Ticketadmin and Custom Security Role
A friendly hello to all readers!
I'm facing the following problem:
We want our customer to enter his tickets into the WebCRM. For this task I've created two new Security Roles ('GP User' and 'GP Key User'). The 'GP User' Role is working fine. Members of this Role just can enter tickets and watch the status.
Members of the Role 'GP Key User' are also part of the Role 'Licensed User'. This users are only allowed to work on the tickets and the knowledge-base in the administration panel.
The problem now is, that this special Users can't change the status of an ticket and are not allowed to assign the ticket to another person. (But in batch operation they can!).
What can I do to enable the full functionality on admin/support/ticketadmin.aspx?
Hints:
- The user of role 'Key User' are not assigned to the internal account.
- Version: 2007.0.631.11
Thanks!
If you go to Admin > Definitions > Security Roles you can select a role to see what that role has access too. This role is in addition to the licensed user role and determines what will show up on the admin menu and what pages they can access directly.
You could either screenshot the Support Admin's list of permissions or run it directly on the sql db.
Even if a menu item is not listed, it would still be possible for the user to type in the direct url of a specific page for any pages they have access to. For example the permission for Web Page admin/support will allow that role to access any page in the support directory. To restrict, you might just give access to admin/support/tickets.aspx or other aspx pages directly.
Before praxis was acquired by SAP we used to have a custom theme strictly for support that had links to 4 ticket related functions only. Might reduce some confusion.
James
Similar Messages
-
Revision: 1053
Author: [email protected]
Date: 2008-04-01 11:35:28 -0700 (Tue, 01 Apr 2008)
Log Message:
Basic and custom security-constraint samples were added to the team app mainly for the doc team to have a reference. The custom authentication sample uses the new ChannelSet.login and ChannelSet.logout methods.
Modified Paths:
blazeds/branches/3.0.x/apps/team/WEB-INF/flex/remoting-config.xml
blazeds/branches/3.0.x/apps/team/WEB-INF/flex/services-config.xml
Added Paths:
blazeds/branches/3.0.x/apps/team/features/security-constraints/
blazeds/branches/3.0.x/apps/team/features/security-constraints/README.txt
blazeds/branches/3.0.x/apps/team/features/security-constraints/securityConstraint_Basic.m xml
blazeds/branches/3.0.x/apps/team/features/security-constraints/securityConstraint_Custom. mxml
Removed Paths:
blazeds/branches/3.0.x/apps/team/features/remoting/remoting_AMF_SecurityConstraint_Basic. mxmlCongrats to Carmelo!
Windows Phone and Windows Store Apps Technical Guru - February 2015
Carmelo La Monica
Windows Phone 8: control Nokia Maps (Part 3)
JH: "Part 3 of the series how to work with the Nokia maps control. As the previous articles this one contains a lot of code snippets and some pictures. Good work!"
Ed Price: "A great topic, a fantastic breakdown of sections with clear descriptions, and a nice mix of code formatting and helpful images! Another stellar article from Carmelo! Great job including the link back at the end to the portal
article!"
Ed Price, Azure & Power BI Customer Program Manager (Blog,
Small Basic,
Wiki Ninjas,
Wiki)
Answer an interesting question?
Create a wiki article about it! -
Unable to assign all security roles to a user with a new custom security role
Dear All,
Happy New Year.!
I have a query regarding the assignment of Security Roles to new users in CRM. Normally we assign the security roles to new users via an Admin user who has 'System Administrator' security role assigned to him/her. This works perfectly fine, and we can assign
any desired security role to the new user.
However, in our case, we need to delegate the user creation rights to some of the client partners. We do not want to give them access to all the Administration functions; hence we created a new Security Role, lets say 'Support User Role'. We have provided
'Create', 'Append', 'Append To', and 'Assign' rights on 'User' entity for this new security role. With this security role, we are able to create new users now, but we are only able to assign 'Agent' security role, not any other security roles.
For example, if user 'x' has Security Role defined as 'Support User Role'. If 'x' tries to add a new user 'y', then 'x' is only able to assign 'Agent' security role to 'y', but not any other security role. As per business requirement, 'x' should be able
to assign some other security roles, including 'Support User Role', to new user 'y'.
I believe that there is something missing in Security Role configuration, which is causing the above problem. We compared both 'Support User Role' and 'System Administrator' security roles, but not able to figure out which minimum rights we can provide to
'Support User Role' so that users with this security role can only add new users (with any security role), and that they are not having access on any other Administration features as well.
Appreciate any help that you can provide on the above issue.
Thanks in anticipation.Hi,
Can you check if you have organization level Read access for Securitity Role and Organization level Assign access for Security role.
Refer:-
http://www.magnetismsolutions.com/blog/paulnieuwelaar/2013/04/22/permissions-required-to-manage-roles-in-dynamics-crm-2011
Hope this helps!!!
Thanks,
Prasad
Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question -
Hi
I have created workitem SR advance and Criteria with ID [Assigned To ME] and created user role in Advance operators.
But in technician Console showing which SR he/she created not service desk assigned to him/her.
Please suggest...
Regards
Sheetla MauryaI have find out Solution .......Create Queue with Service Request Advance and we not need to create any criteria option, After that create custom User role on Advance
operators with View "Assigned To ME"
Regards
Sheetla Maurya -
OID Dynamic Groups and J2EE security roles
Hi
I've searched the forums but can't get a definite answer. Is it possible to use OID dynamic groups and map them to J2EE security roles? I can't find anything that says specificially not but I can't seem to get it to work.
Thanks
AdamHi,
Let me know if you find answer of your question.
thanks -
CUP - Customizing Security & Roles
Hello,
Using the GRC AC 5.3 Security Guide, we've been customizing our front-end CUP roles to fit our needs. We're having trouble customizing one particular area, however.
Example:
When an approver (AEApprover role) or administrator (AEAdmin role) logs into CUP to view a request, they see a screen several tabs across the middle of the screen - Roles/Profiles, PD Profiles, Risk Violations, Mitigation, Superuser Access, Comments, and Request Reason.
We were hoping to get rid of the "PD Profiles" and "Superuser Access" tabs because we arn't using this functionality and feel it would be less confusing for the approvers if they didn't have to see it.
Looking through the security guide, however, we can't find any specific Actions that relate to these tabs. We've removed "ViewSelectPDProfiles" and "ViewSuperAccess" from the approver role but these seem to only relate to the buttons.
Am I missing something? Are there any other ways we can customize what middle tabs approvers see in CUP?
Thanks!!
Jes BehrensHello jes,
Yes you are right that these pemissions are for buttons and not for tabs. You can not remove any of these tabs.
Regards
Harleen
SAP GRC RIG -
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
SCCM 2012 R2 - Setting security Role for SCEP reporting shows nothing.
Have an issue.
I've created a new security role for a user so he can view reports about Endpoint Protection(Just copied Endpoint Manager role and set all permissions to Read) .
But when user runs reports, he gets nothing:Try setting the "Audit Security" permission to Yes on "Collection" within your custom security role.
-
Create , delete "security roles" in weblogic console - sample Security providers
Hi Everyone:
Weblogic gave out sample Security Providers for version 7.0 and 8.1. In
those sample Security Provider , the author of codes used property files as
Security Providers Database, however he/she didn't show how to create a
Manageable Sample Role Mapping Provider or Manageable Sample Authentication
Provider, so Administrator of weblogic console can create and delete
"security roles" in weblogic console.
Have anyone known how to do that?
Ming Qin"ming qin" <[email protected]> wrote in message news:[email protected]..
Hi Everyone:
Weblogic gave out sample Security Providers for version 7.0 and 8.1.In
those sample Security Provider , the author of codes used property filesas
Security Providers Database, however he/she didn't show how to create a
Manageable Sample Role Mapping Provider or Manageable SampleAuthentication
Provider, so Administrator of weblogic console can create and delete
"security roles" in weblogic console.
Have anyone known how to do that?
I would ask in the weblogic.developer.interest.management.console newsgroup.
>
Ming Qin -
Hi guys,
We deployed a simple application in our new SAP NW 7.3 JAVA instance; by calling the application, we receive "error 403 : Error: You are not authorized to view the requested resource."; this was fixed wihtin NW 7.x by adding a user/group within security roles of the selected component ( Visual Admin => Security Provider => Policy Configurations => select component and than security roles );
where to do this within NWA 7.3 ?
any ideas;
Thanks
OliverHi Oliver,
Procedure
Start SAP NetWeaver Administrator with the quick link /nwa/auth.
Choose Components.
Select a policy configuration.
On the Authentication Stack tab, choose the Edit pushbutton.
Determine if you want to use an existing template or if you want to change the policy configuration of the current component.
To use an existing template, select a template from the Used Template field.
For authscheme references, select a template from Used Authscheme.
The component uses the settings and authentication stack from the template. To edit these settings, edit the settings of the policy configuration template. To create a new template, see Creating Authentication Stack Templates for Policy Configurations.
To change the policy configuration of the current component, do the following:
Add and remove login modules as required.
The system applies the login modules in the order they appear in the list.
Set a processing flag for each login module.
For more information about login module flags, see Policy Configurations and Authentication Stacks.
Add and remove any options to the login modules.
Set the authentication stack parameters according to the type of policy configuration.
Please,go through below help file
http://help.sap.com/saphelp_nw73/helpdata/en/4a/734e26fa92731fe10000000a42189c/frameset.htm
Cheers
Revanth Pasupuleti -
Problem with Security Role mapping and LDAP
Hi,
In Oracle Internet Directory I've created a group called OIDGroup1.OIdGroup1 has 2 users : OIDuser1 and OIDuser2.
OIDGroup1 is mapped to EjbRole1 (is a security role defined in ejb-jar.xml, EjbRole1 can do everything in the application).Now if I login as OIDuser1 or OIDuser2, application said that the user does not
have authorization to execute some method. The mapping in my orion-application.xml is :
<security-role-mapping name="EjbRole1">
<group name="admin/OIDGroup1"/>
</security-role-mapping>
<jazn provider="LDAP" location="ldap://myhost:4032"><jazn-web-app auth-method="SSO"/></jazn>
if I modified orion-application.xml like this :
<security-role-mapping name="EjbRole1">
<group name="admin/OIDGroup1"/>
<user name="admin/OIDuser1"/>
</security-role-mapping>
then login as OIDuser1, it works. But it does not work with OIDuser2.
That's is a problem for me because our customer can not manage the user/group
easily : each time they have a a new user, instead of simply adding this user
in the OIDGroup1 (with graphic interface of OIDAS), they have to modify
orion-application.xml.
Do you have any idea ?
Thanks in advance
regardsI found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).
-
Developing security Roles and profiles
Hi Team,
Can you guys let me know how to develop security roles and profiles. We are rolling out for a company in Japan, and the congif is completed. We are in the process of developing test cases ans also security roles and profiles for users? Can somebody guide and help me on this?
Regards,Hi,
Use Tcode = PFCG -->then create any customized roles and profiles for any users on module based.
user masters: USR01 to 09, UST04,
profiles: USR10, USR11, UST10S, UST10C,
authorisations: USR12, USR13, UST12.
password exceptions USR40.
History tables(may not be applicable but FYI): users: USH02, USH04,
profiles: USH10, auths USH12.
R/3 Security Tcodes
End User Transaction Code Menu Path Purpose
SU3 System > User Profile> Own Data Set address/defaults/parameters
SU53 System > Utilities > Display Authorization Check Display last authority check that failed
SU56 Tools --> Administration --> Monitor --> User Buffer Display user buffer
Role Administration Transaction Code Menu Path Purpose
PFCG
Tools --> Administration --> User Maintenance --> Roles Maintain roles using the Profile Generator
PFUD Work on SAP check indicators and field values
Select: Copy SAP check IDu2019s and field values
Installation
1. Initial Customer Tables Fill
Upgrade
2a. Preparation: Compare with SAP values
2b. Reconcile affected transactions
2c. Roles to be checked
2d. Display changed transaction codes
SU24
Same as for SU25:
Select: Change Check Indicators > Maintain Check Indicators>Maintain
Regards,
Srini Nookala -
Hello,
Could you please provide information on "security roles and profiles "
I would appreciate.
Regards,
AlexRoles give you authorization to specific area of the system. Use TC pfcg and you will see different setting for a role.
In specific Role -> Authorization -> click on Display Authorization Data.
Here all specific InfoArea, Cube, ODS, Reporting componets: display, execute and other security rules are defined.
User Section: defines who has access to this role.
Multiple authorization are combined to create an Authorization Profile. You defined a profile at TC su01 and under profile section.
Hope that helps.
thanks.
Wond -
Configure security-role and method permission for EJB 3.0 using Jdev 11g
The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
For example,
<assembly-descriptor>
<security-role>
<role-name>managers</role-name>
</security-role>
<method-permission>
<role-name>managers</role-name>
<method>
<ejb-name>Employees</ejb-name>
<method-name>setSalary</method-name>
<method-params>
<method-param>java.lang.Long</method-param>
</method-params>
</method>
</method-permission>
</assembly-descriptor>user516954,
By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
--Ric -
Does Azure SQL support AD and Security Roles
I would like to create Reporting Service reports using Azure SQL Database.
It is possible to attach Azure SQL to Active Directly and use its Security Roles so that I can filter reports based on AD groups of report user?
Kenny_IHi Kenny,
Thanks for posting here.
I suggest you to check this link for details.
http://www.infoq.com/news/2015/02/azure-sql-ad-media
http://www.developerfusion.com/article/121561/integrating-active-directory-into-azure/
http://www.codeproject.com/Articles/749588/Role-Based-Access-Control-with-Azure-Active-Direct
http://azure.microsoft.com/en-us/documentation/articles/best-practices-security/
Hope this helps you.
Girish Prajwal
Maybe you are looking for
-
Although I can access iCloud, my system preferences on my iMac still show Mobile.me. I have to sign in with my mobile.me ID which is not the same as my Apple ID. I want to change my iCloud ID and password to be consistent with my Apple ID and passwo
-
How to create widget Dynamically at run time using action script
i have created widget's in my application . but in the main page i want only selected widgets to be displayed.. lets say i have 3 categories of users for which i've created 3 widget groups i.e. search , update , report. with in these groups i have n
-
Export to PDF from VC does not work
Hello experts, I tried to use the system command to export the VC data to PDF. However instead of opening the pdf file, it opens the selection screen of the BI query. Can anyone help to check the link I used as a hyperlink (as perovided in the SAP ho
-
Hi all, is it possible to change the charset in the web report, which is added to meta tag? I need to change the way in which the data in tables is shown, not just that tag. Thanks a lot Best regards, Pavel
-
I have CS3 and today I cannot select "gamut warning" when I proof colors. The Mode is set to RBG. If I set the mode to CMYK or Lab Color then it will allow me to select gamut warning. There must be some setting I changed but I cannot figure out ho