User listing with combination of roles assigned to them

Similar Messages

• User details in respect of roles assigned to them

  Hi Experts,
  Sorry if i am posting thread on wrong category.
  Can you tell me any table that contains the list of users against roles assigned to them?
  Or just guide me to post the thread to correct category if I am wrong.
  Thanks and regards,
  Shikha Gupta.

  I think a download of table AGR_USERS will provide you with the desired information or at least with enough info to filter on in Excel..

• User List with their roles

  Hi Guys,
  I want a list of all users in the database with their specified roles.
  Any help will be appreciated.
  Regards,

  I was confused that GRANTEE is USERNAME and I am still confused. No need to be confused because docs are saying :
  GRANTEE     VARCHAR2(30)          Name of the user or role receiving the grant
  http://docs.oracle.com/cd/B19306_01/server.102/b14237/statviews_4064.htm
  Probably you are not seeing all/some user names, because chances are that some privileges are granted to role but not directly to the users. Users are accessing those privileges via role. See example :
  SQL> select * from v$version;
  BANNER
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  PL/SQL Release 11.2.0.1.0 - Production
  CORE    11.2.0.1.0      Production
  TNS for 64-bit Windows: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production
  SQL> create user test identified by test;
  User created.
  SQL> grant connect,resource to test;
  Grant succeeded.
  SQL> create role testrole;
  Role created.
  SQL> grant select on scott.emp to testrole;
  Grant succeeded.
  SQL> connect test/test
  Connected.
  SQL> SELECT GRANTED_ROLE FROM USER_ROLE_PRIVS;
  GRANTED_ROLE
  CONNECT
  RESOURCE
  SQL> connect scott/tiger
  Connected.
  SQL> grant testrole to test;
  Grant succeeded.
  SQL> connect test/test
  Connected.
  SQL> SELECT GRANTED_ROLE FROM USER_ROLE_PRIVS;
  GRANTED_ROLE
  CONNECT
  RESOURCE
  TESTROLE
  SQL> select * from scott.emp;
       EMPNO ENAME      JOB              MGR HIREDATE         SAL       COMM     DEPTNO
        7369 SMITH      CLERK           7902 17-DEC-80        800                    20
        7499 ALLEN      SALESMAN        7698 20-FEB-81       1600        300         30
        7521 WARD       SALESMAN        7698 22-FEB-81       1250        500         30
        7566 JONES      MANAGER         7839 02-APR-81       2975                    20
        7654 MARTIN     SALESMAN        7698 28-SEP-81       1250       1400         30
        7698 BLAKE      MANAGER         7839 01-MAY-81       2850                    30
        7782 CLARK      MANAGER         7839 09-JUN-81       2450                    10
        7788 SCOTT      ANALYST         7566 19-APR-87       3000                    20
        7839 KING       PRESIDENT            17-NOV-81       5000                    10
        7844 TURNER     SALESMAN        7698 08-SEP-81       1500          0         30
        7876 ADAMS      CLERK           7788 23-MAY-87       1100                    20
       EMPNO ENAME      JOB              MGR HIREDATE         SAL       COMM     DEPTNO
        7900 JAMES      CLERK           7698 03-DEC-81        950                    30
        7902 FORD       ANALYST         7566 03-DEC-81       3000                    20
        7934 MILLER     CLERK           7782 23-JAN-82       1300                    10
  14 rows selected.
  SQL>Regards
  Girish Sharma

• NWA 7.1 - User Administration with regards to Roles/Groups

  Hello,
  Environment = NWA 7.1 , Java Stack Only , No Central User Administration
  Situation      = One group of individuals responsible for developing and maintaining Java Roles & Groups
                        (Permissions). Another group of individuals responsible for maintaining Users and
                        allocating the above Roles & Groups to the Users.
  In accordance with various documentation (ie. http://help.sap.com/saphelp_nwpi711/helpdata/en/4a/e06f429c789041e10000000a1550b0/frameset.htm) I have set up a Role which includes the actions: UME.Manage_Roles, UME.Manage_Groups, UME.Manage_Users, UME.Manage_All_User_Passwords & UME.Read_All. This Role is intended for the second group of individual mentioned above.
  The problem is however that with the mentioned actions they can not only allocate an user to a Role or Group but also delete the Role/Group from the system. Without the above actions in the Role it is not possible to assign Users to a Role/Group.
  This leads me to the question if it is possible to split these two various areas of responibility or does NWA 7.1 view both activities as residing in only group (documentation to this effect would be helpful). If not, which actions will ensure that only Users can be administered but the rights to the system (Roles/Groups) can not be tampered with.
  Many thanks in advance,
  Jay

  Hi Jay,
  UME.Manage_All Provides permissions required by an overall user administrator.
  These include:
  u2022 Administration of users belonging to any company and
  possibility of assigning users to companies
  (In a multitenant portal, even if a tenant user is assigned this
  action, he or she will still only have access to users, groups,
  and roles in his or her tenant.)
  u2022 Group management
  u2022 Role assignment
  u2022 User mapping
  u2022 Import and export of user data
  u2022 Manual replication of user data
  To set up delegated user administration, overall user administrators
  must belong to a role to which the UME.Manage_All action is
  assigned.
  In portal installations, any role that includes the UME.Manage_All
  action automatically has Role Assigner permissions on all portal roles in the portal installation.
  Try this.
  Regards,
  Gowrinadh

• BAPI to get a user list with access rights to particular objects

  Hi Experts,
  BAPI to get all user lists for input specific object, authorizations, profiles and values?
  Any useful answer will be rewarded with suitable points.
  Thanks,
  Rohan

  Hi Rohan
  Use the BAPI:
  <b>BAPI_USER_GET_DETAIL</b>
  Regards,
  Sree

• BAPI to get all user lists with access rights to particular objects

  Hi Experts,
  Is there any BAPI to get all input related user lists for input specific object, authorizations, profiles and values?
  Thanks,
  Rohan

  Hello,
  BAPI_USER_DISPLAY              Display users
  BAPI_USER_GET_DETAIL           Read User Details
  Vasanth

• Custom Auth. Object with Profile and role assignment not working

  Hi,
  I have created custom Authorization Object with field ACTVT with allowed values - 01,02, 03. Now test it with custom program using AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ' it is working fine and returning sy-subrc 12. At this point i have not created any role using this Auth Object.
  Now I have created custom role ZPM_**** and assigned above Auth object to it with value ACTVT 03. Assigned this role to user.
  When I try to test the above custom program with any ACTVT value it is giving sy-subrc as 0. Used below custom code in program.
  AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ'
              ID 'ACTVT'  FIELD '01'.
  Am I missing anything? The profiles are generated correctly. 
  Best Regards,
  Nilesh

  Below are the screen shots for PFCG:

• Multilevel list with combined roman letters and numbers

  I'm trying to format my headings in a multi-level list style like this:
  Chapter I: heading1
  I.1 subheading1
  I.2 subheading2
  I.3 subheading3
  Chapter II: heading2
  the problem is that indesign's multilevel list seem to support only one kind of numbering system. I can either use numbers or letters. But how can I combine both? Even word has that feature so Indesign should also have it, right? Can anybody help?

  There was a similar thread yesterday. It's not entirely clear if this is a bug (I think it is) or a feature since underlines are a character adornment, and automatic numbers are not recognized as characters in the same way as typed text, but the fact remains that underline and strikethrough don't work on numbers and bullets generated in a list.
  You have a couple of options. One is to use a paragraph rule and set a huge right indent, but this doesn't work too well for multi-digit numbers, nor do I think that it works all that well with letters in a proportional font.
  A second option would be to find a font with the circles or squares built into the characters and use it as part of a character style applied to the numbers. I think this is the best solution, but it may not give you the colors that you want if you need solid digits on a colored background.
  A third option might be to use an anchored object positioned behind the numbers. This has the most flexibility, I think.

• User List with authority for T-Code

  Hello,
  I've to provide an overview (on regular basis) of users who have the authority for executing "Critical" T-Codes.
  The number of critical T-codes is around 30. I already checked transaction "S_BCE_68001400", but there i can only enter a single value for the T-Code. Does someone know a standard function module / method which i can use in a customer program.
  Thank you for your help.
  Dieter

  Hi,
  You can take the help of BASIS consultant actually,
  Or if you have authorization for transaction SUIM, you can play with differnet conbinations...
  That transaction will give you more freedom for your search criteria.
  Regards.
  Sumit Nene

• Multiple roles assigned to an user

  Hi folks,
  My question sounds to be something weird, but wanted to be cautious. I see a lot of users in my environment with multiple roles assigned to them. When i checked the roles of an user who has three roles assigned to him, i noticed that all the roles have some tables in common with the same grants in all the three roles, and all these three roles are assigned to the same user. Will there be any problem?
  An example to explain my senerio...
  User scott has three roles A,B and C assigned to him. All the three roles have execute on xy.abc procedure and select,insert,update,delete on xy.xyz table. Will there be any problem to the user who is assigned all these three roles. Will there be any confusion from oracle to chooose from which role?
  Thanks

  This sounds to be something new. So When a oracle
  tries to hold all the privileges does it do a
  distinct on the table grants, so that i will have
  just one entry of the privilege of an object, though
  it exists in all the roles assigned to that user.No, the table objauth$ looks like this,
    1* select * from objauth$ where rownum < 100
  SYS@etest> /
        OBJ#   GRANTOR#   GRANTEE# PRIVILEGE#  SEQUENCE# PARENT                OPTION$       COL#
         133          0          5          0          1
         133          0          5          3          2
         133          0          5          5          3
         133          0          5          6          4
         133          0          5          9          5
         133          0          5         10          6
         133          0          5         11          7
         135          0          5          0          8
         135          0          5          3          9
         135          0          5          5         10
         135          0          5          6         11
        OBJ#    GRANTOR#  GRANTEE# PRIVILEGE#  SEQUENCE# PARENT                OPTION$       COL#
  ---------- ---------- ---------- ---------- ---------- ------------------ ---------- ----------where
  OBJ# is object ID, could be any object not only table,
  GRANTOR# is user# , ROLE is also considered a special USER internally in Oracle.
  SYS@etest> select user#, name from user$
    2  /
       USER# NAME
           0 SYS
           1 PUBLIC
           2 CONNECT
           3 RESOURCE
           4 DBA
           5 SYSTEM
           6 SELECT_CATALOG_ROLE
           7 EXECUTE_CATALOG_ROLE
           8 DELETE_CATALOG_ROLE
           9 EXP_FULL_DATABASE
          10 IMP_FULL_DATABASE
  ..............So different roles will have different records in objauth$. Even it's same privilege of same object granted to same user.
  a GRANTEE# can have same privilege to the same object from different GRANTOR#

• Display users along with company code assigned to them

  Hi,
       I would like to display list of users with company code assigned to them
  Thanks & Regards,
  Rajesh Kale

  Hi himanshu,
  I want list of user using complex selection criteria.
  It can be display using tools -> Administration -> User maintenance -> Information System -> Users by complex selection criteria.
  Here, I am facing the problem that which authorization object I should put so that I can get list of users in which in front of every user I get the company code assigned to them.
  Regards,
  Rajesh

• EP role assignment to user id's deleted

  Hi,
  We have Windows Active directory server and the id's created there will be created in EP as well. (or both share the same db).
  Our Portal team will assign the roles to the newly created userid's using IMPORT function.
  1. Nearly we have 15k users. and today we have used the import functionality to assign roles to the 60 newly created users.
  2. The role assignment for 14k users which share the same domain(LDAP1) deleted.
  3. The role assignment for other users who use other domain(LDAP2) exists.
  What would be the root cause of the problem?
  Is it possible to take System log from EP system -> system admin ? or we need to ask the basis admin to retrieve issue log?
  Thanks!
  Dhiyu

  Hello Shabir,
  Initially all the contents can be viewed only if u have super_admin role. If u want to give access of any folder to a particular user, just open the permission editor of the folder and assign any particular role (say content_admin role) and select the end user checkbox.
  Now assign the user the same role u have specified in the permission editor of the folder. Then the user can view that folder.
  This will solve ur problem.
  Regards
  Deb
  [Reward points for helpful answers]

• Select List with Redirect clears Foreign Key

  I have two pages created by the Form wizard, a report and a form, with a Create button on the report page. When the Create button is pressed it passes a Foreign Key item using f?p syntax - stardard code, so far, so good, the form page works fine.
  However, the form contains three Select List items, and the second and third ones need to be restricted by the value of the first one. That is, once they choose an Organization using the first Select List the second Select List should only show Groups that belong to that Organization. To do this, I have chosen the first Select List to be "Select List with Redirect". This does exactly what I want, restricting the values in the second and third items because the LOVs they are based on refer to the value of the first item in their where clauses.
  This works fine when I edit an existing record, and also works if I create a new record but don't touch the value of the first Select List. The problem is that when there is no database record and the first Select List is changed, it wipes out the Foreign Key value that was passed - so the record cannot be saved. The url after redirection shows only a value for the item that was changed, and does not include the value of the Foreign Key item as it did when the Create button was pressed.
  I cannot find anywhere to specify item/value pairs for the redirection url. So I have created a Computation which sets the value of the Foreign Key item and computes it Before Header, After Header or Before Region, etc. It sets the value, and Session State displays the value. Debug shows it being set, too. But the displayed field is empty in the region, and the record cannot be saved because the item has no value!
  Can anyone tell me what I'm missing here? I suspect the processing of the region is overriding the computation. But I can't find a way around this. Any ideas?

  Scott,
  Sorry, my mistake - it's not a database column, and Alternate Source Used is set to "Only...". The problem is still occurring.
  The tables are:
  - Person - list of People
  - Organization - list of Organizations
  - Organization Role - Roles defined for each Organization, has foreign key to Organization
  - Person Role - Assignment of a Person to an Organization Role, has foreign key to Organization Role and also to Person
  I generated a report on Person with a link to a form on the table. When they press the edit icon, the form for the person comes up fine. Then I enable a series of tabs for that person - to edit addresses, phone numbers, etc. and carry the Person ID forward to each page.
  On the Person Roles page, I generated a report that lists the roles that person is assigned to and a form to maintain the assignments. Pressing the edit button goes to the form to maintain the assignment, which works fine.
  There is also a Create button to add a new assignment, which goes to the same form and clears the primary key of this table to create a new record. I also pass the Person ID in the url so that the new record can create the foreign key value to Person.
  Now here's the problem. On the form to create or edit an assignment, there is a Select List to choose the Organization Role record that they are being assigned to. But this can be a long list, with the same role in several organizations, etc. So I want to allow them to first select the Organization, then select Roles in that Organization.
  To do that, I created a new item on the page that is not a database column. It is defined as a Select List on Organization, and they can choose the Organization from the list. Then the select statement for the Organization Role LOV has a where clause that compares Organization ID against the value chosen by the user. To make this work, the page has to be updated when they choose a different Organization, so I made the Organization field a Select List with Redirect.
  When I edit existing role assignments this works fine. As soon as I select a new Organization, the Organization Role Select List is updated and I can choose roles defined for that Organization. But when I create a new record (which passes in the Person ID in the url) and then choose an Organization, the Person ID is wiped out - and the record cannot be saved without this foreign key value.
  After selecting an organization on a new record, the url shows that the page has been called with only the new value of Organization - so the Person ID is lost, because there is no database record to fetch and it is not passed to the page. And I cannot find a way to set the item/value pairs passed to the url when the redirect is performed.
  I am displaying the Person ID for debugging purposes, and see it disappear if I set Display As to "Text", "Display as Text", "Display as Text (based on LOV, does not save state)" or "Display as Text (based on LOV, saves state)". Interestingly, even though the later saves state (I can see it in Session State), it still gets wiped out in the record - presumably because it's a database column and there is no record, and the value is "Always" going to update the session state.
  Another interesting behavior: If I set the Person ID to display as a Select List, it remains. I think this is because I do not allow extra values or nulls, so it displays the first value in the list if there is no value. (I have only created one person so far in my testing, so I can't tell yet for sure if it changes. Will try that.)
  Is this clear? I'm trying to get this application created in my workspace on htmldb.oracle.com (currently it's on my local database) but having problems creating the tables - unable to create initial extents. Hopefully, I'll have it up there soon and you can examine what I'm doing. I'll let you know when it's available.
  Thanks for your help.
  Sam

• Role assignment did not work during migration

  We just finished a QA migration from EP60 to NW04 SPS14.
  Everything went OK with the exception of the following:
  Users who had customer defined roles assigned in the source system (EP60) did not get the roles assigned in the target system.(NW04) For example, if I had a few out of the box SAP roles assigned to a user in the source system, they were assigned to that user in the migrated NW04 system. The customer assinged roles did not get attached to the same users users.
  Has anybody run into similar findings ???

  Some more info.
  We may have figured out that during the migration the NW portal inititaed a connection to our LDAP server and failed. We have MSADS with a multi LDAP configuration and have configured SSL for the connection to LDAP.
  Any Ideas ???
  I pulled this out of the trace file:
  #1.5#005056B171CC00560000000C00000FE8000405C779F98BF4#1132254209877#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_28##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
  #1.5#005056B171CC00610000000600000FE8000405C779FA37A6#1132254209924#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_32##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
  #1.5#005056B171CC001D00000001000011D0000405C7DA2B657E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###No connection to the ldap server, recheck configuration or availability of directory server##
  #1.5#005056B171CC001D00000004000011D0000405C7DA2B6F70#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Server not available,recheck configuration or availability of directory server##
  #1.5#005056B171CC001D00000007000011D0000405C7DA2B7443#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Initialisation of a connection pool failed for UACC please check the configuration or availability of the directory server##
  #1.5#005056B171CC001D00000009000011D0000405C7DA2B78C2#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Please recheck the LDAP configuration Initialisation of connection pool failed for UACC
       poolname qadc2.app.csa-group.qa:636_UACC
       java.naming.factory.initial= com.sun.jndi.ldap.LdapCtxFactory
       java.naming.security.principal= cn=epqadm2,ou=PortalUsers,dc=app,dc=csa-group,dc=qa
       java.naming.ldap.version= 3
       connection_pool_name= qadc2.app.csa-group.qa:636_UACC
       java.naming.provider.url= ldap://qadc2.app.csa-group.qa:636/ou%3DPortalUsers%2Cdc%3Dapp%2Cdc%3Dcsa-group%2Cdc%3Dqa
       java.naming.security.protocol= ssl
       java.naming.ldap.factory.socket= com.sap.security.ssl.SSLSocketFactory
       java.naming.security.authentication= simple
       java.naming.security.credentials= ******
       [EXCEPTION: no connection to the ldap server:null]##
  #1.5#005056B171CC001D0000000D000011D0000405C7DA2B8C9E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Error#1#com.sap.security.core.persistence#Java###DataSource : Initialisation of connection manager failed, due to SSL configuration lazy initialisation#1#CORP_LDAP2#

• Programatically creating users, roles and insert them into Jazn xml

  Hi All,
  I am using ADF 11G and ADF BC to develop my application. Whenever a user is created an entry will go into OID and into DB. Admin will apply the roles and users for that roles through application. Once the administrator assigns the roles, the user need to see the appropriate menus based on the roles assigned.
  If I use ADFSecurity, then I need to redeploy the application each and everytime an user is created and a role assigned to it. But I have to avoid the redeployment step. When ever admin assigns a role while approving the user, the same should be reflected in Jazn, so that I can use the securityContext to generate menus dynamcally.
  Is there a way to do programatically the below:
  1. Creating roles
  2. Assigining Users
  I want to use the functionality of ADFSecurity but programatically.
  Any information/links/guidance is much appreciated.
  Thanks,
  Morgan.

  Morgan,
  You can configure WLS to use OID instead of jaxn.xml file.
  [url http://download.oracle.com/docs/cd/E14571_01/core.1111/e10043/toc.htm]The security guide should be good reading for you.
  Best,
  John