Authorization access failed

Hi Experts,
I am trying to do the Reversal of PGI. Using VL09 I entered the document num and tried execute REVERSAL. System was throwing an error " You are not authorised to reverse goods issue for shipping point XXX". Then I tried SU53 checking my authorization.I find no information except ''Authorization check failed''. Can you please help me find some solution for this.
Thanks in Advance,
Kanna.

Hi,
On the node after Authorization check failed, you will see the object class, authorization object, etc.
Just capture these info and forward to Basis team to added into your user id.
Cheers.

Similar Messages

  • ADFC-0619: Authorization check failed

    I am running JDeveloper 11.1.2.4
    ADF Security is enabled for the application.
    Security model is ADF Authentication and Authorization.
    I have created roles for employee, manager and admin.
    The roles are used to hide/display menu items and to allow/disallow access to task flows.
    I have dozens of task flows and this approach has worked well for some time.
    I added a new task flow that is accessible only to the admin role. The menu item is rendered only if the user is in the admin role. View access to the task flow is only granted to the admin role.
    As with new task flows in the past, I created and deployed an .ear file on my stand alone WLS. I then tested the functionality. This works as expected.
    I then gave the .ear file to our system admin to deploy on the sun server WLS. The deployment went fine but when I log in as an admin user and try to access the new menu item and task flow, the menu item is rendered but it says that the user is not authorized for the task flow.
    ADFC-0619: Authorization check failed: '/WEBINF/PlnDollarsSpentLineGraphTF.xml#PlnDollarsSpentLineGraphTF' 'VIEW'.
    Since the menu item is rendered I know that the user is assigned to the admin group. Access to all other menu items and task flows in the application is correct. Only having a problem with the new task flow.
    It would appear that the problem is with the .ear file rather than WLS. However, it works fine on my stand alone WLS and I looked at the jazn-data.xml file in the .ear file. It looks normal. The entry for the task flow looks like all the other task flow entries.
    Any ideas?
    Thanks for your help, Steve

    I examimed the system-jazn-date.xml file and found that the entry for the new task flow did not make it from the jazn-data.xml file into the system-jazn-data.xml file. I had the server system administrator do the deploy a second time. This time the system-jazn-date.xml file was updated properly and the new functionality is working.
    If anyone has an idea why system-jazn-date.xmp did not get updated in the first deployment I would be very interested.
    Thanks, Steve

  • ADFC-0619: Authorization check failed implementing popup through taskflow

    Hi All,
    I receive the error ADFC-0619: Authorization check failed: '/WEB-INF/main-task-flow-template.xml#main-task-flow-template' 'VIEW'. when accessing the taskflow that will show as a popup as described in this blog: http://andrejusb.blogspot.com/2013/03/reusable-adf-region-with-dialog.html. I created a sample application and I have it working as expected.  The sample app has no security configured.  When I put the functionality into our main app the error occurs.  I have checked the jazn-data.xml and have granted a role to both the task flow and the web page.
    Our app is setup where I have a task flow template that most taskflows inherit from.  The calling page is inherited from the template which uses page fragments.  The taskflow for the popup is not inherited from the template and does not use page fragments.
    I am using 11.1.1.6.  The error happens when deploying to the Integrated server as well as a local WLS.  I read a few forum posts on this subject and some folks removed the anonymous role.  I have this role defined but is is only used for my login page so I don't want to remove it from there.
    Appreciate the help as this is blocking me from working on the functionality within the popup.
    Thank you - Rudy

    Resolved.  Our Application is setup as described by Jobinesh in the book "Oracle ADF Real World Developer's Guide".  In this case we have a separate application called "Common", within that we have projects for the ADFFrameWorkExtension, CommonModel, CommonUtilities and CommonUI.  The CommonUI project contains the main-task-flow-template and errorPage.jsff as well as the MainTemplate.jspx.  Each of these projects are deployed as a jar and imported into the main project.
    In the jazn-data.xml under Resource Grants, Resource Type = Task Flow, check the option to "Show task flows imported from ADF libraries".  This showed the main-task-flow-template which I granted the anonymous-role view action.
    When I run it now shows the popup.

  • Web Composer Admin Customization:'Authorization check failed' error

    Hi,
    The purpose of Web Composer Admin Customization is to enable the administration link in the UI pages so that the administrator will be able to customize the pages.
    The steps to be followed to enable admin customization in the required pages are given in the following link under the subheading 'Web Composer Admin Customization':
    https://stbeehive.oracle.com/teamcollab/wiki/Fusion+Applications+Technical+Architecture:Enabling+Customizations
    I ensured that:
    The jazn-data.xml file has a privilege role "FND_VIEW_ADMIN_LINK_PRIV", and a grant to access the admin menu.
    A duty role "FND_ADMINISTRATION_LINK_VIEW_DUTY" had been defined, and was a member of FND_VIEW_ADMIN_LINK_PRIV.
    The FND_ADMINISTRATION_LINK_VIEW_DUTY is inherited by the administrator enterprise role.
    A new privilege role (Customize <Family> UI) had been created.
    I then granted the 'customize' and 'personalize' actions on the pages and the corresponding task flows (for which customization had to be enabled) to the new privilege role.
    Also, ensured that:
    A new app role (Customize <Family> UI) was created and was a member of the new privilege role. The app role was inherited by the administrator enterprise role.
    The testing administrator role has both the administrator enterprise role and the enterprise role that has view access to the page.
    Now, when i tried to run one of the pages (for which customize and personalize actions were granted to the new privilege role) from JDeveloper, i got the following error:
    oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d94f3e' 'VIEW'.
    at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:180)
    at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:160)
    at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:114)
    at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:632)
    at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:669)
    at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:447)
    at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:46)
    at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:531)
    at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
    at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
    at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:124)
    at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:70)
    at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:398)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:185)
    When i granted the view action on the page ( in addition to the customize and personalize actions) to the new privilege role and ran the page from JDeveloper, the page came up fine but the administration link that is supposed to appear was not seen.
    Can any of you please provide suggestions regarding the cause of the above error and how i should go about debugging it.
    Thanks,
    Rohan

    Posted it in the forum suggested by Frank.

  • ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormD

    JDev version : 11.1.1.4
    WLS : 10.3.4
    Hi All,
    Recently we have migrated JDev from 11.1.1.3 to 11.1.1.4 and WLS from 10.3.3 to 10.3.4. We had security enabled in our application and use to work without any issues in our previous version (before migration). We are getting below error after migration and not able to access our application.
    Error 500--Internal Server Error
    oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d856cd' 'VIEW'.We get this exception as soon as log in is successful. We have tried with different users including administrator who has complete permissions but got same exception. Note that same application is working in previous version.
    Please help us in resolving this issue. Below I have mentioned complete stack trace.
    More details:
    Policy store : jaxz-data.xml
    Identity store : integrated WLS LDAP
    WLS : standalone WLS
    Error 500--Internal Server Error
    oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d856cd' 'VIEW'.
    at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:180)
    at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:160)
    at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:114)
    at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:632)
    at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:669)
    at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:447)
    at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:46)
    at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:531)
    at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
    at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
    at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:124)
    at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:70)
    at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:398)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:185)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
    at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)Thanks,
    Ravindra

    What we observed is that non of our application security policies are getting migrated to system-jazn-data.xml file during deployment. This was working in previous version.
    weblogic-application.xml file contents:
    <?xml version = '1.0' encoding = 'windows-1252'?>
    <weblogic-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-application http://www.bea.com/ns/weblogic/weblogic-application/1.0/weblogic-application.xsd" xmlns="http://www.bea.com/ns/weblogic/weblogic-application">
      <xml>
        <parser-factory>
          <saxparser-factory>oracle.xml.jaxp.JXSAXParserFactory</saxparser-factory>
          <document-builder-factory>oracle.xml.jaxp.JXDocumentBuilderFactory</document-builder-factory>
          <transformer-factory>oracle.xml.jaxp.JXSAXTransformerFactory</transformer-factory>
        </parser-factory>
      </xml>
      <application-param>
        <param-name>jps.credstore.migration</param-name>
        <param-value>OVERWRITE</param-value>
      </application-param>
      <application-param>
        <param-name>jps.policystore.migration</param-name>
        <param-value>OVERWRITE</param-value>
      </application-param>
      <listener>
          <listener-class>oracle.communications.brm.pdc.server.common.PricingApplicationLifeCycleListener</listener-class>
      </listener>
      <listener>
        <listener-class>oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener</listener-class>
      </listener>
      <listener>
        <listener-class>oracle.mds.lcm.weblogic.WLLifecycleListener</listener-class>
      </listener>
      <listener>
        <listener-class>oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener</listener-class>
      </listener>
      <listener>
        <listener-class>oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener</listener-class>
      </listener>
      <library-ref>
        <library-name>adf.oracle.domain</library-name>
      </library-ref>
      <library-ref>
        <library-name>oracle.jsp.next</library-name>
      </library-ref>
    </weblogic-application>

  • ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef

    JDev version : 11.1.1.4
    WLS : 10.3.4
    Hi All,
    Recently we have migrated JDev from 11.1.1.3 to 11.1.1.4 and WLS from 10.3.3 to 10.3.4. We had security enabled in our application and use to work without any issues in our previous version (before migration). We are getting below error after migration and not able to access our application.
    Error 500--Internal Server Error
    oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d856cd' 'VIEW'.
    We get this exception as soon as log in is successful. We have tried with different users including administrator who has complete permissions but got same exception. Note that same application is working in previous version.
    Please help us in resolving this issue. Below I have mentioned complete stack trace.
    More details:
    Policy store : jaxz-data.xml
    Identity store : integrated WLS LDAP
    WLS : standalone WLS
    Error 500--Internal Server Error
    oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d856cd' 'VIEW'.
         at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:180)
         at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:160)
         at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:114)
         at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:632)
         at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:669)
         at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:447)
         at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:46)
         at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:531)
         at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
         at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
         at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:124)
         at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:70)
         at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:398)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:185)
         at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
         at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
         at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)

    Usually, the security policy of the application is bundled in the EAR file. When you deploy the application the security policy is automatically migrated (e.g. added) to domain's security policy repository (e.g. <tt>system-jazn-data.xml</tt> file, if neither LDAP or DB repository is used). Also when you undeploy an application its security policy is removed from domain's security policy repository.
    My practical experience says that both of these happen only if the application has been targetted to WLS domain's admin server (i.e. if the application is targetted only to managed servers but not to the admin server, then the security policy is neither migrated nor removed).
    The trick I apply is to do the following:
    (1) Target and deploy the application to the admin server (so the security policy is migrated into <tt>system-jazn-data.xml</tt>);
    (2) Copy the migrated application's policy section from <tt>system-jazn-data.xml</tt> to the clipboard;
    (3) Undeploy the application from the admin server (the security policy is removed from <tt>system-jazn-data.xml</tt> in result);
    (4) Paste the security section back into <tt>system-jazn-data.xml</tt> file and save it;
    (5) Deploy the application to managed servers;
    (6) Restart the servers.
    (It is not necessary to undeploy the application at step 3, it is enough to remove the admin server from application's targets).
    I am not sure that this is the right approach, but it works and I have not found anything in the documentation about this topic.
    One more thing - the automatic migration of the security policy that is included in the EAR is controlled by the following parameter in <tt>weblogic-application.xml</tt> file:
    <application-param>
        <param-name>jps.policystore.migration</param-name>
        <param-value>OVERWRITE</param-value>
    </application-param>The policy is not migrated if this parameter is not set.
    If you deploy the application from JDeveloper, it will not be necessary to set this parameter in <tt>weblogic-application.xml</tt> manually because JDeveloper will do it for you. Just open the Application Properties dialog in JDev, go to page "Deployment" and check the checkbox "Application Policies". Then JDeveloper will automatically add this parameter into <tt>weblogic-application.xml</tt> file within the EAR files generated from this time onwards (do not be confused that it will not be added to the file in the IDE).
    Dimitar

  • Error "NOTICE: [0] disk access failed" during guest domain network booting

    Hi,
    Could you please tell me what is the problem with my configuration?
    I created guest domain on my T1000 server.
    As a disk I used disk from disk array: /dev/dsk/c0t18d0
    I added disk using commands:
    # ldm add-vdsdev /dev/dsk/c0t18d0 vol1@primary-vds0
    # ldm add-vdisk vdisk1 vol1@primary-vds0 myldom1
    # ldm set-variable auto-boot\?=false myldom1
    # ldm set-variable boot-device=/virtual-devices@100/channel-devices@200/disk@0 myldom1
    Then I logged to guest domain and booted from network to install OS from JumpStart server:
    {0} ok boot net - install
    Boot device: /virtual-devices@100/channel-devices@200/network@0 File and args: - install
    Requesting Internet Address for 0:14:4f:f9:78:19
    SunOS Release 5.10 Version Generic_137137-09 64-bit
    Copyright 1983-2008 Sun Microsystems, Inc. All rights reserved.
    Use is subject to license terms.
    Configuring devices.
    NOTICE: [0] disk access failed.
    Checking rules.ok file...
    Using begin script: install_begin
    Using finish script: patch_finish
    Executing SolStart preinstall phase...
    Executing begin script "install_begin"...
    Begin script install_begin execution completed.
    ERROR: No disks found
    - Check to make sure disks are cabled and powered up
    Solaris installation program exited.
    Configuration:
    [root@gt1000a /]# ldm list-bindings
    NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
    primary active -n-cv- SP 4 2G 0.5% 2h 23m
    MAC
    00:14:4f:9f:71:4e
    HOSTID
    0x849f714e
    VCPU
    VID PID UTIL STRAND
    0 0 5.3% 100%
    1 1 0.5% 100%
    2 2 0.5% 100%
    3 3 0.4% 100%
    MAU
    ID CPUSET
    0 (0, 1, 2, 3)
    MEMORY
    RA PA SIZE
    0x8000000 0x8000000 2G
    VARIABLES
    keyboard-layout=US-English
    IO
    DEVICE PSEUDONYM OPTIONS
    pci@780 bus_a
    pci@7c0 bus_b
    VCC
    NAME PORT-RANGE
    primary-vcc0 5000-5100
    CLIENT PORT
    myldom1@primary-vcc0 5000
    VSW
    NAME MAC NET-DEV DEVICE DEFAULT-VLAN-ID PVID VID MODE
    primary-vsw0 00:14:4f:fa:ca:94 bge0 switch@0 1 1
    PEER MAC PVID VID
    vnet0@myldom1 00:14:4f:f9:78:19 1
    VDS
    NAME VOLUME OPTIONS MPGROUP DEVICE
    primary-vds0 vol1 /dev/dsk/c0t18d0
    CLIENT VOLUME
    vdisk1@myldom1 vol1
    VCONS
    NAME SERVICE PORT
    SP
    NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
    myldom1 active -n---- 5000 12 2G 0.1% 2h 18m
    MAC
    00:14:4f:f9:e7:ae
    HOSTID
    0x84f9e7ae
    VCPU
    VID PID UTIL STRAND
    0 4 0.5% 100%
    1 5 0.0% 100%
    2 6 0.0% 100%
    3 7 0.0% 100%
    4 8 0.0% 100%
    5 9 0.0% 100%
    6 10 0.0% 100%
    7 11 0.0% 100%
    8 12 0.0% 100%
    9 13 0.0% 100%
    10 14 0.0% 100%
    11 15 0.0% 100%
    MEMORY
    RA PA SIZE
    0x8000000 0x88000000 2G
    VARIABLES
    auto-boot?=false
    boot-device=/virtual-devices@100/channel-devices@200/disk@0
    NETWORK
    NAME SERVICE DEVICE MAC MODE PVID VID
    vnet0 primary-vsw0@primary network@0 00:14:4f:f9:78:19 1
    PEER MAC MODE PVID VID
    primary-vsw0@primary 00:14:4f:fa:ca:94 1
    DISK
    NAME VOLUME TOUT DEVICE SERVER MPGROUP
    vdisk1 vol1@primary-vds0 disk@0 primary
    VCONS
    NAME SERVICE PORT
    myldom1 primary-vcc0@primary 5000
    [root@gt1000a /]#
    Kind regards,
    Daniel

    Issue solved.
    There was a wrong disk name:
    primary-vds0 vol1 /dev/dsk/c0t18d0
    I changed to c0t18d0s2 and now I sucessfuly installed OS from Jumpstart.

  • Disk Access Failed while Installing Solaris Container.

    I have setup 5 guest domains together with the Control Domain.
    $ ldm list
    Name State Flags Cons VCPU Memory Util Uptime
    primary active -t-cv SP 4 4G 0.8% 2d 2h 15m
    secondary active -t--v 5000 4 2G 0.5% 3h 5m
    dmz active -t--- 5001 8 2G 0.0% 46m
    sunray inactive -----
    application inactive -----
    identity active -t--- 5002 4 4G 0.1% 1h 2m
    In each of the guest domain, I plan to install a number of Solaris Containers to run different applications. While installing one Solaris container (zoneadm �z <zone name> install) in dmz domain, I start the installation/configuration (either zoneadm �z <zone name> install or zlogin �C <zone name>) of another Solaris container in identity domain. Everything starts OK until half way I get an error message as follow:
    Jun 13 18:33:16 dmz vdc: NOTICE: [1] disk access failed.
    The installation of the Solaris Container in dmz halts as soon as I see the message above. Nothing will work except a force stop in the Control Domain using ldm stop �f dmz and restart.
    What happen to the Solaris Container installation/configuration in identity domain? It either continues the process without error or fails with the same error message shortly after. For example,
    Jun 13 18:33:24 identity vdc: NOTICE: [1] disk access failed.
    The vdisks for each guest domain are setup by following the steps on section �Using ZFS Over a Virtual Disk� in LDoms 1.0 Administration Guide. Each guest domain is booted from a disk image in the Control Domain and has two 9GB data vdisks (mapped to two physical 9GB disks on A5200 disk array) running ZFS striping. Each guest domain vdisks are serviced by a separate vdisk server.
    Any idea?

    I am not sure if multiple virtual disk servers are officially supported under current LDoms release.
    I had tried using only one virtual disk server. The same problem exhibited. I thought may be the vds was not able to keep up with the virtual disk I/O. That's why I setup multiple vds.

  • Service-module g2/0 session access fails

    I did not add a vty/telnet password when I initially configured my NME-X-23ES-1G switch in my 3825 router. Now, of course I can not telnet to the switch, but the session access fails as well. How do I recover this?
    Config in 3825:
    interface GigabitEthernet2/0
    ip address 106.40.x.x.255.255.0
    Attempt to access switch module:
    3825_Router2#service-module g2/0 sess
    Trying 106.40.77.254, 2130 ...
    % Connection refused by remote host

    The default configuration for Cisco EtherSwitch service modules allows an end user to recover from a lost password. The password recovery disable feature allows the system administrator to protect access to the switch password by disabling part of this functionality and allowing the user to interrupt the boot process only by agreeing to set the system back to the default configuration. With password recovery disabled, the user can still interrupt the boot process and change the password, but the configuration file (config.text) and the VLAN database file (vlan.dat) are deleted.
    The following document shows how to recover from a lost or forgotten password.
    http://www.cisco.com/en/US/products/hw/modules/ps2797/products_feature_guide09186a0080415bae.html#wp1776357

  • Authorization check failed

    hello experts!
    i created a program via smartforms but when my user try to generate a printed form an error message appear than FORM
    cannot be displayed. when i check Tcode: SU53 Authorization check failed.
    Object Class HR Human Resources
    Authorization Obj. P_ABAP  HR Reporting\
    Authorization Field COARS Degree of simplification for authorizaton check       1
    Authorization field REPID ABAP program name     ZHRPY00018C
    Please help on this one...
    How to fixed this
    Thank you

    hello...
    actually this report has 2 display a List display and via smartforms...
    we laready add this program  in her authorization profile... the only problem
    is when she try to generate the report via smartform she cannot produced the
    the output print docu. because an error appears that my FORM cannot be display.
    But when i check it in the development i can produced a test document.
    please help...

  • Authorization Check Failed for HR P_ORGIN on VDSK1

    Hi Experts,
    We have an issue where an HR secretary is making an address change to an employee via pa30.  She is successfully able to save the change with no warning on the screen.  However, when we run /nsu53 immediately after, we see that there was an authorization check failed.  The check failed is in class HR, object P_ORGIN.  The field is VDSK1.  We have values defined there, whereas SAP is requesting a *.  We do not want to use the *, but the value in VDSK1 is correct and should not be failing.
    Anyone ever see this issue before?
    Thanks
    Shane

    Hi Shane,
    Since the secretary was able to save the record I assume there is no issue with the role. SU53 always shows last failed authorisation check. Even if transaction has been succesful you normally find failed authorisation checks from SU53. In your case I assume that PA30 checks first that if user happens to have P_ORGIN with * value in VDSK1. If not then it checks employees infotype 0001 and organisational key and tries to match that to the value in the role. If you pass this check SU53 will still show failed check where VDSK1=*.
    So this is normal behaviour for SU53 and nothing to be worried about. Annoying is when SU53 gives something sill as last check after error. Annoying are SU53 reports from users to add S_DEVELOP with Debug object because programmer has decided to leave break-point to program.
    cheers, s

  • All Office 2010 applications (except Access) Fail to Open - Operation has been cancelled error

    Hi,
    I have a strange issue on a Win 7 PC with Office 2010 Pro Plus 32bit installed. All applications except Access fail to open with the following error 'The operation has been cancelled due to restrictions on your computer'. 
    This is whilst logged on as the domain administrator. I have seen forums mentioning this effects hyperlinks within Outlook and the fix is to make IE the default and reinstall Chrome. I have tried this to no avail.
    I have tried running a repair and completely re installing Office.
    Any advise would be greatly received.
    Thanks
    Ed

    You have a completely different symptoms, even though the error message is the same.
    Could you please try to right click and run Office application as administrator?
    If it works in this mode, this issue is caused by permission setting. Double-check whether your account gets the enough permission to read/write the C drive. If no, add your account to Administrators group or directly add the security permission for your
    account on Drive C.
    Thanks,
    Ethan Hua CHN
    TechNet Community Support

  • "ADFC-0619: Authorization check failed" on standalone WLS10.3.2

    Hi,
    After migrating from 11.1.1.1.0 to 11.1.1.2.0 we run into the following authorization problem:
    ADFC-0619: Authorization check failed: 'pages/UIShell.jspx' 'VIEW'. (as popup, logging at debug level doesn't give more info)
    This error occurs after the user has logged in with correct username/password, and continues from Home.jspx to UIShell.jspx.
    - When testing with JDeveloper on embedded WLS, everything works fine. But as soon as we deploy to standalone WLS 10.3.2, this problem starts.
    - We checked jazn-data.xml on the standalone WLS, but it no missing parts there compared to the 11.1.1.1.0 deployment version.
    - A difference between embedded WLS and standalone WLS is that for the standalone we use LDAP for user authentication. We had this setup working on 11.1.1.1.0, so what has changed?
    A similar situation is described here:
    ADF 11g security: deploy to WebLogic 10.3.1
    Any clues or directions?
    Thanks alot,
    Gerben

    I found a workaround for my problem. Because we're using custom authorization (JHeadstart) in our applications, we don't need adf authorization. So I've just simply set authorizationEnforce to "false" in adf-config.xml, which works in our case.
    Following blogposts helped alot:
    http://hardnoxjava.blogspot.com/2009/02/how-we-handled-adf-security.html
    http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html
    -- Gerben

  • HCM Transfer process - Authorization Check Failed

    Hi All
        We are trying to run the Standard Transfer  process of HCM . We are trying to run the tcode u201C HRASR_TEST_PROCESSu201D  Can anybody Tell us what authorization objects does a user  require to run this process if the user does not have SAP_All Authorization.
    We have already added u201CP_ASRCONTu201DAuthorization object  as suggested by sap .
    We are failing in some HR authorization check but we have already added the same in useru2019s profile and it has already been genereated . 
    Note : We have already ran this process with SAP_All Authorization and it ran succesfully . Employee was Succesfully transferred to the new position .
    Please check the shreen  shots (click the links) below to get an idea of the problem .
    Authorization Check Failed :
    Link : [http://www.mediafire.com/?edtznzkmdm0]
    Process flow :
    Link : [http://www.mediafire.com/?ytxz3wlmjiz]
    Please click on " Click here to start download.. "  to check the screenshots.

    Hi, Mr. Joe Bo.
    Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
    Basis Patch - 15, Kernel 159
    I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
    Thanks & Regards
    Venkatesan J

  • Error burning DVD: Access failed

    When trying to burn a project to DVD in Premiere Elements 9, I get an error message that reads "Access failed: Unable to access location Sequence 01\ for creating temporary burning files."  I assume I need to change something either in Premiere Elements or on my PC but I don't know what.  Any recommendations?

    OK, that shows that there is some problem with your I/O sub-system, i.e. your HDD's. Could be as simple as just some permissions, etc., in the OS, or could well be something else.
    Can you list the full details of your HDD's, their size, speed, controller type, amount of free-space on each, and how you have them allocated?
    Also, what is your OS? If Windows, please let us know the version and also whether it's 32-bit, or 64-bit.
    Good luck,
    Hunt

Maybe you are looking for

  • Cash Purcahse process in SAP

    Hi SAP Gurus, Can y help how we can best way handle cash purchase case where total purchase value is very less and our concern purchase section don't want to create order. My requirement is that stock updation as well as vendor payments should be don

  • Centralise System Landscape Directory

    First off, I'd like to say Happy new year everyone..... especially those that assisted me in 2005! We are having problems transporting through CMS due to having three SLDs - XI3.0 sp12, oracle 9.2.0.6 and windows 2003 cluster. I have tried exporting

  • Showing my own styleClass in Property inspector styleClass combo

    I have created my own styleSheets with my own new class and I'd like to select it in the styleClass combo into Property inspector. Is there any way of achieving it? Thanks Carlos

  • Non-root wireless bridge speed issue

    I have a wireless bridge connecting two buildings, using Cisco Aironet 1262's. The root Bridge allows for bonding 2 channels on the A radios and talks at 40MHz, the non-root does not alloow me to do this configuration in the gui, and the band width i

  • Removing space in "Others" category in iTunes?

    So this afternoon I tried removing all my apps in my iPad and resyncing all of them again, added a new app to be sync and stopped the syncing so I could sync them all. Then about 200mb of Other space appeared in the space of my iPad. Tried restoring