I specify null in the role definitions for entitlements?
  I want to create two roles : loggedIn and notLoggedIn based on therequest's
  remote user property. Looking at the portlet examples the code looks ifthe
  remote user is null, but how can I specify this in the role editor in the
  PortalAppAdmin tool ?
  /Claus Ljunggren

  That would be reasonable. Add a property and set it true for
  each user. Anonymous profile/non-authenticated (default value) would be
  false.
  Create a visitor role based on the
  property value. The SP2 roles will be much more efficient.
  -Phil
  "Claus Ljunggren" <[email protected]> wrote in message
  news:[email protected]..
  Phil,
  Thanks for your answer - so I guess that - in the meantime - we would just
  use a property on the users property set?
  /Claus
  "Phil" <BEA> wrote in message news:[email protected]..
  Claus,
  You can't test for a null. SP2 (a couple months) includes out-of-the-box
  visitor roles which do exactly what you want. They are based on the
  magic
  "users" group and can't be directly created via the admin tools.
  -Phil
  "Claus Ljunggren" <[email protected]> wrote in message
  news:3f6880ad$[email protected]..
  Group,
  How do I specify null in the role definitions for entitlements?
  I want to create two roles : loggedIn and notLoggedIn based on therequest's
  remote user property. Looking at the portlet examples the code looks
  if
  the
  remote user is null, but how can I specify this in the role editor in
  the
  PortalAppAdmin tool ?
  /Claus Ljunggren

• What is the mean of using Portal with Role Based security as entry point

  Hi Experts we have requirement of integration of Portal and MDM
  I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
  1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
  2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from  SAP 4.6c
  Please give me the clarity of what is the meanin of second point
  Regards
  Vijay

  Hi
  It requires the entire land scape like EP server and MDM server both should be configured in SLD.
  Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
  Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
  Please go through this link
  http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
  You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
  The estimation involves as per your requirement clearly
  Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
  Regards
  Kalyan

• How to set the file path dynamically based on sytem, username, and date

  Hi All,
  My requirement is upload the data into one  structure like xyz that is related to t.code MCSZ.
  file will be in  UNIx SERVER .
  PATH IS: /sapif
  file name is xy789 load .txt
  I have  to write code in one user-exit
  how can i set the file path for this.
  shall i put hard code file path?
  because i have to writecode in user-exit.
  plz tell me how to set the file path based ons syetem, username, date
  Thanks in advance
  Ram.A

  Concatenate the field SY-SYSID, SY-UNAME and SY-DATUM for the file path

• How to Restrict Search based on the Roles for External crawled sites

  I have a situation where the search results have to be restricted based on role
  When External sites are crawled, how can we restrict the search results based on roles,
  I know that we can restrict the search to a group or set of groups that can contain many users but if the group have different roles and if that group has given access to a web repository search, how can we restrict the document/search access based on roles for the same group?
  For Example an Index that has external site as data source and the permissions were set for a group and that group has 2 roles, lets say <b>"Admin" and "user"</b> and the external site have some documents when searched the documents should come up only for the "Admin" role during search, but should not come up for the "user" role
  Is it possible to achieve this? Is there a solution?
  Any advices are greatly appreciated and awarded
  Thanks,
  kk

  Is it possible to restrict on role based?
  Any suggestions are appreciated
  Thanks
  KK

• So Can I determine the business partners linked to user based on the assigned role and org. structure?

  Hello, I am working on a SAP CRM 7 Sales implementation and we are implementing leads and opportunity scenarios. The current business organization model is that there multiple vertical and horizontal departments. This is typical matrix structure. This organization has done the segregation of its clients based on the verticals so every clients belongs to at least one or more Vertical department but Horizontal departments can contact all the clients. In the same way sales executives are also either belonging to one or more Verticals or Horizontal departments? Horizontal sales executive can create leads for any clients available in the system but a Vertical sales executive can only create lead only for the client belongs to his vertical and assigned to him. This can be achieved by creating organization structure and business partner relationship.
  Now the problem statement is that few sales executives need work for both some Verticals and Horizontals at the same time. But requirement is that they should be able to do the both roles with single user id but multiple roles. So when sales executive is creating leads his vertical department, he should only be able to select clients assigned to his Vertical only but when he is creating lead for Horizontal department, he should be able to select any clients.
  So Can I determine the business partners linked to user based on the assigned role and org. structure?
  Please let me know if this is not clear also  note we are only using CRM WebUI no SAP ePortal.
  Thanks a lot your help in advance.
  Regards
  Sudesh Sharma

  Thanks, Tahir
  my problem has solved
  Kind Regards,
  Faisal

• Role based authorisations in the Integration Directory

  We have built a new PI landscape (Pi 7.11) and worked with our security teams to perfect the various roles. I am now attempting to implement role based authorisations in the ESR & ID so that objects in our QAS and PRD environments can be configured but not deleted or created.I have implemented role based authorsations as per the SAP standard process performing the following actions
  Exchange profile com.sap.aii.ib.util.server.auth.activation was set to true and the Java Stack Restarted.
  I created a role in the ID that allowed editing of any object.
  I assigned the role to my userid in NWA useradmin
  I am unable to edit ANY object in the ID
  When I set the Exchange profile parameter to false I found I was able to edit any object in the ID.
  So its obvious that the Exchange Profile Parameter does make a difference. However, it doesn't appear as if the role I created is being referenced, even though I assigned it to my account in NWA user admin. I looks like I may be missing some exchange profile parameters. I have the following exchange profiles set:
  IntegrationBuilder.IntegrationBuilder.Repository com.sap.aii.util.server.auth.activation (string) = true
  IntegrationBuilder.IntegrationBuilder.Repository com.sap.aii.ib.server.acl.enable (boolean) true
  IntegrationBuilder.IntegrationBuilder.Directory com.sap.aii.util.server.auth.activation (string) = true
  IntegrationBuilder.IntegrationBuilder.Directory com.sap.aii.ib.server.acl.enable (boolean) true
  Any advice you can offer would be appreciated

  Resolved this issue.
  The documentation is confusing but finally found the answer by referring to the SAP XI 3.0 documentation.

• How to create context sensitive help and call the role based help from my Java Project?

  Hello All,
  I am new to Robo Help. I have created a Robo help for my Java Web Applicaion. My application is role base i.e some user's will not see some of the pages of the application. So I want to hide those pages in Robo help as well. I tried creating multiple TOC for different Roles.
  My Question is
  How to call robo Help from my application?(I will be calling using java script. If it is with RoboHelp_CSH.js where can I get that and How to implement it in my project)
  How to implement role based help?
  Thanks,
  Siva.

  I answered that. My point in asking whether it matters was that if it does, then you cannot use content categories and point different users to different categories and not allow them to see the others.
  The alternative, as I said, would be to produce different outputs for each role.
  As it does matter, then using webhelp you will have to use your RoboHelp project to produce a number of outputs, one for each category. Your app would install each webhelp into different folders and when your app determines the user role, you will link to the appropriate help.
  There is another thread running where it has been explained by Willam van Weelden that you can achieve what you want using browser based AIR help. If that form of help can be considered, then the thread is at http://forums.adobe.com/message/4914753?tstart=0#4914753
  Browser based AIR help must be run from a web server. It cannot be installed locally.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• How to make the KM Navigation iview role based

  Hi all,
  Can someone tell me how to make the KM navigation iview role based?
  First of all, is this possible? What I am trying to achive is display certain links for a user group and certain other links for another user group.
  Please guide me.
  Ashwini.

  Hi Ashwini,
  Can someone tell me how to make the KM navigation iview role based?
  >>>>>>>>>>>>>><i>You can have a Navig. iView in your own folder..Attach this iView to a page --> page to workset --> workset to a role. SIMPLE!</i>
  <b><u>Try this:</u></b>
  Have 2 iViews, 2 pages, 2 worksets, 2 usergroups (ug1 & ug2 (<i>say</i>))..
  Also, you have to separate your news links in 2 folders (folder1 & folder2):
       <b>iView1</b> --> links from <i>folder1</i> (for user of <b>ug1</b>)
       <b>iView2</b> --> links from <i>folder2</i> (for user of <b>ug2</b>)
  Hope it helps!
  Regards,
  SK.