User Roles from 9.3.1 to 11.1.2
Dear All ,
I am migrating the Groups,users, provisioning etc., from shared services 9.3.1 to 11.1.2 using CSSexport utility and modifying the exported file and matching with 11.1.2 files and using LCM.
I have found that there is a role 'Essbase Write access' in 9.3.1 and there is no role 'Essbase write access' in 11.1.2 ? Is there any equivalant role in 11.1.2 ?
Please get back to me how can assign this role in 11.1.2?
Thanks
MP
Yes it is just a planning role and still exists in 11.1.2 as "Analytic Services Write Access", why it is named analytic that and not essbase I will never understand, maybe they have not got round to renaming it yet again but anyway you can find information on the roles at :- http://download.oracle.com/docs/cd/E17236_01/epm.1112/hss_admin/apas06.html
Cheers
John
http://john-goodwin.blogspot.com/
Similar Messages
-
Pull User Role from identity manager in BPM process
Hi,
How can I pull user name, user role from different identity manager in order to configure hierarchy workflow in BPM process? can any one guide me on that??
Regards,
AmikI'm having the same problem on WebLogic 10.3
-
Problem while loading security information (users/roles) from repository
Iview have stopped connecting to our MDM, All repositories, all IViews Very strange
Here is what I see in the logs.... Any ideas? Please if you have seen this before only
Marty
com.sap.mdm.extension.MetadataException: Problem while loading security information (users/roles) from repository 'PORTAL_CUSTOMERS'
at com.sap.mdm.extension.MetadataManager.loadRoleCache(MetadataManager.java:559)
at com.sap.mdm.extension.MetadataManager.internalGetRoleSet(MetadataManager.java:502)
at com.sap.mdm.extension.MetadataManager.getRoleSet(MetadataManager.java:471)
at com.sap.mdm.extension.MetadataManager.createMetadataKey(MetadataManager.java:464)
at com.sap.mdm.extension.MetadataManager.getRepositorySchema(MetadataManager.java:197)
at com.sap.mdm.uwl.MdmUwlConnector.createUserSessionContext(MdmUwlConnector.java:1463)
at com.sap.mdm.uwl.MdmUwlConnector.new_retrieveItems(MdmUwlConnector.java:546)
at com.sap.mdm.uwl.MdmUwlConnector.getItems(MdmUwlConnector.java:129)
Caused by: com.sap.mdm.commands.CommandException: com.sap.mdm.net.ConnectionException: java.io.IOException: Unexpected socket read. Result is -1.
at com.sap.mdm.security.commands.GetUserListCommand.execute(GetUserListCommand.java:72)
at com.sap.mdm.extension.MetadataManager.loadRoleCache(MetadataManager.java:526)
Caused by: com.sap.mdm.net.ConnectionException: java.io.IOException: Unexpected socket read. Result is -1.
at com.sap.mdm.internal.protocol.manual.AbstractProtocolCommand.execute(AbstractProtocolCommand.java:102)
at com.sap.mdm.security.commands.GetUserListCommand.execute(GetUserListCommand.java:69)
at com.sap.mdm.internal.net.DataSocket.receiveData(DataSocket.java:62)
at com.sap.mdm.internal.net.ConnectionImpl.readInt(ConnectionImpl.java:497)
at com.sap.mdm.internal.net.ConnectionImpl.readInt(ConnectionImpl.java:490)
at com.sap.mdm.internal.net.ConnectionImpl.nextMessage(ConnectionImpl.java:629)
at com.sap.mdm.internal.net.ConnectionImpl.receiveMessage(ConnectionImpl.java:572)
at com.sap.mdm.internal.net.ConnectionImpl.send(ConnectionImpl.java:233)
at com.sap.mdm.internal.protocol.manual.AbstractProtocolCommand.execute(AbstractProtocolCommand.java:99)
com.sap.mdm.commands.CommandException: com.sap.mdm.net.ConnectionException: java.net.SocketException: There is no process to read data written to a pipe.Early this month we upgraded the MDM server to:
MDM Server version: 5.5.63.57
And the portal components:
MDM 5.5 SP06 Technology Patch 3 (Build 5.5.63.57)
MDM 5.5 SP06 Application Patch 3 (Build 5.5.63.57)
MDM 5.5 SP06 Java API Patch 3 (Build 5.5.63.57)
However the issue just began 2 days ago?
We started intgrating MDM Workflow with UWL and assigned Roles and Iviews to the Universal Worklist Configuration
It seems the Iviews work for a while and then after some time everything gives up? Very confounding
And yes we are using standard Iviews (search, Result and detail)
Thanks
Edited by: Marty Monroe on Oct 31, 2008 3:07 PM -
User roles from external active directory
Hi,
I am using my own active directory and not the embedded LDAP on weblogic.
On weblogic server, there the role names and the Provider configured
at path Home >Summary of Security Realms >myrealm >Users and Groups > Groups tab
The provider is configured at path
Home >Summary of Security Realms >myrealm >Users and Groups >Providers
Under 'Provider specific' tab, I have configured the Host, Port, Principal, Credentials etc.
I want to get these roles for the user who is login to the app.
I tried to follow the steps on http://biemond.blogspot.com/2008/12/using-weblogic-provider-as.html, However, when I run the 'Configure ADF Security' wizard I don't get the 'Identity Store' and 'LDAP Identity Store'.
Can someone please guide me on this with the proper steps and some specific jars if required for this?I don't think these links are useful for me. Here is what I am trying to do. Not sure this is right way to do this. I am really stuck on this and need quick help. Please help.
public boolean isInitiatorRole(String userName) {
System.out.println("++++ Calling isInitiatorRole()");
boolean hasRole = false;
Hashtable factEnv = new Hashtable();
Hashtable storeEnv = new Hashtable();
IdentityStoreFactoryBuilder builder = new IdentityStoreFactoryBuilder();
IdentityStoreFactory adFactory =null;
IdentityStore idStore =null;
System.setProperty("javax.net.ssl.trustStore", "/xxx/local/apps/oracle/SOA/jrmc-3.1.2-1.6.0/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
String storeLocation1 = System.getProperty("javax.net.ssl.trustStore")!=null?System.getProperty("javax.net.ssl.trustStore"):"###";
String storePass1 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"###";
// creating the factory instance
factEnv.put(ADIdentityStoreFactory.ST_SECURITY_PRINCIPAL,"ABCD");
factEnv.put(ADIdentityStoreFactory.ST_SECURITY_CREDENTIALS,"*****");
factEnv.put(ADIdentityStoreFactory.ST_LDAP_URL, "ldap://xxx-xxxx-01.xxx.com:389/");
factEnv.put("java.naming.security.protocol","SSL");
// creating the store instance
storeEnv.put(ADIdentityStoreFactory.ST_SUBSCRIBER_NAME, "CN=itfusion,OU=Service Accounts,OU=Security,DC=adweb,DC=bmc,DC=com");
System.out.println("++ AFTER setting prop storeLocation1:"+ storeLocation1 + " ++ storePass1:"+ storePass1);
try {
System.out.println("++++ TRY LOOP");
// System.out.println("++++ User from context: " +ADFContext.getCurrent().getSecurityContext().getUserRoles());
adFactory = builder.getIdentityStoreFactory("oracle.security.idm.providers.ad.ADIdentityStoreFactory", factEnv);
if(adFactory != null){
System.out.println("++++ adFactory not null");
}else{
System.out.println("++++ adFactory null");
idStore= adFactory.getIdentityStoreInstance(storeEnv);
if(idStore != null){
System.out.println("++++ idStore not null");
}else{
System.out.println("++++ idStore null");
User user;
user = idStore.searchUser(userName);
if(user != null){
System.out.println("++++ User not null");
RoleManager roleManager;
roleManager = idStore.getRoleManager();
SearchResponse resp;
resp = roleManager.getGrantedRoles(user.getPrincipal(), true);
System.out.println("++++ IN WHILE LOOP");
while( resp.hasNext() ) {
System.out.println("++++ IN WHILE LOOP");
Identity id = resp.next();
String roleName = id.getName();
if(roleName != null){
System.out.println("Role Name:" + roleName);
}else{
System.out.println("Role Name is null");
// if( roleName != null && roleName.toUpperCase().indexOf("INITIATOR")>0) {
//// if( roleName != null && roleName.toUpperCase().indexOf("XXXXX")>0) {
// hasRole = true;
// break;
}else{
System.out.println("User is null");
} catch (IMException e) {
log.info("??? Error occured while checking the role for Initiator");
return hasRole;
} -
Change user role from "Publisher" to "Administrator"
Have three users on a particular website - all need to be
"administrators".
Two are listed as administrators (one of which is me), the
third is listed as a "publisher".
How can I simply change this person to be an
administrator?Create a new connection key with the role of administrtaor
and send this to your publisher. He/she will replace the old
connection with the new one, and you can delete the user from the
publishers roles. -
VL10 batch doesn't allow user role maintenance
A batch job to create deliveries is desired.
A user role was created using VL10CUA (copied from 5001).
Access VL10G to create a variant, but the User Role tab is completely display only.
According to OSS note 310022, step 2 indicates that user role can be maintained for background processing.
Currently using ECC 5.0. Why is the user role tab display only? What changes are necessary to create a variant using the new user role?
I also looked at the screen painter and the fields were "Possible" so that doesn't answer why they are display only when using VL10G.
Regards,
BelaIn VL10CUA, create a new user role from 5001 and click on Chg. Attributes and change F code to 5001.
Then assign the user role in VL10CUV to VL10 Scenario.
This will default the user role in VL10. Save the variant and then run VL10BATCH for the variant. -
Search for user role but help poppup display
Anyone ever trying to search for user role from search action bar or user admin page?
Whenever select role and clicked on the magnifying glass icon, help content displays instead of role selection.
At first I think this is a bug. But when I asked Customer Care they said its an expected behaviour which means that this is how the engineers designed it.
Dont you feel weird? because other field like status, correctly displays status info after clicking the icon.
Hope u can try it this out and give your opinion here.Can you provide a little more detail on what you were trying to do.
-
Hi,
I need to change the user roles from Admin to some other roles from transaction. Is it possible to do this without going into UME and java codes? How to do this from BLS transaction?
Regards,
SenthilSentil,
I do not know BLS, but if you are trying to change Java users then you have to use a Java application like the UME identity management application to change them. You can change ABAP users with this application if the data source of the UME is the ABAP system in question. The standard ABAP tools for managing users and roles are SU01 and PFCG. Does that help?
-Michael -
unable to delete Role from User ID in SAP SOLMAN production system but able to from DEV with the same authorization, pls suggest
Hi,
For SU01 role removal, you do not need S_USER_AGR with 02, and as you mentioned both authorizations available in production, if so trace should not show you the S_USER_AGR with 02 with RC=04.
I would recommend to do role comparison for the user performing the activity. and then check if you have the S_USER_AGR with 02 in user buffer SU56.
But ideally it should not ask you S_USER_AGR for 02 through SU01, so please take help of abaper to debug it.
Also put trace in non-prd to see if S_USER_AGR is getting checked with 02 for removal through SU01.
BR,
Mangesh -
How can I add a user Role member that is from a different domain
We are currently building out SCOM 2012 R2 to provide monitoring as a service to some of our customers. As of now we have the RMS on our own department's domain (Domain A) which we have full control of and we have a gateway server that is on the company
wide domain (Domain B) so that we can monitor other departments devices as the leverage this system.
Monitoring is working just fine on both domains and we are just working on fine tuning SCOM so that we can roll it out as a service we offer to our customers. One of the next steps we are working on before rolling it out is giving specific users access
to view only their own devices, dashboards, and groups. So I created a Read-Only profile and went to add a user to test it out, but that user is on Domain B and SCOM is unable to resolve this account. I'm seeing Event ID 26319 with Error Code 1332.
How can I get SCOM to discover devices on a different domain so that I can give them different permissions for accessing the Operations Console and/or Web Console? Is this possible?
Here is the Error I'm seeing.
Log Name: Operations Manager
Source: OpsMgr SDK Service
Date: 2/4/2015 1:11:59 PM
Event ID: 26319
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxx.xxxx.xxxxxxxx.xxx
Description:
An exception was thrown while processing UpsertUserRolesV2 for session ID uuid:f3b4015e-9583-4237-b7a6-406826434553;id=40.
Exception message: The creator of this fault did not specify a Reason.
Full Exception: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException:
Unable to resolve the user [email protected] associated with the user role. Error code 1332. Check your active directory configuration.).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="OpsMgr SDK Service" />
<EventID Qualifiers="49152">26319</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-02-04T21:11:59.000000000Z" />
<EventRecordID>172748</EventRecordID>
<Channel>Operations Manager</Channel>
<Computer>xxxxx.xxxx.xxxxxxxx.xxx</Computer>
<Security />
</System>
<EventData>
<Data>UpsertUserRolesV2</Data>
<Data>uuid:f3b4015e-9583-4237-b7a6-406826434553;id=40</Data>
<Data>The creator of this fault did not specify a Reason.</Data>
<Data>System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException:
Unable to resolve the user [email protected] associated with the user role. Error code 1332. Check your active directory configuration.).</Data>
</EventData>
</Event>
Thanks for any help I can get in resolving this issue.
JakeThe SCOM Management Server is in Domain A. I've tried it already and it has failed.
So just to clarify the method I used was to go to Administration>Security>User Roles. Then New User Role>Read-Only Operator. In the Create User Role Wizard I then gave the User Role a name, Clicked "Add" under User Role Members.
Then the Select Users or Groups window pops up and I changed the Locations from Domain A to Domain B and searched for the user, which it's able to find, then clicked "OK" to add it to the User Role members which it does just fine. On
the next page which is Group Scope I checked the one group I want this account to have access to and then click next. This brings me to Dashboards and Views where I click the radio button for "Only the dashboards and views selected in each tab are
approved" and chose the folder of dashboards I want this account to access and then click next. This brings me to the Summary and I click "Create". At this point it thinks for a moment then closes out the wizard but the new Read-Only
Operator does not appear. I then look in Event Viewer and see the Event I pasted above.
Am I doing something wrong here? Any guidance on how to get around this issue would be much appreciated.
Thanks,
Jake -
User role for service requests from the SSP
Does the End User role have enough permissions for users to create service requests from the SSP? I know for incidents it is but I am not sure about service requests. If you go through the Service Catalog Checklist, step 5 to create the User
Role brings up a new role based on the Author role and not on the end user.here step by step procedure with user access.
http://www.concurrency.com/blog/scsmportalpermisions/
Cheers
Antoine AL Ibry -
Mass deletion of roles from users
I want to delete all roles from locked users. Is there a specific transaction for this instead of SU10? In SU10 one has to enter the roles to remove.
We developed our own application which locks users after a while, then removes their role assignments after a while, and then lists roles which no longer have any assignments or no one is using anything which the role authorizes.
This way you can optimize / automate periodic controls.
There is no standard monitoring cockpit for this, but you can use declaritive system params to destroy password based authentication.
The real trick with periodic controls is to target the sample before you unassign and destroy roles, but the ability to do that depends on how you buikd the roles.
Disclaimer: If you use composite roles then you have no chance. You are doomed.. ;-)
Cheers,
Julius -
Receiving an error when trying to remove P00 Security role from the user
Hi All,
I am receiving an error when trying to remove P00 Security role from the user.
After logging on to GRC CUP, clicking on u201CCreate requestu201D, and filling out required information,
I click on Select Roles/Groups
On the next screen,
I click on Existing Roles/Groups
ERROR MESSAGE appears X Action failed and no roles appear in the box to select for removal.
Regards,
VineetHi Vineet,
My be your selection is incorrect
Try this
in Applicaiton Area -- Select ALL
Functional Area -
Select ALL
Company -
Select ALL
Role/Profile/Group Names --- Give p00* and execute the report
if you give only p00 it wont give any result
Hope this helps
Thank you,
Kishore -
Hiding specific Roles from specific users
Dear All,
Is there any way in the database that can hide a role from a user. For instance, if I create a role, then this role can be viewed by all the users defined in the database and then these users can grant priviliges of their own objects to such role. I want to create a Role where certain users can not see and should not be allowed to grant any priviliges for this Role...
is this possible....
Thanks
BilFor instance, if I create a role, then this role can be viewed by all the users defined in the database no, I do not think so. Roles are only "visible" to powerful users that have access to the dictionary
SQL> create role SECRETROLE123;
Role created.
SQL> grant create session to SECRETROLE123;
Grant succeeded.
SQL> grant select on scott.emp to SECRETROLE123;
Grant succeeded.
SQL> grant recovery_catalog_owner to SECRETROLE123;
Grant succeeded.
SQL> grant update (sal) on scott.emp to SECRETROLE123;
Grant succeeded.
SQL> conn blake/paper
Connected.
SQL> select * from dba_roles;
select * from dba_roles
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select * from role_tab_privs;
no rows selected
SQL> select * from role_sys_privs;
no rows selected
SQL> select * from role_role_privs;
no rows selectedHowever, you cannot that easily prevent an user from granting a table privilege on its own table to a role
SQL> grant all on t to secretrole123;
Grant succeeded.
SQL> select distinct grantee from user_tab_privs;
GRANTEE
SECRETROLE123Perhaps you can setup a database trigger
Message was edited by:
Laurent Schneider -
HI how do i remove a role from a user when he id terminated or disabled.
I am assigning a role in the following way during creation with the help of a rule
<setvar name='newuser.waveset.roles'>
<filterdup>
<appendAll>
<ref>accounts[Lighthouse].roles</ref>
<s>General-Provision-Role</s>
<rule name='Get Location Role'>
<argument name='LocationCode' value='$(newuser.global.LocationCode)'/>
</rule>
</appendAll>
</filterdup>
</setvar>
How do I remove this role when termination of user.We looking for a way to automate the removing of a user (US) or role (AG) from a position (S).
There is a report called RHGRENZ2 which can be used to delimit specific OM infotypes (like IT1001- Relationships) specifying the end-date and Position ID (Object Type S and Object ID= Position) manually. In your case, I believe IT1001's Relationship A008 and B007 have to be delimited in order to remove a user (US) or role (AG) from a position (S) but this report cannot be run for specific relationship types of IT1001 (atleast I did never find an option to filter based on relationship types).
You can try using report RHRHDL00 to delete IT1001 relationships from PP Database but you should consider the consequences of such deletions and restrict the selection based in infotypes and relationship types carefully.
Alternatively, you can also build a LSMW script to automate the process of mass delimit/deletion of IT1001's relationship types using transaction PP02 (PP01 is not compatible to BDC/background processing)
Thanks
Sandipan
Maybe you are looking for
-
The display becomes blocky, and can no longer be read
Websites develop distortion in both text and pictures, thought it is more noticeable in text. Horizontal lines shift from left to right a pixel or two, sometimes more when it's really bad. i've seen some shift entire letters. this makes it very diffi
-
Problems with an external hard drive (not Time Machine related)
First, I'll clarify that I'm using an internal hard drive inside an external enclosure, incase that makes a difference to my problem. I got this drive to store my music on, since I've run out of room on my main hard drive. I've transfered all my musi
-
Delete a user from a table whose name is a foreign key in other tables
Dear All; I am trying to figure out an easy way to do this. I just recently took someone application who utilized 500 tables. I am trying to delete a user from a table called member_table. However, I am having problems doing so because the user name
-
How do I maximise my media browser window?
I've tried placing the cursor on the window and pressing the 'tilde' key (underneath 'escape') but nothing happens?
-
Do I need to apply for Adobe Reader Integration Key License (RIKLA) Program?
I want to develop a commercial plugin for Adobe Reader that invokes some action through new items on right-click context menu. I need to apply for RIKLA for that? Reading the FAQ I notice this: What are the restrictions for Adobe Reader plug-in devel