cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Assigning Role Assigner Permission

Go to solution
Former Member

on ‎06-04-2009 10:21 AM

0 Kudos

Hi,

I've been going through the Enterprise Portal APIs for a way to assign Role Assigner Permission on a Role to a User, but i haven't been able to find one.

Can someone please guide me on how to do it?

Thanks,

Mayank

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-04-2009 10:58 AM
0 Kudos

The role assigner permission is not a setting on the user. It's a setting on the role in the PCD. Open the permission editor for the role and from there you can set who has role permission access. This can also be done for a PCD folder so that it applies to all the roles in the folder.

Show replies
Show replies
Former Member
‎06-04-2009 11:07 AM
0 Kudos

Thanks Michael.

Yes, I'm able to check this visually through the path that you have mentioned.

My problem is - I want to assign the permission to a user programmatically from my application, using the portal APIs. I have gone through the IRole and IRoleFactory interfaces and am not able to find the relevant API to do this through my code.

Can you please help me with that?

Thanks,

Mayank

Former Member
‎06-04-2009 11:12 AM
0 Kudos

You need IAclHandle.createAclEntry and IPcdContext to get the PCD object...

Former Member
‎06-17-2009 9:09 AM
0 Kudos

Thanks Michael,

Sorry, had to push this on the backburner because of other issues.

I'm trying to do this with the following code, but it's not working:

iCtx = new InitialContext(env);

iCtx = BRUtil.GetPCDContext(PCDAspect.Persistence); //BRUtil is my helper dll

IPcdContext myPcdContext =(IPcdContext)

iCtx.lookup(Role);

IAclHandle myAclHandle = myPcdContext.getAclHandle(); // the handle is returned fine

List list = null;

list.add("roleassigner");

myAclHandle.addPermission("User1",list);

The "roleassigner" is not getting added to the list. list.get(0).toString() returns null.

AM I doing something wrong here?

Thanks,

Mayank

Former Member
‎06-17-2009 11:07 AM
0 Kudos

Ok, I'm getting the list populated now with this code:

iCtx = new InitialContext(env);

iCtx = BRUtil.GetPCDContext(PCDAspect.Persistence); //BRUtil is my helper dll

IPcdContext myPcdContext =(IPcdContext)

iCtx.lookup("role");

IAclHandle myAclHandle = myPcdContext.getAclHandle(); // the handle is returned fine

List list = null;

list = new ArrayList();

list.add("roleassigner");

myAclHandle.addPermission("User1",list);

But still the permission is not being assigned to 'User1" for "role".

Can some one throw some light on what is wrong here?

Thanks,

Mayank

Former Member
‎06-18-2009 4:03 AM
0 Kudos

I have used:


	IAclHandle myHandle = initPcdCtx.getAclHandle();
	IAcl ownAcl = myHandle.getOwnAcl();
	if (ownAcl == null) {
	      response.write(
	     " - currently no ACL - attempting to create it");
	      myHandle.createAcl(principalObj,myHandle.getParentAclHandle().getOwnAcl());
	ownAcl = myHandle.getOwnAcl();
          }
	ownAcl.createAclEntry(
                	principalObj,
		testRole,
		allow);

You might want to see what gets returned in getOwnAcl for an existing PCD folder.

Former Member
‎06-18-2009 3:03 PM
0 Kudos

Thanks Michael,

I tried with the following code:

initPcdCtx = new InitialContext(env);

initPcdCtx = BRUtil.GetPCDContext(csc.Persistence);

IPcdContext myPcdContext =(IPcdContext)

initPcdCtx.lookup(Role); // Loading the context with the Role

IAclHandle myHandle = myPcdContext.getAclHandle();

IAcl ownAcl = myHandle.getOwnAcl();

if (ownAcl == null)

{

msg = "Currently no ACL - attempting to create it";

myHandle.createAcl(LoginID,myHandle.getParentAclHandle().getOwnAcl());

ownAcl = myHandle.getOwnAcl();

}

ownAcl.createAclEntry(LoginID, Role, "allow");

But it's failing in the createAcl statement. I get a java.lang.ClassCastException.

If I load the myPcdContext object with the user loginID instead of the role, then I get an exception saying "Child not found" .

Am I missing something here? Thanks for all your help.

- Mayank

Former Member
‎06-19-2009 1:49 AM
0 Kudos

This is how I set my PCD context:


initPcdCtx = (IPcdContext) initialContext.lookup("");
initPcdCtx =
	(IPcdContext) initialContext.lookup("portal_content");
initPcdCtx = (IPcdContext) initialContext.lookup(object);

Former Member
‎06-19-2009 3:16 PM
0 Kudos

Michael - thanks, I finally seem to be making some progress now.

I'm not getting the cast exception now with this modified code:

InitialContext iCtx = null;

IUserFactory userFactory = UMFactory.getUserFactory();

iCtx = new InitialContext(env);

IPcdContext myPcdContext =(IPcdContext) iCtx.lookup(Role);

IAclHandle myAclHandle = myPcdContext.getAclHandle();

//myAclHandle.getOwnAcl().createAclEntry(

//Admin_User,Admin_User,IPcdStandardPermissions.PCD_PERMISSION_READ_WRITE);

// Add permission to the IAcl object for this PCD object

myAclHandle.getOwnAcl().createAclEntry(

Admin_User,User,"allow");

But still I get an Access Denied exception:

"exception: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): Role"

Looks like I need to add some permission first, but I'm not sure where and to which object. Does this look right to you?

Thanks,

Mayank

Former Member
‎06-22-2009 9:05 AM
0 Kudos

What privs do you have when you run the code? Have you got super admin access?

Former Member
‎06-22-2009 9:36 AM
0 Kudos

Yes, I do have super admin privs. I'm able to do other things like create a user, assign or revoke a role/group.

Only this permission assignment is giving the exception.

In the code I have given above, I'm setting "Admin_User" with my loginID (super admin)

and "User" with the portal user to whom I want to assign the RoleAssigner permission.

Thanks,

Mayank

Former Member
‎06-22-2009 10:29 AM
0 Kudos

I think the allow parameter to createAclEntry needs to be something like "Pcd.Use" or "owner" or "com.sap.portal.pcd.roleservice.roles.Assign" not "allow"....

Former Member
‎06-26-2009 6:52 AM
0 Kudos

I have it finally working now. I had to assign READ permission on the role to the user before assigning the Role Assigner permission. That did the trick.

Thanks a lot Michael for helping me through this problem.

Thanks,

Mayank

Answers (1)

Answers (1)

Former Member
‎06-04-2009 10:39 AM
0 Kudos

Hi,

If any Portal user want to assign a role to other user he should be an administrator i.e the role assigner should have admin role ;

Show replies
Show replies
Former Member
‎06-04-2009 10:43 AM
0 Kudos

Thanks devaramaraju,

What I'm looking for is the API so that I can programmatically assign the Role Assigner Permission to a user. Can you please throw some light on that?

Thanks,

Mayank

Ask a Question