UME Actions in 12.1

Similar Messages

• List all UME actions of all Roles

  HI all,
           I need to list all the UME actions associated to all roles. I couldn't find any API suitable for this requirement. Can some one help me on this. ? 
  Thanks,

  Dear P734305
  Please have a look at [http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=16442|http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=16442] and search in the SDN. you can use the security api to list the UME data.
  Refer to [Security API |http://help.sap.com/javadocs/NW04S/current/se/index.html]
  Best Regards
  Arun Jaiswal

• Specific UME Actions required for Deployement in CE 7.1

  Hi Experts,
  I need to know how many and which UME action are required for deploying the application in CE 7.11
  For deployement, we usually assign the UME Role called "Administrator" to the ID that we use for deployment.
  If I remove this "Administrator" UME role, an error message is thrown as...
  com.sap.ide.eclipse.deployer.api.APIException: DeployException,cause=ERROR CODE DPL.DCAPI.1023AuthorizationException
  This "Administrator" UME role has some 2978 UME Actions assigned to it.
  For the UME role "Administrator", inside the assigned UME actions, I have tried filtering the UME Actions based on the filter keyword "deploy", which returned some 14 UME actions.
  Now, I have made following Test case and result.
  Test Case:
  1) Remove the Administrator Role from the ID that is used for deployement.
  2) Now Assign all the above 14 UME actions that were found related to "deploy" keyword to a Custom UME role "DeployRole".
  3) Deploy using the same id.
  Result : Deployement fails with the same above mentioned error.
  Conclusion: There can be 2 possible conclusions...
  1) None of the above 14 UME actions provide the authorization for the deployment.
  2) OR There are some other UME actions which might have some dependecies that are required along with the suspected UME actions.
  In short my requirement here is, to find out the specific UME actions that are required for deployment, so that i can remove the "Administrator" UME role and assign the specific UME actions needed for deployment to a my Custom UME role, and assign this Custom UME role to the user ID for deployment.
  Regards,
  Shreyas Pandya

  Hey Nghia Nguyen...!
  Thanks a lot for your reply, i have rewarded you the points.
  I have found out that for deployment following UME actions are required.
  dc_action (Mandatory)
  auth.all.all (Mandatory)
  deploy_action (Not Mandatory)--> if you remove this deploy_action UME action the deployment will still work, but in developer studio, the Deploy result dialog box with OK button, that pops every time after you deploy your project by right clicking your application and choosing "Deploy new Archive and Run" will cease to appear and the application will directly run in the browser.
  Regards,
  Shreyas Pandya

• How to Display all UME Actions

  Hi
  I have a requirement to display all UME actions.
  and also display UME Action for Loged in User.
  So please let me know the code how to overcome these two requirements.
  Thanks
  VB

  Hi,
    Check this link for a list of UME actions. You can read that XML file and get the list of actions in your application.
  http://help.sap.com/saphelp_nw04s/helpdata/en/5f/670db7939b8e48999d65f8a05ad611/frameset.htm
  Regarding the actions for logged in user, you may have to check with javadocs if there is any classes available for this.
  http://sdn.sap.com/javadocs
  Regards,
  Harini S

• UME actions and Group permissions

  Hi there ,
  New to portal and NWDI . How do you see what a UME action contains.
  i.e.  MANAGE_ALL . Do you need java skills or visual administrator to view.
  Also, using NWDI.Administrators group  , the group itself gives permissions
  outsided of just having the NWDI.Administrator role. Where/How are the group
  permissions defined ?   Thank You
  Dan.

  Dan,
  This is a good place to start: [Authorization Concept of the AS Java|http://help.sap.com/saphelp_nw04s/helpdata/en/44/7fdf2470a412d2e10000000a422035/frameset.htm]. The two roles are different. Security roles are part of the J2EE Standard. UME roles are collections of UME actions. The UME interface cannot show the J2EE roles.
  Now as to the role that lets you look at system info, you are correct. As your test showed, this is not included in Manage.All. I just tried that myself. If you look in the visual admin, you see there is a security role called administrators assigned to the group Administrators. Now when the developers create a J2EE application they specify the name of the role that the user must have in order to access it. Often they use the name administrators. When the applications are deployed to the server, the AS Java consolidates all these roles into a single role with the same name, administrators, by role references. This is assigned to the Administrators group by default. This is done to make the life of the developer and the deployer easier. So System Info needs this role. Well, there are two keystore roles assigned by default as well, but I doubt these are the roles System Info is looking for. In SAP NetWeaver 7.1 you have more granular control. But that is another question.
  I hope that helps.
  -Michael

• Where are all the UME actions and UME roles stored?

  Hi there,
  I had a look at the SAP<SID>DB.UME* tables, it seems to me that they are not stored there.
  What I wanted to achieve is to build a list of all user, user to role assignment, all UME actions, and role to action assignment so that we can do some analysis of the data.
  Another related question is about the SPML based java API for user management in UME. It only allows you to list all the UME roles. What about the J2EE security roles? It seems to me that by using this API, you can not get a complete picture of user authorization, which includes both UME role and J2EE security role. Any comments?
  Thanks in advance
  GG

  Hi,
  I would suggest to use [UME Java API|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/package-summary.html] instead of reading from the DB tables. You can get all users using methods of the class IUserFactory. The class IRoleFactory has method getRolesOfUser which gives you all roles for each user. Don't forget about roles assigned to user groups. Have a look also at package com.sap.security.api.acl. You should be able to get all ACL entries using [IAclManager|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/acl/IAclManager.html]. Especially, check the code example. I've never done this but from reading javadocs it looks like it should be possible.
  Have a look also at this [document|http://help.sap.com/saphelp_nwce711core/helpdata/en/a4/d39b3e09cdf313e10000000a114084/frameset.htm]. It describes the authorization concept of the AS Java.
  Cheers

• Find roles by assigned ume actions

  Hi
  Does anybody know of a way to find out, which roles are assigned a specific UME action?
  In the identity management I can find a specific role and see all the assigned ume actions, but I want to find a specific UME action and see all the roles, that has this ume action assigned.
  Does anybody know how this is possible? May directly in DB?
  Cheers,
  Jacob Vennervald

  I have now tried to make a small java portal application that handles this but I can't seem to find at method to find which ume actions are assigned to a specific role.
  Does anybody have any input?
  /Jacob

• Missing property category - UME Action

  Does anyone know why when I edit a role, the option 'UME action' is missing from the drop down list under property category?
  This is happening on EP6 SP2 patch 4 (620 j2ee engine).
  Thanks

  Hi Ram
  Please check assigning these roles instead of super admin role
  "content_admin_role"  or " contentmanager"  . In case if any of these enable open permissions then check out what activity is in the role and include in yours .
  Regards
  Rahul
  Award points if help useful "

• UME actions

  Hi All
  I have a question for you!
  How can I indicate the actions my application has?
  This is needed to assign permissions to roles and groups in the <i>WAS user management</i>.
  King Regards

  Hi Kwang,
  I would appreciate if you can please send me some more details on <b>com.sap.security.core.admin.permissions</b>, like its API or related.
  I have created one UME Roles, assigned to EP user, able to extract/display this role using some custom code but now, I also need to extract the authorizations/actions given to this user.
  If this possible? If yes, please guide me.
  Awaiting Reply.
  Thanks and Warm Regards,
  Ritu R Hunjan

• UME Actions / Permissions

  Hi,
  There is an Action
  - <ACTION NAME="Manage_Roles">
    <DESCRIPTION LOCALE="en" VALUE="Permission to view, add, modify, and delete UME roles and to assign users and groups to UME roles. Does not apply to portal roles." />
    <PERMISSION CLASS="com.sap.security.core.admin.permissions.UMAdminPermissions" NAME="ROLES_VIEW" VALUE="*" />
    <PERMISSION CLASS="com.sap.security.core.admin.permissions.UMAdminPermissions" NAME="ROLES_ADD" VALUE="*" />
    <PERMISSION CLASS="com.sap.security.core.admin.permissions.UMAdminPermissions" NAME="ROLES_MODIFY" VALUE="*" />
    <PERMISSION CLASS="com.sap.security.core.admin.permissions.UMAdminPermissions" NAME="ROLES_DELETE" VALUE="*" />
    <PERMISSION CLASS="com.sap.security.core.admin.permissions.UMAdminPermissions" NAME="ROLES_ASSIGN" VALUE="*" />
    </ACTION>
  I am trying to restrict the extend of the Manage Roles action to only certain roles which have the names starting with "SAM_XXX". I thought I could just assign VALUE="SAM*" but apparently it didn't work. So I am wondering if anyone knows what the VALUE parameter is used for.
  Thanks.

  Hi Kwang,
  I would appreciate if you can please send me some more details on <b>com.sap.security.core.admin.permissions</b>, like its API or related.
  I have created one UME Roles, assigned to EP user, able to extract/display this role using some custom code but now, I also need to extract the authorizations/actions given to this user.
  If this possible? If yes, please guide me.
  Awaiting Reply.
  Thanks and Warm Regards,
  Ritu R Hunjan

• Java: Find users with specific UME actions

  Hi everybody
  On the Java UME it is easy to find out which roles, groups and actions a specific user has. The same applies for groups or roles - the connected entites can easily be found.
  But how can I found out which users have a certain action? If I browse for the action I have not possibility to find the direct or indirect assignment to the users.
  Could somebody assist? Thanks in advance!
  Beat

  Same problem I faced yesterday for my SSO project on the portal:
  My method to resolve  was :
  1. Take the user/users in scope  Export  them from UME
  2. Export roles into a readable format and check out the actions by comparing the user - role - actions relationship in a TEXT file/readable file
  3. pick the roles you want to edit , edit in notepad  import the roles( here I copied and created a Zrole  before importing )
  for example ( NWDI.ARCHITECT ) to ( ZNWDI.ARCHITECT)
  I could not find easier method than the above

• Delete UME Action from a portal role

  Hi,experts!
  I have created a portal role.
  The role have UME ation(UME.AclSuperUser,UME.Manage_All),but I don't know why Ations belongs to the role.
  If you have the knowlege of this problem, please tell me how to delete UME ation from a portal role.
  Best regards.
  Edited by: miki on Dec 11, 2008 10:03 AM

  HI,there.
  I found out a inconsistent data inside the Role.
  I checked :
  Content Administration -> Portal Content -> Role -Objects
  and opened a property editor.(property category "permissions (Java-Based").
  There are also settings about Permissions(Actions) as Useradmin, and a discrepancy in the system occurs between this setting and Useradmin.
  I changed this setting and fixed the error .
  Thank you for your help:)
  Best regards.
  Edited by: miki on Dec 16, 2008 6:16 AM

• Urgent Help Needed: UME action missing for permission option

  Hi Gurus,
  I have created a role and i want the users in that role will have the access to edit Permissons under the Sys Admin tab. When I right click on Portal content under permission i could only see Refresh, I want the option permission when rt click here, I can see this option when i use Superadmin role. Can anyone please suggest wat action is required.
  Thanks,
  Rams
  Message was edited by:
          admin ram
  Message was edited by:
          admin ram

  Hi Ram
  Please check assigning these roles instead of super admin role
  "content_admin_role"  or " contentmanager"  . In case if any of these enable open permissions then check out what activity is in the role and include in yours .
  Regards
  Rahul
  Award points if help useful "

• Standard UME Actions: Read_All

  Hi,
  I'm trying to allow the identity managment iview in my NW04s SP10 poirtal to read (but not modify) all the users/groups/roles and their relationships. Looking at [SAP Help|http://help.sap.com/saphelp_nw70/helpdata/en/5f/670db7939b8e48999d65f8a05ad611/frameset.htm], it sounds like Read_All is what I want.
  Enable a user to read user, group, and role profiles in all companies.
  This is a portal for our suppliers so the companies part is very important. However looking at the description of this action in the pcd properties is says:
  Read only access to users, roles and groups (belonging to one company only).
  This is a direct contradiction to SAP's documentation. So is there something I'm doing wrong or another way to do this?

  Yonko,
  The role's assigned to my test user are all user created. There are no other assigned actions that would interfere. I have not assigned the delegated user admin role as this would give more power to the user than we want. What we are going for is a role for our support people to be able to unlock and reset people's passwords. So we just want them to be able to be able to unlock and reset the passwords of all users in all companies, which I assumed manage all user passwords would do, but I am obviously missing something.
  Best Regards,
  Chris

• UME Actions - Manage All User Passwords

  Hello everyone,
  I am trying to create a role for our service desk to be able to manager users and be able to unlock them and/or reset their passwords. So I created a role with the identity management iview and gave the role the assigned action "Manage_All_User_Passwords". On <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/5f/670db7939b8e48999d65f8a05ad611/frameset.htm">sap help</a> it says of this action:
  "Provides permissions required by a user to change the password of other users independent of company. This also enables the user to view all user profiles."
  Now the problem comes in with users in different companies. Any user I assign this role to is only able to search for users in their own company. Is there some other configuration I need to do or permissions I need to change to be able to manage the passwords of users in different companies?
  We are running NW04s SPS10
  Thanks for any help,
  Chris Bahr

  Yonko,
  The role's assigned to my test user are all user created. There are no other assigned actions that would interfere. I have not assigned the delegated user admin role as this would give more power to the user than we want. What we are going for is a role for our support people to be able to unlock and reset people's passwords. So we just want them to be able to be able to unlock and reset the passwords of all users in all companies, which I assumed manage all user passwords would do, but I am obviously missing something.
  Best Regards,
  Chris