cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to create new Business Role by Copy

Go to solution
Former Member

on ‎03-14-2014 4:39 PM

0 Kudos

Hi,

I am testing how to create a new Business Roles by copy:

So I search for Business Role (FIN1_BR for example), so I can create a new role like: FIN2_BR and all the FIN1_BR's assigned Privs will be added to the new FIN2_BR.

I tried this nice post, here the user should exit before adding Roles and Privileges by copy:

But my need is that FIN2_BR does not exist yet, and I have to create it at the same time when making the copy.

Any help please?

Michaela

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-17-2014 4:28 AM
0 Kudos

Hi Michaela,

Create a UI task say "Copy BUsiness Role" which has provision to give the new business role name  and another filed to select the reference role Z_refrole.

Under that task, add a to Identity Store attribute as shown below.

For the MXMEMBER_MX_PRIVILEGE attribute, you have to assigne the privilegs of the reference business role.

So, in the value field provide {A}Z_sap_getprivilesofroles(%Z_refrole%)

Inside the script, get the MSKEY of the referenced role and get the associated privilges from the idmv views

You can use the query some thing like below to get the MSKEY's of privileges and Roles mapped to the referenced role.

select * from idmv_link_ext where mcOtherMSKEY=<ReferencedRoleMSKEY> and mcThisOcName in ('MX_PRIVILEGE','MX_ROLE')

Thats it.

All the best !!

~ Krishna.

Show replies
Show replies
Former Member
‎03-19-2014 4:14 PM
0 Kudos

Hi Krishna,

Could you please provide with the content of the script: Z_sap_getprivilesofroles

And the Attributes Tab of your "Copy BUsiness Role" task ?

Need: select one Role and create a copy new Role which not exist in the IDM and assign all privileges

If any one can help ?

Thanks,

Michaela

Message was edited by: Michaela Ramon

Former Member
‎03-20-2014 2:19 AM
0 Kudos

Hi Michaela,

Your requirement is "select one Role and create a copy new Role which not exist in the IDM and assign all privileges"


I have done in my environment the following way. Tested and working fine.


While creating a new role, select the reference role (of whose privileges are to be copied), and all the privileges are copied to the new role. You can alter this according to your requirement. if you want to implement the exact the same way you need. Else you can use the below approach.


I have created a Z_REF_ROLE attribute with following storage fields.


Then I have created a new ordered task with attributes as shown below.



Under this ordered task, I have created a To Identity Store pass and configured the destination tab as below.



After that, enable the pass, configure the dispatchers. Now in the IDM UI, you have to do the following. Select the copy business role task in the screen UI.



In the below scrren, provide the new role name, description and select the reference role from which the privileges has to be configured.


Click on save/submit.


The new role is created with the privileges copied from the referenced role.



Thats it !!


Finally here is the script as you requested.


//###############################################


// Main function: z_getrefprivileges

function z_getrefprivileges(Par){

  //Example calling DSE internal function

  //uStop("Terminated by user");

  var rolemskey = "";

  var sql ="";

  rolemskey = Par;

  sql = "select mcThisMSKEY from idmv_link_ext where mcOtherMSKEY="+rolemskey+" and mcThisOcName in ('MX_PRIVILEGE')";

  var result ="";

  result = uSelect(sql);

  result = uReplaceString(result, "!!", "|");

  return result;

}

//###############################################

All the best !!

~ Krishna.

Former Member
‎03-20-2014 8:50 AM
0 Kudos

One word... Excellent! with all the best 😉

Michaela

Former Member
‎03-20-2014 9:07 AM
0 Kudos

Thanks Michaela !!

~ Krishna.

Answers (3)

Answers (3)

Former Member
‎03-19-2014 8:07 AM
0 Kudos

Thank you all for your help,

Michaela

Show replies
Show replies
Former Member
‎03-16-2014 8:41 PM
0 Kudos

The best way to do it is:

Add an attribute to the object: Z_COPYFROM

Create a new object and have the admin select the 'copy from' object as he does so (make it mandatory if needed

Have a task which copies the required data from the copy from object onto the new object as a subtask of the create.

Peter

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎03-14-2014 4:49 PM
0 Kudos

Hello Michaela,

well, maybe you could share, what you already got and what is not working there. Errors it's throwing etc. Because when you write



I am testing how to create a new Business Roles by copy:

I'm kind of thinking, you already started creating this task and have problems getting it to run properly.

Regards,

Steffi.

Show replies
Show replies
Former Member
‎03-14-2014 5:10 PM
0 Kudos

Hi Steffi,

When I said: testing... I mean: going to test: nothing done yet.

I tested the scenario mentioned in Murali's blog, and It was working fine. But my need is to create BR by copy from scratch so I thought to do the same as in the blog, but in this case my empty FIN2_BR should exist If I want follow the steps in the blog but FIN2_BR does not exit.

Thnks,

Michaela

Steffi_Warnecke
Active Contributor
‎03-14-2014 5:19 PM
0 Kudos

Hello Michaela,

since the blog is about copying a user with it's existing privileges and business roles, those exist in the IDM of course. ^^

But you are on a good track IMO: you can use that blog for your scenario, too. Just do the same with the entry type "MX_ROLE". So the reference is a role, not a user etc.

If you follow it step by step and change the given information to suit a role instead of a person, it should work just the same.

Regards,

Steffi.

Ask a Question