User listing with combination of roles assigned to them
Hi,
I need to list all the users in our system with a combination of roles assigned to them.
Example:
User1 = Role1 + Role2 + Role8
User2 = Role1+ Role3 + Role8
User3 = Role1 + Role4 + Role8
I want to extract a listing of users with Role1 and Role8 assigned to them.
How do I go about doing this??
Standing by
I think a download of table AGR_USERS will provide you with the desired information or at least with enough info to filter on in Excel..
Similar Messages
-
User details in respect of roles assigned to them
Hi Experts,
Sorry if i am posting thread on wrong category.
Can you tell me any table that contains the list of users against roles assigned to them?
Or just guide me to post the thread to correct category if I am wrong.
Thanks and regards,
Shikha Gupta.I think a download of table AGR_USERS will provide you with the desired information or at least with enough info to filter on in Excel..
-
Hi Guys,
I want a list of all users in the database with their specified roles.
Any help will be appreciated.
Regards,I was confused that GRANTEE is USERNAME and I am still confused. No need to be confused because docs are saying :
GRANTEE VARCHAR2(30) Name of the user or role receiving the grant
http://docs.oracle.com/cd/B19306_01/server.102/b14237/statviews_4064.htm
Probably you are not seeing all/some user names, because chances are that some privileges are granted to role but not directly to the users. Users are accessing those privileges via role. See example :
SQL> select * from v$version;
BANNER
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for 64-bit Windows: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
SQL> create user test identified by test;
User created.
SQL> grant connect,resource to test;
Grant succeeded.
SQL> create role testrole;
Role created.
SQL> grant select on scott.emp to testrole;
Grant succeeded.
SQL> connect test/test
Connected.
SQL> SELECT GRANTED_ROLE FROM USER_ROLE_PRIVS;
GRANTED_ROLE
CONNECT
RESOURCE
SQL> connect scott/tiger
Connected.
SQL> grant testrole to test;
Grant succeeded.
SQL> connect test/test
Connected.
SQL> SELECT GRANTED_ROLE FROM USER_ROLE_PRIVS;
GRANTED_ROLE
CONNECT
RESOURCE
TESTROLE
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
7369 SMITH CLERK 7902 17-DEC-80 800 20
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30
7521 WARD SALESMAN 7698 22-FEB-81 1250 500 30
7566 JONES MANAGER 7839 02-APR-81 2975 20
7654 MARTIN SALESMAN 7698 28-SEP-81 1250 1400 30
7698 BLAKE MANAGER 7839 01-MAY-81 2850 30
7782 CLARK MANAGER 7839 09-JUN-81 2450 10
7788 SCOTT ANALYST 7566 19-APR-87 3000 20
7839 KING PRESIDENT 17-NOV-81 5000 10
7844 TURNER SALESMAN 7698 08-SEP-81 1500 0 30
7876 ADAMS CLERK 7788 23-MAY-87 1100 20
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
7900 JAMES CLERK 7698 03-DEC-81 950 30
7902 FORD ANALYST 7566 03-DEC-81 3000 20
7934 MILLER CLERK 7782 23-JAN-82 1300 10
14 rows selected.
SQL>Regards
Girish Sharma -
NWA 7.1 - User Administration with regards to Roles/Groups
Hello,
Environment = NWA 7.1 , Java Stack Only , No Central User Administration
Situation = One group of individuals responsible for developing and maintaining Java Roles & Groups
(Permissions). Another group of individuals responsible for maintaining Users and
allocating the above Roles & Groups to the Users.
In accordance with various documentation (ie. http://help.sap.com/saphelp_nwpi711/helpdata/en/4a/e06f429c789041e10000000a1550b0/frameset.htm) I have set up a Role which includes the actions: UME.Manage_Roles, UME.Manage_Groups, UME.Manage_Users, UME.Manage_All_User_Passwords & UME.Read_All. This Role is intended for the second group of individual mentioned above.
The problem is however that with the mentioned actions they can not only allocate an user to a Role or Group but also delete the Role/Group from the system. Without the above actions in the Role it is not possible to assign Users to a Role/Group.
This leads me to the question if it is possible to split these two various areas of responibility or does NWA 7.1 view both activities as residing in only group (documentation to this effect would be helpful). If not, which actions will ensure that only Users can be administered but the rights to the system (Roles/Groups) can not be tampered with.
Many thanks in advance,
JayHi Jay,
UME.Manage_All Provides permissions required by an overall user administrator.
These include:
u2022 Administration of users belonging to any company and
possibility of assigning users to companies
(In a multitenant portal, even if a tenant user is assigned this
action, he or she will still only have access to users, groups,
and roles in his or her tenant.)
u2022 Group management
u2022 Role assignment
u2022 User mapping
u2022 Import and export of user data
u2022 Manual replication of user data
To set up delegated user administration, overall user administrators
must belong to a role to which the UME.Manage_All action is
assigned.
In portal installations, any role that includes the UME.Manage_All
action automatically has Role Assigner permissions on all portal roles in the portal installation.
Try this.
Regards,
Gowrinadh -
BAPI to get a user list with access rights to particular objects
Hi Experts,
BAPI to get all user lists for input specific object, authorizations, profiles and values?
Any useful answer will be rewarded with suitable points.
Thanks,
RohanHi Rohan
Use the BAPI:
<b>BAPI_USER_GET_DETAIL</b>
Regards,
Sree -
BAPI to get all user lists with access rights to particular objects
Hi Experts,
Is there any BAPI to get all input related user lists for input specific object, authorizations, profiles and values?
Thanks,
RohanHello,
BAPI_USER_DISPLAY Display users
BAPI_USER_GET_DETAIL Read User Details
Vasanth -
Custom Auth. Object with Profile and role assignment not working
Hi,
I have created custom Authorization Object with field ACTVT with allowed values - 01,02, 03. Now test it with custom program using AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ' it is working fine and returning sy-subrc 12. At this point i have not created any role using this Auth Object.
Now I have created custom role ZPM_**** and assigned above Auth object to it with value ACTVT 03. Assigned this role to user.
When I try to test the above custom program with any ACTVT value it is giving sy-subrc as 0. Used below custom code in program.
AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ'
ID 'ACTVT' FIELD '01'.
Am I missing anything? The profiles are generated correctly.
Best Regards,
NileshBelow are the screen shots for PFCG:
-
Multilevel list with combined roman letters and numbers
I'm trying to format my headings in a multi-level list style like this:
Chapter I: heading1
I.1 subheading1
I.2 subheading2
I.3 subheading3
Chapter II: heading2
the problem is that indesign's multilevel list seem to support only one kind of numbering system. I can either use numbers or letters. But how can I combine both? Even word has that feature so Indesign should also have it, right? Can anybody help?There was a similar thread yesterday. It's not entirely clear if this is a bug (I think it is) or a feature since underlines are a character adornment, and automatic numbers are not recognized as characters in the same way as typed text, but the fact remains that underline and strikethrough don't work on numbers and bullets generated in a list.
You have a couple of options. One is to use a paragraph rule and set a huge right indent, but this doesn't work too well for multi-digit numbers, nor do I think that it works all that well with letters in a proportional font.
A second option would be to find a font with the circles or squares built into the characters and use it as part of a character style applied to the numbers. I think this is the best solution, but it may not give you the colors that you want if you need solid digits on a colored background.
A third option might be to use an anchored object positioned behind the numbers. This has the most flexibility, I think. -
User List with authority for T-Code
Hello,
I've to provide an overview (on regular basis) of users who have the authority for executing "Critical" T-Codes.
The number of critical T-codes is around 30. I already checked transaction "S_BCE_68001400", but there i can only enter a single value for the T-Code. Does someone know a standard function module / method which i can use in a customer program.
Thank you for your help.
DieterHi,
You can take the help of BASIS consultant actually,
Or if you have authorization for transaction SUIM, you can play with differnet conbinations...
That transaction will give you more freedom for your search criteria.
Regards.
Sumit Nene -
Multiple roles assigned to an user
Hi folks,
My question sounds to be something weird, but wanted to be cautious. I see a lot of users in my environment with multiple roles assigned to them. When i checked the roles of an user who has three roles assigned to him, i noticed that all the roles have some tables in common with the same grants in all the three roles, and all these three roles are assigned to the same user. Will there be any problem?
An example to explain my senerio...
User scott has three roles A,B and C assigned to him. All the three roles have execute on xy.abc procedure and select,insert,update,delete on xy.xyz table. Will there be any problem to the user who is assigned all these three roles. Will there be any confusion from oracle to chooose from which role?
ThanksThis sounds to be something new. So When a oracle
tries to hold all the privileges does it do a
distinct on the table grants, so that i will have
just one entry of the privilege of an object, though
it exists in all the roles assigned to that user.No, the table objauth$ looks like this,
1* select * from objauth$ where rownum < 100
SYS@etest> /
OBJ# GRANTOR# GRANTEE# PRIVILEGE# SEQUENCE# PARENT OPTION$ COL#
133 0 5 0 1
133 0 5 3 2
133 0 5 5 3
133 0 5 6 4
133 0 5 9 5
133 0 5 10 6
133 0 5 11 7
135 0 5 0 8
135 0 5 3 9
135 0 5 5 10
135 0 5 6 11
OBJ# GRANTOR# GRANTEE# PRIVILEGE# SEQUENCE# PARENT OPTION$ COL#
---------- ---------- ---------- ---------- ---------- ------------------ ---------- ----------where
OBJ# is object ID, could be any object not only table,
GRANTOR# is user# , ROLE is also considered a special USER internally in Oracle.
SYS@etest> select user#, name from user$
2 /
USER# NAME
0 SYS
1 PUBLIC
2 CONNECT
3 RESOURCE
4 DBA
5 SYSTEM
6 SELECT_CATALOG_ROLE
7 EXECUTE_CATALOG_ROLE
8 DELETE_CATALOG_ROLE
9 EXP_FULL_DATABASE
10 IMP_FULL_DATABASE
..............So different roles will have different records in objauth$. Even it's same privilege of same object granted to same user.
a GRANTEE# can have same privilege to the same object from different GRANTOR# -
Display users along with company code assigned to them
Hi,
I would like to display list of users with company code assigned to them
Thanks & Regards,
Rajesh KaleHi himanshu,
I want list of user using complex selection criteria.
It can be display using tools -> Administration -> User maintenance -> Information System -> Users by complex selection criteria.
Here, I am facing the problem that which authorization object I should put so that I can get list of users in which in front of every user I get the company code assigned to them.
Regards,
Rajesh -
EP role assignment to user id's deleted
Hi,
We have Windows Active directory server and the id's created there will be created in EP as well. (or both share the same db).
Our Portal team will assign the roles to the newly created userid's using IMPORT function.
1. Nearly we have 15k users. and today we have used the import functionality to assign roles to the 60 newly created users.
2. The role assignment for 14k users which share the same domain(LDAP1) deleted.
3. The role assignment for other users who use other domain(LDAP2) exists.
What would be the root cause of the problem?
Is it possible to take System log from EP system -> system admin ? or we need to ask the basis admin to retrieve issue log?
Thanks!
DhiyuHello Shabir,
Initially all the contents can be viewed only if u have super_admin role. If u want to give access of any folder to a particular user, just open the permission editor of the folder and assign any particular role (say content_admin role) and select the end user checkbox.
Now assign the user the same role u have specified in the permission editor of the folder. Then the user can view that folder.
This will solve ur problem.
Regards
Deb
[Reward points for helpful answers] -
Select List with Redirect clears Foreign Key
I have two pages created by the Form wizard, a report and a form, with a Create button on the report page. When the Create button is pressed it passes a Foreign Key item using f?p syntax - stardard code, so far, so good, the form page works fine.
However, the form contains three Select List items, and the second and third ones need to be restricted by the value of the first one. That is, once they choose an Organization using the first Select List the second Select List should only show Groups that belong to that Organization. To do this, I have chosen the first Select List to be "Select List with Redirect". This does exactly what I want, restricting the values in the second and third items because the LOVs they are based on refer to the value of the first item in their where clauses.
This works fine when I edit an existing record, and also works if I create a new record but don't touch the value of the first Select List. The problem is that when there is no database record and the first Select List is changed, it wipes out the Foreign Key value that was passed - so the record cannot be saved. The url after redirection shows only a value for the item that was changed, and does not include the value of the Foreign Key item as it did when the Create button was pressed.
I cannot find anywhere to specify item/value pairs for the redirection url. So I have created a Computation which sets the value of the Foreign Key item and computes it Before Header, After Header or Before Region, etc. It sets the value, and Session State displays the value. Debug shows it being set, too. But the displayed field is empty in the region, and the record cannot be saved because the item has no value!
Can anyone tell me what I'm missing here? I suspect the processing of the region is overriding the computation. But I can't find a way around this. Any ideas?Scott,
Sorry, my mistake - it's not a database column, and Alternate Source Used is set to "Only...". The problem is still occurring.
The tables are:
- Person - list of People
- Organization - list of Organizations
- Organization Role - Roles defined for each Organization, has foreign key to Organization
- Person Role - Assignment of a Person to an Organization Role, has foreign key to Organization Role and also to Person
I generated a report on Person with a link to a form on the table. When they press the edit icon, the form for the person comes up fine. Then I enable a series of tabs for that person - to edit addresses, phone numbers, etc. and carry the Person ID forward to each page.
On the Person Roles page, I generated a report that lists the roles that person is assigned to and a form to maintain the assignments. Pressing the edit button goes to the form to maintain the assignment, which works fine.
There is also a Create button to add a new assignment, which goes to the same form and clears the primary key of this table to create a new record. I also pass the Person ID in the url so that the new record can create the foreign key value to Person.
Now here's the problem. On the form to create or edit an assignment, there is a Select List to choose the Organization Role record that they are being assigned to. But this can be a long list, with the same role in several organizations, etc. So I want to allow them to first select the Organization, then select Roles in that Organization.
To do that, I created a new item on the page that is not a database column. It is defined as a Select List on Organization, and they can choose the Organization from the list. Then the select statement for the Organization Role LOV has a where clause that compares Organization ID against the value chosen by the user. To make this work, the page has to be updated when they choose a different Organization, so I made the Organization field a Select List with Redirect.
When I edit existing role assignments this works fine. As soon as I select a new Organization, the Organization Role Select List is updated and I can choose roles defined for that Organization. But when I create a new record (which passes in the Person ID in the url) and then choose an Organization, the Person ID is wiped out - and the record cannot be saved without this foreign key value.
After selecting an organization on a new record, the url shows that the page has been called with only the new value of Organization - so the Person ID is lost, because there is no database record to fetch and it is not passed to the page. And I cannot find a way to set the item/value pairs passed to the url when the redirect is performed.
I am displaying the Person ID for debugging purposes, and see it disappear if I set Display As to "Text", "Display as Text", "Display as Text (based on LOV, does not save state)" or "Display as Text (based on LOV, saves state)". Interestingly, even though the later saves state (I can see it in Session State), it still gets wiped out in the record - presumably because it's a database column and there is no record, and the value is "Always" going to update the session state.
Another interesting behavior: If I set the Person ID to display as a Select List, it remains. I think this is because I do not allow extra values or nulls, so it displays the first value in the list if there is no value. (I have only created one person so far in my testing, so I can't tell yet for sure if it changes. Will try that.)
Is this clear? I'm trying to get this application created in my workspace on htmldb.oracle.com (currently it's on my local database) but having problems creating the tables - unable to create initial extents. Hopefully, I'll have it up there soon and you can examine what I'm doing. I'll let you know when it's available.
Thanks for your help.
Sam -
Role assignment did not work during migration
We just finished a QA migration from EP60 to NW04 SPS14.
Everything went OK with the exception of the following:
Users who had customer defined roles assigned in the source system (EP60) did not get the roles assigned in the target system.(NW04) For example, if I had a few out of the box SAP roles assigned to a user in the source system, they were assigned to that user in the migrated NW04 system. The customer assinged roles did not get attached to the same users users.
Has anybody run into similar findings ???Some more info.
We may have figured out that during the migration the NW portal inititaed a connection to our LDAP server and failed. We have MSADS with a multi LDAP configuration and have configured SSL for the connection to LDAP.
Any Ideas ???
I pulled this out of the trace file:
#1.5#005056B171CC00560000000C00000FE8000405C779F98BF4#1132254209877#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_28##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
#1.5#005056B171CC00610000000600000FE8000405C779FA37A6#1132254209924#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_32##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
#1.5#005056B171CC001D00000001000011D0000405C7DA2B657E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###No connection to the ldap server, recheck configuration or availability of directory server##
#1.5#005056B171CC001D00000004000011D0000405C7DA2B6F70#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Server not available,recheck configuration or availability of directory server##
#1.5#005056B171CC001D00000007000011D0000405C7DA2B7443#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Initialisation of a connection pool failed for UACC please check the configuration or availability of the directory server##
#1.5#005056B171CC001D00000009000011D0000405C7DA2B78C2#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Please recheck the LDAP configuration Initialisation of connection pool failed for UACC
poolname qadc2.app.csa-group.qa:636_UACC
java.naming.factory.initial= com.sun.jndi.ldap.LdapCtxFactory
java.naming.security.principal= cn=epqadm2,ou=PortalUsers,dc=app,dc=csa-group,dc=qa
java.naming.ldap.version= 3
connection_pool_name= qadc2.app.csa-group.qa:636_UACC
java.naming.provider.url= ldap://qadc2.app.csa-group.qa:636/ou%3DPortalUsers%2Cdc%3Dapp%2Cdc%3Dcsa-group%2Cdc%3Dqa
java.naming.security.protocol= ssl
java.naming.ldap.factory.socket= com.sap.security.ssl.SSLSocketFactory
java.naming.security.authentication= simple
java.naming.security.credentials= ******
[EXCEPTION: no connection to the ldap server:null]##
#1.5#005056B171CC001D0000000D000011D0000405C7DA2B8C9E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Error#1#com.sap.security.core.persistence#Java###DataSource : Initialisation of connection manager failed, due to SSL configuration lazy initialisation#1#CORP_LDAP2# -
Programatically creating users, roles and insert them into Jazn xml
Hi All,
I am using ADF 11G and ADF BC to develop my application. Whenever a user is created an entry will go into OID and into DB. Admin will apply the roles and users for that roles through application. Once the administrator assigns the roles, the user need to see the appropriate menus based on the roles assigned.
If I use ADFSecurity, then I need to redeploy the application each and everytime an user is created and a role assigned to it. But I have to avoid the redeployment step. When ever admin assigns a role while approving the user, the same should be reflected in Jazn, so that I can use the securityContext to generate menus dynamcally.
Is there a way to do programatically the below:
1. Creating roles
2. Assigining Users
I want to use the functionality of ADFSecurity but programatically.
Any information/links/guidance is much appreciated.
Thanks,
Morgan.Morgan,
You can configure WLS to use OID instead of jaxn.xml file.
[url http://download.oracle.com/docs/cd/E14571_01/core.1111/e10043/toc.htm]The security guide should be good reading for you.
Best,
John
Maybe you are looking for
-
hi trying to close connection that is already closed in a no-op according to javadoc for Connection interface. But this code throws exception. Please help import java.sql.*; import java.io.*; public class Test public static void main(String args[]) t
-
Po quantity value showing difference for only decimal qty range
Hi Experts, In purchase for line items which contains decimal qty like 0.232 , it is taking net price also in decimal format.But for other line items it is displaying correctly(whole qty no's).. pricing conditions we maintained at info rec
-
Dear Experts, I seen a thread here that mentioned for certain PO types, there is no Delta for BI is possible or generated. May I know what types are these? I am having intermitten problem with PO delta for line items. These POs are created by users
-
MVVM Light Bind value to list on button click
I am trying to build an simple universal app and I have followed the MVVM light setup. So far everything has fallen in place. Now I have a button and a listview on the same page. What I am trying to achieve is when I click on the button I want the li
-
Why is the macbook missing from Apple online store ?
Why is the Macbook missing from the Apple Online store ? Can someone let me know what's going on ?