User Administration: DISP Only
Hi Experts,
I am trying to give Content Admin Full access & for USER Admin DISPLAY Only.
Am not getting this in combination.
Can some one share your thoughts/suggestions pls?
regards,
Shawn.
Hi Shawn,
In the PCD, under the 'Portal Administrators' folder you would find both roles, Content Admin and User Admin in their respective folders. If you are going to make any changes to any of them, I suggest you copy both roles to a new namespace and then edit them accordingly.
If you do not want to change the content admin role, you can assign it as-is to the user. For the User admin read-only access, make a copy of the User Admin role. Open the property editor for this copied role, and make the following changes
1. Set the 'Manage_All' property to No
2. Set the 'User_Viewer' property to Yes.
This new role would act as a read-only user admin role. So now, you can assign this role and the original content admin role to the required user. You can leverage the other properties(java permissions) of the role to suit your requirements.The following link would be of help
[http://help.sap.com/saphelp_nw70/helpdata/en/49/8b4659c793355ae10000000a42189b/frameset.htm]
Hope it helps,
Prathamesh
Edited by: prathamesh dalvi on Oct 18, 2010 3:48 PM
Similar Messages
-
Role for User Administrator(Read only)
Hi All,
I want to create a role just like the role ofUser Administrator.But I want to make it read only.I want that the end user can perform search operation,can see the locked user,can see the roles but can't delete the user.Basically ,they shouldn't able to do the modification.
Any suggestions will be appreciated.
ParitoshI have only managed to do this by creating a role and assigning the relevant User Admin iViews to the role and then changing the End User Permissions on the role.
I assigned the ReadAll Premission. That did the trick for me.
Groups unfortunately require the manage_groups Permission, so we do not allow the viewing of groups. -
JJust purchased a MacBook Air.
i Am the administrator and only user. It somehow lost the Admin ID and password... Hint does not work.
would ould like to to reset everything or just reboot and start the registration and setup from the beginning. No saved items so nothing would be lost in a total reboot
what is the best option please. Migrating from a PC so everything is a bit confusingi know how to reset it....
check this... http://www.tomsguide.com/faq/id-2330386/restore-macbook-air-factory-settings.htm l
i have done it two time well it will ask you to download OS X again..
Aayush -
Max number of items in detail of an object of User Administration
Hello.
When I go into "User Administration"->"Identity Management", I search an object (for example a Group XY
After I select it to see the details.
I choose the "Assigned Users" tab and Search.
I see many items but I can display only 5 items for page.
Is there a way to customize it to display, for example 20 items for page?
Thanks for your help.
MarioIn new version of portal you have this option.
right click on table -> User Settings -> More. Select desired no. of Rows. I am using CE 7.1 SP 11 and its available in this version. -
Export and Import of Portal Users (UME database only)
Hi
What is the most efficient way to export all Portal user that are stored in Portal UME database so that it can be imported to another Portal installation and be used..
Thanks in Advance
AnandaHi,
SAP User Administration is the standard way to export and import users in the portal. Using the export functionality, all the user information will get exported, including the roles and groups assigned:
[User]
uid=userid
last_name=Lastname
first_name=Tobias
language=en
accessibility=0
role=pcd:portal_content/com.sap.portal.xxx;
group=Administrators;
If you only want to export the user data without the roles and groups, you'll have to delete these lines.
SAP Help: http://help.sap.com/saphelp_nw04/helpdata/en/70/9be23d44d48e5be10000000a114084/frameset.htm
Export Format: http://help.sap.com/saphelp_nw04/helpdata/en/ae/7cdf3dffadd95ee10000000a114084/frameset.htm
SDN Article: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f02e3e37-5ee3-2910-129d-967aef3fa386
br,
Tobias -
BI Dashboard - access denied for user to path /users/administrator/_portal/
Hi,
While I am within OBI EE, I try to access My Dashboards and I get this error message:
" access denied for user to path /users/administrator/_portal/dashboard layout.
Error Details
Error Codes: O9XNZMXB "
I have looked in other forums and found a solutions which was to delete cookies and then restart the system whole. It didn´t work at first. After a while, the system would allow me to access My Dashboards but then....
....I wasn´t able to access the shared filters that are on the network, thus impeding my others dashboards to work.
Does anybody know what the correct procedure for having this work is?
Thanks in advance,
Javier RinconHi...
go to Catalog Manager.
Open and navigate to particular folder (_portal in shared)
right click that and go to permissions.
In left pane are you able to see the presentation Administrator ??
If then, check what kind of permission Administrator has (full control or not), if not.. add Administrator into this pane from right pane (In the right pane, You can see the user by Unchecking the check box present below show groups only check box.)
you didn't tell with whom you logged in?
If administrator then follow the steps i mentioned,
else... same steps but instead of administrator check it for particular user.
Thanks & Regards
Kishore Guggilla -
How to enable create user option in portal under user administration?
Hi,
In Portal, in user administration tab, always the create user and Copy to New user option is disabled, how can i enable those?
-SivaIf the AS ABAP is your datasource for your users there is NO WAY you can create users in the portal UME.
● If the UME has read-only access, you cannot modify user attributes stored in the ABAP system, like first name and last name. You can modify attributes stored in the UME database, like street. Even if read-only access is assigned, users can still change their own passwords.
● If the UME has read-write access, you can create users using the tools of the J2EE Engine. Users created in this way are stored as users in the ABAP system. Extended user data that cannot be stored in the standard ABAP user record is stored in the database of the UME.
in the read/write access the users are created only in the ABAP side and not the java. If you have the read access you cannot create users in the abap side. hence you need the SAP_BC_JSF_COMMUNICATION role to create users in the AS ABAP.....
Trust me .......bottomline ....you cannot create users in the JAVA UME if you have AS ABAP as your datasource !!!!
hope this helps..
\m/ -
Process Administrator - Enable User Administration using LDAP
I'm using Oracle BPM 10gR3 connected to an LDAP. I would like to have business participants to be able to manage the Absence Periods (PTO) for participants, but I don't want them to have general admin privileges. I think the "Enable User Administration" checkbox on the participant screen will allow someone to do just that. But, the box is disabled due to the LDAP connection (I think). So, does anyone know:
1. If a user has Enable User Administration checked will they be able to manage the Absence Periods for participants?
2. How to check the box while using an LDAP to manage participants?
I read in the the Adminstration Guide how to: Assigning Administrative Privileges to LDAP Groups. But that's not my intent, it's only to enable the "Enable User Administration" checkbox.
Thanks in advance.I solved the problem and I posted the solution into my blog, visit http://rodrigozuchetto.blogspot.com/
-
Restrict the role of User Administrator
Hello all,
I need to know that if it is possible to restrict the Role of an User Administrator to assign only a specific set of Roles to the end user.
For example : The user administrator should be able to assign only say Managers, Employees Roles to the Users and not any other roles like Super Administrators etc.
If so, how can we achieve that?
Regards
AvikThere is a authorization object (combined with a parameter) that does this restriction:
S_SPO_PAGE
Definition
Using authorization object S_SPO_PAGE, you can restrict the maximum number of pages of a request that can be printed on a particular printer.
This authorization check is only active if profile parameter rspo/auth/pagelimit is set to 1.
Defined fields
SPODEVICE Device name for which the restriction is to apply.
SPOPAGES Maximum number of pages allowed; enter a range (0 to n) here -
SUS Supplier - Delegated User Administration
Hello,
We are trying to implement SUS Supplier Self registration in SRM 7.0 and we want to give supplier administrators access to perform delegated user administration for their users. When we implement this scenario, the SUS system requires access to SU01 in the backend security role for the supplier to be able to find users and unlock, delete etc. However there is no control in terms on what users they can manage once SU01 is given to them. Have you seen this in the past and is there any control that can be built into it?
Thanks,
VarunTrilchan,
Companies are not activated by default that is the reason you are able to see only ume.tpd.companies=0 which means their is no company available in portal. You can add the company codes in a comma seperated list like ume.tpd.companies=A,C,B in this example you have three companies named A,B and C. Its upto your convenient to add no. of companies and name of the company groups based on your business requirement.
Additional info:
When you add a company in portal a group shall be created automatically with the name STPD_<CompanyName> example STPD_A where A is company name.
Refer:
http://help.sap.com/saphelp_nw04/helpdata/en/3e/9bd6e9a11fd847a1ca1a5f9ac6ad23/content.htm
Ram -
Central User Administration using EP
Hi,
Can any body tell me how we can do central user Administration using EP. My landscape has multiple SAP systems, BW system and EP system. How should we go about it?
Any help?
regards,
SujeshHI Sujesh,
EP is not able to serve as a hub for central user administration in my opinion.
You can connect EP to several user stores like LDAP servers (including Microsoft ActiveDirectory) and SAP Systems.
So
a) you store all your users in an LDAP and connect all your SAP systems to that LDAP
b) you declare one of your SAP systems as central user administration (CUA) "master", connect all other as "slaves" and connect the EP UME to the master
But in any way - there is no GUI inside the EP where you can administer all user related things like roles from all systems, etc. This can only be done in an ABAP system.
Hth,
Michael -
Portal Installation : User Administration -- Role workset error
Dear All,
We have installed EP NW04 SR1 . Every thing is working fine, All the menus are coming up properly except when i click on the User Administration --> Role --> Role menu, its starts for some time and then gives "Page cannot be displayed, Operation aborted" . This error only comes for the Role workset. Every thing else is working fine.
It would be nice if i can get guidance as to how to debug this error
Regard
PNHi,
I am still unable to solve the problem. The same problem persists with the ROLE and User Mapping.
I try to open it and it gives the "page cannot be displayed, operation aborted " error
Help is appreciated
Regards
PN -
NWA 7.1 - User Administration with regards to Roles/Groups
Hello,
Environment = NWA 7.1 , Java Stack Only , No Central User Administration
Situation = One group of individuals responsible for developing and maintaining Java Roles & Groups
(Permissions). Another group of individuals responsible for maintaining Users and
allocating the above Roles & Groups to the Users.
In accordance with various documentation (ie. http://help.sap.com/saphelp_nwpi711/helpdata/en/4a/e06f429c789041e10000000a1550b0/frameset.htm) I have set up a Role which includes the actions: UME.Manage_Roles, UME.Manage_Groups, UME.Manage_Users, UME.Manage_All_User_Passwords & UME.Read_All. This Role is intended for the second group of individual mentioned above.
The problem is however that with the mentioned actions they can not only allocate an user to a Role or Group but also delete the Role/Group from the system. Without the above actions in the Role it is not possible to assign Users to a Role/Group.
This leads me to the question if it is possible to split these two various areas of responibility or does NWA 7.1 view both activities as residing in only group (documentation to this effect would be helpful). If not, which actions will ensure that only Users can be administered but the rights to the system (Roles/Groups) can not be tampered with.
Many thanks in advance,
JayHi Jay,
UME.Manage_All Provides permissions required by an overall user administrator.
These include:
u2022 Administration of users belonging to any company and
possibility of assigning users to companies
(In a multitenant portal, even if a tenant user is assigned this
action, he or she will still only have access to users, groups,
and roles in his or her tenant.)
u2022 Group management
u2022 Role assignment
u2022 User mapping
u2022 Import and export of user data
u2022 Manual replication of user data
To set up delegated user administration, overall user administrators
must belong to a role to which the UME.Manage_All action is
assigned.
In portal installations, any role that includes the UME.Manage_All
action automatically has Role Assigner permissions on all portal roles in the portal installation.
Try this.
Regards,
Gowrinadh -
Our Helpdesk staff performs the basic functions of add/remove phones and add/remove users from CUCM. We've just upgraded from CM 4.2 to CUCM 8.5(1). We are using the integrated CUCM LDAP and not AD integration. My Helpdesk users are able to use the User/Phone Add option to create a new phone and a new CUCM End User. They are able to edit all the necessary properties of the phone and line settings. But with their current group/role memberships they are unable to change attributes of users or to be able to delete them. The only Role I can see to add them to that allows changes to End Users is Standard CCMADMIN Administration and the only User Group is Standard CCM Super Users. Both of those give far more rights than I would like Helpdesk staff to have. Am I missing something obvious to allow them to perform End User management? Has anyone else encountered this? Below are the groups/roles my Helpdesk staff are currently part of. Any help would be apprecitated.
Bryan
I've added the users on our Helpdesk to the following Groups:
Standard CCM Admin Users
Standard CCM End Users
Standard CCM Phone Administration
Standard CTI Enabled
Standard RealtimeAndTraceCollection
Which automatically adds them to the following Roles:
Standard CCM Admin Users
Stadard CCM End Users
Standard CCM Phone Management
Standard CCMADMIN Read Only
Standard CCMUSER Administration
Standard CTI Enabled
Standard CUReporting
Standard RealtimeAndTraceCollectionBryan,
If I remember correctly, there isn't a pre-canned role that will allow for End User administration. I don't know why.
Your best bet is to create a custom Role and User Group. This way, you can give your Helpdesk exactly the access they need. The descriptions for the Role permissions are pretty self-explanatory, so it should be pretty easy to accomplish.
Steps:
1) create new role
2) assign permissions to the new role
3) create a new User Group
4) assign the new Role to the new User Group
5) assign the new User Group to the End/Application User accounts for the helpdesk.
This maybe helpful: http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/admin/8_5_1/ccmsys/a02mla.html#wp1062944
HTH
Adam -
Unlock the user Administrator.
Hi,
The user Administrator for my J2EE Engine had been locked.
Is there a way by which this user can be unlocked.
Please guide me.
Thanks,
Prasita.Hi,
Is there a way to unlock the user at the database layer?
I mean in case of an ABAP stack, I can go to the usr02 table and unlock a user by setting the uflag value.
In case of the JAVA only stack,what is the coressponding table at the database level?
Maybe you are looking for
-
IDVD stability is not good, *many* crashes, should I stay or should I go?
OK, I seem to be just the latest to rant on this topic, but I've got a brand new MacBook Pro, with 10.6.2, and if iDVD stays running for more than 10 minutes without crashing I'm doing well. Unlike other posters, I've not yet had a crash while burnin
-
Can I mirror my computer on my TV? I have an Apple TV 2d generation
Can I mirror my computer on my TV. I am using an ATV 3d Gen
-
Loading values into drop down through properties file.
Hi all, Can any one please let me know how to read a drop down through properties file I have two drop downs. I need to read the drop down values through the properties file . I would appreciate if you can provide me with the sample code to do this(i
-
Upgrading db from 10.1 to 10.2
anyone please help me how to upgrade(procedure) my database(in windows server 2003) from 10.1 to 10.2 .
-
Dear All, I want to know how to check if the CCMS Agent is already installed in my ECC Version? My current Version is-ECC6.0 EHP4 with single ABAP Instance. As I heard CCMS Agent is Installed by default with this ECC Version. Please help me out. Than