cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Role XMII User cannot be deleted from Queries

Go to solution
Former Member

on ‎07-17-2008 1:34 PM

0 Kudos

Dear all,

we have build a new Role in NetWeaver and want to put it in the Security Reader List of a Query. At the same moment the role "XMII User " should be deleted because a normal user should not have access to the query.

I am able to delete the XMII User role from the list and save. However, when I load the query again, the role is back in the list.

Inside Transactions there is no problem deleting the role from the list.

Does anyone has experience with this issue?

Regards

Michael

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

jcgood25
Active Contributor
‎07-17-2008 1:57 PM
0 Kudos

What version of 12 are you using?

Show replies
Show replies
Former Member
‎07-17-2008 2:04 PM
0 Kudos

Jeremy,

we are using 12.0.2.

Regards

Michael

Former Member
‎07-17-2008 2:19 PM
0 Kudos

Michael,

if I remember right, this is a bug in 12.0.2. This bug are fixed with Version 12.0.4.

Jeremy, please correct me if I am wrong.

Regards

Pedro

Former Member
‎07-17-2008 2:35 PM
0 Kudos

Michael,

I guess you can use a workaround:

1 - Define a new Data Server (let's call Data2), exactly equals to the one you're now using for your query (let's call it Data1).

2 - Use this Data2 on your query, instead of Data1.

3 - Now, on Security Services -> Data Access, restrict the acces to Data2 to the role you want to assign your query to.

Hope this helps you!

jcgood25
Active Contributor
‎07-17-2008 2:58 PM
0 Kudos

Pedro you are correct, I just checked with 12.0.4 and it looks fine. It doesn't seem to allow the same role to be in both ReaderRoles and WriterRoles, but you can have something other than XMII Users in the ReaderRoles.

Michael - one thing to note, however, is that the XMII Users role does provide a blanket set of permissions to MII services, like the IlluminatorService, etc. You may want to check the services, along with your Data Server permissions to make sure the user can actually use MII and actually get to the query template.

Regards,

Jeremy

P.S. - Check the 12.0.4 note (and the 12.0.3 one for the whole story of what has been changed between your 12.0.2 version and the latest) because you'll need to take care of your JCO dlls and patch NW before you deploy the MII sca.

Former Member
‎07-17-2008 6:05 PM
0 Kudos

Thank you all for your answers.

As we will probably not be possible to upgrade soon, I was thinking about a workaround. I guess the most important access control for us is the GUI, so we should assign the screens to the different roles. What is behind the curtain then is not so important.A function that a user cannot access from the GUI is ok for us.

Jeremy, I also got your point that if we should use new roles, we would have to look up every setting where XMII User role is also assigned. Maybe we can avoid this by assigning every user the XMII User role, and use special roles to set up different GUIs.

Regards

Michael

Answers (0)

Ask a Question