Using pictrogram in a role

Similar Messages

• CRM 2011: Can you control which form is used based not security roles, but on a field value?

  I see that you can control which form is used based on security roles, but can you control it based on other field values?  I'd like a new record to use a different form until a given status is updated.  I have a status of draft and active. So
  it would be nice if I could use form1 for those in draft, form2 for those that are active.  But I only see where you can control that via the security roles.
  I can code all of this via JavaScript, but having the ability to use two separate forms would be nice.  Is that even possible.
  Best regards,
  Jon Gregory Rothlander

  Hello,
  Recheck following article - http://gonzaloruizcrm.blogspot.com/2014/11/avoiding-form-reload-when-switching-crm.html
  Dynamics CRM MVP/ Technical Evangelist at SlickData LLC
  My blog

• How to use the user and role API's and where to use it

  Hi All,
  I have configured SSO for my UCM11g. Now my application authenticates through the Oracle SSO login page. Currently it is working with SQL authenticator.
  Now, i have to use LDAP authenticator. when i will configure the LDAP authenticator, i have to use the user and role API's to fetch the user profile information from LDAP. i have got the API's which will be used to fetch the respected information, but i am not getting as where i will write those java programs and how this API will be used in my application. what settings i need to do on it so that application uses the API's. ?
  Please can anyone help me on this.
  thanks,
  Saurabh

  Hi, Mithu,
  Thanks a lot for your help in advance.
  I have carefully read the document: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6b66d7ea-0c01-0010-14af-b3ee523210b5.
  Now, I think I have to set the processor of every actions in every process if I use the GP for processing the workflow.
  I am better to hope that I can set the processor to the role for every actions in every process in the runtime through get the organizational structure in the WDA(webdynpro for java or webdynpro for java). Thus, the customer don't set the processor to the role for every action in every process when runing in the GP.   I don't know how to do this. 
  Whether the function is not supported in the GP? If so, I have to config two organizational structure: in the R/3 and in the Portal. I don't think our customer don't receipt this solution.
  Do you give me some hints? Thanks a lot.  My email: [email protected]
  Thanks again.
  Thanks & Regards,
  Tao

• What FM retrieve inner authorization object BBP_ROLE using the user's role

  Hi Experts!
  Do you know what Function Module can be use to retreive the inner authorization object BBP_ROLE using the user's role
  e.g. BUYER : YT:PU:XXXX:BUYERROLE
  Object       : BBP_ROLE      SRM: User function / Role
  field name : BBP_ROLE      SRM: User function / Role
  Activities
  Sel      Activity      Text
  x       EMP             Employee
  x       OPP             Operational Purchaser
  ......etc
  Thanks!

  Hi
  Execute Txn S_BCE_68001414 in debug mode, and figure out how system takes the inner authorizations through the flow of this program
  Regards
  Virender Singh

• Is it possible to get into the IC using the SALESPRO business role?

  Is it possible to get into the Interaction centre when using the SALESPRO business role?.
  If so, how is this done.
  I know using specific IC* business roles, like IC_AGENT, you are thrown straight into the IC, but I can't see how you can get into it via the SALESPRO business role, which I assume you should be able to do.
  Jason

  Please check
  Using Kerberos Authentication on SAP NetWeaver AS Java - User Authentication and Single Sign-On - SAP Library (NW7.3)
  Using Kerberos Authentication for Single Sign-On - User Authentication and Single Sign-On - SAP Library (NW7.0)

• Using Pictogram in a Role

  Hi people,
  I created a new role and I wanted to use the
  "Pictogram" property.
  I selected a picture but no picture is shown.
  Any idea ??
  Promise to award points...
  Ruthie.

  Hi Ruthie,
  the pictogram is used in the "Workset Map iView".
  It is not shown in the navigation!
  Do a search on SAPHelp for more information about how to build such an iView.
  Hth,
  Michael

• Restrict permissions to use the groups/users/roles in User Administration

  Hello gurus,
     I want to find out if there is a way we can restrict permissions to use the GROUPS in User administration. We want to assign the user administration role to the users, but do not want the users to have permissions to DELETE groups from User administration page.
  Please also let me know, if we can just have users use the NWA to do the user administration instead of from the Portal?
  Thank you,
  ~~MK

  Hi MariaKutty,
  Koti is right, you need to create custom User administration role from standard role and restric the access in the custom role and assgined to the users.
  >Please also let me know, if we can just have users use the NWA to do the user administration instead of from the Portal?
  Then can to do from NWA also, if the user not required to have the portal access.
  Hope it helps
  Regards
  Arun

• Use WebLogic Admin defined role in EJB permission

  Hi all!
  Can someone please tell me how it's possible to:
  - Define a role in WebLogic Admin console and use it in the EJB permissions.
  OR
  - Define custom attributes (like hours of access) to the roles in the xml descriptors.
  thanks in advance,
  Richard

  Hi Slavik
  >Will it always work ?
  What do you mean?
  >Have I made everything to make it work ?
  Yes, it shall work.
  >Is there a way to make the role-group mapping programmatically ?
  In fact the operation belongs to administrative or configuration phase of your App's life cycle. Naturally It's not a developer's responsibility. From other point of view at development time you cannot predict UME roles/groups that will be on J2EE server during application deployment. Developer cannot predict even target J2EE server. Different servers can have own UME roles/groups.
  Still at development time it's possible to design very restricted mapping. There are three constants 'all', 'administrators', 'guests' which you can use in XML descriptors. These constants will be mapped to the corresponding UME roles during deployment.
  BR, Siarhei

• Unable to authorize user using AccessControlService and user.roles and user.privileges are not set properly

  Hi,
  I am trying to enable/disable a feature based on user.roles.
  Added a constraint for that feature as below,
      <adfmf:constraints>
        <adfmf:constraint property="user.roles" operator="contains" value="manager" id="c1"/>
      </adfmf:constraints>
  In this case, Users have manager role should be able to access this feature.
  My AccessControlService response is
  {"userId" : "sales_mgr","roles" : [ "manager","MOO_OPPORTUNITY_SALES_MANAGER_DUTY","ZBS_ENT_SALES_MANAGER_DUTY"],"privileges" : [ "managerPriv","ZSF_DEFINE_SALES_FORECAST_PRIV","MOO_MANAGE_OPPORTUNITY_GROUP_SPACE_PRIV"]}
  Repsonse has "manager" as one such role.
  After adding constraint to the feature, am unable to access it.
  I tried many possibilities like  operator="contains" or "not" or "equal", but no use.
  I don't know what is going wrong. Appreciate you help.
  Thanks.

  If you are on 11.5.10 or greater or standalone 2.6.4 if you pass the responder value to wf_notification.respond API it should be updated in wf_notifications.responder column. The comments is now updated in wf_comments table against the notification id and not wf_notifications.user_comment column.
  Thanks, Vijay

• Using rbac cannot create roles

  I need to let a nonroot user mount and unmount drives. It is neccessary i use RBAC, cant use SUDO or whatever.
  Ive looked up loads of stuff on this, including:
  http://www.samag.com/documents/s=7667/sam0213c/0213c.htm
  I have tried defining a specific profile for mounting by adding the following lines to /etc/security/exec_attr
  DRIVEMOUNTER:suser:cmd:::/usr/sbin/mount:euid=root,egid=bin
  DRIVEMOUNTER:suser:cmd:::/usr/sbin/umount:euid=root,egid=binI get as for the roleadd command:
  roleadd -m -P "DRIVEMOUNTER" drvmountbut i get the error message : error "DRIVEMOUNTER" is not a valid profile name
  I have also tried simply assigning a role the the ready-made profile "System Administrator":
  roleadd -m -P "System Administrator" sysadminbut this doesnt work either: ERROR: Unable to create the home directory: Operation not applicable
  Message was edited by:
  ChrisDB

  First I'd suggest swapping the order of privileges, so 'basic' first and then whatever comes next. Secondly I'd ditch the role for now. Don't try to take on too many possible problems at once. And why didn't you simply try to specify this extra privilege with roleadd instead of manually editing /etc/user_attr ?
  So, my suggestion if you insist on manually editing; first add a plain entry where a user gets the default privileges and these extra ones. Something in the likes of:
  user::::type=normal;defaultpriv=basic,sys_mount;limitpriv=basic,sys_mountCome to think of it.. There maybe another problem here, and it would have helped if you gave us the exact error messages. Alas; next to mounting a filesystem the user would also need some access to it. For example; I can imagine that the useraccount needs to be able to read it in order to allow the system to make sure that everything went well.
  The 'all' option which works also points to that direction; missing privileges. So, its just a guess, but I think you may benefit from adding the 'PRIV_FILE_DAC_READ' privilege so that the user will be able to read the filesystem even when he doesn't have enough rights for that.
  Another possible problem could be /etc/mnttab which is constantly being updated the moment when someone mounts/dismounts a filesystem. When your user doesn't have write access to this file its only natural that something is bound to fail. Hence the importance to present full error messages. Alas; you can test this by simply telling mount not to update the mnttab file.

• How to not display nodes in a tree if Oracle roles are NOT used?

  How to not display nodes in a tree if Oracle roles are NOT used?
  We don't use Oracle DB roles to grant users access to Forms from the menu. We use a template and role system of our own. Basically a few tables with templates and roles.
  We want to convert our normal Forms menu to a tree menu and one of our key requirements is that when the tree is populated ONLY nodes with programs (i.e. forms) he has been granted to execute is shown.
  Since we don't use Oracle Roles how to do this in a tree?
  I created a function to show/hide LEAF nodes, BUT problem is that there are sub-menu nodes showing even if the leaf-nodes under it has not being displayed. My function has suppressed it.
  My tree query is like this:
  SELECT
       t.status, LEVEL, t.label, t.icon, t.node VALUE
  FROM
       tma_tree_menu t
  WHERE
  tma_authenticate_sys_chk_role(USER, t.node) = 1
  CONNECT BY
       PRIOR t.node = t.master
  START WITH
       t.MASTER IS NULL
  ORDER SIBLINGS BY
  t.position
  The tma_authenticate_sys_chk_role will return 1 only if the user has access to the form under that node.
  I tried the FTree functions in Forms but even that has nothing.
  Any help would be greatly appreciated.
  Edited by: Channa on Mar 17, 2010 6:49 AM

  Would you share the source code? I guess what I need is how exactly you retreive the user credentials from the DB table and set that boolean variable.
  and then how to condition it in UIX?

• Assigning users to role using Security API

  Hi,
  I am trying to assign portal users to portal role using the IRoleFactory and IRole class of Secutiy API from my web dynpro application.
  For getting the role , i can use either the uniqueId of the role or the uniqueName of the role.(Using methods of IRole class, getRole(uid) or getRoleByUniqueName(uname)).
  The UniqueId of roles contains some hash values and cannot be used. For example ROLE.PCD_ROLE_PERSISTENCE.6dT95vZpyNWQHm59z7B9FxAM/fg=.
  And the for getting the role using the uniqueName, i need to give like pcd:portal_content/other_vendors/<folder name>/<my prefix>.<rolename>. Which is also not feasible.
  Is there any way to get the role only using the role name that we give while creating it?
  Thanks and Regards,
  Venkat

  Hi,
       Check if this helps.
  try  {
       IRoleFactory rfact = UMFactory.getRoleFactory();
       IRoleSearchFilter isf = rfact.getRoleSearchFilter();
       isf.setDisplayName ("*",ISearchAttribute.LIKE_OPERATOR,false);
       ISearchResult rit = rfact.searchRoles(isf);
       while(rit.next()!=null){
           String roleName = (String) rit.next();
           IRole role = rfact.getRole(roleName);
           response.write("nRole:" + role.getUniqueName());
    }catch(Exception e){
         response.write("exception");
  U will get list of roles. U can pass these directly or use String tokenizer to separate the role name alone using '.' as separator.
  Regards,
  Vijai

• What is the mean of using Portal with Role Based security as entry point

  Hi Experts we have requirement of integration of Portal and MDM
  I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
  1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
  2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from  SAP 4.6c
  Please give me the clarity of what is the meanin of second point
  Regards
  Vijay

  Hi
  It requires the entire land scape like EP server and MDM server both should be configured in SLD.
  Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
  Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
  Please go through this link
  http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
  You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
  The estimation involves as per your requirement clearly
  Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
  Regards
  Kalyan

• How to use Role Menu item in BI 7.0

  Hi experts,
  From web applications desiger in version 3.5 we can use Role Menu item to access our querys easily.
  In version 7.0 this item has been deleted from standard items. How can we manage it ? Thanks a lot
  Best regards,
  Santi

  You can use EP role to have the same functionality.
  Another option is to use the 3.X role menu web item after applying note 1075789, in this case role meny web item will display 7.0 objects also.
  Thanks.

• Error in oim Role creation using Role Manager Service API from Standalone Java client

  Hi,
    Facing the following error when trying to create Role using Role Manager Service API from a standalone java client .
  Tried with the solution of changing ,
  Login into the Web Logic Admin Console --> Servers --> OIM Server --> Protocols --> Modify the Maximum Message from 100000000 to 1000000000, but still the problem persists.
  Exception in thread "main" org.omg.CORBA.BAD_PARAM:   vmcid: 0x0  minor code: 0  completed: No
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at java.lang.Class.newInstance0(Unknown Source)
  at java.lang.Class.newInstance(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
  at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
  at com.sun.org.omg.SendingContext._CodeBaseStub.meta(Unknown Source)
  at com.sun.corba.se.impl.encoding.CachedCodeBase.meta(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.getOrderedDescriptions(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.inputObjectUsingFVD(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.simpleReadObject(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValueInternal(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValue(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_value(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream.read_value(Unknown Source)
  at oracle.iam.identity.rolemgmt.api._RoleManager_ogut7n_RoleManagerRemoteRIntf_Stub.createx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy2.createx(Unknown Source)
  at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.subject.SubjectProxy.doAs(SubjectProxy.java:64)
  at weblogic.security.subject.SubjectManager.runAs(SubjectManager.java:262)
  at weblogic.security.Security.runAs(Security.java:48)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at $Proxy3.create(Unknown Source)
  at com.idm.role.CreateRole.createRole(CreateRole.java:113)
  at com.idm.role.CreateRole.main(CreateRole.java:167)
  Thanks In Advance

  Hi , I have used OIM 11g  R2.
  Please find below the code we have used,
  package com.idm.role;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.Hashtable;
  import java.util.Iterator;
  import java.util.Set;
  import java.util.logging.Logger;
  import javax.security.auth.login.LoginException;
  import oracle.iam.identity.exception.NoSuchRoleException;
  import oracle.iam.identity.exception.RoleAlreadyExistsException;
  import oracle.iam.identity.exception.RoleCreateException;
  import oracle.iam.identity.exception.RoleLookupException;
  import oracle.iam.identity.exception.RoleModifyException;
  import oracle.iam.identity.exception.SearchKeyNotUniqueException;
  import oracle.iam.identity.exception.ValidationFailedException;
  import oracle.iam.identity.rolemgmt.api.RoleManager;
  import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
  import oracle.iam.identity.rolemgmt.vo.Role;
  import oracle.iam.platform.OIMClient;
  import oracle.iam.platform.authz.exception.AccessDeniedException;
  public class CreateRole {
  private final static Logger LOGGER = Logger.getLogger(CreateRole.class .getName());
  OIMClient oimClient = null;
  public OIMClient connectToOIM() {
    LOGGER.info("In connectToOIM ");
    Hashtable env = new Hashtable();
    env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
      "weblogic.jndi.WLInitialContextFactory");
    env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
      "t3://V-hydidm1.itig.co.in:14000");
    System.setProperty("java.security.auth.login.config",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\authwl.conf");
    System.setProperty("java.security.policy",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\xl.policy");
    System.setProperty("OIM.AppServerType", "wls");
    System.setProperty("APPSERVER_TYPE", "wls");
    System.setProperty("weblogic.Name", "oim_server1");
    oimClient = new OIMClient(env);
    try {
     oimClient.login("xelsysadm", "Passw0rd".toCharArray());
    } catch (LoginException e) {
     e.printStackTrace();
    System.out.println("Connected");
    return oimClient;
  public void readRoleMetadata() {
    LOGGER.info("in readRoleMetadata ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    try {
     Role roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     Set attributeNameSet = roleVo.getAttributeNames();
     Iterator it = attributeNameSet.iterator();
     while (it.hasNext()) {
      System.out.println("Attribute Name :: " + it.next());
     // roleVo.setAttribute("ADentitlements", "Security Admin access");
     String adEntitlements = "" + roleVo.getAttribute("ADentitlements");
     System.out.println("AD Entitlements :: " + adEntitlements);
     System.out.println("DB Entitlements :: " + ""
       + roleVo.getAttribute("DBEntitlements"));
     System.out.println("Unix Entitlements :: " + ""
       + roleVo.getAttribute("UnixWindows"));
     System.out.println("VPN :: " + "" + roleVo.getAttribute("VPN"));
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void createRole() {
    LOGGER.info(" in Create role ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_NAME, "API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DESCRIPTION,
      "This Role is created using API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DISPLAY_NAME,
      "API Role1");
    roleCreationAttrMap.put("ADentitlements", "API Role1 AD Entitlements");
    roleCreationAttrMap.put("DBEntitlements", "API Role1 DB Entitlements");
    roleCreationAttrMap.put("VPN", "No");
    roleCreationAttrMap.put("UnixWindows", "API Role1 Unix Entitlements");
    Role roleVo = new Role(roleCreationAttrMap);
    try {
     System.out.println(" Before Create role *********************************************");
     roleManagerService.create(roleVo);
     System.out.println("Role Created .. ");
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleAlreadyExistsException e) {
     e.printStackTrace();
    } catch (RoleCreateException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void modifyRole() {
    LOGGER.info(" in modifyRole ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    Role roleVo;
    try {
     roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     String roleKey = roleVo.getEntityId();
     HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
     roleCreationAttrMap.put("ADentitlements",
       "Updated API Role1 AD Entitlements");
     Set roleKeySet = new HashSet<String>();
     roleKeySet.add(roleKey);
     Role roleVoNew = new Role(roleCreationAttrMap);
     roleManagerService.modify(roleKeySet, roleVoNew);
     System.out.println("Role Modified ..");
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleModifyException e) {
     e.printStackTrace();
  public static void main(String args[]) {
    CreateRole miscObj = new CreateRole();
    miscObj.connectToOIM();
    miscObj.createRole();
    //miscObj.readRoleMetadata();
  Thanks In Advance .