cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to assign/remove roles or groups dynamically in Portal?

Go to solution
Former Member

on ‎08-17-2012 7:42 AM

0 Kudos

Hi,

We have the following requirement in our Portal 7.3:

Active Directory Groups:

AD_Group_A

AD_Group_B

Portal Groups:

Portal_Group_A

Portal_Group_B

UME - LDAP Mapping:

AD_Group_A  <-->  Portal_Group_A (with specific portal roles assigned to it)

AD_Group_B  <-->  Portal_Group_B (with specific portal roles assigned to it)

1. The user has both groups (AD_Group_A, AD_Group_B) assigned to him in the Active Directory.

2. We fetch these AD groups and show it to the user in a custom portal application iView and allow the user to choose the Group he wants to pick.

3. When the user logs in, by default he will be assigned to AD_Group_A and he sees all roles assigned to Portal_Group_A.

4. If he then chooses AD_Group_B from the custom portal application iview, we want the Portal_Group_A to be replaced with Portal_Group_B.

5. And when he refreshes the page, he should see all roles specific to Portal_Group_B.

Any help on whether we can do this in SAP Portal?

Thanks,

Ajay

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

swapnapriya_neemkar2
Active Participant
‎08-17-2012 2:35 PM
0 Kudos

Hi,

As per your Point#1:

"1. The user has both groups (AD_Group_A, AD_Group_B) assigned to him in the Active Directory. "

User will already have portal roles assigned from both the AD Groups and he will see things from both!

Pls clarify if user will have both groups intially assigned in AD or only one of them.

Thanks,

Swapna.

Show replies
Show replies
Former Member
‎08-21-2012 1:09 AM
0 Kudos

Hi Swapna,

The user will have both groups assigned to him in the AD initially.

Any way that I can communicate with AD via some API to get the groups assigned to a user?

Thanks,

Ajay

junwu
Active Contributor
‎08-21-2012 5:21 AM
0 Kudos

ume api can do that.

Former Member
‎08-21-2012 7:41 AM
0 Kudos

Hi Jun,

Could you please provide some more info on that?

I am not sure which class can provide me the groups assigned to a any user (not just the current logged-in user).

Thanks,

Ajay

Former Member
‎08-21-2012 9:48 AM
0 Kudos

Ajay,

To give you a programmatic approach on the UME APIs shared by Jun:

Below is the code written to fetch the users assigned to a specific group, for ex: SAP_J2EE_ADMIN

The output of the program, which displays all the users part of that group:

And coming to your first query, since you already have the below mapping:

AD_Group_A  <-->  Portal_Group_A (with specific portal roles assigned to it)

AD_Group_B  <-->  Portal_Group_B (with specific portal roles assigned to it)

you could achieve your actual requirement by directly working on Groups api (instead of Roles api as said before) on the event when the logged-in user selects/replaces the currently existing Portal Group A to B or vise-versa!

IGroup iGrp = null;
iGrp = UMFactory.getGroupFactory().getMutableGroup("<GROUP-UNIQUE-ID>");
iGrp.addUserMember("<USER-UNIQUE-ID>"); 
or
iGrp.removeUserMember("<USER-UNIQUE-ID>"); 
iGrp.save();
iGrp.commit();

You've to use the above code at appropriate action event on your custom application like.. you'll first removeUserMember from the existing group and then addUserMember to the selected group > save > refresh the portal would solve your problem.

Thanks,

MS

Answers (2)

Answers (2)

Former Member
‎08-17-2012 12:38 PM
0 Kudos

Hi Ajay,

Did you check the below UME API to meet your requirement (i've not tested it before, just give a try):  

IRoleFactory roleFactory = UMFactory.getRoleFactory();roleFactory.removeUserFromRole("<USER-UNIQUE-ID>","<ROLE-UNIQUE-ID>");

or

IRole iRole = null;
iRole = UMFactory.getRoleFactory().getMutableRole("<ROLE-UNIQUE-ID>");
iRole.removeUserMember("<USER-UNIQUE-ID>"); 
iRole.save();
iRole.commit();

You could do the same thing for Group instead of Role, as you might've more than one Role. But the user assignment is happing at AD level and may be a good practice to make changes at API level.

Thanks,

MS

Show replies
Show replies
junwu
Active Contributor
‎08-17-2012 10:32 AM
0 Kudos

if user has two group, he will see all.

it seems to be not doable for your requirement.

Show replies
Show replies
Ask a Question