User details in respect of roles assigned to them

Similar Messages

• User listing with combination of roles assigned to them

  Hi,
  I need to list all the users in our system with a combination of roles assigned to them.
  Example:
  User1 = Role1 + Role2 + Role8
  User2 = Role1+ Role3 + Role8
  User3 = Role1 + Role4 + Role8
  I want to extract a listing of users with Role1 and Role8 assigned to them.
  How do I go about doing this??
  Standing by

  I think a download of table AGR_USERS will provide you with the desired information or at least with enough info to filter on in Excel..

• Multiple roles assigned to an user

  Hi folks,
  My question sounds to be something weird, but wanted to be cautious. I see a lot of users in my environment with multiple roles assigned to them. When i checked the roles of an user who has three roles assigned to him, i noticed that all the roles have some tables in common with the same grants in all the three roles, and all these three roles are assigned to the same user. Will there be any problem?
  An example to explain my senerio...
  User scott has three roles A,B and C assigned to him. All the three roles have execute on xy.abc procedure and select,insert,update,delete on xy.xyz table. Will there be any problem to the user who is assigned all these three roles. Will there be any confusion from oracle to chooose from which role?
  Thanks

  This sounds to be something new. So When a oracle
  tries to hold all the privileges does it do a
  distinct on the table grants, so that i will have
  just one entry of the privilege of an object, though
  it exists in all the roles assigned to that user.No, the table objauth$ looks like this,
    1* select * from objauth$ where rownum < 100
  SYS@etest> /
        OBJ#   GRANTOR#   GRANTEE# PRIVILEGE#  SEQUENCE# PARENT                OPTION$       COL#
         133          0          5          0          1
         133          0          5          3          2
         133          0          5          5          3
         133          0          5          6          4
         133          0          5          9          5
         133          0          5         10          6
         133          0          5         11          7
         135          0          5          0          8
         135          0          5          3          9
         135          0          5          5         10
         135          0          5          6         11
        OBJ#    GRANTOR#  GRANTEE# PRIVILEGE#  SEQUENCE# PARENT                OPTION$       COL#
  ---------- ---------- ---------- ---------- ---------- ------------------ ---------- ----------where
  OBJ# is object ID, could be any object not only table,
  GRANTOR# is user# , ROLE is also considered a special USER internally in Oracle.
  SYS@etest> select user#, name from user$
    2  /
       USER# NAME
           0 SYS
           1 PUBLIC
           2 CONNECT
           3 RESOURCE
           4 DBA
           5 SYSTEM
           6 SELECT_CATALOG_ROLE
           7 EXECUTE_CATALOG_ROLE
           8 DELETE_CATALOG_ROLE
           9 EXP_FULL_DATABASE
          10 IMP_FULL_DATABASE
  ..............So different roles will have different records in objauth$. Even it's same privilege of same object granted to same user.
  a GRANTEE# can have same privilege to the same object from different GRANTOR#

• EP role assignment to user id's deleted

  Hi,
  We have Windows Active directory server and the id's created there will be created in EP as well. (or both share the same db).
  Our Portal team will assign the roles to the newly created userid's using IMPORT function.
  1. Nearly we have 15k users. and today we have used the import functionality to assign roles to the 60 newly created users.
  2. The role assignment for 14k users which share the same domain(LDAP1) deleted.
  3. The role assignment for other users who use other domain(LDAP2) exists.
  What would be the root cause of the problem?
  Is it possible to take System log from EP system -> system admin ? or we need to ask the basis admin to retrieve issue log?
  Thanks!
  Dhiyu

  Hello Shabir,
  Initially all the contents can be viewed only if u have super_admin role. If u want to give access of any folder to a particular user, just open the permission editor of the folder and assign any particular role (say content_admin role) and select the end user checkbox.
  Now assign the user the same role u have specified in the permission editor of the folder. Then the user can view that folder.
  This will solve ur problem.
  Regards
  Deb
  [Reward points for helpful answers]

• ESS and MSS role assigned to position

  Hi,
  I have to find out that wheter the  ESS Role is  assigned to a position .I have to display  (Y/N)   (Details 'Y' if ESS Role Assigned, 'N' if no ESS role is assigned) To have a 'Y' it must be an active role
  Is MSS Role assigned to a position .I have to display (Y/N)  (Details 'Y' if MSS Role Assigned, 'N' if no MSS role is assigned)   To have a 'Y' it must be an active role.
  Kindly let me know how to do it.I am a abap developer and new to HR module.
  Thanks !
  Sachin Sharma

  hi
  you can check the user id assigned to the position ,
  the correct procedure would be to use Logical database and HR function modules to retrive the poistion code and user id
  position code can be taken from infotype 1 and user id can be taken from infotype 105 , once u get the user id , then you can check the roles that are there , in your case it might be custom roles , you can hard code the role name for that matter to query the same.
  Hope this gives you a clear idea.
  Regards
  sameer

• Update Request User Details with updateRegistrationUserDetails

  Hi,
  I have the following scenario: The Self-Registration form is defined with the fields First Name, Middle Name, Last Name, Manager Login. When the request is created, based on the Manager Login, the other user's attributes are set according to the Manager's Attributes. So when the manager goes to approve the request, most of the user information are already set. To update the User Details in the request, I can call the updateRegistrationUserDetails of Request API.
  Problem: I can not update the fields other than those defined in the FormMetadata.Xml. So I have to add the fields and set them as optional but I don't want to show non required fields to the end-user. I wish to have those attributes as not visible in the self-request form. Then I can update the information using the API.
  Question: How to add fields to the User Details of the request and not show them in the self-request form?
  Thanks,

  As I've said, I could not update the request fields that were not declared in the FormMetadata.xml. You can try set them as not visible but I am not sure the visibile attribute works for the SelfRegistration form. If it is not a problem, you can show the fields and set them as optional true. In my exaple, the SelfReg form has a manager employee code field.
  Create an entity adapter and assign it to the Request object, pre-insert.
  1) create two variables: requestKey, requestObjecAction, managerEmpCode (in my example)
  2) test if the request object action is Create Entity.
  3) call the method to update the request. below is my example:
       // Updates the request with the information of manager: Manager Login,
       // Location, Department and Organization
       public String updateRequestWithManagerInfo(long requestKey, String managerEmpCode) {
            String result = JavaTaskBase.EXECUTION_ERROR;
            logger.debug("******** Starting updateRequestWithManagerInfo *************");
            logger.debug("requestKey: " + requestKey);
            logger.debug("managerEmpCode: " + managerEmpCode);
            try {
                 HashMap<String, String> filter = new HashMap<String, String>();
                 filter.put(JavaTaskBase.USR_UDF_EMPLOYEE_ID, managerEmpCode);
                 String[] columns = new String[] { JavaTaskBase.USER_KEY_FIELD,
                           JavaTaskBase.USER_LOGIN_FIELD, JavaTaskBase.USR_UDF_LOCATION,
                           JavaTaskBase.USR_UDF_HR_DEPARTMENT,
                           JavaTaskBase.ORGANIZATION_ATTRIBUTE_NAME };
                 logger.debug("Querying User by EmpCode...");
                 // Update Request Attributes: requestKey, ManagerId
                 tcResultSet resultSet = this.getUserOperations().findUsersFiltered(filter, columns);
                 logger.debug("tcResultSet.getTotaRowCount(): "+ resultSet.getTotalRowCount());
                 resultSet.goToRow(0);
                 String organizationName = resultSet.getStringValue(JavaTaskBase.ORGANIZATION_ATTRIBUTE_NAME);
                 String managerLogin = resultSet.getStringValue(JavaTaskBase.USER_LOGIN_FIELD);
                 String managerLocation = resultSet.getStringValue(JavaTaskBase.USR_UDF_LOCATION);
                 String managerDepto = resultSet.getStringValue(JavaTaskBase.USR_UDF_HR_DEPARTMENT);
                 String managerKey = resultSet.getStringValue(JavaTaskBase.USER_KEY_FIELD);
                 logger.debug("Manager Organization: " + organizationName);
                 logger.debug("Manager Login: " + managerLogin);
                 logger.debug("Manager Location: " + managerLocation);
                 logger.debug("Manager Department: " + managerDepto);
                 logger.debug("Manager Key: " + managerKey);
                 // Prepares the information to update the request
                 HashMap<String, String> values = new HashMap<String, String>();
                 values.put(JavaTaskBase.ORGANIZATION_ATTRIBUTE_NAME, organizationName);
                 values.put(JavaTaskBase.USR_UDF_LOCATION, managerLocation);
                 values.put(JavaTaskBase.USR_UDF_HR_DEPARTMENT, managerDepto);
                 values.put(JavaTaskBase.USER_MANAGER_LOGIN, managerLogin);
                 logger.debug("Updating Request Info...");
                 // Updates the request
                 this.getRequestOperations().updateRegistrationUserDetails(
                           requestKey, values);
                 logger.debug("Request Updated Successfulfy.");
                 result = managerKey;
            } catch (Exception ex) {
                 logger.error("Error in updateRequestWithManagerInfo method", ex);
                 ex.printStackTrace();
                 result = JavaTaskBase.EXECUTION_ERROR;
            return result;
  thanks,
  Renato.

• Programatically creating users, roles and insert them into Jazn xml

  Hi All,
  I am using ADF 11G and ADF BC to develop my application. Whenever a user is created an entry will go into OID and into DB. Admin will apply the roles and users for that roles through application. Once the administrator assigns the roles, the user need to see the appropriate menus based on the roles assigned.
  If I use ADFSecurity, then I need to redeploy the application each and everytime an user is created and a role assigned to it. But I have to avoid the redeployment step. When ever admin assigns a role while approving the user, the same should be reflected in Jazn, so that I can use the securityContext to generate menus dynamcally.
  Is there a way to do programatically the below:
  1. Creating roles
  2. Assigining Users
  I want to use the functionality of ADFSecurity but programatically.
  Any information/links/guidance is much appreciated.
  Thanks,
  Morgan.

  Morgan,
  You can configure WLS to use OID instead of jaxn.xml file.
  [url http://download.oracle.com/docs/cd/E14571_01/core.1111/e10043/toc.htm]The security guide should be good reading for you.
  Best,
  John

• Role assignment did not work during migration

  We just finished a QA migration from EP60 to NW04 SPS14.
  Everything went OK with the exception of the following:
  Users who had customer defined roles assigned in the source system (EP60) did not get the roles assigned in the target system.(NW04) For example, if I had a few out of the box SAP roles assigned to a user in the source system, they were assigned to that user in the migrated NW04 system. The customer assinged roles did not get attached to the same users users.
  Has anybody run into similar findings ???

  Some more info.
  We may have figured out that during the migration the NW portal inititaed a connection to our LDAP server and failed. We have MSADS with a multi LDAP configuration and have configured SSL for the connection to LDAP.
  Any Ideas ???
  I pulled this out of the trace file:
  #1.5#005056B171CC00560000000C00000FE8000405C779F98BF4#1132254209877#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_28##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
  #1.5#005056B171CC00610000000600000FE8000405C779FA37A6#1132254209924#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_32##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
  #1.5#005056B171CC001D00000001000011D0000405C7DA2B657E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###No connection to the ldap server, recheck configuration or availability of directory server##
  #1.5#005056B171CC001D00000004000011D0000405C7DA2B6F70#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Server not available,recheck configuration or availability of directory server##
  #1.5#005056B171CC001D00000007000011D0000405C7DA2B7443#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Initialisation of a connection pool failed for UACC please check the configuration or availability of the directory server##
  #1.5#005056B171CC001D00000009000011D0000405C7DA2B78C2#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Please recheck the LDAP configuration Initialisation of connection pool failed for UACC
       poolname qadc2.app.csa-group.qa:636_UACC
       java.naming.factory.initial= com.sun.jndi.ldap.LdapCtxFactory
       java.naming.security.principal= cn=epqadm2,ou=PortalUsers,dc=app,dc=csa-group,dc=qa
       java.naming.ldap.version= 3
       connection_pool_name= qadc2.app.csa-group.qa:636_UACC
       java.naming.provider.url= ldap://qadc2.app.csa-group.qa:636/ou%3DPortalUsers%2Cdc%3Dapp%2Cdc%3Dcsa-group%2Cdc%3Dqa
       java.naming.security.protocol= ssl
       java.naming.ldap.factory.socket= com.sap.security.ssl.SSLSocketFactory
       java.naming.security.authentication= simple
       java.naming.security.credentials= ******
       [EXCEPTION: no connection to the ldap server:null]##
  #1.5#005056B171CC001D0000000D000011D0000405C7DA2B8C9E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Error#1#com.sap.security.core.persistence#Java###DataSource : Initialisation of connection manager failed, due to SSL configuration lazy initialisation#1#CORP_LDAP2#

• Display users along with company code assigned to them

  Hi,
       I would like to display list of users with company code assigned to them
  Thanks & Regards,
  Rajesh Kale

  Hi himanshu,
  I want list of user using complex selection criteria.
  It can be display using tools -> Administration -> User maintenance -> Information System -> Users by complex selection criteria.
  Here, I am facing the problem that which authorization object I should put so that I can get list of users in which in front of every user I get the company code assigned to them.
  Regards,
  Rajesh

• Function module to Delimit the roles assigned to the user

  Hi All,
  I am working on security role automation process abap report.My requirement is to delimit the roles assigned to the user on account of employee termination or retirement. I have used the function module "BAPI_USER_ACTGROUPS_ASSIGN"  to delimit the role assigned to the user.
  Passing the importing parameter "username" and in the Tables parameter"ACTIVITYGROUPS"  passing the respective parameters AGR_NAME(Role), FROM_DAT(Start Date),TO_DAT(termination date - 1). When I passing the parameters as mentioned above,the role assigned to the user is getting deleted,instead of delimitation of the role assigned to the user.
  Is there any other function module we can use to delmit the roles assigned to the user?  Please help.
  Regards,
  Krishnan

  hai,
  please try this.
  /VIRSA/RE_BAPI_CREATE_ROLE- Create Roles
  /VIRSA/ROLE_ASSIGN_CUA_NH
  /VIRSA/RE_BAPI_ROLE_TO_USERS
  ASSIGN_USERS_HIERARCHY - User Assignment to Role - this is a Normal FM
  try this bapis this may work
  BAPI_USER_LOCK
  - BAPI_USER_PROFILES_ASSIGN
  - BAPI_USER_LOCPROFILES_ASSIGN
  - BAPI_USER_LOCACTGROUPS_ASSIGN
  - BAPI_USER_CHANGE
  - BAPI_USER_UNLOCK

• Business Role assignment to user

  Hi all,
     I am learning about the concept of  business roles in CRM. In the forum discussions I see that the business role has to be assinged to the user even though we assign the PFCG role (linked to the business role) to the user. Like SU01 where we assign pfcg role to the user, what is the transaction code to assign the business role to the user.
  Thanks.
  Neha.

  I'm going to chime in and say this question has been discussed to the detail in this forum.  If you would have done a search you would have a pretty good discussion on this topic.
  Re: Reg: Business Role
  That thread covers all your options in detail.
  Thank you,
  Stephen

• Users stills appear to have transactions assigned even though roles have been removed.

  Hi,
  I'm currently looking at a number of users with access to sensitive transactions (e.g. SCC4).
  When looking at a combination of the AGR_ROLES and AGR_TCODES tables I can see there is currently only one active role and one active user assigned this access which would fall in line with what was to be expected based on the population I am looking at (we're not concentrating on auth object level for now).
  However when I go through SUIM and filter on users by complex criteria and enter transaction code SCC4, about 20-30 users pop up (this is how many people used to be assigned access to SCC4).
  When access was removed for these 20-30 users, it was done at 'role level' so my question is, even if roles have been removed, when looking through SUIM would a user still appear to have transactions associated with that role assigned - if so, why does this happen? I assumed once a role is removed it would removed the underlying transactions etc with it?
  My assumption at the moment is that even though SUIM is showing users still have access to SCC4 they can't actually use it as the role it was associated with has been removed.
  Any help/clarity on this would be greatly appreciated.

  Hi Johnny,
  Please do perform the User comparison.
  Goto PFCG  -> Role Name -> user comparision
  then check in SUIM still user is having that Tcode or not .
  for detail
  Go to SUIM
  Roles by complex selection criteria -> put Tcode there
  it will give you Roles name having that tcode . and then you go to that Role and you will get list of Users in PFCG (User assignment Tab) .
  same goes with User
  SUIM - Users  by complex selection criteria - > put tcode -> Profiles associated with - > roles assosiated with it .
  But i suggest after you make any changes to Role / Profile you please do user comparision .
  Regards
  Dishant Pathak

• Report to see user type and roles assigned to users in EP?

  Hi,
  a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
  b) If  the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.

  By default Portal UME comes along with the installation of portal.
  Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories.  But you can also create users in the portal UME.  The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
  You can check them in user administration->identity management and search for the users.
  THere you can see some users will be from UME and some from LDAP.
  User Admin tool is nothing but User Administration only.
  Raghu

• How to get the list of roles assigned to a user in all the child systems

  how to get the list of roles assigned to a user in all the child systems from CUA SYSTEM

  Try transaction SUIM in your CUA system. Go to user, cross-system information, users by roles. If you run it wide open, you'll get all users and all roles assigned for all systems managed in your CUA.
  Krysta

• How to Disply the List of Roles assigned to a  selected user ?

  Hi all,
  I have a specific requirement to develope using Webdynpro. I want to programically display the list of roles assigned to a selected user. Could some one help me . I promise to award points for the solution.
  Thank you in advance
  Regards
  Maruti

  Hi Maruti,
     Iterator rit = null;
  try
  IWDClientUser clientUser = WDClientUser.getCurrentUser();
  IUser user = clientUser.getSAPUser();
  rit = user.getRoles(true);
  IRoleFactory rfact = UMFactory.getRoleFactory();
  while (rit.hasNext()) {
  String roleName = (String) rit.next();
  IRole role = rfact.getRole(roleName);
  }catch(Exception e)
  e.getLocalizedMessage();
  check this thread too
  /message/1565111#1565111 [original link is broken]
  Regards, Suresh KB