Hi Omer,

thanks for this link, but it didn't help me, because I couldn't find this roles by this names anywhere.

"WebIDE_Administrator and WebIDE_Developer"

Also within the user guide and installation guide is nothing mentioned by this names (WebIDE_Administrator and WebIDE_Developer)

InstallationGuide: SAP HANA Platform SPS 12 SAP Web IDE for SAP HANA SPS 12 Patch 1 Document Version: 1.3 – 2016-07-28

3.2 Assign the SAP Web IDE Role Templates to the Role Collections SAP Web IDE supplies predefined role templates: DevxAdministrator, DevxDeveloper, and xsac_hrtt_developer_template

Even more within the installation guide are other names which I couldn't find somewhere.

What I'm wondering that I already get a "Permission denied!" when I try to reach the Space Enablement admin tool.

3.1.1.Obtain the URLs of SAP Web IDE and Administration Tools

xs app di-spaceenablement-ui --urls The command returns the Space Enablement admin tool URL.

WebIDE_Administrator and WebIDE_Developer are not roles, but roles templates. You have to create roles and assign them to role collections (which are assigned to users) in the role builder.

The Space Enablement tool nees the WebIDE_Administrator privileges.

Regards,

Florian

Hi Dirk,

We could either have a short phone call where i can show you how to set user permission, or please provide me your machine details (full hostname, os user/psw, webide user/psw) and i will have a look.

Thanks,

Zoya

Hi Florian,

thanks for your help.

Sorry, but I can't find any role templates by this name (WebIDE_Administrator and WebIDE_Developer).

The other role templates which are shown on the screenshot are included in the role, which we gave to our users.

Hi Zoya,

thanks for your offer.

I think you are now able to send me a mail directly. Afterwards we can get in contact by phone.

Thanks

Hi Dirk,

I see you've selected admin application, however for Web IDE permissions you need to select webide!1 applications, the role templates should be available there.

Thanks

Zoya

ok, thanks!

will check for it!

Two questions:

- Where can i find your email?

- which installation guide are you using? it seems not up to date.

Okay, could find them, thanks!

But how do I've to assign them? In the past we did it in the "Application role Collection", but there I can only see the admin roles from the past.

1. I changed my profile settings, you should be able now. Click on my name.

2. Installation guide from the notes: "SAPWebIDE4HANASPS12.1_Installation"

2304873 - SAP Web IDE für SAP HANA SPS12 - Release-Informationen

https://launchpad.support.sap.com/#/notes/2304873

Great, sent you an email

Okay for the moment I got this problem solved.

As Florian said:

"You have to create roles and assign them to role collections (which are assigned to users) in the role builder."

I had to create a collection. I thought I was handling a collection, but it was only a role and couldn't find under "Application role collection" But now this collection is there.

And now I could pass this step.

The Space Enablement tool nees the WebIDE_Administrator privileges.

The assignment of permissions to the user is always done via role collection (the latest screenshot is a list of role collections)

That means you need first to create role collection (or use your existing one) and then assign it to a user.

1. To create role collection:

-  open to Application Role Builder tile -> press on 'three parallel lines' (on the left upper side) -> choose Role Collection -> press + on the bottom to create a new Role Collection -> provide the name (e.g. WebIDE_Developer, WebIDE_Administrator) and assign Application Role:

  - WebIDE_DEVELOPER role collection, select app name - webide!1, role template = application role - WebIDE_Developer

  - WebIDE_ADMIN role collection, select app name - webide!1, role template = application role - WebIDE_Administrator

- Save

Information about Role Collection management should be available HANA / XSA Security Guide

2. Assign Role Collection to a user

- open User Management tile -> select a user -> got to Role Collection section -> add WebIDE_... role collection, depending on user responsibility -

Web IDE developer user - assign WebIDE_DEVELOPER RC

Web IDE administrator user (certificate management or space enablement) - WebIDE_ADMIN RC

Hope it will help.

Zoya

Hi Zoya,

thanks for your wide explanation. But even I assigned this collections to my user I'm not able to access the webide. (I did the assigning with the web workbench "Application Role Collections" because, within the "User Management" I have only read permissions, what I'm wondering, too.

Any ideas what I'm missing.

Thanks

Hi Dirk,

I am sorry but i need more info.

1. How the role collections you defined looks like

2. How did you succeed to add Role Collections, if you don't have required permission, what do you mean by web workbench (HANA Studio?)
In general, you should have XSA Admin user that has privileges to manage users.

3. Check that you  logged out or cleared cache before login into web ide with updated user

Thanks,

Zoya

1. How the role collections you defined looks like

I only took the sap template and put it in a new collection, the same way as Thomas Jung described in his blog.

"New Role for Using the SAP Web IDE for SAP HANA"

2. How did you succeed to add Role Collections, if you don't have required permission, what do you mean by web workbench (HANA Studio?)

Also as Thomas described in his Blog:

"Now you can go to the user administration tool in either the XS Advanced Administration or the older SAP Web-based Development Workbench Security tool."

What I did, because I have only read permission for User Management Tool, and I don't know why?

3. Check that you  logged out or cleared cache before login into web ide with updated user

Did it!

Thanks for your help!

I created also a new XSA_Admin user with the required permissions, but exactly the same behavior.

1. The xsa user has also only Read permission for the Management User Tool

2. The xsa user is not able to reach the webide, because of : Authorization Request Error

3. But both user are able to access the new "Space Enablement"

Any ideas how I can trace the privileges problems for XSA?

Only to get it clear, is this role "sap-xsac-hrtt!i1" also necessary?

Hi,

I'll try to call you.

The hrtt role template should not be the reason for permission denied when you login into web ide.

Zoya

Any further ideas where I can look for something?

Hi Dirk,

Regarding the XSA_ADMIN user you've created. The Role Collection assignment is ok, but you probably are missing System Privileges ROLE ADMIN and USER ADMIN that are HANA specific and can be assigned via HANA Studio / web workbench.

Zoya

Thanks, but unfortunately is there.

Was also my thought yesterday at first....

From what you described everything looks correct. Therefore i would need to access the system to investigate the issue. Would be great to get Admin Tool URL and user credentials.

Would be nice, if you can check for it. Will send you an email.

To visualize our problem, while we try to access the webide

© 2016 Pivotal Software, Inc. All Rights Reserved:  --> Was also wondering about this name: Pivotal

Some more infos:

This is the end of the url which tries to switch to the WebIDE:

callback&client_id=sb-webide!i1 --> Is this fine?

When I saw callback, I remembered that we had a similar problem long time ago. The reason was  a missing set NO_PROXY value.

But now I set this value and still the same result, doesn't solved my problem.