User belonging to multiple groups
Hi,
If a user belongs to multiple workgroups, Podcast capture should ask him in wich blog he wants to publish its sequence... but it doesn't seem to work.
So my question is : how to deal with that ?
Thanks for your help,
Nicolas
Hi
I know only 2 ways to add some dynamic: posting to user's blog, which supposes to consider that there is only one user who is able to post, otherwise to duplicate workflows and change the target group in it ($$Group Short Name$$ replaced by custom properties or if posted through webUI defined by new field, but it's reliability depends of the human factor..).
In addition, i may ask you what do you mean by "it doesn't seem to work"..? Is Pc Capture supposed to work this way and ask at any moment to which group's blog the podcast needs to be sent when a user belongs to multiple groups ? That would be a terrific news, but i guess they would have announced it..
ju
Message was edited by: JulienC
Similar Messages
-
Users belonging to multiple groups
What will happen if I attempt to create a policy with two different groups each with different rights but a single user is a member of both groups? If I apply the policy to a document where one group cannot print and the other can, will the user that is a member of both groups be able to print? Will the Policy Server take the better of the two groups or whichever one it finds first?
Hi Dave,
Policy Server takes the union of all permissions that the user has as members of different groups, so it is additive. In the example you provided, the user would be able to print as long as there were a member of some group that had the print permission.
Hope this helps,
-Bill -
Java portlet customization depending user belongs an OID group
Hi
I have developped a Java portlet with a customization display, depending user belongs a specific OID group or not.
I used a preparedStatement to call the wwsec_api.is_user_in_group PL/SQL procedure.
My problem is that it seems that OID does not close connections as our portal falls after 2 or 3 days when I install this portlet in production.
Therefore I wonder if there is a bug in the API wwsec_api.is_user_in_group (if it close OID connection after returning the boolean result).
Is there a more efficient way in a Java portlet to check if a user belongs an OID group ?
Is there a bug in wwsec_api.is_user_in_group ?
Thanks for your help,
Best Regards,
Jean-ChristopheHi Rajiv,
I tried out the following code for getting the database reference which I got from some posts on net.
tcDataProvider db;
tcUtilityFactory tcu;
ConfigurationClient.ComplexSetting config = ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
final Hashtable env2 = config.getAllSettings();
tcu = new tcUtilityFactory(env2, "xelsysadm","Password");
tcBaseUtility mBaseUtil = (tcBaseUtility) tcu.getUtility("Thor.API.Base.tcUtilityOperationsIntf");
DBReference=mBaseUtil.getDataBase();
But when I execute the code, I get an error :
Error while getting utility Thor.API.Base.tcUtilityOperationsIntf[Ljava.lang.StackTraceElement;@619eeaaThis must be at the getUtility method call.
Can you please guide me as to what I might be doing wrong here?
Thanks,
$id -
User Access when User belongs to multiple teams
I have a user that belongs to two teams: one of the teams has a task profile that includes only eAnalyze and is assigned a member access profile that has read only access to the application; the other team has a task profile that includes eAnalyze and SubmitData and is assigned a member access profile that has read and write access to the same application.
Because one of the teams has a lower member access profile of read only, does that mean that if the user tries to submit data, the submission will be denied?
In other words, if a user effectively has multiple user access profiles, does the LOWER access always win out?
Thanks in advance,
Valerie DixonHi,
As already indicated, the higher profile wins. The best way to understand this is to create a union of the different profiles assigned to the same user through different teams. The result what you get after union is the final profile of the user.
Hope this helps. -
Determine if user belongs to Authorization Group.
My requirement is I have a authorization group (BRGRU) and I need to check if the logged in user belongs to that authorization group. Is there any FM for this or a Database table where in I can get list of users belonging to a particular authorization group.
Hi
check the tables
UST12
AGR_1252
and check the Tcode SU21
see the doc about authorizations:
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points if useful
Regards
Anji -
Hello,
I want to make a (daily) job in which i send an email to application express users belonging to a certain group.
Where in the database can i find the groups a user belongs to ?
The users are in the APEX_WORKSPACE_APEX_USERS view, but where are the groups.
When i run the following procedure on a sql*plus client on my machine, it doesn't give the groups; when i run this command from apex (sql workshop), it does ? What can be the reason for that ?
declare
regel varchar2(20000);
cursor c_u is
select *
from APEX_WORKSPACE_APEX_USERS au;
begin
for l_u in c_u loop
regel := APEX_UTIL.GET_GROUPS_USER_BELONGS_TO(p_username => l_u.user_name);
dbms_output.put_line(l_u.user_name || ',' || l_u.email || ',' || regel);
end loop;
end;
Regards, SjangSjang,
APEX_UTIL.GET_GROUPS_USER_BELONGS_TO requires the workspace ID global package variable to be set, which is not the case in SQL*Plus, unless you set it.
Try connecting as a schema that is mapped to the workspace you're interested in and do this:
begin
wwv_flow_api.set_security_group_id;
end;
If the schema is mapped to more than one workspace, you need to do it like this:
begin
wwv_flow_api.set_security_group_id(99999999999999999);
end;
...replacing all those nines with the result of this query in SQL Workshop (connected in the appropriate workspace):
select v('WORKSPACE_ID') from dual;
Then try the query.
You should be able to do that in your job as well.
Scott -
How to check logged in user belongs to particular group using workflow
HI All,
I have a list and I want o implement row level security based on the list filed called Relevant group.
I have a list filed called RelevantGroup , this filed is a choice filed and it has couple of SharePoint site's groups that I have created. Now what I want to do is give current logged in user to edit the record based on his/her security group. For example
if I logged in and if I m a member of the current record RelevantGroup I can edit the record, if I m not a member of the RelevantGroup then the system shouldn't allow to edit the record.
I want to do this SharePoint designer workflow. Can someone please help me. Using SPD2013.
Thanks.
d.n weerasingheIs the form being served up from livecycle? If not how is the form being served up to the user?
-
How to list users under multiple groups and users sub groups
Hi, I am stump, which is not hard to do. i have a list of groups and i want to list the users in those groups and then in the next column lists all the citrix only groups for each user. hopefully im describing that correctly. Heres what i have but it is
not listing the users groups. I am not sure how to proceed.
$CurrentDate = Get-Date
$CurrentDate = $CurrentDate.ToString('MM-dd-yyyy_hh-mm-ss')
$Groupname = "Distribution Lists"
$excel = New-Object -comobject Excel.Application
$excel.visible = $True
$wbook = $excel.Workbooks.Add()
$wsheet = $wbook.Worksheets.Item(1)
$wsheet.Cells.Item(1,1) = "Groupname"
$wsheet.Cells.Item(1,2) = "Member"
$wsheet.Cells.Item(1,3) = "ACID"
$wsheet.Cells.Item(1,4) = "Department"
$range = $wsheet.UsedRange
$range.Interior.ColorIndex = 19
$range.Font.ColorIndex = 11
$range.Font.Bold = $True
$intRow = 2
$groups = get-adgroup -Filter * -properties * -Searchbase "OU=Citrix,OU=Permission,OU=Groups,OU=Home Office,OU=domain,DC=Domain,DC=com"
$targetFile = "c:\temp\$groupname $CurrentDate.csv"
Add-Content $targetFile "Group;Member;ACID;Department"
foreach ($group in $groups){
$groupMembers = get-adgroupmember $group -Recursive | Get-ADUser -Properties Department, DistinguishedName| Where-Object { $_.Enabled -eq 'True' } | Select-Object Name, samaccountname, department, distinguishedname, @{n='MemberOf';e={$_.MemberOf -replace '^cn=([^,]+).+$','$1' -join '; '}
foreach ($groupMember in $groupMembers){
$groupName = $group.Name
$memberName = $groupMember.Name
$acid = $groupMember.samaccountname
$groups = $usergroups
#$department = $groupMember.department
$department = $groupMember.memberof
#$DistinguishedName = $gropmember.distinguishedname
$line = "($groupName)--------($memberName)-----($acid)-------($department)------($usergroups)"
add-content $targetFile $line
$wsheet.Cells.Item($intRow,1) = $groupName
$wsheet.Cells.Item($intRow,2) = $memberName
$wsheet.Cells.Item($intRow,3) = $acid
$wsheet.Cells.Item($intRow,4) = $groups
$wsheet.Cells.Item($intRow,5) = $DistinguishedName
$intRow++
$WorkBook.EntureColumn.AutoFit()
$excel.SaveAs("DL" + "name.xlsx")
$excel.Close()Hi Glacket,
Below codes should give you headsup.
This command will give you estimate the result count for each group:
PS C:\Users\Administrator> Get-ADGroup -Filter {Name -like "TestGroup*"} | Select Name, @{Expression={get-adgroupmember $_ -recursive | Measure | Select -ExpandProperty Count};Label="Count"}
Name Count
TestGroup1 7
TestGroup2 8
Note that as said earlier we are getting duplicated results(12,13,14) for users belonging to multiple groups. Result is in order as per earlier code's count and order.
Get-ADGroup -Filter {Name -like "TestGroup*"} | get-adgroupmember -recursive | Select Name,@{Expression={Get-ADPrincipalGroupMembership $_ | Select -ExpandProperty Name};Label="GroupMemberOfName"}
Name GroupMemberOfName
User100 {Domain Users, TestGroup1}
User14 {Domain Users, TestGroup1, TestGroup2}
User13 {Domain Users, TestGroup1, TestGroup2}
User12 {Domain Users, TestGroup1, TestGroup2}
User11 {Domain Users, TestGroup1}
User10 {Domain Users, TestGroup1}
User1 {Domain Users, TestGroup1}
User19 {Domain Users, TestGroup2}
User18 {Domain Users, TestGroup2}
User17 {Domain Users, TestGroup2}
User16 {Domain Users, TestGroup2}
User15 {Domain Users, TestGroup2}
User14 {Domain Users, TestGroup1, TestGroup2}
User13 {Domain Users, TestGroup1, TestGroup2}
User12 {Domain Users, TestGroup1, TestGroup2}
Use below to export to CSV:
Get-ADGroup -Filter {Name -like "TestGroup*"} | get-adgroupmember -recursive | Select Name,@{Expression={Get-ADPrincipalGroupMembership $_ | Select -ExpandProperty Name};Label="GroupMemberOfName"} | Export-Csv C:\ListGroups.csv
Regards,
Satyajit
Please “Vote As Helpful”
if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you. -
Portal Activity Reports for multiple groups
Hi,
Can the report display the count of users belonging to multiple groups or would it have to be created seperately for each group. I have tried to use wild cards and commas and nothing worked, the field does not accept more than one valid group name to be entered. Any ideas how to work around this without having to create a different report for different groups?
ThanksHi EAmin,
You can only show information about users who belong to a specific group and not multiple groups. But if you want to show users in multiple groups, you can create a new group (say temp) and add the other groups to temp. Now, configure the report to display users in group temp.
Rajiv -
Belong to Multiple Access Policies
Hello,
I am curious about everyone else's experience with access policies being maintained by groups, and some users belonging to multiple groups and multiple access policies. Example:
John Doe belongs to group1 and group2
Order
1
AccessPolicyA
Selected groups: group1
Blocks access to URL xyz.com
2
AccessPolicyB
Selected groups: group2
Allows access to URL xyz.com
Will the WSA check all access policies that John Doe authenticates to? Or will it stop and use the first access policy that he hits, in this example AccessPolicyA?It is a bit of a hassle, but we had to reorder our access policies thinking in a top down approach as well.
Also you can create AD global security groups specifically for Internet access if you'd like. Prefix it with something that makes sense so they are all together in AD. We use IG- (IG stands for Internet Group). So we have AD groups called IG-RestrictedInternet or IG-SocialMedia.
If your in Restricted intenret, your totally restricted except for a few sites we allow. If your not in a group you have general internet access except for time wasting stuff like facebook. If your in IG-SocialMedia then you have all the general internet access PLUS social media like facebook, linkedin, etc... This is usually given to marketing or HR people.
So while annoying, there are ways to think about how to handle this. I can see your point say you are a Manager of the marketing department. Well you might be in an AD group for marketing as well as an AD group for management. In this case our Management policy would come above the marketing policy. So if your not doing specific groups then you can just order them by employee position hierarchy with usually management / hr on top. -
Can one apple ID belong to multiple family sharing groups?
I'm interested in starting a family sharing group with my siblings (surprise). They have children of their own, however, so if I invite them to my new group, will they also be able to create a different group for themselves with their children?
My thought is that my siblings can more easily share information and photos. I wasn't interested in approving app purchases for their children however so I thought they could create a separate group with their same parent ID for themselves with their children. If I'm thinking of this right, and ID needs the capability of belonging to multiple groups. Is that possible?
Thanks kindly.
BillHi Mdbarnharts,
Thanks for visiting Apple Support Communities.
It sounds like your family members are using the same Apple ID to share purchases, and now you're receiving messages sent and received by your kids.
You can set up and manage Apple IDs for your children through the Family Sharing feature.
You can find more information about Family Sharing and setting up an Apple ID for your kids at these resources:
Start or join a family group using Family Sharing - Apple Support
Family Sharing and Apple IDs for kids - Apple Support
All the best,
Jeremy -
Check user belongs to a particular sharepoint group in sharepoint 2013 designer workflow
Hello, How to validate a user belongs to a particular sharepoint group in sharepoint designer 2013 workflow.
You can make a REST call from workflow to determine if a user belongs to a group.
REST API reference and samples
Calling the SharePoint 2013 Rest
API from a SharePoint Designer Workflow
This post is my own opinion and does not necessarily reflect the opinion or view of Slalom. -
Any Simple Way to check wheter the user is belongs to SharePoint Group in Client object model
Hi All,
Generally we follow these steps to check whether user belongs to this perticular group:
1.Get the "Group" object from the Group Collection based on the group name
2.Get all UserCollection from the "Group" object
3.Take a loop and check with each user object (eg User.ID="777473844")
I am thinking this is time taking process( if group has more than 100 members).
Do we have any shortway to check whether user is belongs to this perticular SharePoint Group?
Thanks in Advance!
Thanks,
Mahesh Yamana
Mahesh@SharepointSolutionsHi Mahesh,
Below is a CSOM JS code to check whether a user belongs to a group. We get the current user object, and then the list of Groups which the user is part of. And then check if the required group is present or not in the collection.
function retrieveWebSite() {
var clientContext = new SP.ClientContext.get_current();
this.oWebsite = clientContext.get_web();
this.oCurrentUser = this.oWebsite.get_currentUser();
this.oUserGroups = this.oCurrentUser.get_groups();
clientContext.load(this.oUserGroups);
clientContext.executeQueryAsync(
Function.createDelegate(this, this.onQuerySucceeded),
Function.createDelegate(this, this.onQueryFailed)
function onQuerySucceeded(sender, args) {
var Group1 = "Group Name One";
var Group2 = "Group Name Two";
var flag = false;
var iCount = this.oUserGroups.get_count();
for(var i=0; i<iCount; i++)
oGroup = this.oUserGroups.getItemAtIndex(i);
if(oGroup.get_title() != Group1 && oGroup.get_title() != Group2)
flag=true;
else
flag=false; break;
if(flag == true)
//Write your logic here
function onQueryFailed(sender, args) {
alert('Request failed. ' + args.get_message() +
'\n' + args.get_stackTrace());
Ram Prasad Meenavalli | MCITP | MCTS SharePoint | MCPD SharePoint | http://www.spdeveloper.co.in -
Self-registration user assigned to anonymous group auto
hi experts,
how can i make the user self-registration user belong to anonymous group,not everyone group
best regards
zlfNormally self registered users automatically assigned to everyone group. If client needs they should automatically assign to someother group , it is the only possibility in my point.
Ulitimately when modifying standard groups, this consultant should think about it whether modification really needed ?
It is just an idea
Koti Reddy
Edited by: Koti Reddy Chimalamarri on Feb 8, 2009 12:03 PM -
How to add multiple groups in a single user in ldap
I have problem with ldap ,Please clarify the following problem.
My request is --> send the multiple groups at a time with single user.
My code contain single user and single group is working.
Please see the source file ,please solve my problem. i tried , but i did not get.
package com.ldap;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
* This class provides methods for the user management
* @author sudhakar
public class LdapUserMgr {
public final static String USER_ID = "uid";
public final static String COMMONNAME = "cn";
public final static String SURNAME = "sn";
public final static String MEMBEROF = "wlsMemberOf";
public final static String MEMBEROF1 = "wlsMemberOf";
public final static String PASSWORD = "userpassword";
public final static String EMAIL = "mail";
* This method creates new user in the embedded ldap registry
* @return
* @throws Exception
public void createUser() throws Exception {
DirContext ctx = getLDAPConnection();
String userId="sudhakar";
String userName="sudhakar";
String userRole="Assessor";
String password="sudhakar123";
String email="[email protected]";
try{
Attributes attrNew = new BasicAttributes(true);
Attribute objclass = new BasicAttribute("objectclass");
String group = "ou=groups,ou=myrealm,dc=sudhakar_domain";
String people = "ou=people,ou=myrealm,dc=sudhakar_domain";
// add all the object classes required for the user profile
objclass.add("top");
objclass.add("person");
objclass.add("organizationalPerson");
objclass.add("inetOrgPerson");
objclass.add("wlsUser");
// put all the attributes required as part of the user profile
// add object classes
attrNew.put(objclass);
// add user Id
attrNew.put(USER_ID, userId);
// add user common name
attrNew.put(COMMONNAME, userName);
// add user surname
attrNew.put(SURNAME, userName);
// prepare the group path for the user
String role = COMMONNAME + "=" + userRole + "," + group;
// add user to a group
attrNew.put(MEMBEROF,role);
System.out.println("user role is "+role);
// i want to pass multiple user roles at a time
// add user password
attrNew.put(PASSWORD, password);
// add user mail Id
attrNew.put(EMAIL, email);
// Prepare the query string to add the user to the embedded ldap
String query = USER_ID + "=" + userId+ "," + people;
System.out.println("user query is "+query);
// add the user to the LDAP directory
ctx.createSubcontext( query, attrNew );
System.out.println("user" + userId+ "created");
catch ( NameAlreadyBoundException nabe ){
System.out.println(nabe.getMessage());
throw new NameAlreadyBoundException("User by this name already exits");
catch (NamingException namEx) {
System.out.println(namEx.getMessage());
catch(Exception ex){
System.out.println(ex.getMessage());
finally{
closeLDAPConnection(ctx);
public DirContext getLDAPConnection() throws Exception{
DirContext ctx = null;
try{
Hashtable<String,String> env = new Hashtable<String,String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://192.168.100.84:7030/");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=Admin");
env.put(Context.SECURITY_CREDENTIALS,"admin");
// Create the initial directory context
ctx = new InitialDirContext(env);
return ctx;
catch (AuthenticationException authEx){
System.out.println(authEx.getMessage());
throw new AuthenticationException("Authentication failed");
catch (NamingException namEx) {
System.out.println(namEx.getMessage());
throw new NamingException("Naming Exception");
catch(Exception ex){
System.out.println(ex.getMessage());
throw new Exception("Exception Occured");
* This method closes the LDAP connection
* @param ctx
public void closeLDAPConnection(DirContext ctx){
try{
ctx.close();
catch(NamingException nex){
System.out.println(nex.getMessage());
catch(Exception ex){
System.out.println(ex.getMessage());
public static void main(String s[])throws Exception{
LdapUserMgr ldapUserMgr = new LdapUserMgr();
ldapUserMgr.createUser();
Edited by: sudhakar_kavuru on Jun 16, 2009 1:58 AMHi Sudhakar,
try some thing like this.Here I have enclosed the code snippet.
String query = USER_ID + "=" + user.getUserId()+ "," + people;
// add the user to the LDAP directory
// ctx.createSubcontext( query, attrNew );
Attribute att1 = new BasicAttribute(MEMBEROF);
String roleName=user.getUserRoleList().get(0);
String role1 = COMMONNAME + "="+roleName+"," + group;
att1.add(role1);
attrNew.put(att1);
DirContext dirContext =ctx.createSubcontext( query, attrNew );
for (int i = 1; i < user.getUserRoleList().size(); i++) {
Attributes att2 = new BasicAttributes();
String roleNameStr=user.getUserRoleList().get(i);
log.debug("roleNameStr--->"+roleNameStr);
String role2 = COMMONNAME + "="+roleNameStr+"," + group;
log.debug("role2-->"+role2);
att2.put(MEMBEROF,role2);
dirContext.modifyAttributes("", DirContext.ADD_ATTRIBUTE, att2);
}
Maybe you are looking for
-
Can't able to create workspace in DTR
Hi Guys, In NWDS / DTR perspective, I created a client and able to login in to the client. But In Repository browser when I right click I can't see "create workspace/ folder" option. I didnt understand whats the problem. I am using sneak preview NWD
-
Hello all, I have few queries in SAP BW development system and I have a requirement such that a view needs to be created and saved for each of them using RSRT transaction. Can anyone let me know if there is a way to put these views in transport reque
-
Use exported parameter from message mapping (via UDF) in next mapping prog
Is there any chance to assign an exported parameter from one message mapping to another mapping program within an operation mapping?
-
I have noticed loads of topics lately along the lines of "Can I write a quake style shooter in java" or "could I write a mmporg in Java" and similar for almost every style of game. I'd just like to make a quick point on this: Java is a programming la
-
Reset password without disks or logging in
hello, I have an HP Pavilion dv6-6c35dx, my finger print scanner has stopped working, i can not remember the password. I am unable to log in nor do I have my reset disks. I really need to get in to my computer to finish my paper for class. if anyone