UMX- assigning roles

Similar Messages

• Assigning roles to LDAP users through BIP API

  Hi.
  My customer has BIP 11g and OIM 9.1.0.2 running on the same weblogic server (11g). Both authenticate against the same LDAP server.
  One of our desired next steps is to provision from OIM the BIP roles to each LDAP user so every user gets the correct roles (and access to the correct reports) according to the groups he has on OIM.
  I've been searching for info regarding this without success. The BIP API doc does not show any info about assigning roles to users.
  We don't need to manage LDAP users, BIP roles, etc... through OIM. We only need to assign BIP roles to LDAP users.
  Is it possible to make that assignments through BIP API?
  If not, any other ideas? New ideas or different approaches are welcome.
  Thanks in advance.

  In OBIEE 11g which includes BIP the application roles are applied to LDAP users and groups using the Enterprise Manager Fusion Control.
  During the upgrade process from OBIEE 10g to OBIEE 11g the groups do get assigned to these roles transparently so there must be some API to leverage this functionality.
  I would start there, http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10541/admin_api.htm
  There are no specific instructions on accomplishing what you seek but if you have some WLST or Java Skills you should be able to get something prototyped.
  Let me know if that helps.

• Error in assigning role to multiple task

  Hi,
  We are using BAPI BAPI_BUS2175_ROLE_ASSIGN_ADD to assign role to task. It is working fine if we are assigning different role to different tasks. But if we assign the same role to different tasks in a project, it is giving dump while saving the data.
  We are using following sequence in the code:
  1. BAPI_BUS2172_LOAD to load the project
  2. BAPI_BUS2175_ROLE_ASSIGN_ADD to assign role to task
  3. BAPI_CPROJECTS_COMMIT_WORK to save the changes.
  So when BAPI_CPROJECTS_COMMIT_WORK is executing, it is giving dump as follows.
    The exception 'CX_DPR_FATAL_ERROR' was raised, but it was not caught anywhere
    along
  the call hierarchy.
  Since exceptions represent error situations and this error was not
  adequately responded to, the running ABAP program
    'CL_DPR_AUTHORIZATION_SERVICES=CP' has to be
  terminated.
  Could you please let me know what may be the reason for getting dump.
  Regards,
  Anil Salekar

  I can tell you the table where the the role assignments get stored . It is
  DPR_ENTITY_LINK.

• Assigning roles to users programmatically

  Hi,
  I want to programmatically create roles, assign roles to users etc.
  I saw at this thread
  ADF Security Policy Store
  the folowing scriptlet by Frank Nimphius
  try {
  IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore();
  try {
  UserManager userManager = idstore.getUserManager();
  RoleManager roleManager = idstore.getRoleManager();
  Role adminRole = idstore.searchRole(Role.SCOPE_APPLICATION,"admin");
  // create user
  //TODO check for empty username and password
  User newUser = userManager.createUser(this.username,this.password.toCharArray());
  roleManager.grantRole(adminRole,newUser.getPrincipal());
  } catch (IMException e) {
  // TODO
  } catch (JpsException e) {
  // TODO
  return null;
  this is a TP3 scriptlet, is it still working on the 11g production?
  I try it and i get a JpsException
  oracle.security.jps.JpsException
       at oracle.security.jps.internal.common.util.JpsCommonUtil.getValidIdStore(JpsCommonUtil.java:1004)
  do I have to replace "idstore.xml.provider" with something else depending on my configuration?
  thanks
  Tilemahos

  Hi Frank thanks for the answer,
  I check this functionality at WLS embeded LDAP and I shaw your "How-to configure OID for authentication in WebLogic Server" post.
  I manage to add users and assign them roles that i created at my application.
  But what if I want to have a super user that can create new roles and assign them member roles?
  eg.
  Developer created roles (policy store):
  accessPage1 ( granted all the necesery principals to access page1 )
  accessPage2 ( granted all the necesery principals to access page2 )
  Super user created roles
  Role1 member roles :accessPage1,accessPage2
  If i want my application to have that functionallity i must create roles programmatically wont I?
  If there another way?
  By the way I followed the advices at the following useful links
  Chris Muir: http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html
  Frank Nimphius's How-to configure OID for authentication in WebLogic Server
  Edwin Biemond's Using OpenLDAP as security provider in WebLogic
  Andrejus Baranovskis: Practical ADF Security Deployment on WebLogic Server
  And I manage to add users of the Microsoft LDAP at the WLS
  but I could't mekae them group members of my application groups (roles)
  is this possible?
  Thanks

• SECATT for assigning roles to users

  Hi All,
  How do we make the ECATT to work for the below scenario:
  Users already have roles assigned to them. We need to add a new roles to the users which can vary in number based on the users job.
  A simple ECATT script that was developed to add a single role to a new user does not work in the above case and gives an error of invalid batch input. How do I create a ECATT to assign role to user who already has a set of roles assigned (number of roles assigned to users differ, so I cannot assume to train the ECATT to assign a role on line X). Is there something I am missing while the ECATT script creation?
  We are doing this from a CUA and its very difficult to assume how many roles a user could have.
  Thanks,
  Jay

  Thanks Alex for the insight. For some reason SU10 is slow in the CUA environment and I wanted to avoid it but yes I finally had to use SU10. Talking to one of our ABAPer I came to know that even in their BDC recordings they get the error which I receeived, but he changes his program to skip all the lines with data and then fill the empty line.
  In CUA environment, how do we create ECATT to delete a role from many users?
  Thanks,
  Jay

• What is  the purpose of assign roles to portal please describe

  what is  the purpose of assign roles to portal please describe

  Hi,
  You assign Roles to Users and not to portals.
  Check this to know about Role:
  http://help.sap.com/saphelp_nw70/helpdata/EN/45/c0d8e962336000e10000000a1553f6/frameset.htm
  So a role has contents that a user can see and also privilages that the user can have (UME Actions).
  http://help.sap.com/saphelp_nw70/helpdata/EN/fb/33f520d15f8f4092a60381365620b2/frameset.htm
  When a user is assigned certain roles which have contents and also UME Actions, this user sees them when he logs on onto the portal and also has this set of  privilages.
  Regards,
  Praveen Gudapati

• Assigning role to role doesn't work when applying Database security model

  I applied Oracle Database security model for BI Publisher.
  then I create some roles and users and assigned roles to users in Oracle Database.
  i also assigned appropriate folders to each role in BI Publisher.
  the users with direct roles worked successfully but i got problem when i assigned roles to a super role, and assigned this role to a super user.
  the super user could only access guest folder.
  Please help me.
  thanks.
  Daniel
  Edited by: user13344498 on Jul 5, 2010 11:13 PM

  Add a Role to a Role:
  1. From the Security Center, select Roles and Permissions; this will invoke the
  Security Center page. Here you can see the list of existing roles and permissions.
  2. Select the Add Roles icon for the Role.
  3. Select the desired role from the Available Roles list and use the Move shuttle
  button to move it to the Included Roles.
  this is from "Oracle® Business Intelligence Publisher User's Guide Release 10.1.3.2 Part No. B40017-01" book, but the security model is BI Publisher Security.

• One CUP request for assigning role to multiple users

  Hi,
  We assign roles to users in production only through CUP requests.. We use GRC 5.3
  Here we have a case where we need to assign one role to  60 users in production(each user may have different  roles assigned in the back end) . I can raise one CUP request for all users using " multi-user" option in Copy request . But when we want to make a risk analysis , it will not show risks at user level as each user had different roles and may get different risks by adding new role.
  Instead it will give risks if any for only that new role which want to assign. Our manager is not accepting as this is not giving complete picture of risks for each user when we add new role.
  Please suggest me if there is any other way where I can make a risk analysis for each user when I created a CUP request for multiple users.
  Or the only solution is to create 60 CUP requests ?? this would be too manual
  Regards ,
  jaags

  Raghu,
  thanks for the reply, you are right as per the audit .But suppose if it is for 200 users ,creating 200 CUP requests will be impractical right.
  there should be some solution for this , because there will be many situations practically where we have to assign roles to N number of users.
  Is this possible in GRC 10 ? any idea ?
  Regards,
  Jaags

• Need to assign Role into step type mail in recipent type

  Hi Experts,
    I need to assign role to  for step type send mail recipent type . but in drop down there is not any role option to assign . to achive this i created organization  then position and assing job to that position then assigne to role under that job . after all in recipent type i assigned  with job . but when i execute workflow i am getting error . even i dirctally assign role to position and then assigne that position to recipent type. when executing my workflow i am getting error .
  but if a assigne user to position or job my workflow working properlay.  is there any proble to assing Role to Job or position.
  please let me know is there any  extra thing i need to take care when i assign  Role to position or Job .
  point will rewarded for right answer.

  Hello,
  Get the users assigned to the role into a container element in the previous step of 'SendMail' step and use the same as the recipient of the Sendmail step.
  This would be a better and easy option as Arghadip said.
  Hope this will help.
  Regards,
  Samson

• Error in User Management and Assigning Role

  Hi,
  I have configured LDAP authentication on LiveCycle Server. I get the userlist with LDAP in my admin console under User Management - User & Groups. But as soon I click on any of the LDAP username I am getting error to contact administrator. Same also happens when I check the checbox infront of the username and tries to assing role.
  My Livecycle server is on WAS6.1, I also have server setup on my local where the same LDAP i have configured and I am able to access users and assign role. Is there any problem with WAS6.1 ?
  I checked the logs and i got following exception in server logs.
  [10/24/08 10:57:58:467 EDT] 00000039 IDPLoggedExce W com.adobe.idp.common.errors.Logger$LogConsumer run UserM:GENERIC_WARNING: [Thread Hashcode: 1028668752] | [com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean] errorCode:8193 errorCodeHEX:0x2001 message:getPrincipal public chainedException:java.lang.NullPointerExceptionchainedExceptionMessage:null chainedException trace:java.lang.NullPointerException
  at com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean.getCacheKey s(DirectoryServicesManagerBean.java:1583)
  at com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean.findPrincip al(DirectoryServicesManagerBean.java:1608)
  at com.adobe.idp.um.businesslogic.directoryservices.EJSLocalStatelessDirectoryServicesManage rBean_0dbf3d20.findPrincipal(Unknown Source)
  at com.adobe.idp.um.api.impl.DirectoryManagerImpl.findPrincipal(DirectoryManagerImpl.java:13 8)
  at com.adobe.idp.um.ui.user.CreateNewUserAction.doExecute(CreateNewUserAction.java:139)
  at com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)
  at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
  at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
  at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
  at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
  at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
  at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1075)
  at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1016)
  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
  at com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:1 73)
  at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
  at com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)
  at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
  at com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:113)
  at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
  at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
  at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:771)
  at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:679)
  at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:546)
  at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
  at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.jav a:90)
  at com.ibm.ws.web

  Hello Do anyone get anything about above exception, or is there any other information needed, please let me know ?
  I still cannot found the solution for above problem, and it stops me to configuring users on Adobe LiveCycle ES, we have purchased Livecycle ES version 8.0

• So Can I determine the business partners linked to user based on the assigned role and org. structure?

  Hello, I am working on a SAP CRM 7 Sales implementation and we are implementing leads and opportunity scenarios. The current business organization model is that there multiple vertical and horizontal departments. This is typical matrix structure. This organization has done the segregation of its clients based on the verticals so every clients belongs to at least one or more Vertical department but Horizontal departments can contact all the clients. In the same way sales executives are also either belonging to one or more Verticals or Horizontal departments? Horizontal sales executive can create leads for any clients available in the system but a Vertical sales executive can only create lead only for the client belongs to his vertical and assigned to him. This can be achieved by creating organization structure and business partner relationship.
  Now the problem statement is that few sales executives need work for both some Verticals and Horizontals at the same time. But requirement is that they should be able to do the both roles with single user id but multiple roles. So when sales executive is creating leads his vertical department, he should only be able to select clients assigned to his Vertical only but when he is creating lead for Horizontal department, he should be able to select any clients.
  So Can I determine the business partners linked to user based on the assigned role and org. structure?
  Please let me know if this is not clear also  note we are only using CRM WebUI no SAP ePortal.
  Thanks a lot your help in advance.
  Regards
  Sudesh Sharma

  Thanks, Tahir
  my problem has solved
  Kind Regards,
  Faisal

• Table to find the assigned Roles with my User ID

  Hello Experts,
  1.Is there any specific table to find out the assigned roles to my User ID?
  If there is no table, let me know is there any transaction to find out the assigned roles to my User ID?
  2. When I assigned Marketing Pro role to my user id in Organization Unit, I am not able to see in webui screen.
  when I click on webui transaction, it is displaying some selection screen, there it is not displaying the role I have assigned?
  Could you help me to sort out these two queries?
  Thanks and Regards
  Madhu

  Hi Madhu,
  1.Is there any specific table to find out the assigned roles to my User ID?
  If there is no table, let me know is there any transaction to find out the assigned roles to my User ID?
  Sol'n : You have so many Class Methods for finding your requirement else FM aslo.
  Go to SE84 there u will find search ClassMethods. There u type getuserRole or userRole* and press F8. Pick the one which you feel it may give you the result
  ie you have to execute the class...if it showing instance on the tool bar click on that then press execute the method which you feel relevant to you, and give input parameters.
  Sol'n for 1 point is: CL_CRM_UI_ROLE_ASSIGN->GET_BUSINESSROLES_FOR_USER.
  2. When I assigned Marketing Pro role to my user id in Organization Unit, I am not able to see in webui screen.
  Sol'n: Go and check in T-code : BP. Dispay Ur BP and check for Employee Meantaied -- Identification Tab..Did u maintained ur Userid over there or not
  when I click on webui transaction, it is displaying some selection screen, there it is not displaying the role I have assigned?
  Sol'n: Need clarification on this point.
  Regards,
  Lokesh
  Edited by: Lokesh on Mar 8, 2010 7:37 AM

• A question about users assigned roles extraction

  Dear all,
  I have a question about users assigned roles list extraction. I need the list of the users who have already been created along with their assigned roles. According to what I found on Google, there is a table named AGR_USERS which provides the roles assigned to each user. Yet, this table provides only the SAP ID of each user along with the assigned roles. What I need more is to have also the first name and second name of each user.
  So, do you know any table providing at least the following information:
  1) First name of each user
  2) Second name of each user
  3) SAP ID of each user
  4) All assigned roles to each user.
  NOTE: I really need to have first name and second name in separate columns
  Thanks in advance,
  Dariyoosh

  >
  Shekar.J wrote:
  > Agr_users for the user ID and role assignments
  > USR02 to check the validity of the User ID
  > and USER_ADDR for the first name and last name
  >
  > You can create a Table join of the above 3 tables to retrieve the data you require
  Thanks to you and others for your attention to my problem
  I don't know anything about ABAP programming, is there any transaction allowing to create this join? As it seems to me the column "UNAME" in the table "AGR_USERS" and the column "BNAME" in the table "USER_ADDR", both refer to the SAP ID of the user. As a result the condition of the join would be "WHERE (UNAME = BNAME)", is there  any transaction/programme allowing to create this join?
  Thanks in advance,
  Dariyoosh

• OIM 11g - Modify Assign Roles request

  Hi everyone,
  I would like to know if it's possible to modify Assign Roles request in order to restrict the available assignees. I mean for example, if a manager wants to create a new Assign Roles request, he will be able to select only users whose he is the manager of.
  If someone knows how to do that he will be really helpfull !
  Thanks in advance,
  Thibault

  Thanks for both of you !!
  Indeed it's OOTB and it didn't work for me because there was another authorization policy configured for REQUEST_ADMINISTRATOR which allowed them to search for all users. And because all of my requesters had this role, they could search for all users. So I configured a new request template which allow a role, that I had already created before, to create request and now it works fine.
  Thanks !!
  Thibault

• Create user and assign role in CUA context

  Hi,
  i'm in CUA context ; in ABAP, when i use the FM BAPI_USER_CREATE1 the new user is well created in all system now i want to assign new roles to this user. Which FM can i use and especially can i assign role to user in a client system ?
  Thanks for help.
  Regards

  Hi,
  Please check this BAPI.
  BAPI_JOBROLE_CLONE
  BAPI_USER_ACTGROUPS_ASSIGN
  Regards,
  Ferry Lianto