Ticketadmin and Custom Security Role

A friendly hello to all readers!
I'm facing the following problem:
We want our customer to enter his tickets into the WebCRM. For this task I've created two new Security Roles ('GP User' and 'GP Key User'). The 'GP User' Role is working fine. Members of this Role just can enter tickets and watch the status.
Members of the Role 'GP Key User' are also part of the Role 'Licensed User'. This users are only allowed to work on the tickets and the knowledge-base in the administration panel.
The problem now is, that this special Users can't change the status of an ticket and are not allowed to assign the ticket to another person. (But in batch operation they can!).
What can I do to enable the full functionality on admin/support/ticketadmin.aspx?
Hints:
- The user of role 'Key User' are not assigned to the internal account.
- Version: 2007.0.631.11
Thanks!

If you go to Admin > Definitions > Security Roles you can select a role to see what that role has access too. This role is in addition to the licensed user role and determines what will show up on the admin menu and what pages they can access directly.
You could either screenshot the Support Admin's list of permissions or run it directly on the sql db.
Even if a menu item is not listed, it would still be possible for the user to type in the direct url of a specific page for any pages they have access to. For example the permission for Web Page admin/support will allow that role to access any page in the support directory. To restrict, you might just give access to admin/support/tickets.aspx or other aspx pages directly.
Before praxis was acquired by SAP we used to have a custom theme strictly for support that had links to 4 ticket related functions only. Might reduce some confusion.
James

Similar Messages

  • [svn] 1053: Basic and custom security-constraint samples were added to the team app mainly for the doc team to have a reference .

    Revision: 1053
    Author: [email protected]
    Date: 2008-04-01 11:35:28 -0700 (Tue, 01 Apr 2008)
    Log Message:
    Basic and custom security-constraint samples were added to the team app mainly for the doc team to have a reference. The custom authentication sample uses the new ChannelSet.login and ChannelSet.logout methods.
    Modified Paths:
    blazeds/branches/3.0.x/apps/team/WEB-INF/flex/remoting-config.xml
    blazeds/branches/3.0.x/apps/team/WEB-INF/flex/services-config.xml
    Added Paths:
    blazeds/branches/3.0.x/apps/team/features/security-constraints/
    blazeds/branches/3.0.x/apps/team/features/security-constraints/README.txt
    blazeds/branches/3.0.x/apps/team/features/security-constraints/securityConstraint_Basic.m xml
    blazeds/branches/3.0.x/apps/team/features/security-constraints/securityConstraint_Custom. mxml
    Removed Paths:
    blazeds/branches/3.0.x/apps/team/features/remoting/remoting_AMF_SecurityConstraint_Basic. mxml

    Congrats to Carmelo!
     Windows Phone and Windows Store Apps Technical Guru - February 2015  
    Carmelo La Monica
    Windows Phone 8: control Nokia Maps (Part 3)
    JH: "Part 3 of the series how to work with the Nokia maps control. As the previous articles this one contains a lot of code snippets and some pictures. Good work!"
    Ed Price: "A great topic, a fantastic breakdown of sections with clear descriptions, and a nice mix of code formatting and helpful images! Another stellar article from Carmelo! Great job including the link back at the end to the portal
    article!"
    Ed Price, Azure & Power BI Customer Program Manager (Blog,
    Small Basic,
    Wiki Ninjas,
    Wiki)
    Answer an interesting question?
    Create a wiki article about it!

  • Unable to assign all security roles to a user with a new custom security role

    Dear All,
    Happy New Year.!
    I have a query regarding the assignment of Security Roles to new users in CRM. Normally we assign the security roles to new users via an Admin user who has 'System Administrator' security role assigned to him/her. This works perfectly fine, and we can assign
    any desired security role to the new user.
    However, in our case, we need to delegate the user creation rights to some of the client partners. We do not want to give them access to all the Administration functions; hence we created a new Security Role, lets say 'Support User Role'. We have provided
    'Create', 'Append', 'Append To', and 'Assign' rights on 'User' entity for this new security role. With this security role, we are able to create new users now, but we are only able to assign 'Agent' security role, not any other security roles.
    For example, if user 'x' has Security Role defined as 'Support User Role'. If 'x' tries to add a new user 'y', then 'x' is only able to assign 'Agent' security role to 'y', but not any other security role. As per business requirement, 'x' should be able
    to assign some other security roles, including 'Support User Role', to new user 'y'.
    I believe that there is something missing in Security Role configuration, which is causing the above problem. We compared both 'Support User Role' and 'System Administrator' security roles, but not able to figure out which minimum rights we can provide to
    'Support User Role' so that users with this security role can only add new users (with any security role), and that they are not having access on any other Administration features as well.
    Appreciate any help that you can provide on the above issue.
    Thanks in anticipation.

    Hi,
    Can you check if you have organization level Read access for Securitity Role and Organization level Assign access for Security role.
    Refer:-
    http://www.magnetismsolutions.com/blog/paulnieuwelaar/2013/04/22/permissions-required-to-manage-roles-in-dynamics-crm-2011
    Hope this helps!!!
    Thanks,
    Prasad
    Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question

  • How to create SR Queue and Custom User Role for technician only see which SR assigned Him/Her and Resolve

    Hi 
    I have created workitem SR advance and Criteria with ID [Assigned To ME] and created user role in Advance operators.
    But in technician Console showing which SR he/she created not service desk assigned to him/her.
    Please suggest...
    Regards
    Sheetla Maurya

    I have find out Solution .......Create Queue with Service Request Advance and we not need to create any criteria option, After that create custom User role on Advance
    operators with View "Assigned To ME"
    Regards
    Sheetla Maurya

  • OID Dynamic Groups and J2EE security roles

    Hi
    I've searched the forums but can't get a definite answer. Is it possible to use OID dynamic groups and map them to J2EE security roles? I can't find anything that says specificially not but I can't seem to get it to work.
    Thanks
    Adam

    Hi,
    Let me know if you find answer of your question.
    thanks

  • CUP - Customizing Security & Roles

    Hello,
    Using the GRC AC 5.3 Security Guide, we've been customizing our front-end CUP roles to fit our needs. We're having trouble customizing one particular area, however.
    Example:
    When an approver (AEApprover role) or administrator (AEAdmin role) logs into CUP to view a request, they see a screen several tabs across the middle of the screen - Roles/Profiles, PD Profiles, Risk Violations, Mitigation, Superuser Access, Comments, and Request Reason.
    We were hoping to get rid of the "PD Profiles" and "Superuser Access" tabs because we arn't using this functionality and feel it would be less confusing for the approvers if they didn't have to see it.
    Looking through the security guide, however, we can't find any specific Actions that relate to these tabs. We've removed "ViewSelectPDProfiles" and "ViewSuperAccess" from the approver role but these seem to only relate to the buttons.
    Am I missing something? Are there any other ways we can customize what middle tabs approvers see in CUP?
    Thanks!!
    Jes Behrens

    Hello jes,
    Yes you are right that these pemissions are for buttons and not for tabs. You can not remove any of these tabs.
    Regards
    Harleen
    SAP GRC RIG

  • Security-role and security-role-assignment not working in WL7.0

    Hello all..
    Some EJB components that worked fine in WebLogic 6.1 no longer work in
    WL7.0. It has to do with the security-role and security-role-assignment
    descriptor elements no longer allowing anonymous users to be included in the
    authorization for a bean.
    For example, in WL6.1 placing these items in ejb-jar.xml:
    <assembly-descriptor>
    <security-role>
    <role-name>Employees</role-name>
    </security-role>
    <method-permission>
    <role-name>Employees</role-name>
    <method>
    <ejb-name>CustomerEJB</ejb-name>
    <method-name>*</method-name>
    </method>
    </method-permission>
    and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
    <security-role-assignment>
    <role-name>Employees</role-name>
    <principal-name>guest</principal-name>
    <principal-name>system</principal-name>
    </security-role-assignment>
    worked fine for clients creating their context using a simple
    InitialContext() constructor without specifying SECURITY_PRINCIPAL or
    SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
    the security-role-assignment element above told WebLogic that "guest" was in
    the Employees role for purposes of this EJB archive.
    Worked in WL6.1, no longer works in WL7.0. Client receives typical
    permission exception:
    java.rmi.AccessException: Security violation: insufficient permission to
    access method 'create'
    If I explicity connect as "system" things are fine, or I can create a new
    user in the default realm in WebLogic, put a matching <principal-name>
    element in the section above, and connect as that user. Note that if I leave
    off the <security-role> section completely, or set the required role name to
    "everyone", the anonymous access works fine. Apparently the anonymous user
    is a member of "everyone" behind the scenes even though "everyone" does not
    appear in the realm list of groups or roles.
    So, my question boils down to this: Is there a "magic" username in WL7 like
    "guest" was in WL6.1 that can be mapped to the required role name, or must
    every client connection use a true weblogic-created user with appropriate
    role assignments used to map it to the required role name.
    -Greg
    P.S. Note that none of the EJB examples provided with WL used
    <security-role>..
    Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
    www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

    Below are the screen shots for PFCG:

  • SCCM 2012 R2 - Setting security Role for SCEP reporting shows nothing.

    Have an issue.
    I've created a new security role for a user so he can view reports about Endpoint Protection(Just copied Endpoint Manager role and set all permissions to Read) .
    But when user runs reports, he gets nothing:

    Try setting the "Audit Security" permission to Yes on "Collection" within your custom security role.

  • Create , delete "security roles" in weblogic console - sample Security providers

    Hi Everyone:
    Weblogic gave out sample Security Providers for version 7.0 and 8.1. In
    those sample Security Provider , the author of codes used property files as
    Security Providers Database, however he/she didn't show how to create a
    Manageable Sample Role Mapping Provider or Manageable Sample Authentication
    Provider, so Administrator of weblogic console can create and delete
    "security roles" in weblogic console.
    Have anyone known how to do that?
    Ming Qin

    "ming qin" <[email protected]> wrote in message news:[email protected]..
    Hi Everyone:
    Weblogic gave out sample Security Providers for version 7.0 and 8.1.In
    those sample Security Provider , the author of codes used property filesas
    Security Providers Database, however he/she didn't show how to create a
    Manageable Sample Role Mapping Provider or Manageable SampleAuthentication
    Provider, so Administrator of weblogic console can create and delete
    "security roles" in weblogic console.
    Have anyone known how to do that?
    I would ask in the weblogic.developer.interest.management.console newsgroup.
    >
    Ming Qin

  • NWA 7.3 : Looking for "security roles" (Policy Configuration) ...

    Hi guys,
    We deployed a simple application in our new SAP NW 7.3 JAVA instance; by calling the application, we receive "error 403 : Error: You are not authorized to view the requested resource."; this was fixed wihtin NW 7.x by adding a user/group within security roles of the selected component ( Visual Admin => Security Provider => Policy Configurations => select component and than security roles );
    where to do this within NWA 7.3 ?
    any ideas;
    Thanks
    Oliver

    Hi Oliver,
    Procedure
      Start SAP NetWeaver Administrator with the quick link /nwa/auth.
      Choose Components.
      Select a policy configuration.
      On the Authentication Stack tab, choose the Edit pushbutton.
      Determine if you want to use an existing template or if you want to change the policy configuration of the current component. 
    To use an existing template, select a template from the Used Template field.
    For authscheme references, select a template from Used Authscheme.
    The component uses the settings and authentication stack from the template. To edit these settings, edit the settings of the policy configuration template. To create a new template, see Creating Authentication Stack Templates for Policy Configurations.
      To change the policy configuration of the current component, do the following: 
    Add and remove login modules as required.
    The system applies the login modules in the order they appear in the list.
      Set a processing flag for each login module. 
    For more information about login module flags, see Policy Configurations and Authentication Stacks.
      Add and remove any options to the login modules.
      Set the authentication stack parameters according to the type of policy configuration. 
    Please,go through below help file
    http://help.sap.com/saphelp_nw73/helpdata/en/4a/734e26fa92731fe10000000a42189c/frameset.htm
    Cheers
    Revanth Pasupuleti

  • Problem with Security Role mapping and LDAP

    Hi,
    In Oracle Internet Directory I've created a group called OIDGroup1.OIdGroup1 has 2 users : OIDuser1 and OIDuser2.
    OIDGroup1 is mapped to EjbRole1 (is a security role defined in ejb-jar.xml, EjbRole1 can do everything in the application).Now if I login as OIDuser1 or OIDuser2, application said that the user does not
    have authorization to execute some method. The mapping in my orion-application.xml is :
    <security-role-mapping name="EjbRole1">
    <group name="admin/OIDGroup1"/>
    </security-role-mapping>
    <jazn provider="LDAP" location="ldap://myhost:4032"><jazn-web-app auth-method="SSO"/></jazn>
    if I modified orion-application.xml like this :
    <security-role-mapping name="EjbRole1">
    <group name="admin/OIDGroup1"/>
    <user name="admin/OIDuser1"/>
    </security-role-mapping>
    then login as OIDuser1, it works. But it does not work with OIDuser2.
    That's is a problem for me because our customer can not manage the user/group
    easily : each time they have a a new user, instead of simply adding this user
    in the OIDGroup1 (with graphic interface of OIDAS), they have to modify
    orion-application.xml.
    Do you have any idea ?
    Thanks in advance
    regards

    I found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).

  • Developing security Roles and profiles

    Hi Team,
    Can you guys let me know how to develop security roles and profiles. We are rolling out for a company in Japan, and the congif is completed. We are in the process of developing test cases ans also security roles and profiles for users? Can somebody guide and help me on this?
    Regards,

    Hi,
    Use Tcode = PFCG -->then create any customized roles and profiles for any users on module based.
    user masters: USR01 to 09, UST04,
    profiles: USR10, USR11, UST10S, UST10C,
    authorisations: USR12, USR13, UST12.
    password exceptions USR40.
    History tables(may not be applicable but FYI): users: USH02, USH04,
    profiles: USH10, auths USH12.
    R/3 Security Tcodes
    End User Transaction Code  Menu Path   Purpose
    SU3  System > User Profile> Own Data  Set address/defaults/parameters
    SU53  System > Utilities > Display Authorization Check  Display last authority check that failed
    SU56  Tools --> Administration --> Monitor --> User Buffer  Display user buffer
    Role Administration Transaction Code  Menu Path   Purpose
    PFCG
    Tools --> Administration --> User Maintenance --> Roles  Maintain roles using the Profile Generator
    PFUD   Work on SAP check indicators and field values
    Select: Copy SAP check IDu2019s and field values
    Installation
    1. Initial Customer Tables Fill
    Upgrade
    2a. Preparation: Compare with SAP values
    2b. Reconcile affected transactions
    2c. Roles to be checked
    2d. Display changed transaction codes
    SU24
    Same as for SU25:
    Select: Change Check Indicators > Maintain Check Indicators>Maintain 
    Regards,
    Srini Nookala

  • Security roles and profiles

    Hello,
    Could you please provide information on "security roles and profiles "
    I would appreciate.
    Regards,
    Alex

    Roles give you authorization to specific area of the system. Use TC pfcg and you will see different setting for a role.
    In specific Role -> Authorization -> click on Display Authorization Data.
    Here all specific InfoArea, Cube, ODS, Reporting componets: display, execute and other security rules are defined.
    User Section: defines who has access to this role.
    Multiple authorization are combined to create an Authorization Profile. You defined a profile at TC su01 and under profile section.
    Hope that helps.
    thanks.
    Wond

  • Configure security-role and method permission for EJB 3.0 using Jdev 11g

    The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
    For example,
    <assembly-descriptor>
    <security-role>
    <role-name>managers</role-name>
    </security-role>
    <method-permission>
    <role-name>managers</role-name>
    <method>
    <ejb-name>Employees</ejb-name>
    <method-name>setSalary</method-name>
    <method-params>
    <method-param>java.lang.Long</method-param>
    </method-params>
    </method>
    </method-permission>
    </assembly-descriptor>

    user516954,
    By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
    --Ric                                                                                                                                                                                                                                                                                                                               

  • Does Azure SQL support AD and Security Roles

    I would like to create Reporting Service reports using Azure SQL Database.
    It is possible to attach Azure SQL to Active Directly and use its Security Roles so that I can filter reports based on AD groups of report user?
    Kenny_I

    Hi Kenny,
    Thanks for posting here.
    I suggest you to check this link for details.
    http://www.infoq.com/news/2015/02/azure-sql-ad-media
    http://www.developerfusion.com/article/121561/integrating-active-directory-into-azure/
    http://www.codeproject.com/Articles/749588/Role-Based-Access-Control-with-Azure-Active-Direct
    http://azure.microsoft.com/en-us/documentation/articles/best-practices-security/
    Hope this helps you.
    Girish Prajwal

Maybe you are looking for