SSRS Role ID and TaskMask

Similar Messages

• SSRS Integrated Mode and SSAS delegation issue

  We have setup SharePoint 2010 with SSRS 2008 R2 and all the Kerberos goodies to do delegation. However, we have a small issue that I believe is due to caching. We setup roles in the cube that restricts what a user can see. If we access the report in SharePoint
  with a user who belongs to the restricted role, everything is trimmed as expected. However, if we access the report immediately as the user who is not restricted they see the restricted data. If we wait a couple of minutes and do the same steps only switch
  which user goes first, unrestricted data is displayed. If we do an IIS/SSRS reset in between the two tests, everything works as expected. Where should I be looking for caching? SharePoint, SSRS, SSAS? Any ideas are welcome.

  You can check for instance caching on the report under the report execution propertes.  With instance caching disabled for a deployed report, each user shuld get a fresh copy of the report and see the results of a new query each time.Paul Turley, MVP, www.SQLServerBIBlog.com *Please vote if helpful*

• How to transport roles, pages and iViews in the PCD from DEV to QA

  Hi
  Please would someone telll me how I can transport/move roles, pages and iViews we have created in our own area of the Portal Content Directory from our Development to our QA portal environment.
  Kind Regards
  Claire

  Hi,
  Please check help.sap.com.
  http://help.sap.com/saphelp_nw70/helpdata/en/c5/56599164d0c04cb566ba0e2d7ed55c/frameset.htm
  Your Basis/NetWeaver consultants can help you.
  Regards,
  Masa

• In which table we can find the relationship between Role id and Task id

  Hi Experts,
  In which table we can find the relationship between Role id and Task id in Cprojects.
  Thanks
  Subhaskar

  Hi Subhaskar,
  Apart from DPR_ENTITY_LINK , you can also get it from table DPR_PART.
  Please go through the below link
  http://wiki.sdn.sap.com/wiki/display/PLM/cProjectstablesin+SAP
  I hope this will help you.
  Regards,
  Rahul

• OIA : Import Users, Accounts, User Role Memberships and Entitlements

  Hi,
  I have intgrated OIM 11.1.1.5 with OIA 11.1.1.5. I am trying to execute scheduled job in OIA " Import Users, Accounts, User Role Memberships and Entitlements"
  which in turn invokes scheduled job some of them are :
  OIM Staging Tables Collection Status Failed with following exception
  Accounts imported from OIM staging table : Status In progress for more than 2 hours
  Please provide pointer to resolve this :
  11:06:15,915 DEBUG [RbacxDataImporterImpl] --> imported 28 metadata items StopWatch 'import Attribute Value Metadata': running time (millis) = 0
  11:06:15,917 INFO [IamDbEntitlementImportHelperImpl] Imported 28 entitlements
  11:06:15,917 DEBUG [DBIAMSolution] publishing import completed event...
  11:06:15,917 DEBUG [AuthenticationEventsListener] Listening application event
  11:06:15,917 DEBUG [DefaultIAMListener] Queuing IAM Event.com.vaau.rbacx.iam.IAMEvent[source=com.vaau.rbacx.iam.db.DBIAMSolution@133e9a5e]
  11:06:15,917 DEBUG [IamDbEntitlementImportHelperImpl] Completing import run id ---> 31
  11:06:15,917 DEBUG [DefaultJobMonitor] MonitorMap{status=3, totalCount=28, currentCount=28, iamType=ENTITLEMENTS IMPORT}
  11:06:15,917 DEBUG [DefaultJobMonitor] MergedMap{status=3, totalCount=28, currentCount=28, iamType=ENTITLEMENTS IMPORT}
  11:06:15,917 DEBUG [DBIAMSolution] Importing Users
  11:06:15,918 DEBUG [DefaultJobMonitor] MonitorMap{status=6, totalCount=0, currentCount=0, iamType=DATA IMPORT}
  11:06:15,918 DEBUG [DefaultJobMonitor] MergedMap{status=6, totalCount=0, currentCount=0, iamType=DATA IMPORT}
  11:06:15,918 DEBUG [IamDbUserImporterImpl] DBUsers Import Start ...
  11:06:15,918 DEBUG [DBIAMSolution] publishing import starting event...
  11:06:15,918 DEBUG [AuthenticationEventsListener] Listening application event
  11:06:15,918 DEBUG [DefaultIAMListener] storing new ImportRun
  11:06:15,918 DEBUG [SequenceGeneratorServiceImpl] Getting MemorySequence for sequence name com.vaau.rbacx.iam.domain.ImportRun
  11:06:15,918 DEBUG [SequenceGeneratorServiceImpl] Returning count for sequence name com.vaau.rbacx.iam.domain.ImportRun, count = 32
  11:06:15,920 DEBUG [SequenceGeneratorServiceImpl] Getting MemorySequence for sequence name ImportRunStepId
  11:06:15,920 DEBUG [SequenceGeneratorServiceImpl] Returning count for sequence name ImportRunStepId, count = 32
  11:06:15,924 DEBUG [IamDbUserImporterImpl] Starting import run id ---> 32
  11:06:15,987 ERROR [IamDbUserManagerImpl] Problem retrieving IAM userIds from db
  *org.springframework.jdbc.UncategorizedSQLException: SqlMapClient operation; uncategorized SQLException for SQL []; SQL state [null]; error code [0];*
  --- The error occurred in com/vaau/rbacx/iam/db/dao/ibatis/maps/IamDbUser.xml.
  --- The error occurred while executing query.
  --- Check the select id from oia_staging_users .
  --- Check the SQL Statement (preparation failed).
  --- Cause: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource; nested exception is com.ibatis.common.jdbc.exception.NestedSQLException:
  --- The error occurred in com/vaau/rbacx/iam/db/dao/ibatis/maps/IamDbUser.xml.
  --- The error occurred while executing query.
  --- Check the select id from oia_staging_users .
  --- Check the SQL Statement (preparation failed).
  --- Cause: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource
       at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:83)
       at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
       at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.execute(SqlMapClientTemplate.java:212)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.executeWithListResult(SqlMapClientTemplate.java:249)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:296)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:290)
       at com.vaau.rbacx.iam.db.dao.ibatis.SqlMapIamDbUserDao.findAllUserIds(SqlMapIamDbUserDao.java:48)
       at com.vaau.rbacx.iam.db.manager.IamDbUserManagerImpl.getUserIds(IamDbUserManagerImpl.java:48)
       at com.vaau.rbacx.iam.db.helpers.IamDbUserImporterImpl.readUsers(IamDbUserImporterImpl.java:78)
       at com.vaau.rbacx.iam.db.DBIAMSolution.doDataLoad(DBIAMSolution.java:547)
       at com.vaau.rbacx.iam.db.DBIAMSolution.loadData(DBIAMSolution.java:284)
       at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.dataLoad(RbacxIAMServiceImpl.java:510)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy132.dataLoad(Unknown Source)
       at com.vaau.rbacx.scheduling.executor.iam.DbIamJobExecutor.execute(DbIamJobExecutor.java:83)
       at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
       at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
       at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:534)
  Caused by: com.ibatis.common.jdbc.exception.NestedSQLException:
  --- The error occurred in com/vaau/rbacx/iam/db/dao/ibatis/maps/IamDbUser.xml.
  --- The error occurred while executing query.
  --- Check the select id from oia_staging_users .
  --- Check the SQL Statement (preparation failed).
  --- Cause: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource
       at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryWithCallback(MappedStatement.java:201)
       at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryForList(MappedStatement.java:139)
       at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:578)
       at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:552)
       at com.ibatis.sqlmap.engine.impl.SqlMapSessionImpl.queryForList(SqlMapSessionImpl.java:118)
       at org.springframework.orm.ibatis.SqlMapClientTemplate$3.doInSqlMapClient(SqlMapClientTemplate.java:298)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.execute(SqlMapClientTemplate.java:209)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.executeWithListResult(SqlMapClientTemplate.java:249)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:296)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:290)
       at com.vaau.rbacx.iam.db.dao.ibatis.SqlMapIamDbUserDao.findAllUserIds(SqlMapIamDbUserDao.java:48)
       at com.vaau.rbacx.iam.db.manager.IamDbUserManagerImpl.getUserIds(IamDbUserManagerImpl.java:48)
       at com.vaau.rbacx.iam.db.helpers.IamDbUserImporterImpl.readUsers(IamDbUserImporterImpl.java:78)
       at com.vaau.rbacx.iam.db.DBIAMSolution.doDataLoad(DBIAMSolution.java:547)
       at com.vaau.rbacx.iam.db.DBIAMSolution.loadData(DBIAMSolution.java:284)
       at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.dataLoad(RbacxIAMServiceImpl.java:510)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy132.dataLoad(Unknown Source)
       at com.vaau.rbacx.scheduling.executor.iam.DbIamJobExecutor.execute(DbIamJobExecutor.java:83)
       at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
       at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
       ... 1 more
  Caused by: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource
       at oracle.ucp.util.UCPErrorHandler.newSQLException(UCPErrorHandler.java:541)
       at oracle.ucp.jdbc.PoolDataSourceImpl.throwSQLException(PoolDataSourceImpl.java:588)
       at oracle.ucp.jdbc.PoolDataSourceImpl.startPool(PoolDataSourceImpl.java:277)
       at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:647)
       at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:614)
       at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:608)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.vaau.commons.springframework.aop.interceptor.DataSourceInterceptor.invoke(DataSourceInterceptor.java:65)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy131.getConnection(Unknown Source)
       at org.springframework.jdbc.datasource.DataSourceUtils.doGetConnection(DataSourceUtils.java:113)
       at org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy$TransactionAwareInvocationHandler.invoke(TransactionAwareDataSourceProxy.java:210)
       at $Proxy118.prepareStatement(Unknown Source)
       at com.ibatis.sqlmap.engine.execution.DefaultSqlExecutor.prepareStatement(DefaultSqlExecutor.java:519)
       at com.ibatis.sqlmap.engine.execution.DefaultSqlExecutor.executeQuery(DefaultSqlExecutor.java:173)
       at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.sqlExecuteQuery(MappedStatement.java:221)
       at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryWithCallback(MappedStatement.java:189)
       at com.ibatis.sqlmap.engine.mapping.statement.MappedStatement.executeQueryForList(MappedStatement.java:139)
       at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:578)
       at com.ibatis.sqlmap.engine.impl.SqlMapExecutorDelegate.queryForList(SqlMapExecutorDelegate.java:552)
       at com.ibatis.sqlmap.engine.impl.SqlMapSessionImpl.queryForList(SqlMapSessionImpl.java:118)
       at org.springframework.orm.ibatis.SqlMapClientTemplate$3.doInSqlMapClient(SqlMapClientTemplate.java:298)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.execute(SqlMapClientTemplate.java:209)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.executeWithListResult(SqlMapClientTemplate.java:249)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:296)
       at org.springframework.orm.ibatis.SqlMapClientTemplate.queryForList(SqlMapClientTemplate.java:290)
       at com.vaau.rbacx.iam.db.dao.ibatis.SqlMapIamDbUserDao.findAllUserIds(SqlMapIamDbUserDao.java:48)
       at com.vaau.rbacx.iam.db.manager.IamDbUserManagerImpl.getUserIds(IamDbUserManagerImpl.java:48)
       at com.vaau.rbacx.iam.db.helpers.IamDbUserImporterImpl.readUsers(IamDbUserImporterImpl.java:78)
       at com.vaau.rbacx.iam.db.DBIAMSolution.doDataLoad(DBIAMSolution.java:547)
       at com.vaau.rbacx.iam.db.DBIAMSolution.loadData(DBIAMSolution.java:284)
       at com.vaau.rbacx.iam.service.impl.RbacxIAMServiceImpl.dataLoad(RbacxIAMServiceImpl.java:510)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy132.dataLoad(Unknown Source)
       at com.vaau.rbacx.scheduling.executor.iam.DbIamJobExecutor.execute(DbIamJobExecutor.java:83)
       at com.vaau.rbacx.scheduling.manager.providers.quartz.jobs.AbstractJob.execute(AbstractJob.java:72)
       at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
       ... 1 more
  Caused by: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource
       at oracle.ucp.util.UCPErrorHandler.newUniversalConnectionPoolException(UCPErrorHandler.java:421)
       at oracle.ucp.util.UCPErrorHandler.newUniversalConnectionPoolException(UCPErrorHandler.java:389)
       at oracle.ucp.jdbc.DriverConnectionFactoryAdapter.createConnection(DriverConnectionFactoryAdapter.java:134)
       at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1613)
       at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1421)
       at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:488)
       at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:988)
       at oracle.ucp.common.UniversalConnectionPoolBase.getInitialConnections(UniversalConnectionPoolBase.java:541)
       at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:655)
       at oracle.ucp.jdbc.PoolDataSourceImpl.startPool(PoolDataSourceImpl.java:271)
       ... 51 more
  Caused by: java.sql.SQLRecoverableException: IO Error: Invalid number format for port number
       at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:419)
       at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:538)
       at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:228)
       at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
       at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
       at oracle.ucp.jdbc.DriverConnectionFactoryAdapter.createConnection(DriverConnectionFactoryAdapter.java:130)
       ... 58 more

  Hi Pallavi,
  i have the same problem, can you provide me more specific details?
  -exactly oimjdbc.properties location please?
  -which is what I have to modify?
  Thanks in advance!

• Use of default XACML with custom role mapper and authorization provider

  Hi,
  Is it possible to use the default XACML provider for custom role mappers and authorization providers when role information will be provided via an external application ( not an LDAP or RDBMS server )?
  My custom providers will be communicating with the external application via an API that accepts user credentials and will return decisions whether the credentials were successfully authenticated as well as returning a list of roles for the authenticated user.
  Once the roles and the subject are cached, will the default XACML provider be able to use them to make role mapping and authorization decisions?

  I see 2 approaches. First, write a custom authenticator that stores the role information in the subject either by creating a custom java.security.Principal that is stored in the Subject or by saving it in PrivateCredentials of the Subject. Then right a custom role mapper that knows how to get the role information from the Subject and return a role Map. The default XACML Authorizer will then work with the role information in the role map.
  Second approach is to write a custom role mapper that looks up the role information based on the Subject and returns a role map.
  The chosen approach depends on where you're getting the role information from.

• Relationship between Role id and Task id table name?

  Hi
  In which table we can find the relationship between Role id and Task id in saphcm
  Thanks a
  vibin

  Hi,
  HRP1001 --Infotype 1001 DB Table (Relationships)
  Regards,
  mohammed

• Role Mapper and Authorizer

  At one point I posted a forum entry and posted a solution for my entry regarding keeping the app deployments around while recreating/overwriting the domain using WLST offline. Keep App Deployments while recreating the domain in WLST offline
  Things seems to work, except that I noticed that the XACML Role Mapper and Authorizer that were created the first time around (when there is no domain folder) are getting replaced by default Role Mapper and Authorizer (on subsequent runs when the domain folder already exists and we overwrite the domain)
  Basically the first readDomain is causing this. without reading the domain, I cannot get the app list.
  System.setProperty("com.bea.cie.script.throwException","true")
  appdeps={}
  try:
    readDomain('c:/temp/basicWLSDomain')
    cd('/AppDeployments')
    apps=ls(returnMap='true')
    for app in apps:
    appdeps[app]=ls(app,returnMap='true', returnType='a')
  except:
    pass
  try:
    closeDomain()
  except:
    pass
  #=======================================================================================
  # Open a domain template.
  #=======================================================================================
  readTemplate("c:/wls11/wlserver_10.3/common/templates/domains/wls.jar")
  #=======================================================================================
  # Configure the Administration Server and SSL port.
  # To enable access by both local and remote processes, you should not set the
  # listen address for the server instance (that is, it should be left blank or not set).
  # In this case, the server instance will determine the address of the machine and
  # listen on it.
  #=======================================================================================
  cd('Servers/AdminServer')
  set('ListenAddress','')
  set('ListenPort', 7001)
  create('AdminServer','SSL')
  cd('SSL/AdminServer')
  set('Enabled', 'True')
  set('ListenPort', 7002)
  #=======================================================================================
  # Define the user password for weblogic.
  #=======================================================================================
  cd('/')
  cd('Security/base_domain/User/weblogic')
  cmo.setPassword('weblogic11g')
  #=======================================================================================
  # Create a JMS Server.
  #=======================================================================================
  cd('/')
  create('myJMSServer', 'JMSServer')
  #=======================================================================================
  # Create a JMS System resource.
  #=======================================================================================
  cd('/')
  create('myJmsSystemResource', 'JMSSystemResource')
  cd('JMSSystemResource/myJmsSystemResource/JmsResource/NO_NAME_0')
  #=======================================================================================
  # Create a JMS Queue and its subdeployment.
  #=======================================================================================
  myq=create('myQueue','Queue')
  myq.setJNDIName('jms/myqueue')
  myq.setSubDeploymentName('myQueueSubDeployment')
  cd('/')
  cd('JMSSystemResource/myJmsSystemResource')
  create('myQueueSubDeployment', 'SubDeployment')
  #=======================================================================================
  # Create and configure a JDBC Data Source, and sets the JDBC user.
  #=======================================================================================
  cd('/')
  create('myDataSource', 'JDBCSystemResource')
  cd('JDBCSystemResource/myDataSource/JdbcResource/myDataSource')
  create('myJdbcDriverParams','JDBCDriverParams')
  cd('JDBCDriverParams/NO_NAME_0')
  set('DriverName','com.pointbase.jdbc.jdbcUniversalDriver')
  set('URL','jdbc:pointbase:server://localhost/demo')
  set('PasswordEncrypted', 'PBPUBLIC')
  set('UseXADataSourceInterface', 'false')
  create('myProps','Properties')
  cd('Properties/NO_NAME_0')
  create('user', 'Property')
  cd('Property/user')
  cmo.setValue('PBPUBLIC')
  cd('/JDBCSystemResource/myDataSource/JdbcResource/myDataSource')
  create('myJdbcDataSourceParams','JDBCDataSourceParams')
  cd('JDBCDataSourceParams/NO_NAME_0')
  set('JNDIName', java.lang.String("myDataSource_jndi"))
  cd('/JDBCSystemResource/myDataSource/JdbcResource/myDataSource')
  create('myJdbcConnectionPoolParams','JDBCConnectionPoolParams')
  cd('JDBCConnectionPoolParams/NO_NAME_0')
  set('TestTableName','SYSTABLES')
  #=======================================================================================
  # Target resources to the servers.
  #=======================================================================================
  cd('/')
  assign('JMSServer', 'myJMSServer', 'Target', 'AdminServer')
  assign('JMSSystemResource.SubDeployment', 'myJmsSystemResource.myQueueSubDeployment', 'Target', 'myJMSServer')
  assign('JDBCSystemResource', 'myDataSource', 'Target', 'AdminServer')
  #=======================================================================================
  # Write the domain and close the domain template.
  #=======================================================================================
  setOption('OverwriteDomain', 'true')
  setOption('CreateStartMenu', 'false')
  writeDomain('c:/temp/basicWLSDomain')
  closeTemplate()
  #=======================================================================================
  # Exit WLST.
  #=======================================================================================
  exit()
  So I thought I will create the XACML Authorizer and Role Mapper myself instead of letting the default domain creation process do it. but that is resulting in duplicates on the first run (when the domain folder does not exist) and in the subsequent runs (when the domain folder already exists), I see one XACML and one default.
  cd('/')
  create('base_domain', 'SecurityConfiguration')
  cd('SecurityConfiguration/base_domain/Realm/myrealm')
  ls('a')
  create('XACMLAuthorizer', 'weblogic.security.providers.xacml.authorization.XACMLAuthorizer','Authorizer')
  create('XACMLRoleMapper', 'weblogic.security.providers.xacml.authorization.XACMLRoleMapper','RoleMapper')
  I am going no where with Oracle Support. I am wondering if anyone ran into this before.

  com.oracle.cie.config-wls-schema_10.3.6.0.jar has various SecurityConfiguration XML fragments and the wrong fragment is being used when the domain is recreated.
  I am thinking it is a logic issue in domain creation.

• PFCG Role Descriptions and Longtext in a Second Language

  Hello,
  I am a bilingual key user who maintains PFCG user roles for my organization (usually in German).  I want to maintain the longtext and description fields for these same roles for admins signed on in English so that a translated version in English appears matching my German text.  How can I do this?
  Sorry for the post but the SAP help and also OSS were surprisingly no help on this issue.
  Thank-You,
  Ray Fischer

  Hi,
  Please apply the note-854311 and follow the below mentioned procedure.
  For changing role description, please run the report Z_ROLE_SET_MASTERLANG.
  It will ask for Agr_name(Role name) and orgin_lang(required language)
  Regards,
  KKRao.

• Mass role creation and addition of tcodes to role menu

  Hi Folks,
  We've a requirement of building 1000's of single roles for an implementation. Our security matrix is ready with the role names and the list of tcodes to be embedded in each of these roles. What I would like to know is if we can automate a part of the process of role building i.e the following 3 steps only.
  1. Creation of the Role
  2. Addition of the tcodes in the role menu
  3. Save
  I'm aware of Ecatt/LSMW through which we can create the roles but i'm not sure if we can add the tcodes to the menu of the roles since the number of tcodes to be populated in each role will vary.
  Could anyone of you shed some light if it is possible to automate the addition of  tcodes to the role menu taking into consideration that each role will have different number of tcodes to be added to the menu and what's the best possible way to achieve this if there exists one.
  Thanks in advance for your time and suggestions!
  Guest...

  Whilst I agree that there are probably too many roles being built here, which is more of an issue with the role design / strategy, the issue of how to easily create a role for a given list of transactions is something that SAP supports via the import menu from text file option in PFCG.
  Yes you may need to write a script to cycle through all the possible role names, but we have recently had to build some roles based on actual usage, so exported transaction usage history to excel and then formatted the transactions into text files that could be imported to build the role menu.
  You will still then need to ensure any object authorisation object have the correct values set - i.e. not just starred in - but as one of the pains in build a role is getting the menu to look reasonable, I'd suggest having a look at this approach.
  Copy Menus -> Import from File is the function in PFCG in the menu tab for the role you are building
  OSS note 389675 has details of what the text file of transactions for the menu should look like.
  That should answer the question posed, rather than criticising the role design being followed.

• DFD diagram and ER crossmatrix for role definitions and role's privileges on objects

  Hello,
  Having the question on derivative use of combination of DFDs and ER diagrams ( let us be more fixes and focus on Relational model ).
  In DFD there are defined external entities and functions, data flows and data stores that are forming processes.
  Functions represents procedures, transactions, transformations.
  Dataflows presents procedures parameters, intermediate reports, temporary table data, data that is passed , retrieved/written, signals, triggers/events that controle or trigger function...
  Context of my question is focused on external entities.
  External entity suppose to denote the sourced or destinationed system ( for example Archiving system ) or operator, system that is out of scope of the DFD and it is mentioned just as target or destination or source of dataflow or control flow.
  In context of these understandings I am using external entitiy also for types of users of the system:  staff that is triggering functions or schedulers or job managers, or reporting systems ( or components of reporting systems like for example business intelligence extraction processes ).
  What is my problem that on basis of external entity definitions and E/R model also define roles and privilege classes for access to data objects.
  And from those generating ddls for database roles, privileges on entitities to those roles.
  But in privileges granting to role having two different kind of privileges on data objects:
  - privileges that are granted on various schema objects
     For example role1 has grant on tab1, view2, procedure1, package3,
  - the other type of privilega is based on the scope or range of semantically defined scope or semantic area.
  Semantic area is scattered through tables because of normalisation and using semantic area as entity of which primary key is
  partitioning the table data through many semantic areas.
  So this privilege should be granted on basis of the rows in table not column ( more semantically then structurally ...row oriented more than column ).
  Both privileges that are granted to roles are also basis for functional roles
  ( privilege that is granted that functional role has grant to trigger or execute some function or process ).
  My question is?
  How do you handle modeling technology for analysis and design for role privileges and consolidation between database and functional roles ?
  Grateful for any idea, experience and suggestions.

  Hello,
  Guess I was looking for the formal sequence of steps that would bring me to the
  ddls for "create role ..." and "grant privileges to role".
  You can do that.
  1) I assume you have logical model and it's engineered to relational model, also you have data flow diagram created
  2) You need to define information structures for flows connecting "Information store" to primitive process - attribute usage of particular entities should be defined for those "information structures" processed in flows
  3) You need to define create, update and delete operation for flow going from primitive process to store - read is assumed in opposite direction
  4) create a role in Process model and assign primitive processes to it - list of available processes to add depends on current data flow diagram
  5) You need an open physical model for your relational model
  6) Select "transfer process model roles to physical model roles" from context menu of top level DFD - select roles, relational and physical model there - roles with related permissions will be created in physical model
  Entity1 is divided in several subtypes for different business areas.
  And account manager for business_area1 is allowed to work on subtype1 ( view on prime table )...
  Different implementation of entity hierarchies are not processed correctly in that wizard - i.e to get permissions to table corresponding to child entity - that entity should be used in information structure and flow.
  Philip

• Idm-Vaau Rbac role creations and mapping

  Hi All,
  I'm working on the integration between Idm and Vaau's Rbacx (role based access control) tool for role creation and provisioning...I've imported the spml.xml and SPMLGetObjectsform.xml into Idm for the SPML calls between Rbacx and Idm.
  The challenge I'm facing is mapping the attributes of Rbacx roles to enable the attributes to be populated in Idm...I'm able to export roles into Idm, but they are not populating with any attributes eg. resource type, resource attribute etc. I'm uncertain as to where I have to map these properties and do any customization for this to work. I would appreciate if anyone who has worked on this or know how to do this, to pls give me some pointers/share your experience. I don't have any documentation to refer to and am doing everything on trial and error basis.
  Any help is greatly appreciated!
  Thank you.

  Hi newbie,
  Were you able to solve this issue? I am facing the same problem while assigning resource attributes for a created role using a custom workflow.
  This is where I set the resource attributes in my workflow:
  <Action id='1'>
  <expression>
       <block trace='true'>
       <set><ref>role</ref><s>assignedResources[AD].attributes[AD Groups].valueType</s><ref>ADGroupsValueType</ref></set>
       <set><ref>role</ref><s>assignedResources[AD].attributes[AD Groups].requirement</s><ref>ADGroupsRequirement</ref></set>
       <append><ref>role</ref><s>assignedResources[AD].attributes[AD Groups].value</s><ref>ADGroupsValue</ref></append>
       </block>
  </expression>
  </Action>
  where <ref>ADGroupsValue</ref> contains the attribute value.
  thanks,
  Lokesh

• How to install and configure ms exchange server 2007 both role hub and edge transport role in one network

  How to install and configure ms exchange server 2007 both role hub and edge transport role in one network 

  Hi,
  Edge role is design for perimeter networks, to keep security risks minimum.  So it’s not recommended to have edge role in internal network. Must have separate network or subnet for edge services.
  If you are playing around it in labs, then you can put edge role within same subnet as other exchange roles and no specific requirements in that case.
  Thanks.
  MachPanel - Premium Cloud Automation Solution

• Role , Menu and Display Priority

  I have a Role A with a menu sequence, Sort Priority 100
  and a Role B with another menu sequence Priority 50
  User is having role A and B
  But B is displayed in the navigation before A.
  How can I influence the display sequence?

  Hello Holger,
  I had done this job successful.
  In my opinion, workset was used for first level menu
  usually, not role ,role is only a concept.
  We need to sort the workset which will be display in first level menu in fact.
  And "Sort Priority" of workset can take effect,
  I had validated that.
  And the similar situation occured in second level menu.
  Regards,
  Jianguo Chen

• Role assigenment and workset

  Hi All,
  I am looking into workset and role assignment functionalist of Portal. Inside Top level navigation panel, In first level I want to show My news and on second level I want to show BBC, CNN, Sky according to user and role assignment.
  Currently I have created a workset called My News and added the three different iViews as delta link into this workset. All the iViews have different read permission i.e. BBC_role, cnn_role and sky_role and no end user access is allowed. Now if User logged in as bbc_role he do not see My News in first level navigation. If I assign workset My News into role bbc_role then again login as bbc_role, I see all the three links inside My News.
  Can any one suggest how can I make it possible so that if I login as bbc_role I see My News and BBC inside this. If I login as user with role bbc_role and cnn_role assigned I see My News and bbc, cnn inside that. while if I login with user who have CNN_role and sky_role assigned I see My news and cnn, sky inside it.
  Thanks
  Vishal

  Hi Vishal,
  see access  to  PCD objects
  Hope it helps
  Detlev