Show or hide ADF custom tab based on user's role

Similar Messages

• Displaying custom content based on user's roles

  Hi experts,
  I have been asked to look for a solution to display custom content based on the current user's roles.
  Basically It would be a simple page (or several pages I don't know yet)  that displays links to others systems in the enterpise landscape. Links have to appear but they may be "desactivaded" for some users.
  So i'm thinking of a custom portal app in java that display this page embedded in an iview, a test to check the current user permissions and some css / javascript magic to do the trick.
  What do you think ? Would there be another solution that I'm missing which doesn't require development ?
  I'm open to any suggestion / technology
  Regards.

  Sounds good,
  You can also consider using Service Map iView or Workset Map iView if those links should point to other portal navigation locations:
  See more here:
  Navigation with a Service Map - Portal - SAP Library
  Navigation with a Workset Map - Portal - SAP Library
  Best Regards,
  Tal

• How to display screens (tabs) based on user authentication

  hi
  i am new to jheadstart, i want to display screens (tabs) based on users, ie if i have screens of dept, grade, desig, group, type, master etc..
  if user is admin display all the items in tab,
  if user 1 then display only dept, grade, desig
  if user2 then other settings....etc
  how to do this pls help,,,,,
  thx in adv
  Kris

  Kris,
  If you upgrade to JHeadstart 10.1.2.2 (requires a license), you will get built-in support for user authenrication and authorization including showing tabs based on the role. 10.1.2.2. ships with a demo app that uses all these features.
  Steven Davelaar,
  JHeadstart Team.

• How to hide screen group tab based on account group in XD01/02

  Hi Folks,
  I have added two screen group( custom tabs like 'general data' ) in XD01 screen. Based on the input parameter 'account group' I want to hide(supress) one of the tab. How can I read the account group no?
  Thanks and Regards,
  Kawish.

  Hi,
  Can you try to access the field like below. Just try to access the account group from main program in the method.
  field-symbols: <lf_KTOKD>  type KTOKD,
     data:               L_KTOKD type KTOKD.
  assign ('(SAPFM02D)KNA1-KTOKD') to <LF_KTOKD>.
  if sy-subrc = 0.
       l_ktokd = <LF_KTOKD>.
  endif.

• Custom plugin based on user role membership

  Hi all,
  I would like to develope a custom plugin that generates account userid (on process form) with different syntax against role membership.
  With "syntax" I mean name.surname.random_number for employee users and surname.company.random_number for example.
  I'll try to explain the scenario more in details:
  1. I create a user identity through a request
  2. After user identity has created successfully, I assign a role to the user. Since roles are associated with access policies, role assignment triggers provisioning on target system.
  3. The custom plugin that I would like to develope shuold be able to generate proper userid against role membership. For example if I assigned the role "Project Manager" the custom plugin should generate the account userid with name.surname.random_number format; viceversa if I assigned the role "External Reseller" the custom plugin should generate the account userid with surname.company.random_number format.
  Looking for custom plugin based on role membership in forum, I found a couple of threads about this subject:
  - Email notifications after role grant
  - Re: OIM 11g Role Membership Event Handlers.
  I tried to implement what explained in the threads, but I would be sure about what I've done.
  Here what I've done:
  1. created plugin.xml file
  2. created EventHandler.xml metadata file
  3. developed a java calss for testing pourpose
  4. copied the custom plugin class to OIM server for example in $MIDDLEWARE_HOME/OIMPlugins/lib
  NOTE: during this operation I have exactly mantained the same directory structure of custom java package.
  For example custom plugin class is under my.custom.plugin java package and I have copied custom java class under $MIDDLEWARE_HOME/OIMPlugins/lib/my/custom/plugin folder
  5. created a zip file containing custom plugin class (always with its directory structure) and plugin.xml file
  6. copied the zip file to $OIM_HOME/server/plugins
  7. edited ant.properties file (under $OIM_HOME/server/plugin_utility) setting wls.home and oim.home variables
  8. built the wlfullclient.jar (only the first time)
  9. registered the custom plugin
  10. created the custom plugin dataset file
  11. imported it in OIM database using "weblogicImportMetadata" utility
  12. purged cache using "PurgeCache" utility
  NOTE: all the steps above was executed using the system user running OIM process
  test java class
  package com.zeropiu.sky.custom.eventhandlers;
  import java.io.Serializable;
  import java.util.HashMap;
  import com.thortech.util.logging.Logger;
  import oracle.iam.platform.kernel.spi.ConditionalEventHandler;
  import oracle.iam.platform.kernel.spi.PostProcessHandler;
  import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
  import oracle.iam.platform.kernel.vo.BulkEventResult;
  import oracle.iam.platform.kernel.vo.BulkOrchestration;
  import oracle.iam.platform.kernel.vo.EventResult;
  import oracle.iam.platform.kernel.vo.Orchestration;
  import oracle.iam.platform.context.ContextManager;
  import java.util.Set;
  public class TestUserAnonimi implements PostProcessHandler, ConditionalEventHandler {
       private static final Logger logger = Logger.getLogger("com.zeropiu.sky.custom.eventhandlers");
  private static final String className = "TestUserAnonimi";
       @Override
       public void initialize(HashMap<String, String> arg0) {
            // TODO Auto-generated method stub
            String methodName = "initialize";
            System.out.println("###### " + className + " - " + methodName);
       @Override
       public boolean isApplicable(AbstractGenericOrchestration abstractGenericOrchestration) {
            // TODO Auto-generated method stub
            String methodName = "isApplicable";
  System.out.println("###### " + className + " - " + methodName + " - STARTED");
  System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextType(): " + ContextManager.getContextType());
  System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextSubType(): " + ContextManager.getContextSubType());
  System.out.println("###### " + className + " - " + methodName + " - abstractGenericOrchestration.getOperation(): " + abstractGenericOrchestration.getOperation());
  System.out.println("###### " + className + " - " + methodName + " - Printing ContextManager parameters");
  HashMap allContextManagerPairs = ContextManager.getAllValuesFromCurrentContext();
  Set<String> allContextManagerParams = allContextManagerPairs.keySet();
  String[] parameters = allContextManagerParams.toArray(new String[allContextManagerParams.size()]);
  for (int i = 0; i < parameters.length; i++) {
            System.out.println("###### " + className + " - " + methodName + " - Context parameter " + i + ": " + parameters[i] + " - Object type is: " + Utils.getObjectType(ContextManager.getValue(parameters)));
  System.out.println("###### " + className + " - " + methodName + " - ENDED");
  return true;
       @Override
       public boolean cancel(long arg0, long arg1,     AbstractGenericOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "cancel";
            System.out.println("###### " + className + " - " + methodName);
            return false;
       @Override
       public void compensate(long arg0, long arg1, AbstractGenericOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "compensate";
            System.out.println("###### " + className + " - " + methodName);
       @Override
       public EventResult execute(long arg0, long arg1, Orchestration orchestration) {
            // TODO Auto-generated method stub
            String methodName = "Eventresult execute";
            System.out.println("###### " + className + " - " + methodName);
            return null;
       @Override
       public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "BulkEventResult execute";
            System.out.println("###### " + className + " - " + methodName);
            return null;
  plugin.xml file
  <?xml version="1.0" encoding="UTF-8"?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
  <plugin pluginclass="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" version="1.0" name="TestUserAnonimi">
  </plugin>
  </plugins>
  </oimplugins>
  EventHandler.xml metadata file
  <?xml version='1.0' encoding='UTF-8'?>
  <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
  <action-handler class="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" entity-type="RoleUser" operation="CREATE" name="TestUserAnonimi" stage="preprocess" order="1007" sync="FALSE" />
  </eventhandlers>When I assign a role to a user through OIM web interface, I can see in OIM log file all System.out.println contained in initialize(), isApplicable() and BulkEventResult execute() methods. Is it correct? Can I implement my custom plugin logic now, or my starting point is wrong?
  ###### TestUserAnonimi - initialize
  ###### TestUserAnonimi - isApplicable - STARTED
  ###### TestUserAnonimi - isApplicable - ContextManager.getContextType(): ADMIN
  ###### TestUserAnonimi - isApplicable - ContextManager.getContextSubType():
  ###### TestUserAnonimi - isApplicable - abstractGenericOrchestration.getOperation(): CREATE
  ###### TestUserAnonimi - isApplicable - Printing ContextManager parameters
  ###### TestUserAnonimi - isApplicable - Context parameter 0: origuser - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 1: oimuser - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 2: RESOLVED_LOCALE - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 3: counter - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 4: TIME_ZONE - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 5: ipaddress - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - ENDED
  ##### TestUserAnonimi - BulkEventResult execute
  Thanks,
  Daniele
  Edited by: 886636 on Jan 24, 2012 2:53 AM
  Edited by: 886636 on Jan 24, 2012 2:53 AM

  Probably I don't explain myself clearly....sorry for that!
  Anyway you are right, the role of the user can change after the user is initially provisioned.
  I'll try to summarize to be sure to have understood your answer and to explain my scenario more in details:
  1. After user identity creation, I'll assign the role "Project Manager". Before role assignment the user has not any role. So using a pre-populate adapter I can retrieve the assigned role and compose the right userid.
  2. After step 1, I need to assign another role to the user, the new role should be "External Reseller" for example. In this case the user has a role already. What I would is: basing on the role that I'm assigning (External Reseller), the pre-populate should compose the right userid. Obviously this second userid will be different from the first one and this means a new account will be created for the user. At the moment I don't care to deprovisioning the first userid.
  Is it possible with pre-populate adapter?
  Sorry again for my not very clear explanations.
  Daniele
  Edited by: 886636 on Jan 24, 2012 4:10 AM

• How can I hide the provisioning tab from end users?

  Hi,
  Can someone tell me if it's possible to hide the "provisioning tab" within FIM? End users do not need to see this.
  I know how to modify RCDCs to hide individual fields, but I'm not sure about entire tabs.
  Thanks in advance

  http://social.technet.microsoft.com/Forums/en-US/74242380-c8ce-4904-863e-f28ae3605c7e/fim-r2-end-user-portal-customization?forum=ilm2

• Hide sections in dashboard based on user's group

  Hello everyone
  May I know whether certain sections of the dashboard can be hidden using guided navigation based on user's group? Any links in this regard.. I appreciate.
  Thanks in Advance

  Hi,
  guided navigation is the way to go. Now you need to think about the request which triggers guided navigation.
  Now, You can't use dual in a normal request in OBIEE. So you need to use an existing column from a subject area:
  1) Add for example column "Calendar Year" from your time dimension to your request.
  2) Add the same column again to your request.
  3) Click on the fx column of the second column, to change the formula.
  4) Change the formula to: LOCATE('GroupName', VALUEOF(NQ_SESSION.GROUP))
  The value of this column will be 0 when the user is not a member of GroupName and >0 when it is member of GroupName.
  5) Add a filter on this column: LOCATE('GroupName', VALUEOF(NQ_SESSION.GROUP)) equals 0.
  Check the results:
  When user X is member of GroupName, the request will result no rows. When user X is no member of GroupName, it won't.
  One note: when you use "A" as a groupname, you will get problems with this, because "A" is also in "Administrators".

• Hide or show column from a report region based on user logged in

  Hi,
  I have this criteria, where I need to display a column on a report page but depends on the users logged in ( APP_User).
  On the field(column page) there is the Conditional Display option
  Conditional Display
  Condition Type: I choose the option where "item value in Expression 1 = expression 1
  *Expression 1*
  App_USER
  *Expression 2*
  I need to add 4 user names here that they allowed to view that column
  My question is how to list the names in expression 2 field, it worked when I added one name, but when I listed 4 names separated by comma, it didn't work.
  I appreciate any help or any solutions from you.
  Thank you.
  Sofia

  If you use "Text in Expression 1 is contained in the Value of Expression 2" then you can provide a comma-separated list. The only thing to watch out for is if you have a user "Bob" and a user "Bob Smith" then you will get a match on "Bob Smith" for the user "Bob"

• Filtering top level tabs based on user attributes

  Hello everyone ~
  I've been creating role and workset filters based on the Webinar demonstration given by Marion Schlotte (<a href="https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/17968de1-0a01-0010-1f9f-c090fbc7001a">Filtering Role and Workset Content for Developers</a>) and things have been going well.  I've been assigning the filter to a role (an entry-point role) and then filtering what worksets the user sees at the second level navigation.
  Now what I'm trying to do is filter what top-level tabs the user sees using this filter.  So I assigned the worksets in the role as entry points, instead of the role itself being an entry point.  However, the filter doesn't work now.  I don't see any of the worksets in the top level navigation at all.  I also don't see any errors in the logs.  All of the messages I have logged during the filtering process are logging as normal, and I don't see any errors being thrown.  But still the top-level tabs for my worksets don't appear.
  Has anyone been testing with this functionality?  Why would setting the worksets as entry points cause the filter to no longer work?  Has anyone tried this, or have any ideas?
  Thanks for your help,
  Fallon

  Hi Will,
  I'm thinking on using this filtering approach to solve another problem... But for that, I need this filtering to work based on URL entered, not on the logged in user.
  I was thinking about implementing the method
  getObjectInstance(obj, name, nameCtx, environment)
  from
  FilterDemoCountryFactory
  to perform the filter based on URL (from context or environment). Do you know if this information (URL) is available in Context ou in Environment (hashtable)??
  Thanks in advance.
  Best regards,
  Raphael

• Weblogic Portal 9.2 | Access on portlets/JPF based on user defined roles.

  Hi,
  In my application, i have created some roles in the embedded LDAP of weblogic. Example. ViewBillsRole, ViewTicketsRole, etc.
  Now my requirement is that if a user hits the URL directlyy for bills, he should be shown it instead he should be taken to some page.
  Example: http://localhost:7001/myPortalWeb/myPortal.portal? _nbfp=true&;pageLabel=bills
  This URL when hit directly should take user to login screen. How can i restrict this? How can i access roles present in embedded LDAP. I saw some annotation rolesAllowed in page flow controller properties, but wasnt of much help.
  Can anyone tell me how can i achive my goal? Thanks
  Saurabh

  Hey Cindy,
  Thanks for your response. Let me be more clear in what i am looking for:
  Suppose my application has 4 modules e.g; Bills,Orders,Tickets,Services.
  Now i have defined some roles like ViewBillsRole,ViewTicketsRole,ViewOrdersRole and so on.
  When the user logs in and tries to manipulate the URL in such a fashion that he changes the _pageLabel property to that of bills and he is not authorized to access bills, he should be taken to some page with a message.
  For this when i did the following:
  @Control
  UserInfoControl userInfoControl;
  List<String> roleName =
  userInfoControl.getAvailableUserRoles(getRequest());
  I can see the roles mentioned above and i can check
  boolean isUserInRole = userInfoControl.isCurrentUserInRole(getRequest(), ColtConstants.VIEW_BILLS_ROLE);
  This lets me know if a user should be taken to the BILLS page or not. But if i use this approach to solve my problem, i need to make changes in all the modules across the application, which i think is not the best solution.
  I wish if i can configure this roles property on Controller level than action level.
  Now i saw allowRoles on controller level. This also internally uses approach 1 to determine what all roles are assigned to the user. But if a user has a particular role, still it thorws UnfulfileldRoleException.
  I hope you got my point. I am not sure where is the controller checking for allowRoles. If it is checking in request, i have it there.
  Do i need to configure all the roles in web.xml ? If yes then it means i have 2 places where roles are mapped. 1. Web.xml and 2. LDAP.
  Let me know what can be the best solution to cater my problem. The links you have sent doesnt seem to work right now.
  Thanks a lot in advance,

• How to hide custom tab in crmd_order

  hello gurus,
  In crm how to hide a custom tab (which is created through EEWB Transaction )for particular order types??
  ex: if a tab named ADDITIONAL DATA B is holding the info like contact name ,customer PO etc.,here my requirement is to hide that tab for some order types like CR & DR.
  Plz help me out in this issue..
  Bye--
  Pradeepa

  Hello Pradeepa,
  2 options to replicate the custom data to R/3:
  A- via EEWB, flag the 'R/3' flag
  extract from doc:
  Field Relevant for R/3 Execution?
  Specifies whether you use CRM Sales with R/3 Supply Chain Execution, and whether you wish to transfer the field to the R/3 System.
  Use
  If you set this flag, the system generates a BAdI implementation that transfers the field to R/3 BAPI structures. If your executing system is an R/3 Enterprise System, the system enhances the BAPI structures and tables for sales orders in the R/3 System so that the field is transferred automatically to the R/3 sales order.
  So, with this flag, during generation, the whole flow to R/3 and also the fields in the tables in R/3 are created.
  B- write your own integration flow via exits/badi in the middleware to integrate the fields into existing fields in R/3 tables.
  Regards,
  Fred

• Hide GL account  Tab in MIRO programatically

  Hello Experts ,
  Please let me know how i can hide GL account tab based on company code in MIRO programatically .
  using any exit or Badi.
  Please help me
  Ananta

  Hi,
  Generally MIRO screen have " PO reference" TAB & if you want active "G/L account' & " Material " TABs in the MIRO screen, you can activate by selecting two check boxes of "Direct posting to G/L account=active" & "Direct Posting to Material=active"  & then save, in the following path
  SPRO> Material Management>Logistics Invoice Verification->Incoming Invoice->Activate Direct Posting to G/L Accounts and Material Account
  Regards,
  Biju K

• Changing default Tab based on IP

  I have 5 tabs in a page, I would like to display the appropriate tab based on users IP address.
  I have 5 IP subnets for 5 branch offices and a tab for each branch, so for each IP I display their appropriate tab as default tab.
  How do I do it?

  hi ram,
  not sure if this is possible. A simple option that comes in mind is to bookmark the tab page. in portal 10.1.4 we support a pretty URL format that also lets you access tabs directly. every department gets a different bookmark to access the page.
  regards,
  christian

• Hiding a column in BSP based on user

  Hi,
  I have a requirement in which user enters into PCUI Screen in EP Portal where there is button which displays a BSP Page. Now depending on user the page should differ. i.e if user is manager he should see a different page on clicking the
  button and if user is engineer he should see a different page on clicking the same button.
  Can anyone suggest how can i achieve this?
  Thanks and Regards,
  Sneha Puppala.

  Hi, I would suggest to options here.
  1. Using Authorization object: Create the Roles for Manager & Employee etc
    AUTHORITY-CHECK OBJECT 'YOUR_MANAGER'
             ID 'USER_NAME' FIELD SY-UNAME
             ID 'ACTVT' FIELD '03'.
  if sy-subrc EQ 0.
  Show some pages
  else.
    AUTHORITY-CHECK OBJECT 'YOUR_EMPLOYEE'
             ID 'USER_NAME' FIELD SY-UNAME
             ID 'ACTVT' FIELD '03'.
  if sy-subrc EQ 0.
  Show some pages
  ENDIF.
  endif.
  Option2: Create your custom table & maintain the user id & roles. Before you display the page, read the table show the corresponding pages.
  <u>* Reward each useful answer</u>
  Raja T
  Message was edited by:
          Raja Thangamani

• Hide Tabs based on a table driven customer access

  Hi,
  I want some of the tabs to be hidden based on user profile that I've saved in a table... in the table I've identified user name (that I am comparing against the login user name) and in one of the columns I've identified if they should have access to the tab or not (by entering "Y" against the user names that should have access to the table)... Table looks something like this:
  Table Name: Table_A
  User_Name Tab_Access
  ABC
  BCD Y
  XYZ Y
  EFG
  (note: based on the above table only users BCD and XYZ should see the tab for the rest it should be hidden)
  To accomplish the above, I've put following PL/SQL code under "Conditional Tab Display"
  APEX_UTIL.Get_First_Name(:APP_USER)||' '||APEX_UTIL.Get_Last_Name(:APP_USER) in (select User_Name from Table_A where Tab_Access = 'Y)
  and set Tab Display Condition to PL/SQL expression
  and got the following error message:
  Invalid PL/SQL expression condition: ORA-06550: line 1, column 114: PLS-00405: sub query not allowed in this context ORA-06550: line 1, column 7: PL/SQL: Statement ignored
  when I changed the above PL/SQL statement to something like this (it worked):
  APEX_UTIL.Get_First_Name(:APP_USER)||' '||APEX_UTIL.Get_Last_Name(:APP_USER) in ('BCD', 'XYZ')
  Please advice

  Hi,
  Try this for Conditional Tab Display:
  Condition Type: Exists(SQL Query returns at least one row)
  Expression 1:
  select 1 from Table_A
  where Tab_Access = 'Y' and
  User_Name = APEX_UTIL.Get_First_Name(:APP_USER)||' '||APEX_UTIL.Get_Last_Name(:APP_USER)Update your forum profile with a real handle instead of "qwe12654".
  Use [url http://wikis.sun.com/display/Forums/Forums+FAQ]formatting tags for code to indicate the code you are using.
  Hope it helps!
  Regards,
  Kiran