Skip to Content
author's profile photo Former Member
Former Member

Read only Access to User Management

I want to provide our developers an read only access to the usermanagement over the portal user interface.

For that i have created an new role and also adapted permissions for the related portal objects.

Everything is working now, execpt one thing. The portal roles are not visible over the usermanagement interface and in the

log file i get the following exception:

role is not accessible by user USER.PRIVATE_DATASOURCE.un:HCMDeveloper

[EXCEPTION]

com.sap.security.api.NoAccessPermissionException: No access to principal due to missing permissions.

at com.sapportals.portal.prt.service.usermanagement.persistence.pcd.GLRolePersistence.populatePrincipalDatabag(GLRolePersistence.java:1125)

at com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.getPrincipalDatabag

I have assigned to UME Action Read_All to the portal role of our developers.

Best regards,

Thomas

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

5 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Aug 05, 2009 at 12:14 PM

    Here the procedure to do so

    1. Login to the portal with amdin user

    2. Go to content admin

    3. Create one sandbox folder

    4. copy the portal standerd "user administration role"

    how? portal content > portal administraters> user administrator > right click on "user amdin" and copy

    5. Select the sandbox folder and paste

    6. now click the user administration tab, search for user_admin , you get two "user administration" roles..

    7. select the new user admin role ,

    8 click modify ,remove the " Manage_All " action and add "read_all" ume action.

    9. assign this role to non-admin user.

    note: if you assign this role to admin user.. these two role may get merge because of that you may not be able to see one of them, to avoid that you need to "rename" the new "user admin" role name and alos check the merge property if needed.

    Regards

    Shridhar Gowda

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello,

      I really enjoyed your post and have tried putting your method to use. However I have question I hope you can help me with as well.

      After copying the user_admin role and downgrading the persmissions I found that there is sitll a Super_Admin pemission in the role and that this is inaccessable becuase its appearently default. This aspect undermines the whole meithod because this newly created role still has full control permissions

      We are in SP17 and I was wondering if you had any ideas of how to remove the Super_Admin permisson from th User_Admin Role?

      Many thanks for help and good luck with future posts!!

      Gene W.

  • author's profile photo Former Member
    Former Member
    Posted on Aug 05, 2009 at 01:16 PM

    Thanks for the answer. We tried this on a machine with SPS 14 installed and it works perfect.

    On our other machine with SPS 18 i still got the errors.

    Any ideas?

    Do you know if there is patch avaible?

    Best regards,

    Thomas

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi

      Whare do you created this role in the PCD? and how?

      Does role folder has enough permission?

      also check the permission at in System admin > permission > portal content> role folder> permission

      Regards

      Shridhar Gowda

  • author's profile photo Former Member
    Former Member
    Posted on Aug 06, 2009 at 05:43 AM

    The SPS 18 system is an exactly copy of the SPS 14 system. I also double checked the permission. Their are also the same like on the SPS 14 machine.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 06, 2009 at 09:08 AM

    Hi Thomas,

    Please check whether th following UME Actions are available to the user,

    Manage_Roles

    Manage_Role_Assignments

    Kind Regards,

    Mrityunjay.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 11, 2009 at 05:50 AM

    I will open an OSS Message for the problem.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.