cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Dynamically changing the Roles and Menu options??

Former Member

on ‎10-03-2005 1:13 PM

0 Kudos

HI all,

I am working on a requirement where i need to change the roles and all the options dynamically(like the detailed navigation bar and dynamic navigation bar).

For example, User A logs in (who is an admin) and wants to see what user B is able to see when he logs in. So I will have a text box where user A(admin) gives the user id of the user B and then all the options (roles,the detailed level navigation bar options etc.) will be shown as it will appear for user B.

So for this, how will I dynamically ensure that the screen looks exactly simillar to what user B would see if he logs in ( i mean - roles, different options etc.)

If any one has any idea on this, please help me.

Regards,

Narahari

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Dan_Wroblewski
Developer Advocate
Developer Advocate
‎10-06-2005 6:22 AM
0 Kudos

Hi Narahari,

I wouldn;t want to change the roles and permissions of the current user.

You could have a test user. When you select user B from the list, you can give the test user all the groups and roles that user B has.

You would also need to give the test user all the permissions -- ACL -- that user B has. But you would only have to duplicate any special permissions. The permissions received via groups/roles would be given automatically.

Hope this helps.

Do you need the specific APIs?

Daniel

Show replies
Show replies
Former Member
‎10-06-2005 9:29 AM
0 Kudos

Hi Daniel,

IS there any API to dynamically create a new "Test user" (as you said) and copy all the authorizations of the user B to "test user" and make the admin user see all the screens like user B??

Because, the requirement is that the admin should be able to give another user's name (Ex:- USer C)and see his options( i mean he should be able to see all the users' screens).

If it exists, please share.

Thanks.

Regards,

Narahari

Dan_Wroblewski
Developer Advocate
Developer Advocate
‎10-06-2005 9:49 AM
0 Kudos

Hi Narahari,

The following creates a new user with a specific role:

-

<%@ page import = "com.sap.security.api.*" %>

<%@ page import = "com.sap.security.api.persistence.*" %>

<%@ page import = "java.util.*" %>

<%@ page import = "com.sap.security.core.imp.*" %>

<%@ page import = "com.sap.security.core.persistence.*" %>

<%@ page import = "com.sap.security.core.persistence.imp.*" %>

<%!

IUserMaint user = UMFactory.getUserFactory().newUser("newUser");

user.setFirstName("XXX");

user.setLastName("XXX");

user.setEmail("XXXXX@sap.com");

user.save();

user.commit();

IUserAccount uacc = UMFactory.getUserAccountFactory().newUserAccount("newUser", user.getUniqueID());

uacc.setPassword("initial");

uacc.setPasswordChangeRequired(false);

uacc.save();

uacc.commit();

try

{

IRole role = UMFactory.getRoleFactory().getRoleByUniqueName("pcd:portal_content/administrator/super_admin/super_admin_role");

IRole mRole = UMFactory.getRoleFactory().getMutableRole(role.getUniqueID());

mRole.addUserMember(user.getUniqueID());

mRole.commit();

}

catch (UMException umex)

{}

-

So you get the first user, and get his roles and groups and add them to the new user.

To get a user, do the following:

IUserFactory userFactory = UMFactory.getUserFactory();

IUser myUser = null;

try {

myUser = userFactory.getUserByLogonID("myUserName");

}

catch {}

From the IUser object, you can get roles with getRoles().

From the IUser object, you can get groups with getParentGroups().

Hope this helps.

Daniel

%>

Former Member
‎10-06-2005 10:52 AM
0 Kudos

Hi Daniel,

Thanks once again for very useful info.

The code that you have given will help me dynamically create a test user and assign him the roles.

But how do I swtich the screen between the way it is displayed to the present user(i.e., the admin user) and to that of new "test user" that we will create dynamically?? This should happen when the user enters the name of "user B" in a text box and presses a button "GO".

More over, i need to have the initial login user's details(admin user)with me to switch back to his view. Can we store this user id in session and use it later. Please also clarify this.

Please help me in this.

Thanks & Regards,

Narahari

Dan_Wroblewski
Developer Advocate
Developer Advocate
‎10-06-2005 1:19 PM
0 Kudos

Hi Narahari,

I imagine that there is probably a way to make it so the admin logs out and the new user logs in, and then back again when you are finished -- all automatically.

However, it seems simpler to me to have an iView that clears the testUser account and then gives this account all the necessary roles/groups/permissions to mimic a specific user. You can then just have a second session of the portal, and log in and log out as that user.

Hope this helps.

Daniel

Former Member
‎10-06-2005 1:57 PM
0 Kudos

Daniel,

Now as you said, if i create a "test user" dynamically who has all roles/groups/permissions simillar to that of an existing user (for example "User B") which the admin has selected, is there a way of creating another session dynamically, log in directly with out showing the initial screen (that means show the roles directly)??

Regards,

Narahari

Former Member
‎10-03-2005 2:15 PM
0 Kudos

Hi Narahari

You can get the details of the other user in portal.

import com.sap.security.api.*;

IUserFactory userfact=UMFactory.getUserFactory();

IUser user = getUserFactory().getUserByLogonID(String logonidofuserB);

Information about the name of the user,their unique id,Ldap attrs,display name,role membership etc are available from the IUser object.

You can use the methods isMemberOfGroup()

isMemberOfrole() for getting the details and also this link by prakash

Regards

Geogi

Show replies
Show replies
Former Member
‎10-03-2005 2:49 PM
0 Kudos

Hi George,

Thanks for your quick reply.

The API that you have given will help me check whether the other user is part of a particular group or role etc.

But is there any way where I can make user A see all the screens exactly simillar to user B directly. (i.e., user A = user B). This is for user A(who is an admin) to check what exactly user B is able to see when he logs in.

I hope you clearly understood my requirement.

Regards,

Narahari

Former Member
‎10-03-2005 2:54 PM
0 Kudos

Hi Narahari

The access of the screens is based on the roles and the groups assigned to the user. You can compare the roles and groups of user A and B by getting it and storing in an array. If both are having the same roles and group then the screens are same.

Regards

Geogi

Ask a Question