User Role Management Setup
Hi All,
I'm currently performing a setup in User Role Managment around roles for a department. We've identified 11 roles we need to create and the responsibilities that need to be assigned to the roles.
We've created a Role Category so all our setups can be easily identified and reported on.
Then we've created 11 roles in Role & Role Inheritence, then assigned the responsibilities. And from there, assigned the role(s) to the users.
Is this the general way of creating roles etc? I haven't been able to find a BR100 that i can compare our setup to. I don't want to start progressing the setup into our UAT environment if my setup is fundamentally flawed.
Cheers,
Russell H.
Origin Energy.
Hi,
Please refer to "Oracle Applications System Administrator's Guide - Security" manual for the steps and the guidelines you need to follow.
Oracle Applications Documentation
http://www.oracle.com/technology/documentation/applications.html
Regards,
Hussein
Similar Messages
-
Dynamic user/role management
I'm currently working with WebLogic 6.1 and looking into doing what seems to be
a standard piece of development work, specifically dynamic user management. I
need the ability to create/modify a user and define them as members of security
role(s) from within my application, and not through the Weblogic adminstrative
console. From what I've read the only option is to create a custom RDBMS
security realm. Does anyone know of any other available options or is this it?
If anyone has implemented a custom RDBMS security realm I'd be interested in any
feedback about your experience doing so. Such as performance issues or
deficiencies of this security model. Thanks in advance.
- RichCameron -
Thanks for your input. Clearly LDAP will not cut it for what I'm trying to do.
I really need the ability to manage these user accounts from within the
application not from a separate administrative tool. A custom RDBMS realm seems
the only option at this point. I looked at some of the vendors you mentioned,
but they do not seem to offer the type of solution I'm looking for. These
vendors seem to manage authorization policies which will keep programatic
security out of your business logic. I did not see where they would allow you to
create and manage user accounts/groups/ACL's. If there is one that does I'd
definitely like to take a look at it. Thanks again.
- Rich
Cameron Purdy wrote:
First, if you are using LDAP then you typically use directory management
tools, not an application, to manage security.
Second, there are security products that work with J2EE from vendors such as
Entegrity, IBM, Netegrity, et al. Basically all of them provide advanced
features like what you describe.
Third, if you must manage stuff from within the app, you need to use a
ManageableRealm implementation. See the Weblogic docs to see what I mean.
Peace,
Cameron Purdy
Tangosol, Inc.
Clustering Weblogic? You're either using Coherence, or you should be!
Download a Tangosol Coherence eval today at http://www.tangosol.com/
"Rich Naylor" <[email protected]> wrote in message
news:[email protected]...
I'm currently working with WebLogic 6.1 and looking into doing what seemsto be
a standard piece of development work, specifically dynamic usermanagement. I
need the ability to create/modify a user and define them as members ofsecurity
role(s) from within my application, and not through the Weblogicadminstrative
console. From what I've read the only option is to create a custom RDBMS
security realm. Does anyone know of any other available options or is thisit?
If anyone has implemented a custom RDBMS security realm I'd be interestedin any
feedback about your experience doing so. Such as performance issues or
deficiencies of this security model. Thanks in advance.
- Rich -
UMX - Enabling the Remove button on User Role Management screen
Hi,
I tried looking everywhere on how to enable the Remove Button on the UMX Role Screen. Please advice me if anyone knows about this. Appreciate it.
Navigation
1 User Management Responsibility
2. Users tab -> look for any user -> click on update button on the search result
3. on the Roles tab , you will see a list of role assigned to the user , on the far right , there will be a Remove column with all the icon grey out. (How do i enable this???)Laurent wrote:
Hi,
I tried looking everywhere on how to enable the Remove Button on the UMX Role Screen. Please advice me if anyone knows about this. Appreciate it.
Navigation
1 User Management Responsibility
2. Users tab -> look for any user -> click on update button on the search result
3. on the Roles tab , you will see a list of role assigned to the user , on the far right , there will be a Remove column with all the icon grey out. (How do i enable this???)You cannot remove a role and you will have to end-date it (click on the plus sign with the "Show" text > Set "Active To").
To revoke a role from the user, you must end-date the role. If the role is an inherited role, you can only remove it by removing the role from which it originates in the role inheritance hierarchy. You can view a role's inheritance hierarchy by clicking on the Show hyperlink next to the role.
Assigning Roles to or Revoking Roles from Users
http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156460.htm#366082
Thanks,
Hussein -
Error opening the entities in the user role management
I am trying the assign the models to the user in the user management page. But when I try to expand the + symbol next to the model and open the entities, I get the error that the object reference is not set for a object server instance.Can you
please guide me on thisHi Vincent,
Thanks a lot. it works now.
Regards
Ganesh -
Hi
In the portal that I am developing has about 5 roles which primarily have web dynpro iview attached to it.
Now there are cetain user groups who can see all the iviews and few user groups and users who can see only some of those iViews/roles.
How should I acheive this in the portal. If i create a group and assign it roles A,B,C,D and E. There are few users who can access just A and C and few user who can access A, C, D and E. and likewise.
Could anyone please suggest me the how to go about this if you have any documentation on such issues please send it to me.
Thanks
Regards
PriyaHi !!
Thanks for your responses.
Harini.. could you please give me more details on the program that can do this. If you have any example can you send it to me please. (email: [email protected])
Subathra..I did put the users to groups and assigned them roles. But there are certain users who belong to more than one group and also these particular users have an additional role, so when I proceed this way, it is changing the number of roles that was originally assigned to the group...
thanks for you suggestion...
Thanks
Regards
Priya -
User Lockout Manager in Authentication Provider (WLP 9.2)
Does anyone know how to get User Lockout Manager working in WLP 9.2 ? Some advise was in version 7, but I cannot get it work in 9.2...
You may want to ask in the weblogic.developer.interest.portal forum.
I don't believe that group and user/role management can be application
scoped.
<Tanja Puurula> wrote in message news:[email protected]..
We have domain where one portal application is in production now and other
portal application have to deploy in the same domain.
The first one is using global scoped DataSources and the new one is using
application scoped because they have to use own schemas in the database.
Also Group and User/role management have to work application scoped, meaning
that in one's portal admin console shows only users/groups/roles to that
portal.
How do I do this and what is the optional/best practises to do this kind of
configuration, configure and deploy multiple portals in the same domain ?
I get so far that I make new SQLAuthenticator and XCAMLRoleMapper to the new
portal but when the LDAP and database goes out of sync and I delete
P13N -tables and LDAP, server start creates only to the first portal
database the needed rows and delegated admin management doesn't work in the
new one at all.
I have read all bea's documents related to JDBC - application scoping,
deploying, security P13N and I can't get enough information from it to make
this work.
Thanks ! -
Solution Manager 4.0 Solution Monitoring User -Roles-Profiles for Satellite
Hi All,
I have installed Solution Manager 4.0 (OS -Linux ,Database - DB2) .
Now i need to connect solution manager to the R/3 4.6C
Satellite Systems (DEV, QAS ,PRD) for Solution Monitoring
and Service level Reporting .
I have read the configuration guide , but unable to get clear idea .
1) what users (alos type of user -Dialog , Service, Communication etc) do i need create in DEV , and Test in QAS for solution Monitoring .
2) what exact roles /profiles need to be assigned to these users in satellite systems .
3) what users/roles /profiles needs to be done in SOLMAN system
i have applied all the required plug ins and support packs
in satellite systems and solman 40 ..
Please advice . Your response will be a great help for me .
SatishHello Satish,
Just clarify, if u have meant connecting the satellite systems for EWA reports to be precise. Early watch Reports. If its is the case, then repond so that i can putin my inputs which may be helpful for you in this config.
Rgds,
Sri -
Pull User Role from identity manager in BPM process
Hi,
How can I pull user name, user role from different identity manager in order to configure hierarchy workflow in BPM process? can any one guide me on that??
Regards,
AmikI'm having the same problem on WebLogic 10.3
-
User role to access configuration management in NWA
Hi,
What USER role is required to create the destination information in configuration management in NWA. When I access NWA, I only have access to SOA management which has only Monitoring tools with role SOA technical ADmin.
I need this to convert IDOC XML to flat file.
thanks
PrashanthHi Prasanth,
I am not sure about the exact role but, the ABAP role "SAP_NWA_FULL" & Java role "NWA_SUPERADMIN" will certainly help. This is the role that i had when i was trying a similar scenario.
Please take a look at the following link which might be helpful:
http://help.sap.com/saphelp_nwpi71/helpdata/en/45/c7ca8e89e45592e10000000a1553f7/content.htm
You can infact ask your Basis team to help you out with this.
I hope this helps.
Regards, Gaurav.
Edited by: Kumar Gaurav on Nov 9, 2010 5:57 AM -
Assigning the End User Role for E learning management in Solution Manager
Hello Team,
In the E Learning Management in Solution Manager, I have to a assign the End User Role for each Bussiness Process. While assigning the role, I couldn't able to assign the role of type " JOB ". What have I do to get the type as JOB instead of "Organizational Unit" and "User"?
Regards,
Shyjith.KHi,
Have you maintained your Organizational data? Did you assign any job to any user in the organizational hierarchy. You need to maintain you PPOMA_CRM first in order to assign any roles there.
Hope this helps
Rajeev -
Cisco Security Manager Local RBAC Authentication Radius assign user role
Is it possible to use Cisco Security Manager with local RBAC, authenticate the user to Radius and retrieve it's role from Radius. Getting the authentication to work isn't the problem, but is it also possible to return the role the user has (i.e. Super Admin) via Radius, without having to create all the users one-by-one in the local CSM database with the correct role.
Can i use a certain Cisco-AV-Pair attribute to return the user role via Radius?I just got asked to look at the same situation by one of our security people.
We have exactly the same problem but it reports a username of "*****" and we are running CSM 4.7 (upgraded last week) -
User Role and Profile Managment
Hi All,
I have task on role management , i have a profile assigned to like 20 users , but one of the user is asking me to have special authorization on particular Z Table he want to have modify rights.
in order to give the rights to this guy fro that table , i have to make this profile modified so that it will apply for all of them, so i wan to have this rights to this particular user with the same profile , does any body ahs idea how to achieve this??
Or can any one suggest me where can i put this question in the forums??
Thanks in advance
Regards,
SundarDear Sundar,
To create new Role, use T. Code: PFCG
Now, Provide Role's name, and Click tab: Create (in 4.6 X) or Tab: Single Role or Composite Role (In ECC 6.0). Give Description.
Now, click Tab: Menu --> Transaction (T. Codes etc.),
Tab: Authorization --> Change Authorization Data (Auhorization to Profile i.e. change/ Display/reate etc.)
Tab: User (user to which Role assignment is reqd) and then click: User comparison.
Thats it....
Rewards accordingly.
Best regards,
Amit -
Admin + User Roles Setup Problems
Further to my addition to Monique's post below (mepriestly) ,
I have now managed to get as far as setting up the Admin and
Publisher roles and sending a connection key to my client but
Contribute cannot seem to complete the final step of saving these
shared settings to my server.
The result is now an error message saying the Admin settings
are invalid and it wants to remove all user roles and preferences
from the system...problem being it's already taken me a week to get
this far!
Any help/advice would be hugely appreciated.
Thank you,
KaTyFraggleFeatures wrote:
> Further to my addition to Monique's post below
(mepriestly) , I have now
> managed to get as far as setting up the Admin and
Publisher roles and sending a
> connection key to my client but Contribute cannot seem
to complete the final
> step of saving these shared settings to my server.
>
> The result is now an error message saying the Admin
settings are invalid and
> it wants to remove all user roles and preferences from
the system...problem
> being it's already taken me a week to get this far!
>
> Any help/advice would be hugely appreciated.
>
> Thank you,
>
> KaTy
>
have you moved your website from one computer (webroot
location) to
another computer? Was there a difference in the IP
configuration of the
machine when it got rebooted where contribute is hosted? If
so, then you
need to go to the websiteroot\_mm\*.csi open this file and
ensure that
any
http://<servername>/location/
has proper IP address in the
<servername> in the url where ever in the entire file.
hope this helps. -
Can MDM users & roles be managed by IDM
Hello,
Can IDM be used to connect to & manage MDM users & roles using provisioning mechanism or otherwise?
Regards,
VishalHello,
we have implemented an adapter to connect the MDM to the IdM. The adapter handles roles and users of an MDM repository and allows the roles to be provisioned to MDM users and vice versa.
I developed the adapter originally for MDM 5.5 SP5/SP6 and IdM 7.0 last year. As there are not that much differences between IdM 7.0 and 7.1 and the Java API of MDM 5.5 and 7.1 an update to MDM 7.1 and IdM 7.1 is a smaller to mid-sized task for me.
If you want more information feel free to contact me. Just have a look in my user profile.
Sorry for the late answer, but I had some holiday since June started.
Best regards
Dominik Trui
Solution Consultant
IBSolution GmbH -
Geting the user's manager having the Role
Friends,
How can I use roles to get the user's manager ?
Thanks,
Glauco
Message was edited by: Glauco KubruslyAaah, ok, nice to hear that. For a moment I was wondering how you were going to implement workflow if you didn't have an org. structure
One thing: when executing the function module SWX_GET_MANAGER, don't place your items in the ACTOR_TAB parameter: that's the table that the function uses for its return values. Place your values instead in the AC_CONTAINER table in the following format:
AC_CONTAINER-ELEMENT = ORG_OBJECT
AC_CONTAINER-ELEMLENGTH = 25 (or some other value larger than 15)
AC_CONTAINER-TYPE = C
AC_CONATINER-VALUE = (your parameter)
This should give you the correct return values in the ACTOR_TAB table once you run the function.
You can also test out the rule 168 in txn PFAC. When simulating the rule, enter your data in the "OrgManagement object" field in the following format:
For users, type US followed immediately by the username (ex. USJRAMOS)
For other values, write the object type followed by a space and then the parameter (ex. P 00014578 or S 52457800).
Check the rule documentation for other formatting considerations if the above suggestion doesn't work.
Hope this helps!
Juan Ramos
Maybe you are looking for
-
AGO function in OBIEE to display weekly sales data of this year vs last yea
All, I would to create an analysis that display this year sales numbers vs last year by weekly I was able to do this at month level by specifying the offset value to 12 to the AGO function in repository. I am not able to do at week level. Can someone
-
Date column validation in sharepoint 2010 lists (without designer)
Hi, I have a list with a date column which i want to validate against the current date at the item's creation time. When i insert a formula in the validation field, i always get errors. For example, i've tried this: [column name]>TODAY How can i get
-
SCCM 2012 R2 Installation with Remote SQL Instance
I am trying to install SCCM 2012 R2 and during the install it asks for your SQL Server Name. I have a remote SQL Server which I can ping all day but the installation is telling me "The network path was not found". I turned the firewall off on the S
-
How to configure User domain in Weblogic Application Server 8.1 from Command prompt on windows Xp? Thanks in Advance.
-
Thanks for the great work. As a long time user of Quark, InDesign, Photoshop, Illustrator and Acrobat; here are a few notes and comments on Catalyst after using it for about a week. Don't forget that many if not most of the communication media "publi