Skip to Content
author's profile photo Former Member
Former Member

How to assign/remove roles or groups dynamically in Portal?

Hi,

We have the following requirement in our Portal 7.3:

Active Directory Groups:

AD_Group_A

AD_Group_B

Portal Groups:

Portal_Group_A

Portal_Group_B

UME - LDAP Mapping:

AD_Group_A <--> Portal_Group_A (with specific portal roles assigned to it)

AD_Group_B <--> Portal_Group_B (with specific portal roles assigned to it)

1. The user has both groups (AD_Group_A, AD_Group_B) assigned to him in the Active Directory.

2. We fetch these AD groups and show it to the user in a custom portal application iView and allow the user to choose the Group he wants to pick.

3. When the user logs in, by default he will be assigned to AD_Group_A and he sees all roles assigned to Portal_Group_A.

4. If he then chooses AD_Group_B from the custom portal application iview, we want the Portal_Group_A to be replaced with Portal_Group_B.

5. And when he refreshes the page, he should see all roles specific to Portal_Group_B.

Any help on whether we can do this in SAP Portal?

Thanks,

Ajay

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Aug 17, 2012 at 01:35 PM

    Hi,

    As per your Point#1:

    "1. The user has both groups (AD_Group_A, AD_Group_B) assigned to him in the Active Directory. "

    User will already have portal roles assigned from both the AD Groups and he will see things from both!

    Pls clarify if user will have both groups intially assigned in AD or only one of them.

    Thanks,

    Swapna.

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Ajay,

      To give you a programmatic approach on the UME APIs shared by Jun:

      Below is the code written to fetch the users assigned to a specific group, for ex: SAP_J2EE_ADMIN

      The output of the program, which displays all the users part of that group:

      And coming to your first query, since you already have the below mapping:

      AD_Group_A <--> Portal_Group_A (with specific portal roles assigned to it)

      AD_Group_B <--> Portal_Group_B (with specific portal roles assigned to it)

      you could achieve your actual requirement by directly working on Groups api (instead of Roles api as said before) on the event when the logged-in user selects/replaces the currently existing Portal Group A to B or vise-versa!

      IGroup iGrp = null;
      iGrp = UMFactory.getGroupFactory().getMutableGroup("<GROUP-UNIQUE-ID>");
      iGrp.addUserMember("<USER-UNIQUE-ID>");
      or
      iGrp.removeUserMember("<USER-UNIQUE-ID>");

      iGrp.save();
      iGrp.commit();

      You've to use the above code at appropriate action event on your custom application like.. you'll first removeUserMember from the existing group and then addUserMember to the selected group > save > refresh the portal would solve your problem.

      Thanks,

      MS

  • author's profile photo Former Member
    Former Member
    Posted on Aug 17, 2012 at 11:38 AM

    Hi Ajay,

    Did you check the below UME API to meet your requirement (i've not tested it before, just give a try):

    IRoleFactory roleFactory = UMFactory.getRoleFactory();roleFactory.removeUserFromRole("<USER-UNIQUE-ID>","<ROLE-UNIQUE-ID>");

    or

    IRole iRole = null;
    iRole = UMFactory.getRoleFactory().getMutableRole("<ROLE-UNIQUE-ID>");
    iRole.removeUserMember("<USER-UNIQUE-ID>");
    iRole.save();
    iRole.commit();

    You could do the same thing for Group instead of Role, as you might've more than one Role. But the user assignment is happing at AD level and may be a good practice to make changes at API level.

    Thanks,

    MS

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 17, 2012 at 09:32 AM

    if user has two group, he will see all.

    it seems to be not doable for your requirement.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.