SPML: search the roles assigned to a user and add others to him

Similar Messages

• ESW: What are the roles assigned with CRM user in ESW?

  I would like to see the CRM from a Sales role and a marketing role

  Hi,
  you can use the installation Guid for that:
  http://help.sap.com/saphelp_nw04/helpdata/en/25/33533dc1c0b60fe10000000a114084/frameset.htm
  Only thing that is not exactly mentioned there. If you create a special user to use NWA on the J2EE - this user should have J2EE_ADMIN authorisation.
  Rest is described exactly in the Guide Mentioned above.
  Hope this helps to solve the issue.
  Regards,
  Oliver

• Multiple roles assigned to an user

  Hi folks,
  My question sounds to be something weird, but wanted to be cautious. I see a lot of users in my environment with multiple roles assigned to them. When i checked the roles of an user who has three roles assigned to him, i noticed that all the roles have some tables in common with the same grants in all the three roles, and all these three roles are assigned to the same user. Will there be any problem?
  An example to explain my senerio...
  User scott has three roles A,B and C assigned to him. All the three roles have execute on xy.abc procedure and select,insert,update,delete on xy.xyz table. Will there be any problem to the user who is assigned all these three roles. Will there be any confusion from oracle to chooose from which role?
  Thanks

  This sounds to be something new. So When a oracle
  tries to hold all the privileges does it do a
  distinct on the table grants, so that i will have
  just one entry of the privilege of an object, though
  it exists in all the roles assigned to that user.No, the table objauth$ looks like this,
    1* select * from objauth$ where rownum < 100
  SYS@etest> /
        OBJ#   GRANTOR#   GRANTEE# PRIVILEGE#  SEQUENCE# PARENT                OPTION$       COL#
         133          0          5          0          1
         133          0          5          3          2
         133          0          5          5          3
         133          0          5          6          4
         133          0          5          9          5
         133          0          5         10          6
         133          0          5         11          7
         135          0          5          0          8
         135          0          5          3          9
         135          0          5          5         10
         135          0          5          6         11
        OBJ#    GRANTOR#  GRANTEE# PRIVILEGE#  SEQUENCE# PARENT                OPTION$       COL#
  ---------- ---------- ---------- ---------- ---------- ------------------ ---------- ----------where
  OBJ# is object ID, could be any object not only table,
  GRANTOR# is user# , ROLE is also considered a special USER internally in Oracle.
  SYS@etest> select user#, name from user$
    2  /
       USER# NAME
           0 SYS
           1 PUBLIC
           2 CONNECT
           3 RESOURCE
           4 DBA
           5 SYSTEM
           6 SELECT_CATALOG_ROLE
           7 EXECUTE_CATALOG_ROLE
           8 DELETE_CATALOG_ROLE
           9 EXP_FULL_DATABASE
          10 IMP_FULL_DATABASE
  ..............So different roles will have different records in objauth$. Even it's same privilege of same object granted to same user.
  a GRANTEE# can have same privilege to the same object from different GRANTOR#

• How to get the list of roles assigned to a user in all the child systems

  how to get the list of roles assigned to a user in all the child systems from CUA SYSTEM

  Try transaction SUIM in your CUA system. Go to user, cross-system information, users by roles. If you run it wide open, you'll get all users and all roles assigned for all systems managed in your CUA.
  Krysta

• Function module to Delimit the roles assigned to the user

  Hi All,
  I am working on security role automation process abap report.My requirement is to delimit the roles assigned to the user on account of employee termination or retirement. I have used the function module "BAPI_USER_ACTGROUPS_ASSIGN"  to delimit the role assigned to the user.
  Passing the importing parameter "username" and in the Tables parameter"ACTIVITYGROUPS"  passing the respective parameters AGR_NAME(Role), FROM_DAT(Start Date),TO_DAT(termination date - 1). When I passing the parameters as mentioned above,the role assigned to the user is getting deleted,instead of delimitation of the role assigned to the user.
  Is there any other function module we can use to delmit the roles assigned to the user?  Please help.
  Regards,
  Krishnan

  hai,
  please try this.
  /VIRSA/RE_BAPI_CREATE_ROLE- Create Roles
  /VIRSA/ROLE_ASSIGN_CUA_NH
  /VIRSA/RE_BAPI_ROLE_TO_USERS
  ASSIGN_USERS_HIERARCHY - User Assignment to Role - this is a Normal FM
  try this bapis this may work
  BAPI_USER_LOCK
  - BAPI_USER_PROFILES_ASSIGN
  - BAPI_USER_LOCPROFILES_ASSIGN
  - BAPI_USER_LOCACTGROUPS_ASSIGN
  - BAPI_USER_CHANGE
  - BAPI_USER_UNLOCK

• Function module to get the roles assigned to user

  Hi to all experts,
  I need a fm to retrieve the roles assigned to user .
  if a pass sy-uname as importing parameter i should to get all the roles assigned to that particular user

  hai,
  please try this.
  /VIRSA/RE_BAPI_CREATE_ROLE- Create Roles
  /VIRSA/ROLE_ASSIGN_CUA_NH
  /VIRSA/RE_BAPI_ROLE_TO_USERS
  ASSIGN_USERS_HIERARCHY - User Assignment to Role - this is a Normal FM
  try this bapis this may work
  BAPI_USER_LOCK
  - BAPI_USER_PROFILES_ASSIGN
  - BAPI_USER_LOCPROFILES_ASSIGN
  - BAPI_USER_LOCACTGROUPS_ASSIGN
  - BAPI_USER_CHANGE
  - BAPI_USER_UNLOCK

• Best way for limit users ? How to limit also the role assignment?

  Hi gurus, we are facing a strange situation.
  due to the politics implemented in our company , we are not allowed to delete the user record once this guy has finished in the company. We need to have an historic of users to consult who has made something in our R3 4.7 ERP
  We use instead the fiel VALID TO in the user record, so the user can´t access the system once the date is reached (it is the same thing that the standard transaction HRUSER manages the validity of the users...)
  The problem is that the roles assigned to the users are not limited the same way, I mean if an user has the validity of a role form the 2008/01/01 to 9999/21/31 its not limited.
  That means that in PFGC you can see the roles with user assigned but they are not really actives...
  Please, is there any possibility to limit also this range of dates in PFCG in an automatic way? It will help us a lot to have the role assignments up to date
  Thanks in advance
  Best regards.

  due to the politics implemented in our company , we are not allowed to delete the user record once this guy has finished in the company. We need to have an historic of users to consult who has made something in our R3 4.7 ERP
  Good! There are many discussions in the forum on the disadvantage of deleting users.
  We use instead the fiel VALID TO in the user record, so the user can´t access the system once the date is reached (it is the same thing that the standard transaction HRUSER manages the validity of the users...)
  The problem is that the roles assigned to the users are not limited the same way, I mean if an user has the validity of a role form the 2008/01/01 to 9999/21/31 its not limited.
  What's wrong with taking away all roles from these users? You can always retreive their previous assignments from the change documents.

• How to get list of Roles assigned to each User

  Hi,
  I have to create a list containing Roles assigned to each user in xMII 11.5.
  Need your help !
  Thanks in Advance !
  Regards,
  Alok

  Alok,
  Did you search (sometimes it is also good to make sure to search the forum for All threads not just the default time window)?
  https://forums.sdn.sap.com/click.jspa?searchID=22562502&messageID=5969490
  https://forums.sdn.sap.com/click.jspa?searchID=22562502&messageID=4890045
  More info from the help docs:  http://help.sap.com/saphelp_xmii115/helpdata/en/Connectors/IlluminatorSystemConnector.htm
  Regards,
  Jeremy

• Getting roles assigned to a user in OIM

  We need to write a query to find what are the roles assigned to a particular user and when it has been assigned , is there any source where the OIM tables and their attributes have been explained? We were referring the UPA_GRP_MEMBERSHIP for getting the roles( referring UGP_KEY)  and the user with (UPA_USR_KEY), is this correct or is there some other table which has the info?

  Thanks for your reply...
  To getting the roles of a user, what is the common attribute between USR and UPA_GRP_MEMBERSHIP table? Is it usr_key from usr table and upa_usr_key from UPA_GRP_MEMBERSHIP? if not, what are the differences between the two attributes and is there any other attribute to refer ?

• How to find the plant assigned to a user profile

  Hi All,
  i am new to SRM but supporting it. so pls help.
  how to find the plant assigned to a user profile?
  i need to assign a address code to a company code-plant-building code so that the shipping address should come as a default in the shopping cart.
  i found many plants in the PPOMA_BBP  transaction but could not understand which plant i should take for the abhove assignment.
  Thanks in advance.
  Regards,
  Anubhab

  Hi,
  There is one check box in transaction for default value for every attribute. And a particular attribute there has to be a default value.
  Use FM BBP_GET_ATTRIBUTES_AT03 to fetch all attributes for a particular shopper. Then check for the particular attribute witha default value.
  In this way you will get default plant for that shopper can further requirement can be completed.
  Regards,
  Brajvir

• How to find all the SM37/36 jobs, created user and step user details

  Hi Gurus,
  Is there any table or transaction is available to check all the SM37/36 jobs that are running in the system, details of created user and step user in single screen?.
  Regards,
  Srinivas

  Check the below tables
  TBTCP                          Background Job Step Overview
  TBTCO                         Job Status Overview Table
  TBTCJSTEP                 Background Job Step Overview
  TBTC_SPOOLID                   Background Processing Spool IDs Table
  TBTCS                          Background Processing: Time Schedule Table

• What is the differences between the account assignment category of E and M?

  Hi, I have a question about account assignment category.I hope someone give me the answer , and I would appreciate it.
      as you know, there are so many account assignment categories (e.g. A:asset,K:cost center)in sap customizing,when we want to purchase asset, we will input A to the field of account assignment category in purchase order.
       When will we input E or M in purchase order? What will it imply when we input E or M in purchase order? What is the differences between the account assignment category of E and M?
  Best Regards
  Bob Wang

  Vijay,Thanks for your answer,but I am still not clear about it,I have a instance to describe my question at detail.
      If there is a final product A, and the planning strategy for A is 20(MTO), the procurement type of A is F(external procurement) at the view mrp2 in the material master datas.
  step1: I creat a sales order.
  step2: run MRP for A.
  step3: transfer the purchase requistion into a purchase order,and the field of acc.***.cat. in the purchase order will be filled out M automatically, because the acc.***.cat. in the planning strategy 20(MTO) is set with E.
      Well, the purchase order is created, what is the relationship between the sales order and the purchase order? What will be happened about costing between the SO and the PO?
      If I delete the E, I make the PO become a standard PO, what is difference between standard PO and the PO including E?
  Best Regards
  Bob

• Script to Create User and Add profiles

  Instead of using the ODI 10g GUI Console to create users and add them to a profile, Can this task be achieved by scripting ? Either by wlst or JMX or Java Packages ? Please advise and guide me.
  -Thanks,

  Is there any other way for adding Bulk users and assigning them to a profile? Any thoughts Please
  Versions: 10.1.3.5 and 10.1.3.6

• How i can delete and remove apple ID of old user and add my current apple ID to used i pod touch?

  how i can remove and delete apple ID of old user and add my current apple ID to used I POD TOUCH

  Unfortunately, you cannot delete Apple IDs but what you can do is go to Settings>Store>and sign out of the old Apple ID on your iPod and the sign in to the new Apple ID.
  All of the apps that were purchased under the old ID will still need the old ID's password for updates.
  More info can be found here: http://support.apple.com/kb/he37

• How can i extended attribute of user and add attribute to ldap

  how can i extended attribute of user and add attribute to ldap
  1.
  i use spe to modified "Default User Library":add Field like
  title:nation name:accounts[Lighthouse].nation
  2.
  modified "IDM Schema Configuration"
  add <IDMAttributeConfiguration name='nation' description='default attribute from UserExtendedAttributes/UserUIConfig' syntax='STRING'/>
  in <IDMAttributeConfigurations>
  and
  add <IDMObjectClassAttributeConfiguration name='nation' queryable='true' summary='true'/> in<IDMObjectClassConfiguration>
  there is extended attribute when i create new user
  3.
  i create new resource to ldap,and i add nation in "Account Attributes" tab
  but the new attribute not add to ldap
  i am beginner,how to extended attirbute add add to ldap attribute?

  So, if I want to fill in blanks on a form where I need to add more pages to fill history, what program do I need? In Adobe Reader, I can edit and fill in blanks, but I cannot duplicate more blank pages.