Authenticated user to run agent (ibot) on demand

Similar Messages

• Error authenticating proxy while running agent job

  I am trying to schedule a SSIS2014 package via SQL Server Agent job. Both SSIS and SSMS are running on my local machine in the same domain. I am running SSMS with the same user
  Domain\Admin which is the creator of the SSIS package. SSMS 32-Bit and SSIS 32-Bit are running on Windows 7 64-Bit machine. I can run the package within SSIS without problems.
  When I use a proxy account to run the job step, the following message occurs:
  Unable to start execution of step 1 (reason: Error authenticating proxy `Domain\Admin`, system error: Logon failure: unknown user name or bad password.). The step failed.
  The proxy account uses the credentials identity Domain\Admin. Since the password fields for credential properties in SSMS cannot be left blank, I typed any password although my corresponding windows account has no password. So as mentioned above
  it's the same user account that created the SSIS package since Domain\Admin is stated in the CreatorName property of the SSIS package.
  With this proxy, I tried to run SSIS jobs using the package ProtectionLevel's
  EncryptSensitiveWithUserKey and EncryptSensitiveWithPassword. Running the package manually within SSDT without problems, but from SSMS agent job the same error message appears. I tried the package sources "File System" and, after
  importing the package to MSDB, "SQL Server" and "SSIS Package Store". But exactly the same error message appears with each method.
  Task manager shows that SSMS is running in administrator mode. Using Windows Component Services I added DCOM permissions for
  Domain\Admin to start and activate "Microsoft SQL Server Integration Services 12.0" from local. But the same error message appears. So in my opinion it's a problem with SSMS user account permissions (???) but unfortunately I don't know
  what exactly to do here. I tried the following:
  In the system database MSDB (full path: Databases / System Databases / MSDB / Security / Logins) I assigned all available role memberships (Including db_ssisoperator, db_ssisltduser, db_ssisadmin) to
  Domain\Admin.
  In server security (full path: Security / Logins) I assigned all available server roles. In the tab User Mapping, I assigned the MSDB database.
  Still the same error message appears when I try to run the job. Does anybody have some ideas what I can try?

  If you use the Agent then set the package protection to "Rely on server".
  Then Domain/Admin is probably not an actual proxy but the account the Agent is running under, in this or even any case follow http://www.mssqltips.com/sqlservertip/2163/running-a-ssis-package-from-sql-server-agent-using-a-proxy-account/ to create the
  proper proxy for the packages.
  Arthur My Blog

• On-Demand Process Running only for authenticated user

  I have noticed that an on-demand process is running only for authenticated users - for example a download of a document. For public users it doesn't. I remember seeing a similar question related to ajax on demand in this forum but couldn't locate the thread. Does anyone knows why the process is not running for not authenticated user? The result of a download for a public user is a blank page where the authenticated user gets the file by clicking on the same link.
  Thanks in advance,
  Denes Kubicek
  http://deneskubicek.blogspot.com/
  http://htmldb.oracle.com/pls/otn/f?p=31517:1
  -------------------------------------------------------------------

  Hello Denes,
  Please check if the following can help you -
  Re: AJAX on public page
  Re: Calling an application level on-demand process from JavaScript
  Regards,
  Arie.

• Cannot run using pam authenticated user?

  Using RHEL 4 on an institutional network in which users are centrally managed. Acroread 8.1.1 will not start with ordinary user as
  acroread
  (acroread:24638): GLib-WARNING **: getpwuid_r(): failed due to unknown user id (.....)
  Basically, this is not going to work.

  Hi, thanks for replies
  I am indeed able to launch 'firefox', both as local user and as remotely authenticated user. Likewise, 'gedit' is no problem
  The authentication method is called LDAP .
  Here's the nsswitch.conf ( it seems like the ldap is already included here )
  passwd: files ldap
  shadow: files ldap
  group: files ldap
  hosts: files dns
  bootparams: files
  ethers: files
  netmasks: files
  networks: files
  protocols: files ldap
  rpc: files
  services: files ldap
  netgroup: files ldap
  publickey: files
  automount: files ldap
  aliases: files
  The Red-Hat EL4 provided Acroread 7.0.8 5/22/2006 also only works as local user, otherwise it produces a not-terminating stream of syntax error messages. (Package confusingly numbered acroread-7.0.9-1.2.0.EL4)
  Using new AdobeReader_enu-8.1.1-1.i486.rpm, as local user, the program runs. but gives some message about missing library. I wish the program place the error message in the stderr or similar, or at very least allowed cut and paste from the error dialog box, as it would be so much easier to tell you exactly what the error message says. It's the 32-bit/64-bit thing.
  I have read the mailing list about this issue and see that it may be easily fixed, however unless the reomote authentication issue can be fixed, there is not much point.

• Oracle BI Delivery - Run Agent

  Hello,
  Sorry for copied huge log here.
  I was try to run Agent with send email attached analysis or briefing books.
  but it was following errors.
  My system has connected to LDAP server, also i already configured mail server in  EM (http://localhost:7001/em -> Mail)
  and configured completely Delivery Profile in OBIEE (My account - > Delivery Options)
  Anyone help me? please, how to resolve those errors
  ERROR:
  [nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Authentication Failure.
  Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
  Location: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)
  Error Codes:
  Location: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Error Codes: AGEGTYVF
      AgentID: /shared/Test_report/Test_Agent
      ...Trying Agent Get Response Content loop again.... Sleeping for 5 seconds.[nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Authentication Failure.
  Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
  Location: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)
  Error Codes:
  Location: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Error Codes: AGEGTYVF
      AgentID: /shared/Test_report/Test_Agent
      ...Trying Agent Get Response Content loop again.... Sleeping for 3 seconds.[nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Authentication Failure.
  Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
  Location: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)
  Error Codes:
  Location: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Error Codes: AGEGTYVF
      AgentID: /shared/Test_report/Test_Agent
      Exceeded number of request retries for method GetResponseContent.[nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Authentication Failure.
  Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
  Location: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)
  Error Codes:
  Location: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Error Codes: AGEGTYVF
      AgentID: /shared/Test_report/Test_Agent
      ...Trying Agent Get Response Content loop again.... Sleeping for 8 seconds.[nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Authentication Failure.
  Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
  Location: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)
  Error Codes:
  Location: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Error Codes: AGEGTYVF
      AgentID: /shared/Test_report/Test_Agent
      ...Trying Agent Get Response Content loop again.... Sleeping for 8 seconds.[nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Authentication Failure.
  Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
  Location: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)
  Error Codes:
  Location: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Error Codes: AGEGTYVF
      AgentID: /shared/Test_report/Test_Agent
      Exceeded number of request retries for method GetResponseContent.

  Thank you for your reply,
  I solve some problem, maybe its not solved, maybe its trick
  so
  1. I cant send email by Recipient
  2. I cant send email by Specified user(My Domain ID)
  Only i can send email Specified user(Weblogic User) after deleted creditional mail.server
  following this link
  http://deliverbi.blogspot.com/2010/10/obiee-11g-bi-scheduler-gives-error.html -
  but how to solve other problem??

• Periodically Hyperion Workspace Will Hang with msg "Authenticating  User.."

  Hi,
  Periodically Hyperion Workspace Will Hang with the Message "Authenticating User.." after Supplying the Username and Password for the Login. But FDM, Smartview are working fine. The problem is only with workspace.
  No errors has been recorded in HSvevent log and workspace logs.
  We are using Weblogic application server and the version is 11.1.1.3.
  It is working fine once we restart the Hyperion workspace- Agent service.
  Please advice the possible root causes for this, so that we can put a permanent fix for this issue.
  Thanks

  Hi-
  I've encountered this issue in my slow network environment, and it was rectified after we've done the following:
  Enable IE ActiveX controls:
  1. Open Internet Explorer
  2. Click the Tools menu, and then click Internet Options
  3. On the Security tab, click the Custom level button
  4. Scroll down the Security Settings list until you see ActiveX controls and plug-ins
  5. Enable Automatic prompting for ActiveX controls
  6. Scroll down to Download signed ActiveX controls and click Enable or Prompt
  7. Scroll down to Run ActiveX controls and plug-ins and click Enable or Prompt
  8. Scroll down to Script ActiveX controls marked safe for scripting and click Enable or Prompt
  9. Click OK, and then click OK again
  Add 3 DWord items to the registry under
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  ReceiveTimeout 900000
  KeepAliveTimeout 900000
  ServerInfoTimeout 900000
  These values are in milliseconds. So, 900000 is 15 minutes
  Access URL using the pop-up: http://server:19000/workspace, not the http://server:19000/workspace/index.jsp <-- not sure what's the differences on how this works, but apparently it worked well in my slow network environment.
  Increase the workspace server timeout settings.
  Use supported browsers in the Oracle certification matrix.
  -William

• De-authenticating users with multiple active sessions

  Hi guys,
  I haven't posted much, but I've lurked for a long time and, until now, always found
  the answer to my questions, but this one has me stumped. I've implemented the
  Session Timeout utility successfully,
  but I would like to add another function that would exchange a transaction_id between
  the user and the server, as mentioned
  Re: diallow multiple logins.
  When I try to use this new function, the initial cookie gets set and the value is
  inserted into the table. However, when I try to navigate to a second page, the value
  in the cookie is not the same as the value in the table. When I keep all of the records
  and compare them to all of the set-cookie calls, it appears that the
  table is being updated more often than the cookies. I would really appreciate some
  input on this problem or another way to validate that the user is active in
  only one session.
  Thanks,
  Art
  This is the process to create the initial cookie on Page 101-->
  declare
    l_magic_number number;
    l_new_number number;
  begin
    select to_number(to_char(sysdate, 'WDDHHMISS')) into l_magic_number from dual;
    dbms_random.seed(l_magic_number);
    l_new_number := dbms_random.random;
    delete from transaction_cookies where trans_user = owa_cookie.get('LOGIN_USERNAME_COOKIE').vals(1);
    insert into transaction_cookies (trans_user, transaction_id)
                    values (owa_cookie.get('LOGIN_USERNAME_COOKIE').vals(1), l_new_number);
    owa_cookie.send(
        name    => 'HTMLDB_SESSION_TRANSACTION',
        value   => to_char(l_new_number),
        expires => null,
        path    => '/',
        domain  => null
  end;And the validation function is here-->
  function check_transaction_id return boolean as
  cursor c_select_number(user_name varchar2) IS
          select transaction_id
          from   transaction_cookies
          where  trans_user = user_name;
  l_cookie_exists   boolean       := true;
  l_selected_number number;
  l_cookie_number   number;
  l_new_number      number;
  user_id        varchar2(256);
  begin
      if htmldb_custom_auth.get_user is null then
          return true;
      end if;
      begin
          l_cookie_number := to_number(owa_cookie.get('HTMLDB_SESSION_TRANSACTION').vals(1));
          exception when no_data_found then
              l_cookie_exists := false; -- no cookie set, assume first page visit after login
      end;
      user_id := owa_cookie.get('LOGIN_USERNAME_COOKIE').vals(1);
      open  c_select_number(user_id);
      fetch c_select_number into l_selected_number;
      close c_select_number;
      if l_cookie_exists and l_cookie_number <> l_selected_number then
          delete from transaction_cookies where trans_user = user_id;
          OWA_COOKIE.REMOVE(
              name    => 'HTMLDB_SESSION_TRANSACTION',
              val   => to_char(l_cookie_number),
              path    => '/');
          wwv_flow.g_unrecoverable_error := true;
          owa_util.redirect_url('f?p='||wwv_flow.g_flow_id||':'||l_invalid_session_page);
          return false;
      elsif not g_other_cookie_already_sent then
          select to_number(to_char(sysdate, 'WDDHHMISS')) into l_magic_number from dual;
          dbms_random.seed(l_magic_number);
          l_new_number := dbms_random.random;
          delete from transaction_cookies where trans_user = user_id;
          insert into transaction_cookies values(user_id, l_new_number);
            /* The timeout function opened the HTTP header...*/
          owa_cookie.send(
              name    => 'HTMLDB_SESSION_TRANSACTION',
              value   => to_char(l_new_number),
              expires => null,
              path    => '/',
              domain  => null
          owa_util.http_header_close; /* Since this is called after the timeout function, THIS one will close the header*/
          g_other_cookie_already_sent := true;
      end if;
      return true;
  end check_transaction_id;

  Art - Thanks for the detailed problem description (with code). The problem you're seeing is due, in part, to the fact that an application's session verification function is run on every page show and page submit. Based on your function's logic, when you show a page, a cookie is sent (after you purge the table and do an insert). Then you submit the page and it runs again, purging the table, inserting a new value into the table, and sending that value in the cookie. Then the page branches to the next page (usually doing a URL redirect. Here's where it messes you up. Whenever a redirect is done, apex clears the HTTP header, so the cookie doesn't get to your browser. When the next show page request is handled (as a result of the branch), the function checks if the browser's cookie matches the value in the table. It doesn't.
  The solution will involve having the function not do its thing if a page "submit" is being processed. There might be better ways to detect this but here is some could you could try:    if owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' and
         lower(owa_util.get_cgi_env('PATH_INFO')) = '/f' then ......which would be true for show requests only (f?p URLs). I have to tell you though, that with some of the newer request types (ppr pagination, csv/fop output, on-demand/ajax invoked processes, ...), you may have to tinker quite a bit.
  Also, in your code I see you use the LOGIN_USERNAME_COOKIE cookie to identify the user. This will not be reliable if a user is using the same browser to run more than one application. You really should use v('APP_USER') to identify the user (authenticated or not). And if your user is running multiple apps in the same browser, your other cookie needs a name unique to the application lest one app's cookie overwrites the other's.
  Scott

• Reporting Services through ISA server for All Authenticated Users

  Hello colleagues.
  I have MS SQL 2012 server with Reporting Services and it work via link:
  https://reports2.domain.com/reports
  In LAN all work fine, but I want publish this resource via ISA for All Authenticated Users.
  When in publish rule I configure (in Condition) "All users" - all work fine, but when I configure "All Authenticated Users" - I have trouble on web form on
  https://reports2.domain.com/reports/Pages/Report.aspx?ItemPat...  - scripts not work, because it run how "anonymous" (I see on ISA logging) and ISA block scripts.
  I can't use "All Users", because it's not secure.
  Maybe somebody publish Reporting Services through ISA server for All Authenticated Users?
  OR maybe - how on Reporting Services configure Negotiate authenticated for scripts?

  Hi Alexander,
  All users or applications who request access to report server content or operations must be authenticated using the authentication type configured on the report server before access is allowed. The AuthenticationType named RSWindowsNegotiate is supported
  by Reporting Services. To configure Windows Authentication on the Report Server, please see:
  http://msdn.microsoft.com/en-us/library/cc281253(v=sql.110).aspx
  Besides, we can publish report server via ISA server. Please note that you should use a new web port number with a new listener which shouldn’t be used by other web site for report server. Reference:
  http://social.technet.microsoft.com/Forums/forefront/en-US/1cc68996-1ce6-4d88-a30d-2bfd13fba06e/how-to-publish-ssrs-2008-through-isa-2006?forum=Forefrontedgegeneral
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support
  Katherine thanks for answer.
  Report Server service started as Domain account.
  I have in RSReportServer.config this:
  <Authentication>
  <AuthenticationTypes>
  <RSWindowsNegotiate />
  </AuthenticationTypes>
  <RSWindowsExtendedProtectionLevel>Allow</RSWindowsExtendedProtectionLevel>
  <RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
  <EnableAuthPersistence>true</EnableAuthPersistence>
  </Authentication>
  In web.config I have this:
  <authentication mode="Windows" />
      <identity impersonate="true" />
  I can go (from Internet through ISA) to
  https://reports2.domain.com/reports  and LogOn Authentication is work, but scripts not work, because it run how "anonymous" (I see this on ISA logging) and ISA block scripts.
  Do you know where in Reporting Services configure run scripts with Negotiate authentication?

• How can I stop authenticated users from getting other user's information?

  We recently discovered that it is possible for authenticated users, via KMu2019s details view, to view details about the other users that have access to the same resource as you.  Our portal (7.0 sp15) is used for an external facing web site.  We have secured it against anonymous users but the problem still remains for authenticated users.  Here is an example:
  The KM folder documents\Public Documents has been assigned read permissions for the group Everyone.  An authenticated user can open the URL https://<host>/irj/go/km/navigation/documents/Public%20Documents and a list of folders are shown.  The user can then select the Details from the menu for one of the folders and the Details iview is displayed.  They then select the menu item Settings > Permissions and the users/groups/roles assigned to this folder are shown.  The user can then select a user and view that users name and email address or the user could select a group and view for each member of the group the user id, name, and email address which could then be used to help attack the site.
  So I thought it would be easy enough to disable the details view for all users but content managers or administrators but I seem to running into difficulty. 
  I tried disabling the Details KM command with limited success.  Even with it disabled, if you know the URL for the details component you can still access it.  So it seems the better option is to take away access to the details component.  It seems that the users are getting access to the Details iView from the standard eu_role.  If I remove the iView from this role then all user have no access to the Details in KM.  I tried to add the iView to another role that content managers would have but when logged in with a user that had that other role I still was not able to access the Details iView. 
  This SAP Help document [http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm |http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm ]discusses the eu_role(Standard User role) and it states that
  By default, the Everyone group is assigned to the Standard User role. If you choose to use the other every user roles instead, you need to remove these assignments from the Standard User role and apply them to the Every User Core and Control Center User roles.
    But, when I look at what groups the role is assigned to or what roles are assigned to the Everyone group they donu2019t appear to be linked contrary to what the documentation says.  So, what Iu2019m thinking here is that I can create a copy of this role and remove the Details iView from the original and then assign the copy to the content managers and administrators.  Doing this causes all users to lose access, even the content managers.
  I thought Iu2019d give the Security Zones a try to see if this could help me but when I take away rights from here it still allows access.
  Iu2019m stumped.  Iu2019m sure there is some key piece that eludes me.  What can I do to allow users read only access to some KM folders and files while preventing them from viewing the permission/user details?

  The only 3d party apps are Hazel...
  And that's your problem!
  From the Hazel site's description:
  Hazel watches whatever folders you tell it to, automatically organizing your files according to the rules you create.
  Hazel, is a prefPane so you must have some rule (or it supplied the rule as a default) to put pictures (jpg's) from your Desktop (folder) into your Pictures folder.
  Open your System Preferences and Hazel in there and either turn off Hazel or change or delete the appropriate rule covering this situation.

• Workspace Credential Conflict between Logged-in User and the Authenticated User

  Hi there,
  I am running LiveCycle ES Update1 SP2 with Process Management component on WIN/JBoss/SQL Server 2005.
  I have been encountering user credential conflicts from time to time, but it has not been consistent and the problem manifested in various ways, such as:
  - problem when logging in with error "An error occurred retrieving tasks." on the login screen
  - user logs in successfully but is showing somebody else queue(s) with his/her own queue with no task in there
  - fails to claim task from group queue.
  The stacktrace from the server.log file I collected from a production system shows the exception below.
  Has anybody else encountered the similar problem?
  It looks to me that it doesn't log out cleanly and some kind of caching is done on the authenticated session and is not cleaned up properly on user logout.
  2009-07-10 15:05:13,955 ERROR [com.adobe.workspace.AssemblerUtility] ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
  2009-07-10 15:05:13,955 INFO  [STDOUT] [LCDS] [ERROR] Exception when invoking service 'remoting-service': flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
    incomingMessage: Flex Message (flex.messaging.messages.RemotingMessage)
      operation = submitWithData
      clientId = F3D2CDD0-330F-F00B-C710-5AF3F7CB4138
      destination = task-actions
      messageId = 7E385A6B-E4E6-3A81-CD6A-630DF4FAE5BB
      timestamp = 1247202313955
      timeToLive = 0
      body = null
      hdr(DSEndpoint) = workspace-polling-amf
      hdr(DSId) = F3C38977-171B-7BED-3B16-F3A5FE419479
    Exception: flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
      at com.adobe.workspace.AssemblerUtility.createMessageException(AssemblerUtility.java:369)
      at com.adobe.workspace.AssemblerUtility.checkParameters(AssemblerUtility.java:561)
      at com.adobe.workspace.tasks.TaskActions.callSubmitService(TaskActions.java:788)
      at com.adobe.workspace.tasks.TaskActions.submitWithData(TaskActions.java:773)
      at sun.reflect.GeneratedMethodAccessor941.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at flex.messaging.services.remoting.adapters.JavaAdapter.invoke(JavaAdapter.java:421)
      at flex.messaging.services.RemotingService.serviceMessage(RemotingService.java:183)
      at flex.messaging.MessageBroker.routeMessageToService(MessageBroker.java:1495)
      at flex.messaging.endpoints.AbstractEndpoint.serviceMessage(AbstractEndpoint.java:882)
      at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:121)
      at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
      at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
      at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
      at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:146)
      at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:278)
      at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:315)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:252)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at com.adobe.workspace.events.RemoteEventClientLifeCycle.doFilter(RemoteEventClientLifeCycle .java:138)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:159)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11P rotocol.java:744)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)
  Kendy

  I am having the same server issue and i cant get hold of SP3 to fix it. can anyone tell me how to fix this problem or provided a link where i can get SP3 from? Ive spent most of the day on the phone to Adobe Support and they have been unable to provide me with a link to the service pack.

• Authenticated Users & Users missing from Root

  Hello,
  Environment: MDT 2013, 2008 R2, Windows 7 x86.  MDT is located on Windows 7 x86 and is not integrated with SCCM or WDS.
  Process: Separate build, capture, and deployment task sequences.
  Problem:  After deployment the Authenticated Users and local Users are missing from the root (e.g., c:).  The only security permissions assigned to the root are SYSTEM, domain account, Local Administrator.
  This causes problems once joined to a domain due to the fact Authenticated Users have no permissions forcing a given user to have a temporary account.  So far, only a partial workaround is identified and is undesirable in the long-run.  The workaround
  is to manually add Authenticated Users as well as the Local Users to the root and delete the domain account but the system will only allow partial inheritance through the file structure.  Delete all entries for a particular user in the registry (e.g.,
  PolicyGUID, ProfileGUID, ProfileList).  Afterwards, log in to the machine with an account within the domain administrator group.
  Additional information shows the registry Profilelist entries for a user maintains partial access with a value of 204; this includes the user and a domain account within the administrator group.  The domain account present after deployment has a value
  of 0.  Two accounts have the expected value of 256 and they are the local and domain administrator account.
  Also, if the same image is deployed using the PE environment the accounts are as they should be.  The groups added are: Authenticated Users, Localmachine\Users, SYSTEM, Localmachine\Administrators.
  The questions are: why would the Authenticated Users and Local Users accounts be missing?  Why is the account used to deploy added?
  Help is very appreciated, and thank you.

  Hello, Nicholas the sysprep and capture is completed by a default template from MDT LTI sequence.  The answer file used is the default provided by MDT.  No attempt is made to capture from winpe because this simply negates the point of the MDT process. 
  However, applying the same image from winpe there are no permission issues and all the appropriate groups are assigned to the root.
  With returning to the office this fine morning, I ran icacls on a machine:
  C:\Users\Administrator>icacls c:\
  c:\ No mapping between account names and security IDs was done.
  (I)(OI)(CI)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(F)
  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)
  Successfully processed 1 files; Failed processing 0 files
  Thank you for the continued effort, Nicholas.  With the additional icacls information I will delve into the general error provided.

• OID and Authenticated Users

  Is there a way to tell if a user has authenticated with OID? Example a shadow group of OID users that the person becomes a member of automatically when the user logs in and then looses membership when their session expires or they log out? I am running into cases where I want access to things granted based solely on authenticated or not but I have yet to find a way to do inside of BI Publisher's permissions structure other than the use of such a group. I noticed the AUTHENTICATED_USERS group but tests revealed that it is not working as required. Any sugestions?

  BIP authorization model is user -> roles -> folders -> reports. When integrated with LDAP-compliant directory (such as OID), a BIP role translates to a directory group and vice versa: http://download.oracle.com/docs/cd/E12844_01/doc/bip.1013/e12188/T421739T475591.htm
  The case of reports that need to be restricted to the specific user group implies that you create this particular group (say Sales) in the directory and BIP makes it a role. So now you've got role "Sales" in BIP, you assign folders A, B and C to that role and publish reports for Sales to those folders.
  The case of reports that need to be available to all authenticated users is a little harder. If you only need online reports (no Excel Analyzer or Online
  Analyzer), you may be in luck. BIP standalone gives all authenticated users a built-in role that allows them to view online reports (and do nothing else). BIP enterprise - not sure. A more 'portable' solution is to create a group Everyone in the directory and add users to it. This will get tedious for a lot of users but you can do it with a script. Perhaps there's a better solution - inquire in the BIP forum (BI Publisher

• Sending email Agent/iBot OBIEE 11 G

  Hello,
  I've a problem. I create an Agent, configure in Analytics and in em, but the agent didn't send the email. The error is:
  AgentID: /shared/POC/Agente
  [nQSError: 75005] Failed to send AUTH command. 5.7.8 Error: authentication failed: UGFzc3dvcmQ6 AgentID: /shared/POC/Agente
  ...Trying SMTP Delivery loop again... Sleeping for 6 seconds. AgentID: /shared/POC/Agente
  [nQSError: 75005] Failed to send AUTH command. 5.7.8 Error: authentication failed: UGFzc3dvcmQ6 AgentID: /shared/POC/Agente
  ...Trying SMTP Delivery loop again... Sleeping for 8 seconds. AgentID: /shared/POC/Agente
  [nQSError: 75005] Failed to send AUTH command. 5.7.8 Error: authentication failed: UGFzc3dvcmQ6 AgentID: /shared/POC/Agente
  ...Trying SMTP Delivery loop again... Sleeping for 8 seconds. AgentID: /shared/POC/Agente
  [nQSError: 75005] Failed to send AUTH command. 5.7.8 Error: authentication failed: UGFzc3dvcmQ6 AgentID: /shared/POC/Agente
  Exceeded number of SMTP delivery retries.
  Can anyone give a hand in this?
  Ty
  Edited by: lucas rehem on 13/10/2010 10:44

  The answer is simple. I just didn't pay attetion ... The problem is the Authentication. I had configured all correctly but, my email server just was wrong. I just enter in http:/yourip:7001/em , enter in core application, implementation and email, and correct my configuration. After this I restarted the BI Service and the Agent/iBot send with sucess the email and the Graph.

• Get authenticated user name (HTTP basic auth)

  Hi.
  How can I get the authenticated user name from a BPEL process when the service is protected with HTTP basic auth?
  I'm running SOA Suite 11.1.1.5.
  Thanks in advance.
  Mick

  Doh! Ok So I've added a SOAP Handler to automatically add the username and password for the HTTP Basic Auth.
  All in all does this setup sound right?

• Problem: SMTP Authenticated Users Blocked By RealTime Blacklists

  Running Server 10.5.2
  I have the following RTBLs in the server setup
  bl.spamcop.net
  zen.spamhaus.org
  I have several remote users on cable connections who connect to the SMTP service and authenticate using their login and password. When they try to send email, the RTBLs block them from being able to relay mail even though they are authenticated users.
  Shouldn't Authenticated users bypass any RTBLs which are defined?
  Is there any way to fix this major program (Major problem for me anyways)?
  Message was edited by: ch0b1ts2600

  You can add the IP of you remote users to the list at 'Accept SMTP relays from these hosts and networks' under the Mail > Relays tab of Server Admin. Unfortunately for those users with dynamic IP addresses you may find yourself inserting a range of IPs like "66.214.80.0/20".
  It's a lot easier than constantly trying to remove their IP from the Spamhaus RBL list.