SoD Analysis with Portal functions
HI all:
Can anyone point me to a place where i can find information on proces of creating SoD rules for Portal functions? We want to perform SoD analysis on Portal functions which do not necessarily have transaction codes.
We have iviews that we have restricted by role placement, very basic.
However, we would like to be able to analyse SoD based on Webdynpro execution. Is this possible and if so, how can we do this?
Thanks,
Margaret
Hi Margaret,
the Portal SoD Analysis is either based on UME actions or iView names, that's it.
Here you will find a guide:
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/502a14db-6261-2c10-22b5-95117ab0e5ed
Best,
Frank
Similar Messages
-
How to understand Permission level SoD analysis reports?
Hi ,
We would like to confirm whether our understanding is correct in analysing the SoD analysis reports at Permission Level
Below is an example on how functions are configured at permission level
Under Function 0C0004 we have t-code as below
VA01 - Create Sales Order with Auth Objects
B_USER_STAT - ACTVT 01 AND
ACTVT 06 AND
K_CKBS_CO-PC - ACTVT 01 AND
ACTVT 06 AND
V_VBAK_AAT - ACTVT 01 AND 02 AND 06 etc.,
Similarly we have another Function GA0001 with t-code as below
F-03- Clear G/L Account
F_BKPF_BLA - ACTVT 01 AND
F_BKPF_BUK - ACTVT 01 AND
F_BKPF_KOA - ACTVT 01 AND
We have defined Risk betwee GA0001 & OC0004 with RISK ID 0045.
Does this means that a User / Role which are having t-code VA01 with the above permission values should be thrown as a conflict if the same user/ role is having t-code F-03 with the above permission values.
Do we need to understand the conflicts are only between two transaction codes and their permission values? or
Do we need to understand within the transaction code permission values also there are conflicts i.e. if a user is having 01,02 & 06 for V_VBAK_AAT in VA01 also.
When SoD reports are thrown for a User/ Role it just provides the Rule ID number and the t-codes conflicting followed by the permission values of the t-codes as below
004500101 : Transaction Code Check at Transaction Start Transaction Code Create Sales Order (VA01) OC00004
004500101 : Transaction Code Check at Transaction Start Transaction Code Clear G/L Account (F-03) OCA00001
004500101: B_USERSTAT : ACTVT : Activity Delete(06) OC00004
004500101: F_BKPF_BLA : ACTVT : Activity Create or generate(01) GA00001
004500101: B_USERSTAT : ACTVT : Activity Create or generate(01) OC00004
004500101: F_BKPF_KOA : ACTVT : Activity Create or generate(01) GA00001
004500101: V_VBAK_VKO : ACTVT : Activity Create or generate(01) OC00004
In the above scenario what exactly we need to understand ? Whether the conflicts are between t-codes & their respective permission values or the conflicts are intra conflicts i.e between permission values as well? User should not posses both 01 & 06 for Auth Object B_USERSTAT and remove the access to any of them.
Please provide your suggestions in our understanding.
Thanks and Best Regards,
Srihari.KHi Sri,
In RAR the conflict is always between Actions not permission. Permission level data is only for your info. All permission level details out of the box are not configured you have to activate it and fill in the value in the field. Now based on the value you feed in it will pull out the details.
eg: if you enter * it will show all values, If you enter 01 it will show all values with 01.
So to summarize the permission level details you need to configure based on needs and are not linked to conflicts they just show AS IS permission level details.
Thanks,
Darshan -
Issues with portal integration of Web dynpro for ABAP application
Hi,
I have the following issues when i integrate a Web Dynpro for ABAP application with portal.
1. the iview does not contain some images, such as table scroll button images, maximize and close buttons of popups etc.
2. the iview loads properly, but there is an error in the status bar that says "Access denied"
3. is it possible to do absolute navigation from
role1->folder1->iview1 to role1->folder2->iview2?
when i fire this navigation from the webdynpro
application, the navigation does not happen in the
portal.
thanks,
Kavitha>
sridhar vadaga wrote:
> Hi Experts,
>
>
> CALL FUNCTION 'SCMS_STRING_TO_XSTRING'
> EXPORTING
> text = url
> IMPORTING
> BUFFER = content .
>
>
> Thanks & Regards
> Sridhar
I think you are overestimating the power of the SCM_STRING_TO_XSTRING function module. By supplying a URL as the value of the input text, it isn't going to magically go read the content from the remote location and convert that to a binary string. It is going to take whatever value you supply in th importing TEXT parameter convert that to binary. In other words it is literally converting the string http://xxx/test.xls to binary. You will need some other mechanism to read the content from the remote location into ABAP memory before you can process it. You will need to use the CL_HTTP_CLIENT class or call some sort of web service to retrive the content. -
Problems with planning function in Web Application Designer in 2004s
Hi All,
I have a problem in WAD 2004s with planning function. I created a web template that includes a query. It runs on the enterprise portal, and I can edit this query. The problem is: I don't know how to save this edited query, because when I use the button with function save, the new value doesn't appear in the relevant info cube.
Anybody can help me how to save the new values to the info cube?
Thanks in advance
Dezso TothI don't know if you ever resolved this, but you may just ned to change a setting on your query properties. When data is entered into planning layouts and saved, that data is put into a "yellow" request in the underlying infocube.
Until the necessary volume of data is posted which causes this to change to "green", it remains yellow. Note that this request could also be changed to green several ways. i.e. manually, by flipping the "real-time infocube behavior" switch, etc.
Anyway, as long as it "yellow" your query, by default will not consider it, unless you change it's properties to tell it to consider "yellow" requests. This can be done via RSRT and pressing the "properties" button. Choose request status "2" and your problem should be solved -
How to use PPM 5 (standalone or integrated with portal)
Hi,
I would like to know which advantages and disadvantages are presented by using PPM 5.0 standalone or integrated with portal? all functionality are the same in both cases? which is the best option?
Thanks a lot,
CAMILO URIBEHi,
from a functionality point of view, standalone and portal usage of SAP Portfolio and Project Management 5.0 are the same (except functionality which is in general only available within a portal, e.g. KM documents, collaboration rooms, etc.).
From a TCO perspective, for the standalone usage you'll only need the ABAP stack (except for ADS), i.e. if you don't anyway already have a portal in use in your company, this could lead to a lower TCO.
Kind regards,
Florian -
Is there any list for out of the box portlets that come with portal installation.
Is there any list for out of the box portlets that come with portal installation?
RameshYes - it's in the online help, on the Learning About Your Portal : About Portlets page. Here is the content:
Portlets Created Upon Install
The following portlets (and their necessary portlet Web services and Remote Servers) are created when you install the portal:
Folder Expertise:This portlet displays the list of folders for which the user is an expert. It is added to the User Profile page by default.
General Information:This portlet displays the default Profile Page. It is added to the User Profile page default.
Managed Communities:This portlet displays the list of communities managed by the user. It is added to the User Profile page by default.
Portal Login:This portlet allows users to log in to the portal. You probably want to add this to the guest user's home page so that users can log in from the default page displayed when they navigate to your portal.
Portal Search:This portlet allows users to search your portal and access their saved searches. Users might want to add this to their home page for easy access to their saved searches.
The following portlet templates (and any necessary portlet web Services and Remote Servers) are created when you install the portal:
Community Links:This template is used by the portal to create portlets that display the links saved in a Community Knowledge Directory folder. To learn more about Community Links Portlets, see Community Links Portlets.
Content Snapshot:This template is used by the portal to create portlets that display the results of a Snapshot Query.
You can also install the following functionality as part of the Optional Enterprise Web Components:
[url[/url]Stored Content:This portlet template allows you to create portlets that display stored content that is periodically refreshed. You might use this type of portlet to display content that is resource-intensive or takes a long time to generate. To learn more about Stored Content portlets, see Stored Content Portlets.
[url[/url]XML Source:This portlet template allows you to create portlets that can collect XML content from an external source and display it in the portal as HTML. To learn more about XML Source portlets, see XML Source Portlets. -
Apache log analysis for portal page visits etc
We are about to go into production with Oracle Portal (9iAS rel 9.0.2.0.1).
I have been looking into how to gather statistics on web site usage and have concluded that I cannot get the information from within portal logs since many pages are served from the cache and there is no interaction with the database at all.
I think I need to, therefore, analyse the apache log files. Can anyone recommend a good 3rd party product for log analysis? I am also concerned that the portal specific urls might severely limit the usefullness of the data I can extract.
Has anyone used a log analysis tool in conjunction with Portal or knows of a product with a specific add-on for Oracle Portal (I have seen these for other portals and CMS products).
Any pointers appreciated, I am completely new to this area.
Peter.Peter,
You might want to look at the "ClickStream Collector" that is included in a 9iAS installation.
I'm not sure if it will do what you want with Portal, but it's starting point.
Good luck!
Bill G... -
Can ASP with ODBC be used with Portal??
I have seen many clients develop active server pages using Frontpage or Dreamweaver hitting Oracle through ODBC (also JDBC). I know you can apply FP and Dream Weaver extensions to Apache. Can this be used with Portal to prevent re-coding existing applications or to stay with their present development plans?
Yes, you can expose any existing application environment through the portal. The fastest way to do it is to use the URL Services in the PDK to include application functionality as portlets by specifying the url. There are some restrictions with this approach. See the PDK for details. You can also code new portlets in Java that take advantage of the "External Applications Provider" capability to connect your portlets to an existing application in a single sign on way. Again, the PDK is the best source of information on this.
-
Hi!
Is anyone using BEA portal for user authentication and personalization along with
Integration for workflow??? Looking at the two sets of examples and full functionality
of wli it appears that the two should be easily tied together... Any thoughts
or advice would be greatly appreciated.
Thanks...PeggyHi Stanley,
THANKS very much for the info. Since our WLP instance
is already established I am leaning towards your
architecture. Hopefully I will get the documentation
done early next week and can start implementation.
The two domains will certainly simplify the
port over. Please ping on me in a few weeks
to discuss other aspects of this process....
THANKS again,
Peggy
"Stanley Beamish" <[email protected]> wrote:
Hi Peggy,
I'm doing the same sort of thing, with WLP and WLI sitting in separate
domains. This works fine, and separates the application load between
two
server machines (the WLP domain/server handles all the user/portal logic,
the WLI domain/server handles all the talking to external systemes and
business logic). However, I would also be very interested to hear views
on
running them within the same domain.
Stanley.
"Peggy" <[email protected]> wrote in message
news:3dbd9e48$[email protected]..
Sasi,
After reading the docs it looks like the two may live together
in the same domain...okay...not sure.
I will be 'porting' the WLI work I am doing into a current
domain where they have a portal installed. I think a single
domain is what I need.
I do not know if having two domains is better or not...do
you know?
Any insight is appreciated.
Are you doing anything similar?
THANKS! Peggy
"Sasikanth" <[email protected]> wrote:
HI Peggy
You can do authentication and personalization with portal and
workflow
with
WLI. But I would like to know whether or not you would like to launch
them as
a single domain or not.
regards
Sasi
"Peggy" <[email protected]> wrote:
Hi!
Is anyone using BEA portal for user authentication and personalization
along with
Integration for workflow??? Looking at the two sets of examples andfull
functionality
of wli it appears that the two should be easily tied together...
Any
thoughts
or advice would be greatly appreciated.
Thanks...Peggy -
Risk Analysis with "ALL" systems
Gurus,
I have a scenario where we have a rule set (not global) built on a logical system with 8 systems in it. We are trying to run the analysis with "ALL" systems instead of individual systems as we are hoping that the analysis will be performed only on the systems that are part of the logical systems. My understanding on how the risk analysis run may be wrong but I need a second opinion on my assumption. Please do let me know if any one needs more explanation.Hi Varma,
The Risk Analysis System "ALL" is really all connectors and is not tied to the Logical System (LS). The LS defines which systems are applicable for the rules. If your LS has fewer systems than all the connectors, just keep in mind that this impacts the results.
Example:
Existing connectors = A, B, C, D, E, F (ALL = A-F)
LS-1 = A, B, D, F
Run the report for "ALL" systems/connectors and lets assume that every system has SOD issues. Your results would look like this:
A = SOD violations
B = SOD violations
C = "no violations found"
D = SOD violations
E = "no violations found"
F = SOD violations
You would either need to add C & E to LS-1 or create a LS-2 with connectors C & E and create/upload rules for LS-2. Then ALL would find SOD violations for connectors A - F.
Hopefully I didn't over explain the question. Short answer is system "ALL" = all connectors and there is no choice to run the SOD report based on a specific LS.
-Dylan -
SDO_SAM 13390: error in spatial analysis and mining function
Hi All,
I have an arror, when I try to run function SDO_SAM.COLOCATED_REFERENCE_FEATURES.
I'm executing in this way:
BEGIN
SDO_SAM.COLOCATED_REFERENCE_FEATURES(
'CITIES', 'GEOM', 'POP2000 > 12000',
'CRIMES', 'GEOM', null,
'distance=20 unit=km', 'COLOCATION_TABLE', 20);
END;
At the begining I created tables CITIES and CRIMES with column GEOM SDO_GEOMETRY() type.
After that I inserted to USER_SDO_GEOM_METADATA values:
INSERT INTO USER_SDO_GEOM_METADATA (TABLE_NAME, COLUMN_NAME, DIMINFO, SRID)
VALUES ('CRIMES', 'GEOM',
MDSYS.SDO_DIM_ARRAY
(MDSYS.SDO_DIM_ELEMENT('X', 575977.125000000, 577368.125000000, 0.500000000),
MDSYS.SDO_DIM_ELEMENT('Y', 1195219.125000000, 1196522.000000000, 0.500000000)
32648);
COMMIT;
INSERT INTO USER_SDO_GEOM_METADATA (TABLE_NAME, COLUMN_NAME, DIMINFO, SRID)
VALUES ('CITIES', 'GEOM',
MDSYS.SDO_DIM_ARRAY
(MDSYS.SDO_DIM_ELEMENT('X', 575977.125000000, 577368.125000000, 0.500000000),
MDSYS.SDO_DIM_ELEMENT('Y', 1195219.125000000, 1196522.000000000, 0.500000000)
32648);
COMMIT;
and I also defined table COLOCATION_TABLE (tid NUMBER, rid1 VARCHAR2(24), rid2 VARCHAR2(24))
After that I was created spatial indexes.
When I'm trying to run as above I have an error:
Error report:
ORA-13390: error in spatial analysis and mining function: [INSERT INTO COLOCATION_TABLE VALUES ( :tid, :rid1, :rid2 )]
ORA-06512: at "MDSYS.MD", line 1723
ORA-06512: at "MDSYS.MDERR", line 17
ORA-06512: at "MDSYS.SDO_SAM", line 547
ORA-06512: at line 2
13390. 00000 - "error in spatial analysis and mining function: [%s]"
*Cause: There was an internal error in the specified analysis function.
*Action: Contact Oracle Customer Support for more help.
Can anyone offer any thoughts or guidance?
Many thanks in advance.
WojtekWhen I run query
SELECT rowid1, rowid2
FROM TABLE(mdsys.prvt_sam.Predicated_Join('CRIMES', 'GEOM', 'CITIES', 'GEOM', NULL, 'POP2000 > 12000',
'distance=20 unit=km'));
I have error:
ORA-13390: error in spatial analysis and mining function: [SELECT a.rowid1, a.rowid2 from table(mdsys.RtreeJoinFunc(cursor(SELECT * from table(sdo_rtree_admin.sdo_rtree_descrids('WOJTEE', 'CRIMES_SDX', 1)), table(sdo_rtree_admin.sdo_rtree_descrids('WOJTEE', 'CITIES_SDX', 2))), SYS.ODCIINDEXINFO('WOJTEE', 'CRIMES_SDX', SYS.ODCICOLINFOLIST(SYS.ODCICOLINFO('WOJTEE','CRIMES', '"GEOM"', 'SDO_GEOMETRY', 'MDSYS', null)), null, 0, 1),SYS.ODCIINDEXINFO('WOJTEE', 'CITIES_SDX', SYS.ODCICOLINFOLIST(SYS.ODCICOLINFO('WOJTEE','CITIES', '"GEOM"', 'SDO_GEOMETRY', 'MDSYS', null)), null, 0, 1), 2, 'ANYINTERACT', ' :dst_spec ', :tab1_predicate, :tab2_predicate)) a ]
ORA-06512: at "MDSYS.MD", line 1723
ORA-06512: at "MDSYS.MDERR", line 17
ORA-06512: at "MDSYS.PRVT_SAM", line 234
13390. 00000 - "error in spatial analysis and mining function: [%s]" -
General role of the SSO interface version on portal functioning
i have some general questions about the SSO version and the Portals functioning. it relates specifically to 9iAS portals 3.0.9 and OracelAS 10g(904).
- how significant is the SSO interface version (like v1.1, or v1.2) in the portal functioning.
- what relevance does it have with the WWSEC_ENABLER_CONFIG_INFO table entries? i know it can be seen in that table too. but what does it do for these entries.
- if the SSO interface version is not correct, does it change the site2pstoretoken value? i suppose it precedes this token value sometimes. does it not show this toeken value altogether?
- what errors one should expect if the SSO interface version is not correct for a certain portal?
thanks for any help.Hello Murthy,
What about simply use function module BBP_USER_GET_DETAIL with importing parameter USERNAME = SY-UNAME ?
You will get all user's roles in table ACTIVITYGROUPS.
Regards.
Laurent. -
About the role of SSO interface versions on portal functioning
i have a general question about the SSO version and the Portals functioning. it relates specifically to 9iAS portals 3.0.9 and OracelAS 10g(904).
how significant is the SSO interface version (like v1.1, or v1.2) in the portal functioning.
- what relevance does it have with the WWSEC_ENABLER_CONFIG_INFO table entries? i know it can be seen in that table too. but what does it do for these entries.
- if the SSO interface version would not be correct, will it change the site2pstoretoken value? i suppose it precedes this token value sometimes.
- what errors one should expect if the SSO interface version is not correct for a certain portal?
thanks for any help.i have a general question about the SSO version and the Portals functioning. it relates specifically to 9iAS portals 3.0.9 and OracelAS 10g(904).
how significant is the SSO interface version (like v1.1, or v1.2) in the portal functioning.
- what relevance does it have with the WWSEC_ENABLER_CONFIG_INFO table entries? i know it can be seen in that table too. but what does it do for these entries.
- if the SSO interface version would not be correct, will it change the site2pstoretoken value? i suppose it precedes this token value sometimes.
- what errors one should expect if the SSO interface version is not correct for a certain portal?
thanks for any help. -
Integrating oracle iStore with portal
Hi,
We need to build a B2C product catalog. I need answers to a couple of the questions listed below:
1.Is there any inbuilt commerce functionality present in Oracle 9ias Portal?
2. Is there any third party product available for building a product catalog of say eg. shoes?
3. Is it correct to say that oralce iStore is the ans. to building the product catalog?
4. what are the integration issues for integrating oracle iStore with portal?
Prompt reply would be a great help.
Thanks in advance.
AnkitaHi Kishore,
Here you find information on integrating Reports with Portal: Oracle Application Server Reports Services Publishing Reports to the Web.
Peter -
Compliance Calibrator v4.0 - Cross System SoD Analysis
Hi all,
I'm looking to run SoD analysis across BI7 and ERP using Compliance Calibrator v4.0. I can see the Parameter in the config overview, and have set it to yes is both systems. But there is nothing else in the documentation as to what other config etc is needed. Does anyone now the steps involved or could you point me in the direction of documentation.
Thanks in advance,
FionaHi,
there is a difference only if you have created and assigned mitigation controls to users.
In that case, you can decide to see the report of SOD conflicts with or without mitigation controls:
- Either you see all SOD conflicts including these that are mitigated (it is however clearly stated in the report whether a mitigation control exists or not)
- Or you see all SOD conflicts excepted these that are mitigated (we consider thus that mitigated conflicts should not appear in the report)
Rgds,
Karim
Maybe you are looking for
-
Display of report in excel format.
Hi, How to display a report in excel format?? I have the display details in an internal table. Is it possible for the output to come in excel format as soon as we run the pgm other.than downloading from list or grid format..If so how to do it?
-
How to transfer music to a new computer (PC)?
Simple question, I'm hoping for a simple answer. I've just purchased a new laptop PC and want to transfer my music to it. Is there an easy way to do this? All I can seem to find are some really convoluted steps to making this happen. And if I take th
-
According to PO number and Line item data should come once but its repeatin
I am calculating IR Quantity and IR value...... for a PO if there are four same line items i wanted them once but they are displaying for each and every line item If my po is 2003000151 and line item 0010 if both are same then i wanted ir quantity
-
Hi All, anybody knows how to call a batch file from java is there any DOS command aor dll file like url.dll by wich i can call my batch file from a java file or may be some body can tell me how to use FileUploadProtocal to call a batch file from java
-
I WANT TO BUY A MAC BOOK PRO. MUST I WAIT FOR THE ONE WITH RETINA DISPLAY. WILL THE FACT THAT THERE IS NO CD ROAM BE A PROBLEM? CAN YOU USE AN EXSTERNAL CD ROAM WITH A MAC?