Roles, Groups and Class of Service
Hi,
I am new to LDAP, have a good RDBMs background. I have read the Sun documentation to understand the concepts. Can someone recommend a good source that provide examples on how to set up Roles, Groups and Class of Services.
Thanks,
Bala.
Directory Server documentation set contains the best examples to my knowledge.
You may want to start with the Deployment Guide for introduction to the concepts and Administration Guide for setting them up and examples.
Regards,
Ludovic.
Similar Messages
-
Delegated Admin and Class of Service
Hi
we have configured
Messaging Server
Calendar server
Instant Messaging Server
and Portal Server
We would like use delegated admin for user provisioning.
We are able to modify default Class of Service templates to suit our needs for Messaging and Calendaring.
We would also like to provide Portal desktop and Instant messaging access thru' delegated admin.
Help us to configure these class of services either using directory console or any other method
Thanks
Sabarkbunca wrote:
Recently we deleted about 3K users using: commadmin domain purge, and while
it appears to have successfully deleted the users -- ldapsearch doesn't yield any
output. The lower number of users is NOT reflected in the field "Number of Users"
on the Delegated Admin page. It still shows the same number of users >11K we
"had" prior to the deletion process.
Any ideas to explain this discrepancy?The number of users displayed in the DA GUI is recorded in the "sunNumUsers" attribute associated with the domain e.g.
dn: o=aus.sun.com,dc=aus,dc=sun,dc=com
sunNumUsers: 11
This is to avoid having to do an ldapsearch across the domain to get a count. You can manually update this attribute to get the number back-in-sync.
The commadmin domain purge should have updated this value -- I couldn't find any pre-existing bugs to explain why it didn't happen in your case. I suggest you log a support case to get this looked into further.
You may also want to check your directory audit logs to see if an attempt was made to update this attribute but failed for some reason.
Regards,
Shane. -
Explaning the concept or roles, groups and owners
Hi, i'm trying to find any documentation which explains theses concepts i 've tried the oracle library but it was no results.
Can anyone help me?
I'm trying to undestand that.Hello,
have you gone through the BPM tutorial:
http://download.oracle.com/docs/cd/E13154_01/bpm/docs65/tutorial/index.html
It gives some basic understanding of the implementation ofthe roles and groups.
If you are looking for further material on the topic then look into the following material on studio:
http://download.oracle.com/docs/cd/E13154_01/bpm/docs65/studio/index.html
Check the documentation for organization.
Hope this helps,
Regards,
Jaydev Doshi. -
The user does not have to be the owner of the cwm2 objects to access them. Access to cwm2 objects is based on database security. Therefore, if the user is not the owner of the object (if user is the owner, they obviously have access to the object), then as long as the user has been granted access to the underlying physical object (i.e., the table the dimension or cube has been mapped to), the user will be able to access the object.
-
BI Server group and Presentation Services group
Hi Experts,
I've created a BI Server group and a Presentation Services group - both named 'Reporting Superuser'.
Next I've created a user (User_1) in the BI Administration tool and added the user to 'Reporting Superuser'.
The Presentation Services group 'Reporting Superuser' has full control on the right folders and the corresponding dashboards.
I haven't added User_1 to the Presentation Services group 'Reporting Superuser'. According to the documentation that shouldn't be necessary.
Unfortunately when I log in using User_1, I don't see any of the dashboards User_1 should have access to through the group membership.
Is there anything I might have missed?
OBIEE Version 10.1.3.4.1.090414.1900
Thanks for your help
Regards
AndyFirst check whether user is assigned with that particular group after logging in..
log in to presentation service with that user and go to my account.. and check for following:
Group Membership
This list shows the groups to which you belong.
Group1
Group2
check whether that user belonged group is there in that list or not... -
ESB METADATA ISSUES WHILE DEPLOYING ESB SERVICE GROUPS AND SERVICES
Customer has SOA Suite 10.1.3.4 with MLR#8.
We have 2 separate SOA based integrations being shipped to the customer which
he can install together. The 2 integrations share a ESB service group called
"EBS" under which some ESb services are registered.
One of the integration was installed/deployed on the SOA server successfully
and the services were running successfully.
When the second integration was installed, it gave some errors while
deploying/registering the common ESB service group and the ESB services under
it.
<error code="1067" severity="5">
<description>Already esb metadata is getting modified by {0}.Concurrent
modification of esb metadata is not allowed.</description>
<fix>Please try after sometime.If Error Persists, Contact Oracle
Support</fix>
</error>
The customer tried bouncing the SOA server and the SOA db as well before
re-trying but no help.
Any pointers ?
Thanks.i would recommend delete and recreate the ESB Components.
R u using some scripts to create it or is it manually from ESB Console ? -
Using class of service to manage password policy
We implemented password policy on our old DS across the board, which entailed finding all of the special administrative accounts used by software and setting an expiration date at the end of the epoch. I was wondering if a smarter way to do this is to create a class of service template for normal and special accounts and tie those into our user accounts. Has anyone done this?
Thanks.Sun DS 5.2 supposedly has support for the latest LDAP password policy internet draft which allows you to explicitly setup password policy on a subtree or user basis. It uses roles and class of service under the covers. I would use that instead of rolling your own.
-
Hi,
Can someone explain role groups and what they are useful for? I know you can add a bunch of Roles into a group. It seems like just creating a role with other roles is more useful.
I can't see what use they are when you are dealing with setting up your TLN and Detail Nav. You can't put the inserted roles in any order so there is no way to control how they would appear in the navigation to the user.
Can anyone help me out why I would use groups vs. setting up a role within role type organization?
Thanks!Hi everybody,
From the image you sent ("Assigned" roles, as already written before), Kenneth, as well as from the ongoing discussion, it's just what I already said: Role are "assigned" to groups, and that from the hierarchies point of view, is: Roles "have" groups.
> roles in groups has its own purpose
That is a wrong termonology. If anything is "in" something, groups are "in" roles. Sometimes people also talk of groups "assigned" to roles, as this also makes sense from the hierarchie's point of view. Anyhow, the other way round makes more sense from a semantic point of view (groups, as users, may "play" different "roles", so roles are assigned to these principals) and is the common one. Nevertheless, draw some UML class diagram, and you'll see that a role "has" groups (and users) and a group has groups and users.
> how to control what level an item will appear on
At this point, the discussion should reflect the differences between UME roles and PCD role objects. It's also not necessary (and not advised at all officially by SAP) that the roles themselve are the entry points (but the workset(s) under a role, in most cases).
Anyhow, as I have described in my second posting, the hierarchy is used within the UME, so that in most cases there will be a 1:1 relationship between groups and roles (this is not necessary, and sometimes other combinations do make sense, but it is a (quite general) advise).
Hope this brings some light into it...
Best regards
Detlev -
Policy map/ class map/ service policy for IOS xr
Hi,
I need to create a policy map and class map/service policy to limit the amount of bandwidth that can be used on one interface both in and out.
I need the cap for the bandwidth to traverse this circuit to ne 10 Meg.
the IOS xr version we are using is 4.3.4
I was hoping someone could help me out by giving me a configuration example I could follow.
Thank you.for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander -
Standard roles, groups, profiles of a rfc-user
hi,
can anybody tell me please, which are the standard roles, groups and profiles of a rfc-user in our sap xi-system?
thanks.
regards
StefanHi,
Check the links for authorizations.
http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
also check if your user have this roles in abap stack TECODE su01
SAP_XI_ADMINISTRATOR
SAP_XI_CONFIGURATOR
SAP_XI_CONTENT_ORGANIZER
SAP_XI_DEVELOPER
SAP_XI_DISPLAY_USER
SAP_XI_MONITOR
SAP_ALM_ADMINISTRATOR
SAP_J2EE_ADMIN
SAP_SLD_ADMINISTRATOR
SAP_SLD_CONFIGURATOR
SAP_SLD_DEVELOPER
SAP_XI_ADMINISTRATOR_ABAP
SAP_XI_ADMINISTRATOR_J2EE
SAP_XI_CONFIGURATOR_ABAP
SAP_XI_CONFIGURATOR_J2EE
SAP_XI_ID_SERV_USER
SAP_XI_IR_SERV_USER
SAP_XI_RWB_SERV_USER
SAP_ALM_CUSTOMIZER
SAP_BC_BASIS_ADMIN
SAP_BC_BASIS_MONITORING
ARG_XI_DEV
Thanks,
Vijaya.
Edited -
Hi Xperts
Role group has been created and couple of roles assigned to it.But when creating
Org and Group, my role grouping is not displayed in the drop down list.At the same time it is available in the list if trying to create Person.
Can somebody throw some light on this
Thanks
JessyHi Jessy,
Just check the roles u have assigned in ur BP role gouping are valid for all the BP categories.
For this goto:
SAP Implementation Guide-> Cross-Application Components->SAP Business Partner->Business Partner->Basic Settings->Business Partner Roles->Define BP Roles
1. View the Roles u have added in BP Role Grouping and check their BP role category.
2. Now In BP Role category , check if in Possible Bussiness partner category the all the Bussiness partner categories are selected (Person, Organization, Group)
In case in ur BP role category, u have a role which is valid for just one BP category say person, even ur BP role grouping will be visible in Person category.
Regards,
Shalini Chauhan -
Group and Owner fields blank when viewing Service Request results via UWQ
When looking at a row that represents a service request in either the UWQ or View Service Requests (search form) the group and owner columns are blank only for some of my users.
If you look at the detail for the SR, there is a owner and group.
Not sure what the issue is..? Inherited this role.
-JPWhich release is this occuring? At the first glance it looks like an issue that cropped up in 11.5.3. and has been fixed since.
-
Class and release group and code in release strategy??
hi experts ,
Can some body explain me..
I have created Characteristics and Class for for release strategy.
But while creating release group , i should assign my class with release group , after doing this when i save , its giving error as check the release classes????
I m using the same class what i have created for my company..
So how to over come this issue
ThanksRelease Prerequisites
Definition
The release prerequisites indicate the sequence in which a purchase requisition or an external purchasing document must be approved via the release codes. The release prerequisites are defined in the Purchasing Customizing facility (in the release strategy).
The approval procedure for purchase requisitions in an enterprise may be set up in such a way that a department manager must approve a requisition item before the next level of authority (e.g. the cost center manager). In this case, approval by the department manager is a prerequisite for approval by the cost center manager.
Release Indicator
Definition
When a requisition or an external purchasing document has been processed via a release code, a release indicator is assigned to it.
When the system sets which release indicator is defined in the Customizing facility for Purchasing (in the release strategy via the release statuses).
What does the release indicator determine?
Requisitions...
External purchasing documents....
Whether the item may be changed by Purchasing or Materials Planning and Control after the start of the release procedure
Whether a new strategy is determined and whether existing releases must be cancelled in the event of changes
Whether an RFQ or a PO may be created with reference to the item
Whether the document may be changed by Purchasing after the start of the release procedure
Whether a new strategy is determined and whether existing releases must be cancelled in the event of changes
Whether the purchasing document is released for transmission
Alternative Release
Definition
Within the release sequence, you can define alternatives. This means that several employees can effect release (signify approval) at a certain point in the sequence. If just one of these employees has effected release, the next release status is reached. The other employees thus need take no action.
Five release codes are defined for purchase requisitions in an ascending hierarchy. The requisition item can be converted into either an RFQ or a PO if release has been effected either with the release codes 01, 02, 03 and 04 or - alternatively - with release code 05.
The box with the information on the release strategy also offers you the possible alternatives for selection (see Displaying Release Information).
An alternative release cannot be a prerequisite for the next release code. In the above example, the releases with codes 01, 02, 03 and 04 could not be prerequisites for release with 05.
Release w. Classification (PReqs./Ext. Pur. Docs.)
Use
The aim of this procedure is to replace manual written authorization procedures using signatures by an electronic one, while maintaining the dual control principle.
The person responsible processes the requisition or other purchasing document in the system, thereby marking it with an "electronic signature" which can give the document legal force.
This release procedure can be used to approve requisitions and the external purchasing documents RFQ, PO, contract, scheduling agreement, and service entry sheet.
Purchase requisitions are released either at item level or in total. There is no provision for item-wise release (i.e. partial approval) in the case of the external purchasing documents. The latter can only be released in their entirety.
If you set up the release procedure with classification for purchase requisitions, the procedure without classification is deactivated.
Prerequisites
The release procedure with classification must have been set up in Customizing for Purchasing. In addition, a class with characteristics must have been created for each document (requisition, purchase order, etc.).
If you wish to set up both the overall release procedure and the item-wise procedure for requisitions, you must create one class for each procedure.
How to do this is outlined in the Implementation Guide (IMG) for Purchasing in Define Release Procedure for the relevant documents and in Set Up Release Procedure with Classification for purchase requisitions. You will find detailed information on classification in the R/3 Library in the documentation CA Characteristics and CA The Classification System.
This procedure offers a wide range of possible combinations of release criteria. Should you nevertheless have other requirements, use the enhancement provided by SAP.
Operation of Release Procedure w. Classification
The characteristic values from a requisition or external purchasing document are passed on to the classification system.
The system checks whether the values correspond with release conditions. If so, it assigns a release strategy.
The persons responsible for the release codes process the document in the sequence defined in the release strategy. -
Hi, folks:
In order to have separate PROD and DEVL services, I created a role to include all production databases/listeners require 7*24 paging support. Then I assign a user(Administrator) to this role and subscribe to my own notification rule (This rule only checks for important metrics). And this user has a pager for its email address. As for the other DBs, I simply let the OEM provided notification rule take care of it and have some important alerts send to an email address. In the future, if I need have any new database requires 7*24 paging support, I can simply add the DB in this role. Is this a good approach. Can GROUP be used in this setup, like putting all important stuff (Listener, hosts, DB) in this group and simply assign the group to the role??Yes. Allen. Group is for that purpose only .. simply you can segregate your whole application in to diffrent area .. either or PROD/DEV/UAT or into diff region for eg NA/EMEA/APAC or with diff applications ...
-
I have 2 questions and these are very urgent :-
1. Where the mapping can be defined between LDAP groups and WebLogic Roles. I have
2 groups in iPLanet :- Contarctors and employees and I have 2 security roles in weblogic:-
contractactors and employess. How do I map LDAP group contractors to weblogic security
Role contractors? Similarly for employees ?
2. I have not defined contarctors and employeees under People container in IPlanet.
e.g. The RDN for contractor is
uid=1234,ou=dir,dc=orams,dc=com
Can I still use the defualt security realm of weblogic (the WebLogic Security Realm
under People ) OR I have to write my own custom code ?
3. I am planning to use Roles insetad of groups to manage the logical grouping in
iPLant. Can I still use the groups in WebLogic security realm ( in the configuratin
parameters ?)
This is very urgent ....so if any of you can throw any hints that will be greatly
appreciated.
--SunitaHi Ariel,
The driver is bundled with the product in WLS 6.1sp1. you don't have to
download any additional driver. Use it as you normally would only thing to
remember is if you are trying to write standalone java code then you have to
have weblogic.jar in your classpath. For the rest of the info follow the wls
docs for 6.1
HTH
sree
"Ariel" <[email protected]> wrote in message
news:3bb4a643$[email protected]..
We want to connect our Weblogic 6.1 sp1 server to a SQLServer 2000 db. We
downloaded the JDriver from bea.com, but all the istructions that camewith
it are for WLserver 5.1.
What has to be done to do this with 6.1 sp1?
Thanks,
Ariel
Maybe you are looking for
-
Can u tell me any predefined BAPI for change and creation of Material
Hi, Can anybody tell me predefined BAPI for change and creation of Materialmasterand Pricing? Thanks & regards, Gopianne.
-
HTTP_RESP_STATUS_CODE_NOT_OK HTTP Response 404
Hello experts. I'm facing the following problem with XI IDoc to IDoc scenario. The problem is that XML messages appear in SXMB_MONI transaction with an error status, the status is HTTP_RESP_STATUS_CODE_NOT_OK. The error looks as following: <?xml vers
-
When a new email account is set up on my laptop and then I sync iphone (sync email yes) is the new account info supposed to get into the iphone? It seems not and I have to re enter all the account info into my iphone... am I missing something? I'm no
-
Sound On Entire Computer Gets "Warbled"/Distorted Whenever I Open Audition
Hello. I apologize in advance if I'm posting a topic that's been posted before. I'm new to the forums, and couldn't find a similar topic via the search tool. Anyway, whenever I open Adobe Audition, the sound on my entire laptop becomes "warbled" or d
-
I closed the mail folder when I did a software update. This morning, the mail icon is missing, and am not able to open from applications, or find it anyware in the toolbar. Error message says that Mail 3.6 is not supported by OSX Lion 10.7.3