on 08-17-2012 7:42 AM
Hi,
We have the following requirement in our Portal 7.3:
Active Directory Groups:
AD_Group_A
AD_Group_B
Portal Groups:
Portal_Group_A
Portal_Group_B
UME - LDAP Mapping:
AD_Group_A <--> Portal_Group_A (with specific portal roles assigned to it)
AD_Group_B <--> Portal_Group_B (with specific portal roles assigned to it)
1. The user has both groups (AD_Group_A, AD_Group_B) assigned to him in the Active Directory.
2. We fetch these AD groups and show it to the user in a custom portal application iView and allow the user to choose the Group he wants to pick.
3. When the user logs in, by default he will be assigned to AD_Group_A and he sees all roles assigned to Portal_Group_A.
4. If he then chooses AD_Group_B from the custom portal application iview, we want the Portal_Group_A to be replaced with Portal_Group_B.
5. And when he refreshes the page, he should see all roles specific to Portal_Group_B.
Any help on whether we can do this in SAP Portal?
Thanks,
Ajay
Hi,
As per your Point#1:
"1. The user has both groups (AD_Group_A, AD_Group_B) assigned to him in the Active Directory. "
User will already have portal roles assigned from both the AD Groups and he will see things from both!
Pls clarify if user will have both groups intially assigned in AD or only one of them.
Thanks,
Swapna.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ajay,
To give you a programmatic approach on the UME APIs shared by Jun:
Below is the code written to fetch the users assigned to a specific group, for ex: SAP_J2EE_ADMIN
The output of the program, which displays all the users part of that group:
And coming to your first query, since you already have the below mapping:
AD_Group_A <--> Portal_Group_A (with specific portal roles assigned to it)
AD_Group_B <--> Portal_Group_B (with specific portal roles assigned to it)
you could achieve your actual requirement by directly working on Groups api (instead of Roles api as said before) on the event when the logged-in user selects/replaces the currently existing Portal Group A to B or vise-versa!
IGroup iGrp = null;
iGrp = UMFactory.getGroupFactory().getMutableGroup("<GROUP-UNIQUE-ID>");
iGrp.addUserMember("<USER-UNIQUE-ID>");
or
iGrp.removeUserMember("<USER-UNIQUE-ID>");
iGrp.save();
iGrp.commit();
You've to use the above code at appropriate action event on your custom application like.. you'll first removeUserMember from the existing group and then addUserMember to the selected group > save > refresh the portal would solve your problem.
Thanks,
MS
Hi Ajay,
Did you check the below UME API to meet your requirement (i've not tested it before, just give a try):
IRoleFactory roleFactory = UMFactory.getRoleFactory();roleFactory.removeUserFromRole("<USER-UNIQUE-ID>","<ROLE-UNIQUE-ID>");
or
IRole iRole = null;
iRole = UMFactory.getRoleFactory().getMutableRole("<ROLE-UNIQUE-ID>");
iRole.removeUserMember("<USER-UNIQUE-ID>");
iRole.save();
iRole.commit();
You could do the same thing for Group instead of Role, as you might've more than one Role. But the user assignment is happing at AD level and may be a good practice to make changes at API level.
Thanks,
MS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
if user has two group, he will see all.
it seems to be not doable for your requirement.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.