Urgent -- Adding Roles Programmatically

Similar Messages

• Changing LDAP roles programmatically

  Does anyone know if it´s possible to change a LDAP user role programmatically? I´ve searched for hours, but I didn´t find any information about it. I Only found classes on weblogic api to change user attributes.
  Is there any api on weblogic to do that? Or any documentation that talks about it?
  Thanks in advance.
  Hevert Brito
  Edited by: user12966611 on 09/04/2010 15:16
  Edited by: user12966611 on 09/04/2010 15:16
  Edited by: user12966611 on 09/04/2010 15:17

  Faisal,
  I´m trying to use the method createRole the same way you´re doing in you example but i´m getting this error:
  Caused by: java.lang.NoSuchMethodException: createRole(java.lang.String,java.lan
  g.String,java.lang.String,) for Security:Name=myrealmDefaultAuthenticator
  ... 117 more
  When I use the method createUser as you did in your example it works perfectly.
  Do you have any idea why is that happening?
  This is my code:
  try{
       System.out.println("Creating role : testrole");
       wls.invoke(roleEditor,"createRole",new Object[] {null,"testrole",null},new String[] {"java.lang.String", "java.lang.String","java.lang.String"});
       System.out.println("Created role : testrole");          
  catch(Exception e){
       e.printStackTrace();
  }

• Where will be the deleted and Added roles will be tracked

  HI All,
        Need is i must track the Deleted and Added Transactions to the Role and
        Deleted and Added Roles to the Composite Roles.
        In the table AGR_HIER the records are inserting and deleting when we add change the Roles and Composite roles.
        There is no history maintained in that regarding newly inserted items(transaction to the role and Roles to the composite role) and deleted items(transaction to the role and Roles to the composite role).
        Please proved the needful help.
  Thanks,
  Ravi.

  Hi,
  table entries in <b>USR* and UST*</b> tables
  Regards

• Assign actions to roles programmatically

  Hello guys,
  Is possible to assign actions to roles programmatically using java? How can I do that?
  I did a search on the UME Interfaces but i didn't find anything.
  Regards
  Joao

  It was not difficult
  IRole role = UMFactory.getRoleFactory().getMutableRole(uniqueid);
  role.addAttributeValue("com.sap.security.core.role","actions", <STRANGE ID OF ACTION?> );
  role.commit();
  The <STRANGE ID OF ACTION?> field was found assigning the Action to the Role manually in the Identity Management and watching the IRole object on Debug.

• How to create visitor roles programmatically

  Could you please help me how to create visitor roles programmatically using weblogic portal.
  Thanks in advance

  Hi,
  Point this method to the selectItems under selectonechoice.
          if (yourList == null) {
              (yourList = new ArrayList();
              DCBindingContainer bindings = ADFUtil.getDCBindingContainer();
              DCIteratorBinding iteratorbinding =
                  bindings.findIteratorBinding("yourVO1Iterator");
              if (iteratorbinding != null) {
                  Row[] rows = iteratorbinding.getAllRowsInRange();
                  String value = null;
                  Long key = 0L;
                  for (Row row : rows) {
                      value = (String)row.getAttribute("Attrib0");
                      key = (Long)row.getAttribute("Attrib1");
                      yourList .add(new SelectItem(key.toString(), value));
          return yourList;
  Thanks
  Nitish

• Adding parametric value to role programmatically

  I would like to add a large number of parametric values to a parametric role and I have tried the following code to do so:
  String sql = "Select distinct majorcode from GS_Contacts";
  Fuego.Lib.Role rl = Role.find(name:"GS_Department");
  if(rl != null){
            foreach(row in DynamicSQL.executeQuery(sql, externalResource))
                 String param = row[1]+"";
                 logMessage(param);
                 rl.addParameter(param);
  }In studio I get an error: Role 'GS_Department' could not be updated to this server. Reason: 'Invalid process definition. Trying to add a role (organization:GSE, commonName:GS_Department:180001GC) and the field Identification Number cannot be null.
  And in Weblogic, I get no error, but the values are not added.
  I need to do a one-time load of 260 values, and then make the editable later (adding and deleting from this initial list).
  Thanks in advance.

  Hi Shannon,
  The Fuego.Fdi.DirOrganizationalRole has an array parametricValues that you have to manipulate in order to add or remove parameters to that role, after manipulating it call the methos update().
  The Fuego.Fdi.DirHumanParticipant has an array rolesAssignment of type Fuego.Fdi.RoleAssignment that you have to manipulate to add or remove role assignments to a participant, the after call update() for the DirHumanParticipant.
  HTH

• Very Urgent--Adding Header condition amount in Net order value of PO

  Dear friends,
  Our client has following requirement.
  ---In Purchase order ,Header conditions related to delivery costs are using.
  --Currently when we add the header condition,that amount is not adding to the Net order value and not adding to the total value in the PO print document.But proportionaly distributing to the line items.
  --Because of this two problems one is not adding to net order so not considered for release strategy,secondas it is not adding in the net order value,header condition amount also is not coming in the total value in the print out.
  --Currently, this header amount is splitting and posting seperate line item for GR/IR clearing act in MIGO and MIRO..
  I have removed the Statistical tick and accrual tick in IMG, then header amount is adding to the Net order value and adding in the total value in the PO print. But in MIGO/MIRO, This amount is adding to the GR/IR clearing act ,instead of seperate GR/IR line item in MIGO/MIRO documents, But client wants the postings shall be made similar to previous one.
  I have checked with removing only Stastical key and not removing the accrual key.But header condition is not adding to Net order value. I have searched for User exits/BAdis,suitable are not found.
  How the Header condition amount can be added to the Net order value without removing the Statistical key in IMG.Are there any User exit/BAdis,
  Please suggest.
  Regards,
  Dayanand

  Dear Sairam,
  Thanks for your reply.
  Asper your suggestions i tried as follows.
  1) We have got condition types like surcharges/discounts before "Net inc dis"
      and Delivery costs/accruals/frieghts after "Net inc dis".
  2) My requirement is that whatever conditions types after Net inc dis like Del costs/Frieghts are not included in Net order value in PO,so amount is not included in Release strategy and print.Currently this amount is coming as seperate line itemGR/IR Clearing account in MIGO/MIRO.
  3) Asper your suggestion,i tried with Surcharge  condition existing before "Net inc Disc"--This is a header condition(Cond.cat is Insurance),but stastical tick is not there in Scema. I tried as it is ,amount is adding in Net order value.But seperate line item for this amount is not coming in MIGO/MIRO
  4) When i ticked the accrual key and statistical tick and added Accrual-FR1,then PO created ,amount is not adding in Net order value.
  5) When i removed only Stastical tick only even though amount is not adding.
  6) When i removed the Accrual tick also i.e both the ticks then only amount is adding in Net order value.But Line item of the header condition is not dispalying as a seperate line item in MIGO/MIRO
  For these Header conditions ,seperate line item shall come ,at the same time amount shall add in Net order Vaue for the purpose of including in the amount for Release strategy and print.
  Please suggest how to do it.
  Regards,
  Dayanand

• Adding role in fk column name

  Hi,
  2 entities PROJECT and EMPLOYEE; with two 1:N relations between these two entites : "commercial representative" and "manager".
  a projet has one manager (employee) and a projet has one commercial repr.
  By default (naming templates), the fk columns are named EMP_ID and EMP_ID1....
  it doesn't seem to be possible to name automatically the fk columns with the role defined in logical model (using properties Name on source/name on target, on size "cardinality 1") on a 1:N relation.
  For example : EMP_ID_Manager and EMP_ID_ComRepr
  Manually renaming is not for me a good solution because if i apply naming standards after renaming my columns, my names is lost.
  Is there any solution ?
  if no, can it be a new feature in a next release ?
  Regards
  Fabrice.

  is it DM 3.3 or the following It'll be DM 3.3.
  Changing the name manually is not viable in 3.1.4 but it'll be an option in next release of 3.3 because you can lock the name and it won't change when "naming templates" are applied next time.
  Philip

• Adding users programmatically -- almost there

  ... getting close...
  Create this procedure in the PORTAL schema.
  It works if you call it when connected as PORTAL, but not when connected as anyone else.
  It is throwing a user-defined exception frmo inside WWCTX_SSO, so I am guessing that it is looking at the session context and deciding that the SESSION_USER shouldn't be adding users.
  Perhaps a true PL/SQL wiz can pick up the ball and figure out what is going on.
  FYI this is sandbox code at its grittiest, so don't even think of pasting it into your application 8^)
  create or replace procedure ci_add_portal_user
  (uname in varchar2,pwd in varchar2, email in varchar2,lname in varchar2,fname in varchar2,clr_lvl in integer)
  as
  l_guid varchar2(32);
  p_user_id number;
  sess dbms_ldap.session;
  err_code number;
  err_msg varchar2(300);
  INVALID_GRP_NAME_EXCEPTION exception;
  INVALID_SITE_EXCEPTION exception;
  VALUE_ERROR_EXCEPTION exception;
  DUPLICATE_GROUP_EXCEPTION exception;
  GROUP_NOT_FOUND_EXCEPTION exception;
  GROUP_MEMBER_EXCEPTION exception;
  GROUP_NOT_UNIQUE_EXCEPTION exception;
  USER_NOT_FOUND_EXCEPTION exception;
  USER_EXISTS_EXCEPTION exception;
  APP_NOT_FOUND_EXCEPTION exception;
  NO_MANAGER_EXCEPTION exception;
  DUPLICATE_GRANTEE_EXCEPTION exception;
  NO_ACCESSIBLE_OBJECT_EXCEPTION exception;
  ORG_NOT_EXIST_EXCEPTION exception;
  INVALID_PERSON_ID_EXCEPTION exception;
  ACCESS_DENIED_EXCEPTION exception;
  CIRCULAR_REFERENCE_EXCEPTION exception;
  UNEXPECTED_EXCEPTION exception;
  USER_NOT_DELETABLE_EXCEPTION exception;
  INVALID_ARGUMENT_EXCEPTION exception;
  INVALID_AUTH_FUNC_EXCEPTION exception;
  LDAP_CONNECTION_EXCEPTION exception;
  DEPRECATED_API_EXCEPTION exception;
  INVALID_ARGUMENT_EXCEPTION exception;
  BEGIN
  /* Create SSO User */
  begin
  l_guid := portal.wwsec_oid.create_user_entry
  p_base => portal.wwsec_oid.get_user_search_base,
  p_user_name => uname,
  p_password => pwd,
  p_email => email,
  p_first_name => fname,
  p_last_name => lname,
  p_create_state => null,
  p_bind_as_user => false
  exception when others then
  err_code:=SQLCODE;
  err_msg:=SQLERRM;
  dbms_output.put_line(' Exception :'||err_code||' '||err_msg);
  end;
  /* Create Portal User */
  begin
  p_user_id:=portal.wwsec_api.id_sso(p_username=>uname);
  dbms_output.put_line('USER ==>'||p_user_id||' '||portal.wwsec_api.user_name(p_user_id));
  exception when others then
  err_code:=SQLCODE;
  err_msg:=SQLERRM;
  dbms_output.put_line(' Exception :'||err_code||' '||err_msg);
  end;
  begin
  portal.wwsec_api.add_user_to_list(p_user_id,portal.wwsec_api.group_id('CI_USR'),0);
  portal.wwsec_api.set_defaultgroup(portal.wwsec_api.group_id('CI_USR'),uname);
  exception when others then
  err_code:=SQLCODE;
  err_msg:=SQLERRM;
  dbms_output.put_line(' Exception :'||err_code||' '||err_msg);
  end;
  begin
  portal.wwsec_api.add_user_to_list(p_user_id,portal.wwsec_api.group_id('CI_CLR_'||clr_lvl),0);
  exception when others then
  err_code:=SQLCODE;
  err_msg:=SQLERRM;
  dbms_output.put_line(' Exception :'||err_code||' '||err_msg);
  end;
  END ci_add_portal_user;

  Andrew,
  to add a user to a specific group in the FileRealm, try doing the following:
  import java.security.acl.Group;
  import weblogic.security.acl.BasicRealm;
  import weblogic.security.acl.ManageableRealm;
  import weblogic.security.acl.Security;
  // Create a user in WebLogic
  BasicRealm bRealm = Security.getRealm();
  ManageableRealm mRealm = (ManageableRealm)bRealm;
  if (null == mRealm) { throw new SecurityException("Security Realm is null");
  weblogic.security.acl.User oNewUser = mRealm.newUser("username", "password",
  null);
  // -- Put the new user into the selected group
  Enumeration eGroups = mRealm.getGroups();
  Group oGroup = mRealm.getGroup("group name you want to add to");
  if (null != oGroup) {
  oGroup.addMember(oNewUser);
  try { mRealm.save("FileRealm.Properties"); } catch (IOException e) { }
  Andrew Dunn <[email protected]> wrote:
  Thanks, Mike.
  I'm trying to use the Default realm in WLS7.0 (which uses LDAP), so
  I'm looking for the classes specific to the Default realm - I assume
  BEA provides some, but I can't find them in the docs.
  On 2 Dec 2002 10:15:18 -0800, "mike" <[email protected]>
  wrote:
  You will not find implementing classes in general. The thing is thatthey (classes)
  are specific to particular implementation of realm you are using (assumingyou
  use 6.x or below, but that is logically true for 7). So you need tofind what
  are the classes used in your realm and work with those. If you are usingan implementation
  shipped with WLS (eg. FIleRealm or LDAP) you will have to use reflection...
  Andrew Dunn <[email protected]> wrote:
  How can I add users/groups via the Weblogic API? All I can find in
  the documenattion is interfaces, but no implementation classes. How
  can I instantiate the classes?
  Thanks, Andrew

• Urgent: User Roles assigned to Sales Orgs and document types

  Dear Guru's :
  I have job user roles one side and sales orgs on otherside. We are trying to find out which sales orgs are using what sales document types.
  All i am trying to achieve is connect those two and make a report. it needs to be done by SE16
  First step is :
  PFCG- Enter Role u2013Click glasses-Authorizations-Display Authorization data
  you need to identify the authorization objects for each T-code and then assign the appropriate values for each authorization object. these authorization objects assigned to a Role and then, allowed T-codes are assigned to Role and
  My Basis Person to Create one AUTHORIZATION OBJECT      V_VBAK_AAT  Sales Document: Authorization for Sales Document Types  and assign your required transaction codes to that authorization and assign them to the users.
  User IDs which can use this Role (set of authorizations) can be assigned to this role.
  Second step is achieved through SE16 ;
  Execute this two table :
  There is no one-shot for this However there is a way out for this outside SAP.
  You can download AGR_1251 and AGR_1252 for the selected roles and use MS Excel or Access to do this compare for you. Its a bit more tricky than said, however once you get a hang of it, I think its a good way of reducing the efforts of making use of individual compare reports.
  Any one knows how to do this i am kind of lost here.  Could you help me to organize this process / steps.
  Full points will be given to who helps me answer my question.
  Thank you in advance.

  Dear Raghu and all:
  I am very much thankful to you for your answer Raghu. This is exactley what i was looking for. Could you throw more light on this topic. Or do you know where can i get more info.or  more tcodes related to this topic. I am using SUIM and PFCG. I dont know much about this transactions. Could you please help me to understand this topic.
  I have Authorization object through which i found out which sales documents are attached to users. I dont know next step in this process. Or does any one know any thing about this subject.  Any help will be grateful.
  Van bills.

• Adding users programmatically to WLS 10

  I've blogged a little about it [url http://internna.blogspot.com/2007/04/create-users-programmatically-in.html]here. Hope it helps!

  Hi ,
  Dont add the weblogic.jar file in your application explicitly then check the error you get,and also dont specify the location of the class in your application.
  Let me know if you face any errors after the above suggestions.
  Regards,
  Rohit Jaiswal

• Delegated admins adding roles, displaying unexpected.

  Hi all
  I need to paint a picture for this one so please be patient.
  I have a delegated admin that I have given access to the organization called internal using the internal tabbed user form. They have capabilities to add users, edit, update, and I have included only specific Business Roles that they can add which excludes all other roles. This works perfectly.
  I have a separate admin role that allows a delegated admin to do the same as above with a different set of specific business roles to an organizations call external using external tabbed user form. this works perfectly as well.
  NOTE: The business roles are only available to their respective organizations.
  My dilemma:
  When I add both roles to 1 delegated admin I get behavior that I think could be different.
  All the correct forms work, all the fields are correct everything works as expected except the roles.
  When I select add roles it actually shows up the combination of both sets of business roles that the above capabilities gives me access to..not the ones assigned to their respective organization.
  Now based on
  1. The roles are only available to users in their respective organizations
  2. And i have excluded roles from the other organizations
  3. And I am selecting or creating a user in their specific organization
  Should this display this way? And if so is there anything else I can do to just display the roles that are available to the organization?
  Cheers

• Grant app role programmatically

  Hi all,
  we're running soa suite 11.1.1.5.0 and we'd like to embed application role manipulation into a custom web app, in order to grant and revoke app roles without logging into EM gui.
  The only way we found to do such job is through a python wlst script. If we call such a script in java embedded interpeter we got a command not found error (wrong wlst.sh executable is piked up, not the soa-suite one). Is there a way to accomplish this job in java? Calling a pubblic api, a ws, a mbean, an ejb, anything??
  (ps we sorted out how to create, delete, etc users and how to search roles, and enlist granted roles to principals, this is our last challange)
  pps our last chance would be call the shell command from java, but it stinks!
  Tnx in advance.

  Hi,
  From my understanding the way wlst works is calling mbeans via jython, so theoretically it would be possible to instance the same mbeans in java and do the same work as in wlst...
  The hard work is to figure out the classpath and how to instantiate the right mbeans...
  Cheers,
  Vlad

• Urgent : Adding Compounding Attribute 0CO_AREA

  Hi,
  When I added 0CO_AREA as a COMPOUNDING attribute of 0WBS_ELEMT,
  Following is the error message :-
  <b> InfoObject 0WBS_ELEMT is referenced from 0CRM_MKTELE, compounding cannot be changed</b>
  Diagnosis
  The InfoObject 0WBS_ELEMT is referenced by InfoObject 0CRM_MKTELE. InfoObjects have been deleted or inserted from the compound of InfoObject 0WBS_ELEMT. The compounds of InfoObject and referenced InfoObject must, however, concur with each other.
  System response
  InfoObject 0WBS_ELEMT can only be activated if InfoObject 0CRM_MKTELE is activated at the same time.
  Procedure
  Include all the InfoObjects, that reference InfoObject 0WBS_ELEMT, together in the editing and activate them likewise.
  Otherwise, you can only change the compounding of InfoObject 0WBS_ELEMT if there are no more other InfoObjects that reference InfoObject 0WBS_ELEMT.

  Hi John,
  Please see OSS note 184948 (Compound Infoobjects to 0SOURSYSTEM). Though this takes the example of 0SOURSYSTEM added as a Compound InfoObject, but the same applies in your case too. The solution mentioned is:
  "In this case, characteristic 'XYZ' must also be compounded to 0SOURSYSTEM.Characteristic 'XYZ' must be activated together with characteristic 'ABC'.
  If you have to change dependent characteristics also, all characteristics must be activated together with characteristic 'ABC'.Otherwise, the consistency check uses the active version of the dependent characteristics and reports errors.In the initial screen of InfoObject maintenance select radio button 'Free selection of InfoObjects'.In the dialog box, select all characteristics you want to activate together.Select all characteristics on the following overview screen and press 'Activate'.If you are already on the detailed screen of InfoObject maintenance and include the other InfoObjects in the maintenance using pushbutton 'Other InfoObject' then for activation you must go back to the overview screen and select and activate all InfoObjects there.This procedure is necessary since activating on the detailed screen is for the currently selected InfoObject (and dependent objects) only but not for all InfoObjects visible in the overview list.If you want to activate several InfoObjects together, then you should always do this from the overview list."
  Hope this helps...

• How to add a participant to a role programmatically

  Since Fuego.Lib.Role.addParticipant API method has been deprecated, how can I add a participant to a role at runtime?
  Thanks.

  Hi I tried the same thing and it's not working at all.
  My code:
  dirHumanParticipant =
  DirHumanParticipant.fetch(session : session, id : approversGroup.apprID);
  if(null == dirHumanParticipant) {
  logMessage("create user.");
  dirHumanParticipant = DirHumanParticipant.create(session : session,
  id : approversGroup[i].apprID, firstName : approversGroup[i].apprFName,
  lastName : approversGroup[i].apprLName, displayName : approversGroup[i].apprLName +
  ", " + approversGroup[i].apprFName, mail : approversGroup[i].apprEMail, telephone : "",
  fax : "", password : "1", ou : ou, rolesAssignment : roleAss, enabled : true);
  } else {
  logMessage("user already exist. Assigning the new role.");
  tmproleAss = dirHumanParticipant.rolesAssignment;
  generalUserRole = Activity.role.find(name : "General User");
  for (int j =0; j < generalUserRole.participants.length(); j++) {
  generalUserID = generalUserRole.participants[j].id;
  if (generalUserID == approversGroup[i].apprID) {
  logMessage("General User Matches");
  isGeneralUser = true;
  break;
  approverRole = Activity.role.find(name : "Approver");
  for (int k =0; k < approverRole.participants.length(); k++) {
  approverID = approverRole.participants[k].id;
  if (approverID == approversGroup[i].apprID) {
  logMessage("Approver Matches");
  isApprover = true;
  break;
  if (isApprover) {
  logMessage("user has Approver Role. Assigning General User Role");
  tmproleAss.insert(@int : tmproleAss.length(), value : RoleAssignment.create(
  role : role1, permissions : 95));
  } else if (isGeneralUser) {
  logMessage("user has General User Role. Assigning Approver Role");
  tmproleAss.insert(@int : tmproleAss.length(), value : RoleAssignment.create(
  role : role, permissions : 95));
  dirHumanParticipant.setRolesAssignment(tmproleAss);
  dirHumanParticipant.update();
  approverRole1 = Activity.role.find(name : "Approver");
  for (int l =0; l < approverRole1.participants.length(); l++) {
  approverID1 = approverRole1.participants[l].id;
  //if (approverID == approversGroup[i].apprID) {
  logMessage("Approver IDS1:" + approverID1);
  //isApprover = true;
  //break;
  Any Help would be appreciated.
  Thank You!
  Kannan R.