Users based on Portal Group
Hi all,
Is there any table or RFC which contains the Users based on Portal Group in ECC.I need to writa a programme which extracts the users based on poratal group.
Thanks and Regards,
Venkat
Hi Venkat,
To get users of a group:
boolean b =false;
String name = null;
IGroup grp = UMFactory.getGroupFactory().getGroupByUniqueName("GroupName entered by User as a input");
if(grp.equals("<Name of Group>"))
Iterator i = grp.getUserMembers(true);
grp.getGroupMembers(true);
for (int a= 0; i.hasNext(); a++)
name = i.next().getClass().getName();
//Print / Store Name
Regards,
Vaibhav
Similar Messages
-
Programmatically adding/deleting users to/from portal groups
I am using the following PDK api, to delete an user from a portal group (otp_sales).
I get the following error which doestn make sense. I tested the following api from a
script shown below. In my application, this gets called from a trigger, and fails
because it sees a ROLLBACK getting used in the API.
<<<<<<<<<<<<< delete_from_group.sql >>>>>>>>>>>>>>>>>>>>>>
DECLARE
BEGIN
moc.wwsec_api.delete_user_from_list (p_group_id
=>MOC.wwsec_API.GROUP_ID('OTP_SALES')
,p_member_person_id =>73);
END;
<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
SQL> @delete_from_group.sql
Input truncated to 1 characters
DECLARE
ERROR at line 1:
ORA-01086: savepoint 'DELETEUSERFROMLIST_SAVEPOINT' never established
ORA-06512: at "MOC.WWSEC_API", line 2467
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "MOC.WWCTX_SSO", line 849
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "MOC.WWCTX_SSO", line 669
ORA-06502: PL/SQL: numeric or value error
ORA-06512: at line 3
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Thanks
regards
-AnanthWe had the same problem and it turned out that deleting a portal user(delete_portal_user), removing a portal user from a list (delete_user_from_list) or updating a portal user, the "savepoint xxxx never established message" came up when there was no context set. If the procedure is called from within a portal page (or as user portal30) ,and the context is set and it works. The solution is to check to see if the context was set, and then set it if not.
if not portal30.wwctx_api_private.is_context_set then
portal30.wwctx_api_private.set_context(p_user_name => 'portal30');
end if;
Hope this helps
Tania -
Good morning all,
I need some help achieving the following in our Exchange 2013 Environment. First off, we have Exchange 2013, but all our clients have Outlook 2010.
Here's what I would like to be able to do:
1) create/manage public calendars / rooms in exchange 2013
2) force these shared public calendars / rooms to users' calendars who are members of particular security groups
3) give edit permissions / "booking" permissions for the shared calendars so select users are able to make changes to the shared calendars, as well as accept/deny requests to "book" shared room calendars
Any one got any resources they can give to point me in the right direction?
I have already created two mailbox room resources, and have them set up in a room list in AD. But need to know the above as far as creating a shared calendar for events, and forcing these calendars / room lists out to users based on security group
membership.
I don't want my users to have to know how to add a shared calendar...that would be a nightmare explaining. I just want it to show up.
Any help on this is greatly appreciated, thank you!1) I recommend using Room Mailboxes for resource calendars because it just works better.
2) This is a standard feature of a Room Mailbox.
3) You're pretty specific here, but I think this is also more or less available with a Room Mailbox combined with folder rights.
I don't know any way to just make them "show up". You'll have to teach them. Well written instructions can work wonders.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Extarct Usres based on Poratl Group
Hi all,
Is there any table or RFC which contains the Users based on Portal Group in ECC.I need to writa a programme which extracts the users based on poratal group.
Thanks and Regards,
VenkatVenkat,
you cant read portal group directly in ECC.
you can do one thing,assign a backend role to portal group and try to read all the users who has that backend role
/RPM/GET_USER_ROLE_DETAILS
Thanks
Bala Duvvuri
Edited by: Bala Duvvuri on Sep 7, 2010 5:22 AM -
User mapping from portal to R/3
Hello everyone,
Our situation is this :
We made some visual composer iviews (charts and tables) that get data from R/3.
Instead of creating users in R/3, we want to use only one public user who can only call RFC's in R/3. So how is the user mapping implemented in this situation?
Please give me detailed explanation for it or links of documentation.
I will be appreciative and all answers will be rewarded with points.
Thanks for help.In addition and from a maintenance perspective you could do a: Portal Group to R/3 UserMapping.
This will then automatically map all Portal Users in the Portal Group to the one R/3 user in the back-end. This saves effort when new users are created on the portal you don't have to map them all.
This method is also proposed by SAP for mapping to MDM for example.
NOTE: When you choose this you cannot trace the user in the back-end because
this back-end user is shared. If this is not a problem for your scenarion then I would say go for it.
Cheers,
Benjamin Houttuin -
Regarding : How to add a user to portal group with the help of webdynpro .
Hii ,
I am working on an application in which with the help of an action( Button) we r adding a user in Ztable in R/3 , as well as group in portal.
The user r successfully creating in Ztable but from portal side No user is assigned to Portal group.
I need coding solution for " How to add a user to portal group with help of webdynpro"
Any usefull link will also do.
Pls anyone have any solution ??
Thnks in advance.
Rewards r waiting for u .Hi,
Use UME api to add user to portal group.
Using UME API:
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
Regards,
Naga -
Hey guys, I need to create a script that assigns a value to the EmployeeID of every user that is a member of a particular AD security group.
For example, there are the following groups - Accounting_01, Accounting_02, Accounting_03. The script has to read what members there are in these groups and assign to the people of Accounting_01 an EmployeeID of 01, to the people of Accounting_02 an EmployeeID
of 02, and to the people of Accounting_03 an EmployeeID of 03.
I have a script that adds a user to a security group, based on the value of a certain attribute, but not the other way around. Have you written such a script? Thanks in advanceI haven't tried the code, because I don't have AD cmdlets.
But I see some discrepancies between the documentation and your code.
Looking at http://technet.microsoft.com/en-us/library/hh852287.aspx (Set-ADUser cmdlet) we can read for the
-Replace<Hashtable> parameter: ... Use this parameter
to replace one or more values of a property that cannot be modified using a cmdlet parameter ...
But the OP referred to EmployeeID, which is a Set-ADUser cmdlet parameter (look for -EmployeeID),
thus, cannot be used with -Replace<Hashtable> parameter (as per the documentation).
Also, the documentation states for this same
-Replace<Hashtable> parameter: ... To modify
an object property, you must use the LDAP display name ...
And the LDAP display name for EmployeeID is employeeID, and not employeeid as in your code (although I'm
not sure if LDAP display name
is case sensitive).
As you say your code works correctly, I
suspect that you created a new property named employeeid, which is not the same referenced by the parameter
-EmployeeID.
The documentation merely says that it can be used to modify attributes that do not have their own parameter. If they were to include a parameter for every AD attribute the list would be huge. It doesn't imply that -replace cannot be used instead of the defined
parameters.
I must admit that I didn't realise that -EmployeeID could be used as I didn't consult the documentation before I wrote the code but I can confirm that using the method I posted the employeeID attribute was modified. It didn't create a second attribute with
different letter casing. -
Fetch all portal "user ids" belonging to perticular portal "group"
Hi
Is it possible to fetch all portal "user ids" belonging to perticular portal "group" ?
Please Guide me to achive it !!
Thanks & regards
PKPerhaps this question would be better suited to the Portal Forum as it doesn't seem directly related to Web Dynpro ABAP. The WD Specific portal APIs only deal with navigation and eventing. You would have to ask someone from Portal to see if they have a Web Service that exposes such information.
-
ASA WebVPN. How do you restrict access to users in an AD group using LDAP?
Hi All,
I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership. This has been very difficult, even though I beleive it should be easy.
The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
There are two other portals that I would like to restrict access to based on AD group membership. I have set these up to be selected by URL.
The biggest problem is, I have no way of knowing how to go about this. The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
I can only do an all or nothing scenario.
It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use. So how do I go about using them in this scenario? Turning off the aliases or URLs is not really an option right now.
Scenario 1 would work the best for me. Restrict access to profiles/groups based on AD group membership using LDAP.
Scenario 2 would be an ideal longer term solution.
Any thoughts, ideas or assitance would be greatly appreciated.
CheersThis is exactly what i was looking for, and Nelson is correct. When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression. The guide (ther is a button to access this) is really helpful, with a couple of examples. This is what i used:
assert(function()
if ( (type(aaa.ldap.distinguishedName) == "string") and
(string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
then
return true
end
return false
end)()
from the debug dap you can see what Users relates to;
DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
My admin account fails to get me in to the same profile:
DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
Thanks
Andrew -
How do I create portal groups dynamically?
Has anyone written code to use the
WWSEC_APP_GROUP_MGR.CREATE_GROUP procedure to create portal
groups programmatically? I understand alot of what I'm supposed
to pass, but some of these parameters are pretty obscure and
obfuscated.
I'm not sure this can be called like a normal (non-htp) stored
procedure at all. I now understand nearly all of the
parameters. Looking at the page source behind the Create Groups
page, I see that many of these parameters are involved in the
page generation itself, for example p_back_url being a variable
that is probably attached to the action of "Previous" buttons
that appear as you go through the process of creating a group.
Here is my call:
wwsec_app_group_mgr.create_group(p_groupname => 'X',
p_description => 'TEST GROUP',
p_db_role => 'DBA',
p_hide_group => 'N',
p_styleid => 6,
p_group_id => y,
p_siteid => 0,
p_site_id => 1);
where "y" is the nextval of the group sequence.
Inserting SQLERRM into a table, I end up with this:
ORA-06502: PL/SQL: numeric or value error
ORA-06512: at "SYS.OWA_UTIL", line 323
ORA-06512: at "SYS.HTP", line 860
ORA-06512: at "SYS.HTP", line 975
ORA-06512: at "SYS.HTP", line 993
ORA-06512: at "PORTAL30.WWUTL_HTP", line 25
ORA-06512: at "PORTAL30.WWERR_API_ERROR_UI", line 182
ORA-06512: at "PORTAL30.WWSEC_APP_GROUP_MGR", line 2891
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "PORTAL30.WWSEC_APP_GROUP_MGR", line 255
ORA-01403: no data found
I know that this procedure is responsible for generating the
subsequent pages in the "create group" wizard. There's just no
possible way to figure out how to use this procedure
dynamically. I repeat we WILL NOT BE TYPING IN OVER 3500 GROUPS
and 7000 USERS USING THE WIZARD. There must be a way.
I don't want to just arbitrarily insert groups into tables
behind the scenes without knowing what I'm doing. If this is as
simple as inserting a row into wwsec_group$, wwsec_member$,
etc., then great, but there's no way of knowing.
Maybe an Oracle person can help me. Is there another API I can
use, or is there a way to use this API as a stored procedure
where I can just loop through a driving table to create a bunch
of users and groups?
I appreciate any help. I need to create over 3000 groups based
on my client's organization. We REFUSE to do this by hand using
portal's interface. Not that it's bad, it is just impractical
in this instance.
Adrian KlingelNever mind.
-
Can you restrict creation of user types in Portal?
Hi,
Is it possible to give a group of users the ability to just create 'Vendor' accounts in the Portal?
While another group of users the ability to just create 'Contractor' accounts in the Portal?
...and other group of users to create just another 'type' of users in the Portal?
Thanks,
SkHumm, it's seems a bit complex but try to based your drop down over a new object "UserType".
See
http://theidentityguy.blogspot.fr/2011/07/populating-rcdc-dropdownlist-with.html
After that gives the right to view only object UserType "Vendor" for the set "All admins of Vendor"
I never try this, it's only an idea :)
Regards,
Sylvain -
Access Portal groups in webdynpro ABAP component
Hi Experts,
I have a requirement to access portal group in web dynpro ABAP application and based on whether user is assigned to particular group or not further processing for application will be done.
Are there any UME API or some other API's available to access portal groups in Webdynpro ABAP component?
Thanks in Advance..!!
Regards,
Shruti ShahThis might be a question better suited to the portal forum. The WDA Portal APIs do not have such functionality. You might be able to take the Java Portal APIs and wrap them in a web service so that they are callable from ABAP.
-
How can I disable portal logon by portal group
Hi,
I know it is possible to disable logon to the portal by individual users. However I would like to disable the logon for an entire portal group. This would allow members of other portal groups to continue using the portal.
Simply removing the role from the group/user(s) is not an option.
Has anyone successfully done something like that?
Lets see if we can award some pointsHi Darren,
thanks for the quick reply. I guess I should qualify my requirement a bit more on what I want to achieve.
There are a number of applications in use and accessible through the portal, amongst them also ESS / MSS. We have assigned the portal roles to the portal groups. The users are assigned to the groups in the Corporate LDAP which is used by the portal to authenticate the users. I can't remove the users from the group(s) because the user/group assignment is done in the Corporate LDAP through an IDM system which prevents me from making changes to the user/group assignments through the portal.
So as an example this is what we want to achieve:
1. Disable the logon for users that are in the ESS group and let them know something like "ESS is currently in maintenance - come back later". Meanwhile, users belonging to the MSS group can still continue to log on.
2. After the maintenance was done, the logon for the ESS group is enabled again and the users that are in the ESS group can log on again.
I am not quite familiar with JAAS, but how would it help me with this example? I don't want to remove the user(s) from the group but simply prevent a specific group of users to logon for a chosen period of time or as an alternative disable on the fly the ability to perform certain actions (role based) within the portal short of re-assigning roles to groups?
Thanks muchly. -
How can I map LDAP departments to portal groups?
Hi All,
we connected our NW 7.0 Portal to the corporate LDAP server using the profile dataSourceConfiguration_novell_readonly_db.xml. Connection is up and running and the UME lists all users from the LDAP and they can logon.
The LDAP cannot provide any groups or roles. However, it provides a department name for every user.
My question is if it is possible to make a user automatically a member of a portal group named like the department he or she is working in and how this mapping can be achieved.
I downloaded the XML-file and studied the SAP-help concearning this matter, but I'm a little lost because of all the different tags of the XML-file and I don't quite comprehend how the mapping is done exactly. I'm not that keen on experimenting with the different tags since this requires frequent portal restarts and there seem to be many possible combinations.
I figure my request is not that exotic so maybe someone has done that before. Could someone out there help? It would be very much appreciated.
Thanks a lot in advance,
JensHi Jens,
There is an easier way to do this. Since you provide a department name for every user, configure virtual groups to use the department attribute.
http://help.sap.com/saphelp_nw04s/helpdata/en/43/fcfa2942ed7067e10000000a1553f6/frameset.htm
Configure the department names you use and the UME will generate virtual groups based on the department names at runtime.
-Michael -
ACS 5.3 Group Mapping based on AD group membership
Hi,
I am configuring a new ACS 5.3 system. Part of the rules is that I want to match the users specific AD group membership, and match appropriatly to an identity group.
What i'm trying to do is say that if the user is a member of the AD Group (G-CRP-SEC-ENG) then associate them with the Identity Group SEC-ENG. The under the access service, authorization portion, i assign shell profiles and command sets based on Identity Group.
It seems that the ACS server will not match the AD Group for the user, and it will match the Default of teh Group Mapping portion of the policy every time.
I tried several configuration choices from : AD1:ExternalGroups contains any <string showing in AD>, AD1:memberOf <group>.
Is there something special i need to do in the Group Mapping Policy to get it to match and active directory group and result in assigning the host to an Identity Group?
Thank you,
SamiOk, my case is like this.
I use ACS 5.3 for VPN authentication, using AD and an external RSA for token authentication (2 factor authentication)
I didn't add all the VPN users in the ACS, because it will be troublesome, the users authentication will be managed by AD and RSA server.
In some cases where we need to restrict a group of user to only access certain resources, downloadable ACL is used.
Following the Cisco docs, i manage to get downloadable ACL works when the authorization profile matching criteria is username, but when i change the matching criteria to Identity group, the downloadable ACL won't work.
I have a case with Cisco engineer now and still in the middle to sort things out.
The advice from the Cisco engineer is to have the Access Service set to Internal User instead of RSA server, but that will require us(the admin) to import all the VPN users into the ACS database.
Wondering whether there is a fix for this.
Thanks.
Maybe you are looking for
-
Sales order information to be captured from a java based website
Sales order information entered in java nabled website needs to be retrieved into SAP system and a sales order needs to be created in this system. And as soon as a sales order is created an bdoc needs to be triggered and sent to the CRM system... Mid
-
TCP connections on Cisco ASA disconnects the database session every 30 Minutes
Right after a firmware upgrade form 8.4.2 to 8.4.7 on our ASA 5540: the database app that makes a tcp connection with the database loses connection to the database servers on the inside of the firewall -Nothing changed on the process servers. -Not
-
How to generate reports 10g in chinese characters pdf/html (10g)
Hi, we have installed Oracle AS 10g (9.0.4.1) on an windows 2000 server. The nls_lang=American_america.UTF8 the database server 10g with characterset utf8 The chinese font used is the simsun (simsun.ttf) semplified chinese. We have no problem with th
-
Cannot seem to update to 12.0.1
I have tried to update iTunes about 6 times now...but it goes through the update, stops like it's been updated, but still shows on the App icon that it needs to be updated. My current version is still showing as 12.0.0.
-
My macbook crashed about two weeks ago and I had icloud already set up. How do I go about retrieving the music and images? Please, help me. I had over 10gb of music on that computer and the only place it was backup was icloud. Thanks.