Role Datasource

Hi all,
When i tried to create a portal role using WebDynpro, its default Datasouce is showing as UME Database.. How can i change the DataSource to some other.?
Regards
Vinod V

Thanks michael,
My requirement is to create a portal role, assign a page to it and get its properties using WebDynpro.
All those roles that comes in UME Database, i am not able to view or assign iviews to it. But those Roles whose Datasource is Portal Role, i can see then in a particular Directory and also possible to assign them with IViews.
When i create a portal role using WebDynpro, by default its Datasource is UME Database..
How can i solve this problem?

Similar Messages

Assign Security Zone Permissions to Portal Role

Hi all
I have created a portal role, say 'ABC', in my folder and assigned some users to this role. Now I want to assign security zone permissions for this role, ABC. When I try to do so, I am not able to find this role under 'Assign New Permissions' of permissions editor.
What more do I need to do to get this role for assigning permissions?
I am using Netweaver 2004s.
I appreciate your answers with good points.
Thanks in advance
Tejo

HI Fabien
Thanks for the reply. I tried with wildcard search. I am not able to find that role. When I search for all roles in permissions editor I see some 32 roles. When I searched the number of roles in User Administration tab, there are 55 roles( 40 in Portal Role datasource and 15 in UME database datasource).
I can see my role in User Administration window, but not in Permission editor.
Thanks
Tejo

LDAP Data Set - Group Membership / Multivalued attributes

Hello
I am attempting to get a list of groups and for which a user is a member in LDAP. I have created an LDAP datasource, and am attempting to create a new dataset.
Details are as follows:
Name: Roles
Datasource: LDAP Server
Searchbase: ou=people,dc=example,dc=com
Attributes: cn, description, uid, mail, isMemberOf
Filter: (objectclass=inetOrgPerson)
When I look at the Data in Tree View for this, I do not get what I am expecting. What is see is:
DATA_DS
-ROLES
--Description: Description goes here
--CN: My Name
--mail: [email protected]
--uid: [email protected]
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
If I have 5 roles, I see 5 isMemberOf attributes, but each value has all 5 memberships in it.
Is there something special that I need to do with multi valued ldap attributes?
Thank you.

Chris,
Brilliant! I had already enabled extended logging in OpenLDAP, but it didn't give me the answers I was looking for. I setup an OID instance (didn't want to get into packet sniffing when it's someone else's directory), captured the packets with ethereal, and there it was! I'm going to post more details about this (more on the process than the result), but here's my answer:
Filter: (|(uniquemember=cn=user1,cn=users,dc=demo1,dc=com)(member=cn=user1,cn=users,dc=demo1,dc=com))There's more to the process, but that's the answer I needed.
Thanks again for putting me back on track,
Tyler

Is it possible to grant datasource resume actions to the Operator role?

Hi gurus,
I'm trying to grant the JDBC datasource suspend/resume action to the 'Operator' role. I understand this is an admin task and the 'Operator' role cannot do this. I've tried to edit weblogic.management.runtime -> JDBCDataSourceRuntime -> suspend/resume policy Mbean via the JMX editor and added the Opertor role in a new policy, but I haven't been successful.
Is it possible to provide a user with a script (which can run as an Admin user), without providing the admin credentials to an operator user, so that he can resume a suspended data source?
Thanks.

Hello,
theoretically you could remove the domain admins from the local administrator group. BUT this you should first test in a lab to see what happens after removal on the SCOM server.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:

No datasource visible to BI Publisher Developer role

Hi,
I created an user with "BI Publisher Developer" role. When I login as this user, no datasource is visible to this user.
Even though create and edit report are available, he cannot do anything to complete the creation of report.
I know that "BI Publisher Developer" role is a built in role which cannot be edited.
Do I need to create a different role which can have access to datasource and assign that role to the above user (who already has a developer role)?
Document is not clear on this. Please let me know if this behaviour of "BI Publisher Developer" role is correct?
Thanks
Girija

Hi,
The "BI Publisher Developer" role is not editable and I cannot assign any data sources to it.
When I see datasource's definition, it only shows roles that were created by me, i.e. roles can be created and assigned datasources
and datasources can be created and given to previously existing roles.
So, I had to create a role with access to database and then give it to the user/developer to see that datasource.
Which is kind of weird because I have to give 2 roles to any of my report developers, (1) "BI Publisher Developer" (2) role with access to datasource.
Just giving (2) doesn't give him a report create/edit ability and just giving (1) enables the see to create/edit , but he can't successfully
create/edit a report without access to any datasource.
No where in the document it says a report developer needs 2 roles.

"Create" Datasource Privilege for Deployer Role

Hi,
We want to enable the "create" datasource privilege for the Deployer Role, after reading some information for this role looks like they are only allow to modify or delete datasources, but not create them. Admin privilege is not a good option for this group.
Any ideas or suggestions...

BoopathyVasagam wrote:
Thank you for your answer. So should I issue the below statement? (Since I dont have dba privs i couldn't test this)
GRANT CREATE VIEW to P_ETL_TEST_VIEW;
I doubt that above will prevent the error from being thrown.
prior to running anonymous block again; just do as below
SET ROLE NONE;
doing so should result in same error being thrown when invoking
BEGIN
p_etl_test_view;
END;

Your role no longer valid error message and cannot edit page

Unfortunately I don't have access to the file, am asking on
behalf of a
friend who is skittish about his skills navigating a forum.
His question is:
When I open contribute, and select the website I want to
edit..there is a
yellow bar across the top of the screen that says "your role
in this website
is no longer valid. Click connect to update your connection
with a valid
one" so when I click connect, it goes through some screens,
then it asks
what folder on the ftp server the website is in? before there
was this
problem, I could get into the page I wanted to edit, and make
the changes,
then when I would hit the publish button the old page would
show up..so I
could make the changes but they weren't publishing..but at
that point I was
getting no error message???
He's having those two problems.
Any thoughts? I don't know diddly about Contribute. Thanks.
Libbi

Hi, This is because SSRS requires a Login to connect to the datasource to process the report when subscription will be occuring at its scheduled time. I would recommend you to store the credential securily into report server.
GoTo: Report>Properties> Click on the Data Sources tab and you will see following options:
a)A shared data source
b)A custom data source
Use option b) and click on option Credentials stored securely in the report server
and provide credential information and further you can use options: Windows credentials and Impersonate the authenticated User if you require. Click on apply button.
*You can use any option of them provided in first option(a) also using the shared data source which is having credential saved into report server.
Once you have done with above you will be able to create subscription.
Cheers Sunil Gure

How to create a report of users in ucm about their roles and permission

Hi All ,
I need to create a report and it should contain all the users in ucm as well as their roles and permissions. Basically the report would be for the admin who can see all the users in a single report and can know about the roles and access of each and every users.
How to create such report ?? I have tried from web layuot editor but the default report template i.e stdUserReport in user datasource does not contain more than three fields..Is there any method to get such kind of report???
Please suggest!!

There was an example component to demonstrate this kind of function. Under Stellent in version 7.5
I do not know if they hand it out anymore but it is not on the standard samples page for Oracle. You may want to open a Support SR to ask for it. It should still be around in their servers if they can get permission to hand it out as a sample again.
Sample CustomReports component to demonstrate how to create customized reports
CustomReportsBundle.zip
Date:     October 30, 2006
Sample Version:     version=2006_10_20 (build 1)
Product and Version:     Content Server
Sample Status:     This is a Stellent Sample. Stellent Samples are free and include non-supported add-ons, utilities, tutorials or programming examples. It may require additional configuration or security auditing for maximum effect. It is not supported by Stellent without a consulting engagement.

Why josso has no DataSource Credential Store?

Hello everyone,
Do you take care of studying the josso-gateway-config.xml and find the Credential Stroe block is lacking of a way to store the username/passport pairs by DataSource?
this is the josso-gateway-config.xml listed as below:
<?xml version="1.0" encoding="ISO-8859-1" ?>

<domain>
<name>JOSSO</name>
<type>web</type>








<authenticator>
<class>org.josso.auth.AuthenticatorImpl</class>
<authentication-schemes>

<authentication-scheme>
<name>basic-authentication</name>
<class>org.josso.auth.scheme.UsernamePasswordAuthScheme</class>

<hashAlgorithm>MD5</hashAlgorithm>

<hashEncoding>HEX</hashEncoding>

<ignorePasswordCase>false</ignorePasswordCase>
<ignoreUserCase>false</ignoreUserCase>

















<credential-store>
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
<credentialsFileName>josso-credentials.xml</credentialsFileName>
</credential-store>



<credential-store-key-adapter>
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
</credential-store-key-adapter>
</authentication-scheme>

<authentication-scheme>
<name>strong-authentication</name>
<class>org.josso.auth.scheme.X509CertificateAuthScheme</class>

















<credential-store>
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
<credentialsFileName>josso-credentials.xml</credentialsFileName>
</credential-store>



<credential-store-key-adapter>
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
</credential-store-key-adapter>
</authentication-scheme>
</authentication-schemes>
</authenticator>
<sso-identity-manager>
<class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
























<sso-identity-store>
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
<usersFileName>josso-users.xml</usersFileName>
</sso-identity-store>



<sso-identity-store-key-adapter>
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
</sso-identity-store-key-adapter>
</sso-identity-manager>
<sso-session-manager>
<class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>

<maxInactiveInterval>30</maxInactiveInterval>

<maxSessionsPerUser>-1</maxSessionsPerUser>

<invalidateExceedingSessions>false</invalidateExceedingSessions>

<sessionMonitorInterval>10000</sessionMonitorInterval>






































<sso-session-store>
<class>org.josso.gateway.session.service.store.MemorySessionStore</class>
</sso-session-store>
<sso-session-id-generator>
<class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class>

<algorithm>MD5</algorithm>
</sso-session-id-generator>
</sso-session-manager>

<sso-audit-manager>
<class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>

<handlers>

<handler>
<class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>
<name>LoggerAuditTrailHandler</name>
<category>org.josso.gateway.audit.SSO_AUDIT</category>
</handler>

</handlers>
</sso-audit-manager>

<sso-event-manager>
<class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>

<oname>josso:type=SSOEventManager</oname>



</sso-event-manager>
</domain>
Is it means there is only way in Josso to save the username/passport by use of JDBC?
If you find the datasource can be used, plz tell me how?

oH, sorry , I found it !
there is no problem here!

Authorization issue - need to know the Role providing this access

Hi,
User is facing an authorization issue below:
"You donot have authorization to display DataSource 2LIS_06_INV, Component MM" and
"You donot have authorization to display DataSource 2LIS_11_VAITM, Component SD"
Kindly let me know what Role is missing from the user's profile?
Thanks and Regards,
Sachin
SAP Security Consultant

Hi Murali,
It helped.
I found out the BW Data Support role for the object S_RO_OSOA and when checked it was already in user's profile but the missing part was user Comparision for that role.
I did user comparision and then user is able to view the below DataSources....
Thanks for your help, it triggered to find the root cause.
Thanks
Sachin

UME with ABAP AS and LDAP Datasource

Hello SDN´s
We have tried very hard for the last days configuring the ume-xml for the following scenario:
-     LDAP is used to authenticate the user
-     AS ABAP is used to store the roles of the user (because they automatically becomes groups in the portal)
- the portal and the ABAP-system are on different servers
Given facts:
1)     we canu2019t synchronize the roles of the ABAP system to the LDAP
2)     we have to use the open-LDAP for the authentication
3)     DataSources are readonly
4)     User can have similar or different userid´s on the DataSources (Mapping required)
Therefore, we read the user and account information from the LDAP and groups/roles form the ABAP AS.
Result:
a)     user with similar userid on LDAP and ABAP AS: These user were no longer able to log on to the portal
b)     user with different id´s (mapped) on LDAP and ABAP: Can log on
Questions:
-     Is it true that similar userid´s leads to inherent problems of the UME Persistence Manager?
-     Did we set up a wrong config-xml?
-     Is there any other way how we could authenticate to the LDAP and having the Roles of a user read from the ABAP system dynamically?
Thank you very much for your help
Sincerely, A. Hunziker

Hi Andre,
Not sure if my remarks below can help you but I do hope that it can shine you some light.
We have LDAP as our main UME, which is configured in our Portal7.0. This means that security groups created in LDAP are "replicated" into the Portal. We created Portal Roles which are assigned to the security groups created in LDAP. We also use SSO and it was setup via the SPNego Wizard (http://help.sap.com/saphelp_nw70/helpdata/EN/45/40a0de773a7527e10000000a114a6b/frameset.htm). This way, the user only needs to login via Windows and access the Portal without having to login (when users have the same Windows userID as that of their SAP ID). If the users have a different userID between Windows and SAP, then they do a user map under personalization of the Portal.
To connect our Portal to our backend systems, we created a reference system (http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm) and we have our Portal certificates in all backend systems (http://help.sap.com/saphelp_nw70/helpdata/EN/d3/41c8efb31d11d5993800508b6b8b11/frameset.htm).
With the above, users have SSO from Windows to Portal and via the reference system, they can enjoy SSO as well into our backend systems.
Basically we have control what the users can see from the Portal (directly from LDAP security groups with users assigned to that) and what the user can do on backend is still maintain in the backend authorisation setup.
Hope that can help you.
Ray

No portal roles are assigned for this user.If this problem persists, contac

I am trying to access portal first time using j2ee_admin user. It is saying "No portal roles are assigned for this user.If this problem persists, contact your system administrator."
iam using abap+java enginee how config in abap enginne ,iwant which role to assign j2ee_admin user
i already asiigned sap_j2ee_admin,SAP_BC_JSF_COMMUNICATION,SAP_BC_JSF_COMMUNICATION_RO but it show same problem
please help me..
Edited by: Mugala Balu on Aug 7, 2010 5:53 PM
Edited by: Mugala Balu on Aug 8, 2010 7:48 AM

Balu,
Well this issue has been discussed many a times in forums. You would have to point your data source to ABAP system.
Check this thread in [here|J2EE Failed to start , after changing UME datasource;.
Good Luck!
Sandeep Tudumu

How to create a datasource in CTBW

Hello Gurus,
I am asked to create a new datasource 0vendor_attr in tcode CTBW
I am giving the details such as Basis datasource,class,client type,object table ,datasource type ,A datasource is getting created with naming convention 1CL_OVEN001,i am saving this datasource,I am not able to find this datasource in RSA5 or in RSA6 ,Also I need to add the characteristics to this particular datasource which I created,how do I give them,,
Kindly suggest
Waiting for your immediate response.
thanks

Hi
See it for step by step:
http://affine.co.uk/cms/uploads/How_to_Extract_Classification_Data_into_BW.pdf
See SAP-OSS Notes:
Note 1002105 - CTBW: Extracting multiple-value characteristics
Note 350296 - Multiple value characteristics for the BW System
Note 535370 - Interval-value and multiple-value characteristics for BW
Note 588184 - Role of client in data extraction
Note 306046 - Characters of classifctn - attributes in BW
After you exported the charactersitic datasources (1CL*) into QA, I reckon you should have to change the client name in CTBW
and regenerate the datasource.
Open the client for customizing with help from ever-resourceful basis colleagues, then try and generate the char datasources in QA. 'Normally' there is no deviation from QA onwards, so you may not have to do this in PRD.
Classification Datasource (CTBW) - Different characteristic onfig. in R/3 " Good One
Classification Datasource (CTBW) - Different characteristic onfig. in R/3
Change a Classification Datasource
Change a Classification Datasource
Classification Datasource for Equipment
Re: Classification Datasource for Equipment.
Thanks
Reddy
Edited by: Surendra Reddy on Mar 11, 2010 12:21 PM

Can't create DataSource in BI engine within Solution Manager.

Hi Experts,
I am doing development in the BI Engine (BI 7.0) within Solution Manager GSB 100 for our client to do Capacity Planning on XI.
I have created all the BI Objects but I could not create Application Components and DataSources from Modeling -> DataSources.
Note: The Source System for BI is Solution Manager, so everything is done within GSB 100 (Solution Manager Development / Test environment).
Can anyone help me with this? Or do I have to go to RSO2 and create a Generic DataSource and then Activate it in RSA5 and Transfer from RSA6?
Your time in this regard is much appreciated.
Cheers,
Chandu

Hi
You should have Authorizations assigned to your Role for Creating Application Component.
Yes, you have to Create the Application Component for DS at RSO2 -- Activate the Same at RSo2 (Hope you know you can see only Standard BC at RSA5) -- Transfer the Same at RSA6..
You can Create the Application Component at InfoSources Area -- RSA12.
Hope it helps and clear
Edited by: Aduri on Jan 29, 2009 10:01 AM

No active writeable datasource found for user creation, check your Persiste

HI SAP Guru's
Suddenly when I am login in Portal with J2EE_ADMIN or any user , I am getting error
You are not authorized to access this application; contact your system administrator
and when I am going to create user in identity management I am getting below error
Current user has user creation permissions in the UME, but cannot create users in the back-end system (data source). The original and possibly untranslated message was: "No active writeable datasource found for user creation, check your Persistence Configuration.".
I have searched all related treads in SDN but no success
Please help.
Thanks & Regards
Vinay Patel

Dear all,
I was searching the community because I had this same error and there was no answer of how it was fixed. So I'm sending how I fixed today in a customer environment.
1. Go to portal http://<portal>/webdynpro/dispatcher/sap.com/tcsecumewdumeadmin/UmeAdminApp
- select configuration
- folder "sap system based in abap"
- do the conection test
If the test fails, log on in client 001 and change user SAPJSF:
- assign role SAP_BC_JSF_COMMUNICATION (only this one) and one profile that has permission to RFC logon
- you can change the password too
STOP/START ABAP+JAVA
Go again to the portal above and test connection again. The tests should now be OK.
2. Go to portal http://<portal>/irj
- Log on with administrator user
Now you should be able to create an user.

Role Datasource

Similar Messages

Maybe you are looking for