cancel
Showing results for 
Search instead for 
Did you mean: 

Controlling role visibility through code

Former Member
0 Kudos

Hi All,

I need to be able to hide worksets and roles depending upon the user that logs in. I have managed to control iviews and pages using the following code



Hashtable env = new Hashtable();
env.put(
       Context.INITIAL_CONTEXT_FACTORY,
       IPcdContext.PCD_INITIAL_CONTEXT_FACTORY);
env.put(Context.SECURITY_PRINCIPAL, request.getUser());

env.put(Constants.REQUESTED_ASPECT, PcmConstants.ASPECT_SEMANTICS);
InitialContext iCtx = null;
	
try {
iCtx = new InitialContext(env);
						
	IiView result = null;
					
	Object currentObject  =  iCtx.lookup(iViewID);
	if (currentObject instanceof IiView) {
                      	result = (IiView)currentObject;
	}else{
	}
	result.putAttribute("com.sap.portal.navigation.Invisible",invisibleValue);
	result.save();
} catch (UnsupportedOperationException e) {
										e.printStackTrace();
} catch (NamingException e) {
	e.printStackTrace();
} catch (ValidationException e) {
	e.printStackTrace();
} catch (IOException e) {
	e.printStackTrace();
}

After looking around some more, i thought there must be something similar for worksets and roles as well.

I found the use of IRoleService and IRoleDescriptor. But its only given how to create new roles using these. Can someone help me out on how to access existing roles so that I can set the property dynamically for them?

Accepted Solutions (0)

Answers (4)

Answers (4)

former_member182598
Active Contributor
0 Kudos

Hi Malita,

The approach you have followed is not scalable. you should use PCD filter.

Refer to

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/5021a57d-0601-0010-6097-ec94a09c6...

Please note that you should use PCD filter only when there is no other option. Most of the times you can achieve the same result by tweaking your design.

Also refer to

to understand when you shouldn't be using PCD filter.

Let the community know your exact requirement and the community should be able to suggest the best approach.

Thanks

Prashant

Former Member
0 Kudos

You can use IRoleFactory and IRole.

The code should looks like that:

com.sap.security.api.IRoleFactory roleFactory = com.sap.security.api.UMFactory.getRoleFactory();

try {

com.sap.security.api.IRole role = roleFactory.getRole(roleName);

role.setAttribute(namespace, name, values);

} catch (UMException e) {

}

Read more about setAttribute method at:

http://help.sap.com/javadocs/nw04s/sps09/se/com/sap/security/api/IPrincipalMaint.html#setAttribute(j..., java.lang.String, java.lang.String[])

Former Member
0 Kudos

If you want a user to have a role based on access, you can assign the roles in User Admin to user.

I would suggest you look into Role Merging concept before you go too deep in program. You can merge roles and user would have access based on role they are assigned. Check below link.

http://help.sap.com/saphelp_nw04/helpdata/en/53/89503ede925441e10000000a114084/content.htm

Thanks,

VP

Former Member
0 Kudos

Do you have a requirement to programatically handle this ? If not there is an easy eay out through Portal Config.

If the users can be categorised into specific User Groups or you need to determine the access mode via Portal URL Alias -> Set up the Portal Display Master Rule accordingly and assign separate filtered Destops.

You have to set up Desktop & role filtering -

Refer :

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10da65ed-615b-2d10-efbc-ed07a5385...