Authorization Query
Hello, I have created a dashboard in Dashboard design but using old BW connection. I gave my user a link after executing it on my side. When she tried to click on the link, it gave an error message saying "User XXXX is not authorized to execute Dashboard XXXX". Do you know what type of authorization is required?
Thanks.
Hi
You need some pre-requisite authorizations to access SAP BW data.
To run the BO reports against SAP BW system, end uses required below minimal set of authorizations in the SAP BW system.
Please find the below link for more info.
http://scn.sap.com/community/semantic-layer/blog/2014/06/19/pre-requisite-authorizations-in-sap-bw-side-before-develop-the-universe
Similar Messages
-
BW Authorizations - Query variable with processing mode as "customer exit"
Hi,
Iam new to BW authorizations and have not yet worked on customer exit before. I was going through the documentation at various sites but I could not get the end to end description on how the query process( when using a variable for an InfoObject) works in case of customer exit.
Let's assume that I am using a query variable with processing mode as "customer exit" and at the exit I write some code to extract user's authorizations from a z table. if this is the case, then when an end user runs a query,how will the the system know what value needs to be filled in the variable for the requesting user. Are the user details also sent to the code along with the query variable? If so how. If I mis-understood the process then forgive me and let me know the correct process.Hi!
welcome to SDN!
customer exit variables need programing by user. so if you create a customer exit variable, you got to right a program which extracts values into this variable. we can do what ever we want in program, SAP will not deal anything ´with customer exits.
with regards
ashwin
PS n: Assigning point to the helpful answers is the way of saying thanks in SDN. you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user. -
User authorization query/report
Has anyone determined a method of printing a query or report of all authorizations for a user? From reading SOX requirements, this appears to be standard in almost every company yet there does not appear to be a way to do it in Business One.
Hi,
if you want to print all authorization for all users so I think that the only way is do it through tables and sql query. The base table is HEM5.
hope it helps
Petr -
BEx Analyzer / authorizations / query search
Hello everyone
Today I have a problem with my authorizations for the the BEx Analyzer.
The technical name of my InfoArea is VCOPA.
I have a number of queries with the technical name VCOPA_MM001 / VCOPA_M01_X0001 / and so on.
When I open the BEx analyzer and search for queries (wildcard *) I get only my queries with the technical name VCOPA. So far so good... Unfortunately the Bex search results display additionally several query views (like 0D_DX_M01_Q0001_V05) and that is bad. So how can I stop this?
My authorization settings:
S_RS_COMP
ACTVT: 03, 16
RSINFOAREA: VCOPA*
RSINFOCUBE: VCOPA*
RSZCOMPID: VCOPA*
RSZCOMPTP: QVW, REP
S_RS_COMP1
ACTVT: 03, 16
RSZCOMPID: VCOPA*
RSZCOMPTP: QVW, REP
RSZOWNER: *
Thanks in advance..
Regards, Alex
Edited by: Alexander Stettler on Mar 5, 2010 2:50 PMThe roles are customized...
In addition to the listed authorization objekts (s_rs_comp / s_rs_comp1) I have the following objekts in use:
S_RFC
ACTVT : 16
RFC_NAME: *
RFC_TYPE: FUGR
S_TCODE
TCD: RRMX
S_GUI
ACTVT: 60, 61
S_USER_AGR
ACTVT: 03
ACT_GROUP: *
S_RS_AUTH
BIAUTH: 0BI_ALL
S_RS_FOLD
SUP_FOLDER: X
S_RS_XCLS
ACTVT: 16
RSXCLSID: VCOPA*
RSZOWNER: *
Edited by: Alexander Stettler on Mar 10, 2010 11:25 AM -
Hi Experts,
I need to copy user authorizations from one database to the same user in another database.
Is theere maybe a query that I can run to do this?
Appreciae the help.
Thank you.Use the copy express add on to copy authhorizations from one database to another database.
it is not recommended to use sql to copy authorizations and SAP has not given the right to get the auhtorization table,
so use copy express addon.
this will solve ur problem. -
Hi All,
I am having a report in which I am displaying data about the materials, description their cost etc.
Now my requirement is to check the authorization for the person executing the report.
Here , there are two plant and i have to restrict the person from the other plant from executing the report for the plant to which he doesnt belong for example there is a person ABC in plant 123 and a person DEF in plant 456.
Now ABC should not be able to run the report for plant 456 and DEF should not be able to run the report for plant 456.
Please suggest what should be the approach for this??
Thankshi,
Go to su21 and check the authority check for the plant
this has to be done by the basis guy as per the recoommendatuions of the SAP Security guy on the client side. you use the authorization obejct for P_WERKS
and they will manage the same
Regards
Shiva -
Hi,
Iam working in SAP Authorization team. Recently we had one issue, and it is long days back we have added one single role to many of the composite roles. But suddenly last week that single roles got deleted in some of the composite roles only from production system.
Could you tell me how it is happened?
Thanks!> This is because one of your team member have transported the single role with the same role name frm development to production unknowingly thats reason it been overwritten in prd server
Then I think the changes should reflect even in DEV & TEST as well. But here the issue is only in PRD which is very surprising.
Regards, -
HI
Let's say I have created a collaboration folder for one of my shopping cart . By default, my user id will be assigned administrative role to the cfolder . However , I would like to remove my userid in the cfolder authorization and in place assign roles to the cfolder . Anyone has any idea to go abt it ?Hi,
I've the same problems and I've done the activities you have written, but the results was bad.
With authomatic creation of collaborative area (by the bidder that create a response to a Bid Invitation), the only method triggered is COL_WORKAREA_CREATE_POST.
Moreover, the probles are in the authorizations gives to the single users: the system inherit the same from public area and it's impossible (for me) to remove single authorizations from private area.
CFX_ACO_API_ACTIVITIES_SET and CFX_ACO_API_ACTIVITIES_RESET work with ID of public area (top most level).
Could you please give me a solution ?
Regards
Leonardo -
Hi,
I would like to know what are the configurations required in Cisco ACS for authorization.
I have done the foll configurations in the switch.
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
radius-server host 10.240.252.247
radius-server key greenland.123
Thanks.
Rgds.,
SackHi Narayan,
Sorry, I pasted the wrong configurations in the forum.Actual configurations in the device are as follows:
aaa authorization config-commands
aaa authorization exec default group radius local
radius-server host 10.240.252.247
radius-server key xxx
I would like to know what are the configurations required in the ACS server with respect to authorization as we are using radius.Do we need to add anything else apart from adding the client in ACS..?
Thanks.
Rgds.,
Sachin -
Hello,
our users all have a role (Role 1)which allows them to view data according to their individual allowed level of the costcenter hierarchy.
For one special query (and only this special query = Query A) we need a role (Role 2) which allows users to view data on Level of a certain node. This certain node is on a higher level of the costcenter hierarchy than the level users are allowed to view according to Role1.
For all other Querys (not equal Query A) the authorization according to Role 1 needs to be used. Only for Query A the authorization of Role 2 needs to be used (in addition to role 1).
Now I wonder how to do this.
I created in RSSM an additional Authorization Object and wondered if including these fields would be helpful:
0TCTQUERID Query (UID)
0TCTQUERY Query
I created a new role and included the new authorization object saying:
blank CHORGSTR costcenter
Variable 0TCTAUTHH Hierarchy based authorization
Query ID 0TCTQUERID Query (UID)
blank 0TCTQUERY Query
But somehow it does not seem to work. Probably I use the wrong authorization object?
Role 1 has the authorization Objekt
blank CHORGSTR costcenter
Variable 0TCTAUTHH Hierarchy based authorization
(no query specification)
So the question is - is it possible to create a specific authorization for only 1 query (in order that user can see "more" data in this query than in other queries on same InfoCube)?
If yes - how do you do it? What does the authorization objekt need to look like?
Your help is really appreciated!
Thanks
Angelika
Message was edited by: Angelika PetryHi,
I was hoping that in RSSM where you create your own authorization objects - the authorization relevant InfoObjects you can choose from contain
0TCTQUERID Query (UID)
0TCTQUERY Query
So I was hoping to be able to use them...
On the other hand I was hoping to give access to a specific query using 2 authorization objects within 1 role (role 2) using S_RS_COMP and resctrict it to a specific query using RSZCOMPID as a parameter.
About 5 % of users with role 1 will also have role 2 - there will not be any users only having role 2. Unfortunately role 1 will be applied to all queries of the specific InfoCube / InfoArea - Role 2 was only to give enhanced authorization for 1 specific query.
It would be great if someone knows a way how to do it!
Thanks
Angelika -
Authorization check for queries and workbooks
Hi Gurus,
I want help in BW(3.5 version) authorization to restrict the user not to display queries but he can display workbooks.
And I want to create a role where I can publish my workbooks. Like we have two business lines and I want to create the two roles.
I tried with
S_USER_AGR
S_USER_TCD
S_GUI
S_BDS_DS
This authorization objects are related to save the workbooks but my requirement not to save and as well as not to display the queries.
Please advise me what needs to be done to achieve this requirement.
Thanks
Robert.Hi,
you required to query related authorization and work book related authorization.
query
s_tcode
s_rfc(for bex analyzer access)
s_rs_comp
s_rs_comp1
s_rs_fold(if user wants to see infoarea then only u have provide this authorization object)
s_rs_icube
s_rs_mpro
work book
if u want to save query results in work book
S_GUI
S_BDS_DS
if u want to save work book in roles
S_USER_AGR
S_USER_TCD
if u maintaint all the autozation object then you can able to save . -
Hi,
I am trying to lock groups to a specific tunnel group but unfortunitly no matter what I do the group-lock feature doesnt seem to work. Basically here is what I want to do:
1-Users detail is pulled from AD through LDAP
2-AD group is mapped to the appropriate group on the ASA using attribute mapping
3-user should only use the tunnel that he/she is locked to
4-this all should be done without the user needing to select a group the vpn portal
5-we will be using Any connect and VPN portal for communication
All works fine except the group-lock feature. If enabled and set to "group-lock value NET_ADMIN_G" I get the following error on debug webvpn and the user is not allowed in.
webvpn_auth.c:http_webvpn_post_authentication[1503]
WebVPN: user: (test) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2905]
User came in on group he wasn't supposed to come in on!
when removed no matter what I do the user is mapped to DefaultWEBVPNGroup tunnel group,
SSLVPN(config-group-policy)# sho vpn-sessiondb webvpn
Session Type: WebVPN
Username : test Index : 132
Public IP : 10.1.1.1
Protocol : Clientless
License : AnyConnect Premium
Encryption : Clientless: (1)AES256 Hashing : Clientless: (1)SHA1
Bytes Tx : 252897 Bytes Rx : 48894
Group Policy : NET_ADMIN Tunnel Group : DefaultWEBVPNGroup
Login Time : 11:18:13 EDT Fri Mar 22 2013
Duration : 0h:01m:12s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
Asa is on 9.11.4.
group policy:
group-policy NET_ADMIN internal
group-policy NET_ADMIN attributes
wins-server none
dns-server value 2.2.2.2
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-session-timeout alert-interval 25
vpn-filter value VPN_SPLIT_TUNNEL
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
password-storage disable
ip-comp enable
re-xauth disable
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_SPLIT_TUNNEL
default-domain value brightstarcorp.com
split-dns value brightstarcorp.com
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
client-bypass-protocol disable
gateway-fqdn value svgmelb.au.brightstarcorp.com
leap-bypass disable
nem disable
backup-servers clear-client-config
msie-proxy method no-modify
vlan none
nac-settings none
address-pools value SSL_POOL
ipv6-address-pools none
scep-forwarding-url none
client-firewall none
client-access-rule none
webvpn
url-list value NETADMIN_BOOKMARK
filter value INTERNAL_WEBACL
homepage use-smart-tunnel
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ssl compression lzs
anyconnect dtls compression lzs
anyconnect modules value posture
anyconnect profiles value net_admin_p type user
anyconnect ask none default webvpn
customization value NETADMIN_PORTAL
hidden-shares visible
activex-relay enable
file-entry enable
file-browsing enable
url-entry enable
deny-message value Login was successful, but because certain criteria have not been met, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
anyconnect ssl df-bit-ignore disable
always-on-vpn profile-setting
auto-signon allow uri * auth-type all
Tunnel Group:
tunnel-group NET_ADMIN_G type remote-access
tunnel-group NET_ADMIN_G general-attributes
address-pool SSL_POOL
authentication-server-group LDAP
authorization-server-group LDAP
accounting-server-group RGROUPADMIN
default-group-policy NET_ADMIN
authorization-required
tunnel-group NET_ADMIN_G webvpn-attributes
customization NETADMIN_PORTAL
group-alias infra_network enable
group-url https://x.x.x.x/network enable
dns-group DNSGROUP
Any ideas?
Thanks in advanceHi Portu,
Heres debug Ldap:
SLVPN#
[553] Session Start
[553] New request Session, context 0x00007fff33beb228, reqType = Authentication
[553] Fiber started
[553] Creating LDAP context with uri=ldap://1.1.1.13:389
[553] Connect to LDAP server: ldap://1.1.1.13:389, status = Successful
[553] supportedLDAPVersion: value = 3
[553] supportedLDAPVersion: value = 2
[553] Binding as bind
[553] Performing Simple authentication for test to 1.1.1.13
[553] LDAP Search:
Base DN = [OU=xx ENTERPRISE,DC=xxx,DC=com]
Filter = [sAMAccountName=test]
Scope = [SUBTREE]
[553] User DN = [CN=test,OU=Users,OU=xx,OU=Australia,OU=APAC,OU=ENTERPRISE,DC=xxx,DC=com]
[553] Talking to Active Directory server 1.1.1.13
[553] Reading password policy for test, dn:CN=test,OU=Users,OU=xxx,OU=Australia,OU=APAC,OU=ENTERPRISE,DC=xxx,DC=com
[553] Read bad password count 0
[553] Binding as test
[553] Performing Simple authentication for test to 1.1.1.13
[553] Processing LDAP response for user test
[553] Message (test):
[553] Authentication successful for test to 1.1.1.13
[553] Retrieved User Attributes:
[553] objectClass: value = top
[553] objectClass: value = person
[553] objectClass: value = organizationalPerson
[553] objectClass: value = user
[553] cn: value = test
[553] sn: value =
[553] c: value = AU
[553] l: value = xxx
[553] st: value = xxx
[553] title: value = test user / IT
[553] description: value = Network
[553] postalCode: value = xxx
[553] physicalDeliveryOfficeName: value = xxx
[553] telephoneNumber: value = xxx
[553] givenName: value = test
[553] distinguishedName: value = CN=test,OU=Users,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=br
[553] instanceType: value = 4
[553] whenCreated: value = 20110327224420.0Z
[553] whenChanged: value = 20130319223953.0Z
[553] displayName: value = test
[553] uSNCreated: value = 84454809
[553] memberOf: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=
[553] mapped to IETF-Radius-Class: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=xxx,DC=com
[553] mapped to LDAP-Class: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=xxx,DC=com
[553] memberOf: value = CN=Networks,OU=Distribution Groups,OU=xxx,OU=Australia,OU=APAC,OU=
[553] mapped to IETF-Radius-Class: value = NET_ADMIN
[553] mapped to LDAP-Class: value = NET_ADMIN
[553] memberOf: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate
[553] mapped to IETF-Radius-Class: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate,OU=US & Canada,OU=BS ENTERPRISE,DC=xxx,DC=com
[553] mapped to LDAP-Class: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate,OU=US & Canada,OU=BS ENTERPRISE,DC=xxx,DC=com
aaa common debug:
AAA API: In aaa_open
AAA session opened: handle = 3
AAA API: In aaa_process_async
aaa_process_async: sending AAA_MSG_PROCESS
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 0
AAA FSM: In AAA_StartAAATransaction
AAA FSM: In AAA_InitTransaction
Initiating authentication to primary server (Svr Grp: LDAP)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server: 1.1.1.13
AAA FSM: In AAA_SendMsg
User: test
Resp:
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authentication Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = ACCEPT
AAA_NextFunction: authen svr = BSTAR_LDAP, author svr = LDAP, user pol = NET_ADMIN, tunn pol = DfltGrpPolicy
AAA_NextFunction: New i_fsm_state = IFSM_USER_GRP_POLICY,
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(NET_ADMIN)
Got server ID 0 for group policy DB
Initiating user group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: NET_ADMIN
Resp:
grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
grp_policy_ioctl: Looking up NET_ADMIN
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
User Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_USER_GRP_POLICY, auth_status = ACCEPT
AAA_NextFunction: New i_fsm_state = IFSM_AUTHORIZE,
AAA FSM: In AAA_InitTransaction
Initiating authorization query (Svr Grp: LDAP)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server: 1.1.1.13
AAA FSM: In AAA_SendMsg
User: test
Resp:
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authorization Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_AUTHORIZE, auth_status = ACCEPT
AAA_NextFunction: author svr = BSTAR_LDAP, user pol = NET_ADMIN, tunn pol = DfltGrpPolicy
AAA_NextFunction: New i_fsm_state = IFSM_AUTH_GRP_POLICY,
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(NET_ADMIN)
Got server ID 0 for group policy DB
Initiating authorization group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: NET_ADMIN
Resp:
grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
grp_policy_ioctl: Looking up NET_ADMIN
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authorization Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_AUTH_GRP_POLICY, auth_status = ACCEPT
AAA_NextFunction: New i_fsm_state = IFSM_TUNN_GRP_POLICY,
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(DfltGrpPolicy)
Got server ID 0 for group policy DB
Initiating tunnel group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: DfltGrpPolicy
Resp:
grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
grp_policy_ioctl: Looking up DfltGrpPolicy
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Tunnel Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_TUNN_GRP_POLICY, auth_status = ACCEPT
Class attribute created from LDAP-Class attribute
AAA_NextFunction: New i_fsm_state = IFSM_DONE,
AAA FSM: In AAA_ProcessFinal
Checking simultaneous login restriction (max allowance=3) for user test
AAA FSM: In AAA_Callback
user attributes:
1 User-Name(1) 6 "test"
2 User-Password(2) 10 (hidden)
3 Group-Policy(4121) 9 "NET_ADMIN"
4 AAA-AVP-Table(4243) 11268 "[04],[00][00]t[00][00][00][F8][03][00][00][0F][04][00]"
5 LDAP-Class(20520) 10 "NET_ADMIN[00]"
6 LDAP-Class(20520) 11 "USERS[00]"
user policy attributes:
1 Filter-Id(11) 8 "VPN_SPLIT_TUNNEL"
2 Session-Timeout(27) 4 0
3 Idle-Timeout(28) 4 30
4 Access-Hours(4097) 0 0x00007fff35d685e0 ** Unresolved Attribute **
5 Simultaneous-Logins(4098) 4 3
6 Primary-DNS(4101) 4 IP: 1.1.1.13
7 Secondary-DNS(4102) 4 IP: 1.1.1.30
8 Primary-WINS(4103) 4 IP: 0.0.0.0
9 Secondary-WINS(4104) 4 IP: 0.0.0.0
10 Tunnelling-Protocol(4107) 4 52
11 Banner(4111) 446 "This is a PRIVATE computer system, which may be acces"
12 Store-PW(4112) 4 0
13 Split-Tunnel-Inclusion-List(4123) 8 "VPN_SPLIT_TUNNEL"
14 Default-Domain-Name(4124) 18 "xxxxcorp.com"
15 Secondary-Domain-Name-List(4125) 18 "xxxxcorp.com"
16 Nat-Enabled-IPSec(4130) 4 0
17 IPSec-UDP-Port(4131) 4 10000
18 IPComp(4135) 4 1
19 Authentication-On-Rekey(4138) 4 0
20 Required-Firewall-Vendor-Code(4141) 0 0x0000000002e006b0 ** Unresolved Attribute **
21 Required-Firewall-Product-Code(4142) 0 0x0000000002e006b0 ** Unresolved Attribute **
22 Required-Firewall-Description(4143) 0 0x00007fff35d687fa ** Unresolved Attribute **
23 Secure-unit-config(4144) 4 0
24 Individual-user-auth-config(4145) 4 0
25 User-auth-idle-timeout(4146) 4 0
26 Cisco-IP-telephony-config(4147) 4 0
27 Split-Tunneling-Policy(4151) 4 1
28 Required-Firewall-Capability(4152) 0 0x0000000002e006b0 ** Unresolved Attribute **
29 Client Firewall Optional(4154) 0 0x0000000002e006b0 ** Unresolved Attribute **
30 Backup-Ip-Sec-Peers-Enabled(4155) 4 2
31 Network-Extension-Mode-Allowed(4160) 4 0
32 URL list name(4167) 17 "NETADMIN_BOOKMARK"
33 ACL-like filters(4169) 8 "INTERNAL_WEBACL"
34 Cisco-LEAP-Passthrough-config(4171) 4 0
35 IKE Client Type and Version Limiting policy rules(4173) 0 0x00007fff35d68835 ** Unresolved Attribute **
36 IE-Proxy-Server-Method(4177) 4 1
37 The tunnel group that tunnel must be associated with(4181) 11 "NET_ADMIN_G"
38 User ACL for inbound traffic(4182) 8 ""
39 User ACL for outbound traffic(4183) 8 ""
40 Indicates whether or not PFS is required for IPSec(4184) 4 0
41 WebVPN URL Entry enable(4189) 4 1
42 WebVPN File Server Entry enable(4191) 4 1
43 WebVPN File Server Browsing enable(4192) 4 1
44 WebVPN SVC Keep enable(4201) 4 1
45 WebVPN SVC Keepalive interval(4203) 4 20
46 WebVPN SVC Client DPD period(4204) 4 30
47 WebVPN SVC Gateway DPD period(4205) 4 30
48 WebVPN SVC Rekey period(4206) 4 0
49 WebVPN SVC Rekey method(4207) 4 0
50 WebVPN SVC Compression(4208) 4 2
51 WebVPN Customization(4209) 15 "NETADMIN_PORTAL"
52 WebVPN Deny message(4212) 180 "Login was successful, but because certain criteria ha"
53 WebVPN SVC DTLS Compression(4213) 4 2
54 Extended Authentication-On-Rekey(4218) 4 0
55 WebVPN SVC DTLS enable(4219) 4 1
56 WebVPN SVC MTU(4221) 4 1406
57 CIFS hidden shares(4222) 4 1
58 CVC-Modules(4223) 7 "posture"
59 CVC-Profile(4224) 17 "net_admin_p#user,"
60 CVC-Ask(4227) 4 4
61 CVC-Ask-Timeout(4228) 4 0
62 WebVPN ActiveX Relay(4233) 4 1
63 VLAN ID(4236) 4 0
64 NAC Settings(4237) 0 0x00007fff35d68985 ** Unresolved Attribute **
65 WebVPN Session timeout alert interval(4245) 4 25
66 List of address pools to assign addresses from(4313) 13 "SSL_POOL"
67 List of IPv6 address pools to assign addresses from(4314) 0 0x00007fff35d68998 ** Unresolved Attribute **
68 Smart tunnel on home page enable(4324) 4 1
69 Disable Always-On VPN(4325) 4 0
70 SVC ignore DF bit(4326) 4 0
71 Client Bypass Protocol(4331) 4 0
72 Gateway FQDN(4333) 29 "xxx.xxxxcorp.com"
73 CA URL for SCEP enrollment(20530) 0 0x00007fff35d689c7 ** Unresolved Attribute **
tunnel policy attributes:
1 Filter-Id(11) 8 "VPN_SPLIT_TUNNEL"
2 Session-Timeout(27) 4 0
3 Idle-Timeout(28) 4 30
4 Access-Hours(4097) 0 0x00007fff351cddd0 ** Unresolved Attribute **
5 Simultaneous-Logins(4098) 4 0
6 Primary-DNS(4101) 4 IP: 10.125.3.7
7 Secondary-DNS(4102) 4 IP: 10.125.3.5
8 Primary-WINS(4103) 4 IP: 0.0.0.0
9 Secondary-WINS(4104) 4 IP: 0.0.0.0
10 Tunnelling-Protocol(4107) 4 124
11 Banner(4111) 446 "This is a PRIVATE computer system, which may be acces"
12 Store-PW(4112) 4 0
13 Group-Policy(4121) 13 "DfltGrpPolicy"
14 Split-Tunnel-Inclusion-List(4123) 8 "VPN_SPLIT_TUNNEL"
15 Default-Domain-Name(4124) 18 "xxxxcorp.com"
16 Secondary-Domain-Name-List(4125) 0 0x00007fff351cdfc7 ** Unresolved Attribute **
17 Nat-Enabled-IPSec(4130) 4 0
18 IPSec-UDP-Port(4131) 4 10000
19 IPComp(4135) 4 0
20 Authentication-On-Rekey(4138) 4 0
21 Secure-unit-config(4144) 4 0
22 Individual-user-auth-config(4145) 4 0
23 User-auth-idle-timeout(4146) 4 30
24 Cisco-IP-telephony-config(4147) 4 0
25 Split-Tunneling-Policy(4151) 4 1
26 Client Firewall Optional(4154) 0 0x00007fff351cdfec ** Unresolved Attribute **
27 Backup-Ip-Sec-Peers-Enabled(4155) 4 1
28 Group-giaddr(4157) 4 IP: 0.0.0.0
29 Intercept-DHCP-Configure-Msg(4158) 4 0
30 Client-Subnet-Mask(4159) 4 IP: 255.255.255.255
31 Network-Extension-Mode-Allowed(4160) 4 0
32 WebVPN Content Filter Parameters(4165) 4 0
33 WebVPN Parameters configuration(4166) 4 1
34 URL list name(4167) 0 0x00007fff351ce008 ** Unresolved Attribute **
35 Forwarded ports(4168) 0 0x00007fff351ce009 ** Unresolved Attribute **
36 ACL-like filters(4169) 8 "INTERNAL_WEBACL"
37 Cisco-LEAP-Passthrough-config(4171) 4 0
38 Default WebVPN homepage(4172) 0 0x00007fff351ce016 ** Unresolved Attribute **
39 IKE Client Type and Version Limiting policy rules(4173) 0 0x00007fff351ce017 ** Unresolved Attribute **
40 Application Access Name(4175) 18 "Application Access"
41 IE-Proxy-Server(4176) 0 0x00007fff351ce02b ** Unresolved Attribute **
42 IE-Proxy-Server-Method(4177) 4 1
43 IE-Proxy-Server-Exceptions(4178) 0 0x00007fff351ce030 ** Unresolved Attribute **
44 IE-Proxy-Server-Bypass-Local(4179) 4 0
45 The tunnel group that tunnel must be associated with(4181) 0 0x00007fff351ce035 ** Unresolved Attribute **
46 Indicates whether or not PFS is required for IPSec(4184) 4 0
47 NAC Enable/Disable(4185) 4 0
48 NAC Status Query Timer(4186) 4 300
49 NAC Revalidation Timer(4187) 4 36000
50 NAC Default ACL(4188) 8 ""
51 WebVPN URL Entry enable(4189) 4 0
52 WebVPN File Server Entry enable(4191) 4 0
53 WebVPN File Server Browsing enable(4192) 4 0
54 WebVPN Port Forwarding enable(4193) 4 0
55 WebVPN Port Forwarding Exchange Proxy enable(4194) 4 0
56 WebVPN Port Forwarding HTTP Proxy enable(4195) 4 0
57 WebVPN SVC enable(4199) 4 0
58 WebVPN SVC Required enable(4200) 4 0
59 WebVPN SVC Keep enable(4201) 4 0
60 WebVPN SVC Keepalive interval(4203) 4 20
61 WebVPN SVC Client DPD period(4204) 4 30
62 WebVPN SVC Gateway DPD period(4205) 4 30
63 WebVPN SVC Rekey period(4206) 4 0
64 WebVPN SVC Rekey method(4207) 4 0
65 WebVPN SVC Compression(4208) 4 2
66 WebVPN Customization(4209) 0 0x00007fff351ce08a ** Unresolved Attribute **
67 Single Sign On Server Name(4210) 0 0x00007fff351ce08b ** Unresolved Attribute **
68 WebVPN SVC Firewall Rule(4211) 17 "private#,public#,"
69 WebVPN Deny message(4212) 180 "Login was successful, but because certain criteria ha"
70 WebVPN SVC DTLS Compression(4213) 4 2
71 HTTP compression method(4216) 4 0
72 Maximum object size to ignore for updating the session timer(4217) 4 4
73 Extended Authentication-On-Rekey(4218) 4 0
74 WebVPN SVC DTLS enable(4219) 4 1
75 WebVPN SVC MTU(4221) 4 1406
76 CIFS hidden shares(4222) 4 0
77 CVC-Modules(4223) 20 "dart,vpngina,posture"
78 CVC-Profile(4224) 15 "IPSEC_VPN#user,"
79 CVC-IKE-Retry-Timeout(4225) 4 10
80 CVC-IKE-Retry-Count(4226) 4 3
81 CVC-Ask(4227) 4 2
82 CVC-Ask-Timeout(4228) 4 0
83 IE-Proxy-Pac-URL(4229) 0 0x00007fff351ce1a4 ** Unresolved Attribute **
84 IE-Proxy-Lockdown(4230) 4 1
85 WebVPN Smart Tunnel(4232) 0 0x00007fff351ce1a9 ** Unresolved Attribute **
86 WebVPN ActiveX Relay(4233) 4 1
87 WebVPN Smart Tunnel Auto Download enable(4234) 4 0
88 WebVPN Smart Tunnel Auto Sign On enable(4235) 0 0x00007fff351ce1b2 ** Unresolved Attribute **
89 VLAN ID(4236) 4 0
90 NAC Settings(4237) 0 0x00007fff351ce1b7 ** Unresolved Attribute **
91 MemberOf(4241) 0 0x00007fff351ce1b8 ** Unresolved Attribute **
92 WebVPN Idle timeout alert interval(4244) 4 1
93 WebVPN Session timeout alert interval(4245) 4 1
94 Maximum object size for download(4253) 4 2147483647
95 Maximum object size for upload(4254) 4 2147483647
96 Maximum object size for post(4255) 4 2147483647
97 User storage(4256) 0 0x00007fff351ce1cd ** Unresolved Attribute **
98 User storage objects(4257) 19 "cookies,credentials"
99 User storage shared key(4258) 0 0x00007fff351ce1e2 ** Unresolved Attribute **
100 VDI configuration(4259) 0 0x00007fff351ce1e3 ** Unresolved Attribute **
101 NAC Exception List(4312) 4 0
102 List of address pools to assign addresses from(4313) 0 0x00007fff351ce1e8 ** Unresolved Attribute **
103 List of IPv6 address pools to assign addresses from(4314) 0 0x00007fff351ce1e9 ** Unresolved Attribute **
104 IPv6 filter-id(4315) 8 ""
105 WebVPN Unix user ID(4317) 4 65534
106 WebVPN Unix group ID(4318) 4 65534
107 Disconnect VPN tunnel when a Smartcard is removed(4321) 4 1
108 WebVPN Smart Tunnel Tunnel Policy(4323) 0 0x00007fff351ce1fe ** Unresolved Attribute **
109 Disable Always-On VPN(4325) 4 1
110 SVC ignore DF bit(4326) 4 0
111 SVC client routing/filtering ignore(4327) 4 0
112 Configure the behaviour of DNS queries by the client when Split tunneling is enabled(4328) 4 0
113 Client Bypass Protocol(4331) 4 0
114 IPv6-Split-Tunneling-Policy(4332) 4 0
115 Gateway FQDN(4333) 0 0x00007fff351ce217 ** Unresolved Attribute **
116 CA URL for SCEP enrollment(20530) 0 0x00007fff351ce218 ** Unresolved Attribute **
Auth Status = ACCEPT
AAA API: In aaa_close
AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 3
In aaai_close_session (3)
Thanks, -
We are running Sql server 2005. This server has been running for over a year without any problems. There are no custom databases or scripts (Operations manager, WSUS, ACS databases)
Recently the ERRORLOG has started filling rapidly with the error:
spid26s An exception occurred while enqueueing a message in the target queue. Error: 15517, State: 1. Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated,
or you do not have permission.
This error is being posted several times a second.
All forums and web searches indicate that this occurs when a database is moved from one server to another and the SID of a user account changes, however we have not moved/imported/exported any databases or changed/added/deleted any users. Everything in that
respect is still set the way it always has been.
The only clue I am getting is when I run an sp_who query and look for spid26 (or whatever is being reported at the time)
This shows:
spid 26 status: background loginname: sa dbname: master cmd: BRKR Task
If I am reading this correctly, then I cannot understand why the sa account is failing to login to the master database for the Broker when everything else is working.
Any suggestions?
My knowledge of SQL is limited, so if there is any other info required, let me know.
ThanksThanks Dan
I ran both the queries you suggested and all SIDs matched.
However, it turned out that on one of the databases (Operations Manager - the first one that was created 3 years ago), there was no dbo! (the queries returned a value of 'null')
Setting a dbo with the 'alter authorization' query stopped the errors immediately.
I'm not sure where the dbo had gone as this is not a server we log on to very often and certainly not to work on SQL.The problem only came to light when disk space started depleting rapidly a couple of days ago.
I can only put it down to either a Windows update (the only change made recently) or just one of those things - something corrupted after a reboot!
It's a pity that the errorlog didn't specify which database had the problem. We might have narrowed it down a bit quicker then.
Many thanks for your help and quick response - much appreciated. -
OBIEE 11.1.1.6.2 Row Wise Init for Roles variable
Gurus,
Why is the NQ_SESSION.ROLES ( Row Wise Initialized ) behaving differently when compared to other Row Wise initialized session variables.
I am using EBS Authentication and Authorization for OBIEE, so my authorization query is
SELECT DISTINCT 'ROLES', RESPONSIBILITY_KEY
FROM FND_USER,FND_USER_RESP_GROUPS, FND_RESPONSIBILITY_VL
WHERE FND_USER.user_id=FND_USER_RESP_GROUPS.user_id
AND FND_USER_RESP_GROUPS.RESPONSIBILITY_ID = FND_RESPONSIBILITY_VL.RESPONSIBILITY_ID
AND FND_USER_RESP_GROUPS.RESPONSIBILITY_APPLICATION_ID = FND_RESPONSIBILITY_VL.APPLICATION_ID
AND FND_USER_RESP_GROUPS.START_DATE < SYSDATE
AND (CASE WHEN FND_USER_RESP_GROUPS.END_DATE IS NULL THEN SYSDATE ELSE TO_DATE(FND_USER_RESP_GROUPS.end_Date) END) >= SYSDATE
AND FND_USER.user_name = 'VALUEOF(NQ_SESSION.USER)';
Now I plan to use these Roles( EBS Responsibility name) which I have populated in a DB table against some Cost Center and below is the how I view the data in DB.
ID | PROFIT_CENTER | RESPONSIBILITY
0 | 0 |0
1 | 100 |BI_Fin_Role
2 | 200 |BI_P2P_Role
3 | 300 |BI_Inv_Role
Then my Profit Centers Initialization Block is now
SELECT DISTINCT 'PROFIT_CENTER', PROFIT_CENTER FROM WC_OBIEE_PC_SECURITY WHERE RESPONSIBILITY IN (VALUELISTOF(NQ_SESSION.ROLES))
So User1 has BI_Fin_Role and PC_Security Role so does the User2 has BI_Inv_Role and PC_Security now when User1 logs in they should see only 100 Profit center data and User2 should see only 300.
I have created data filter for that application role (PC_Security) and limiting with "Dim.Profit Center"."Profit Center" = VALUEOF(NQ_SESSION."PROFIT_CENTER")
However first problem I encounter is there is no value definition for PROFIT_CENTER, snap that means the VALUELISTOF(NQ_SESSION.ROLES) value is not being passed or recognized by whenever BI Server sends that query to DB.
This is confirmed by my query log which says:
[2013-04-29T12:49:06.000+00:00] [OracleBIServerComponent] [TRACE:5] [USER-39] [] [ecid: 11d1def534ea1be0:48033065:13e4213bbd0:-8000-0000000000008dc8] [tid: 47796940] [requestid: fffe0313] [sessionid: fffe0000] [username: ] -------------------- An initialization block named 'PC_Security', on behalf of a Session Variable, issued the following SQL query: [[
SELECT DISTINCT 'PROFIT_CENTER', PROFIT_CENTER FROM WC_OBIEE_PC_SECURITY WHERE RESPONSIBILITY IN (VALUELISTOF(NQ_SESSION.ROLES))
Returned 0 rows. Query status: Successful Completion
So I try to issue the SQL to BI Server thru Issue SQL Directly:
SELECT "Profit Center"."Profit Center" FROM "SLA Details" WHERE "Profit Center"."Profit Center" = VALUEOF(NQ_SESSION.ROLES)
and the query log gives be the below log which blew my mind as its being delimited by ';'
select distinct T1260626.ACCOUNT_SEG3_CODE as c1
from
W_GL_ACCOUNT_D T1260626 /* Dim_W_GL_ACCOUNT_D */
where ( T1260626.ACCOUNT_SEG3_CODE = 'BIAuthor;BIConsumer;PC_Security;BI_Fin_Role;AuthenticatedUser' )
I have other Row Wise Init blocks for HR_ORG which when fired and used in reports give be stings ('1000','2000',...) which is what I was expecting to see in the filter and query here.
Am I doing something wrong here can someone please point me to right direction please.
Any help is much appreciated.
Thanks,
VidyaS
Edited by: VidyaS on Apr 29, 2013 2:47 PMThis is because the ROLES variable in OBIEE 11g is designed to retrieve the LDAP or DB groups etc.. in form of semicolon delimiters this would be not the same case with other Row Wise init blocks.
Refer to : OBI 11g - LDAP and semicolon-delimited string for Groups [ID 1274964.1]
HTH,
SVS -
Database search using Oracle SES
Hi all..specially Luca,
I am a new to oracle SES.I have to search my database through oracle SES from my ASP.NET
pages.
But before doing it from ASP.NET page , I just want to try serching from the SES tool itself.
I tried to create Database source type as :
Home > source > source type = database > create
then i got a page where i wrote the database connection string , userid , password , and a query (select * from images)
i clicked next n got another page which says step2 authorization ..
here again i need to put databse connection string ..for which i m confuse what to put ..
the entire connection string like "Data Source=atlas/orcl;User ID=yuntaa;Password=yuntaa" or "atlas/orcl" ..
i put user ID and Password,there wer few more fields like
Authorization Query,Single Record Query, Authorization User ID Format .i m not sure what to put in this fields,
and clicked next...i got an error saying ...
Oracle Secure Enterprise Search Error
An error occurred while validating the plug-in parameters.
now i m really confuse how to create database source and how it will search to my search string...how it will know which
table to search...i mean search string may be audio,video,image or a doc ..according to the string it has execute different
query to search in different table...
Plz help me out a little to solve this issue...
Warm regards and thanks
SurajThanks a lot for the reply Raford...n sorry as my question are too long...
In my project i need to search my database but i do not
have any URL as i am displaying data straight from the database. The data's
are audio,video or images which i have stored in database tables itself.
so in my case the URL column will be empty which is a mandatory field.The URL column contains the Display URL for the document but I do not have any document outside my database.
The way I am storing the data, is oracle SES posible ?. Most importantly do this will enhance
the performance..or provide some extra information to the user regarding search...
Actually what we are thinking is that when user will search and if the data is present in database we will display the data from the database using oracle SES
or else if the data is not there in the database we will provide some links
of other web site, something like google..
Please give some thought on it and tell me whether this is possible using oracle SES...if yes then what should i put in URL column...if posible plz give me some suggestion how should i proceed
You said If the data is in an Oracle database, it is easier to use the Table crawler. I tried
to configure that with my table but showing an error in error log :
EQG-30100: Internal error: java.sql.SQLException: Missing IN or OUT parameter at index:: 2,
from: CrawlingThread.processPseudoURL() executing SQL BEGIN ?
:= 'http:/tds?id=24'||eq_util.tds_encode(1,?) ||eq_util.tds_encode(2,?)
||eq_util.tds_encode(3,?) ||eq_util.tds_encode(4,?) ||eq_util.tds_encode(5,?)
||eq_util.tds_encode(6,?) ||eq_util.tds_encode(7,?) ||eq_util.tds_encode(8,?);
EXCEPTION when others then eq_err.raise; END;; for URL http:/tds?id=-1&k1=24&display_url=0
EQG-30100: Internal error:
no new documents collected
also the crawl statistics is 0..
also search result is empty..i m searching with the string which is in contenttitle
column in table which i ve set through "table column mappings"...
the steps i ve taken to set the table crawler is :
selected source type as Table > provided source name , port number etc details > local table
selected primary key column > select content column > create and customise > table column mappings
Add another row(selected the contenttitle field) > apply > schedule > execute immediatlyWarm regards and Thanks
Suraj
Maybe you are looking for
-
FILE NOT FOUND IN PREVIEW IN A BROWSER?
I CREATED A NEW PAGE IN cc AND ATTEMPTED TO VIEW IN A BROWSERBUT THE FILE WAS NOT FOUND. THE PAGE IS IN MY ROOT FOLDER AND NAV SETPUP.
-
Just bought a new nano and it doesn't have Mickey Mouse clock. Can I download it?
Just bought a new nano and it doesn't have Mickey Mouse clock. Can I download it?
-
Error installing update in Premiere Pro CC 2014.2, error code U44M1I210
Tried several times to update Premiere Pro CC 2014.2 with the same error code U44M1I210. Tired to contact customer but their site is down.
-
Imqsvcadmin.exe does not display GUI under Windows XP
I installed 4.3 on Windows XP. I want to start IMQ as service. When I try to run imqsvcadmin.exe it shows up in Task Manager but does not display a GUI
-
Route video to monitor, projector
Hello. I've recently purchased a Mini, usually this machine is connected to a monitor but from time to time switched over to a projector for big picture movie goodness. No problems so far. However, I'm switching between the two by physically swapping