cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Usage of "search attribute" and "user attribute" in entry type

Go to solution
Former Member

on ‎09-17-2009 2:31 PM

0 Kudos

Hi,

does anybody know how these two entry type parameters can be used to restrict access, so that e.g. a manager can only see his employees in the IDM interface?

I only found the following description in the release notes, but I couldn't find any additional information on the SAP Help Portal:

"The same identity store can be shared by different groups of users, for instance users from

several companies may coexist in the same identity store. To prevent the users of the different

groups/companies to see each other's data, the fields in the "Access limitations" group box on

entry type ("Search attribute" and "User attribute") to specify these access restrictions.

The access limitations are a global setting that restricts which entries will be returned when a

user searches for entries in the "Manage" tab and when adding references.

See Help File (Functional View) on the SAP Help Portal for more information"

Thanks in advance for your help!

Best regards

Holger

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎11-18-2009 10:58 PM
0 Kudos

Hi Holger,

I just found out how to use them.

I use it to restrict access to roles, and set it up this way:

- I defined an attribute Z_COMPANYNAME (single value) and assigned it as a mandatory attribute to MX_PERSON and MX_ROLE.

- I assigned a value for Z_COMPANYNAME to all my users and all my roles.

- after this, I set both the search attribute and user attribute in entry MX_ROLE to attribute Z_COMPANY.

Now, when searching for available roles, only the roles for which the company name of the logged-in user (MX_PERSON - User Attribute) matches the company name defined on the role (MX_ROLE - Search Attribute) are shown.

Please note, I had to apply the latest patch (7.1 SP3 patch 1) for the UI to get it to work on Oracle. Before this patch I got an SQL error when searching the roles. Furthermore, patch 1 for the UI and the design time components allow the use of wildcards in the attributes according to the documentation. Haven't played with this yet however.

Hope this helps, best regards,

Jos

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎11-19-2009 8:47 AM
0 Kudos

Hi Jos,

thanks for the hint. In the meantime I have also found out how it works, but I forgot to mention it in this forum.

Best regards

Holger

Show replies
Show replies
Ask a Question