BW iViews and authorization
Hi,
is there any consideration I need to do when developing BW iViews that are to be used by users with role and authorization set up in Avtive Directory?
The BW iViews are full accessable for administrators of the portal but not the other roles...
Kind regards,
Hilde
Hi,
Once u create a BW iView, create a role called 'BW_Admin_Role'. Now open the role. Make sure the property called 'entry point' is set to 'yes' for the role. If so, Right click the BW iView (under the portal content in the folder created) and choose 'assign iView to role' option. Once it is assigned, u can now assign the BW_Admin_role to Administrator user. Go to user Administration and search for Administrator user. Once found, click Edit listed. In the bottom, enter the role name as 'BW_Admin_role' and search. Then choose the role and click add. Then save it. Now the administrator can view the BW iView.
Regards,
Vijai
Similar Messages
-
What is difference between Service map iview and Workset Map iview
Hi Experts,
Can anyone tell me the difference between service map iView and Workset Map iView.
When I am creating these iViews, its seams both are same. I canu2019t find difference still, can anyone help me out of this
Thanks in Advance
JanardhanHi,
Service Map Iview:The Service Map iView is an ERP-specific variant of the portal Workset Map iView. It serves as a central point of entry and guided access to the services of SAP service modules such as the Manager Self Service (MSS) module, or the Employee Self Service (ESS) module.
Workset Map iview:A Workset Map is the equivalent of a site map, providing users with explicit information on the functionality that is available in a given workset. It is based on an iView, and serves as a central point of entry and guided access to the contents of a workset.
if you want to more info pls go thr the below thread
Workset Map iView
i hope it will help you
Thanks,
Sreeni. -
An issue with authentication and authorization on ISE 1.2
Hi, I'm new to ISE.
I have an issue with authentication and authorization.
I have ISE 1.2 plus patch 6 installed on VMware.
I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
I created authentication and authorization rules with Active Directory as External Identity Source. Also I applied authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
What should I do to resolve this issue?
Switch configuration:
testISE#sh runn
Building configuration...
Current configuration : 7103 bytes
! Last configuration change at 12:20:15Tue Apr 15 2014
! NVRAM config last updated at 10:35:02 Tue Apr 15 2014
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname testISE
boot-start-marker
boot-end-marker
no logging console
logging monitor informational
enable secret 5 ************
enable password ********
username radius-test password 0 ********
username admin privilege 15 secret 5 ******************
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
client 172.16.0.90 server-key ********
aaa session-id common
clock timezone 4 0
system mtu routing 1500
authentication mac-move permit
ip dhcp snooping vlan 1,22
ip dhcp snooping
ip domain-name elauloks
ip device tracking probe use-svi
ip device tracking
epm logging
crypto pki trustpoint TP-self-signed-1888913408
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1888913408
revocation-check none
rsakeypair TP-self-signed-1888913408
crypto pki certificate chain TP-self-signed-1888913408
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
ip ssh version 2
interface FastEthernet0/5
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/6
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/7
interface Vlan1
ip address 172.16.0.204 255.255.240.0
no ip route-cache
ip default-gateway 172.16.0.1
ip http server
ip http secure-server
ip access-list extended ACL-ALLOW
deny icmp any host 172.16.0.1
permit ip any any
ip radius source-interface Vlan1
logging origin-id ip
logging source-interface Vlan1
logging host 172.16.0.90 transport udp port 20514
snmp-server community public RO
snmp-server community ciscoro RO
snmp-server trap-source Vlan1
snmp-server source-interface informs Vlan1
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps mac-notification change move
snmp-server host 172.16.0.90 ciscoro
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
radius server ISE-Alex
address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
automate-tester username radius-test idle-time 15
key ******
ntp server 172.16.0.1
ntp server 172.16.0.5
endYes. Tried that (several times) didn't work. 5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts. Kept getting error message that username and password invalid. Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick. Think there is an issue with imap.gmail.com and IOS 6.0.1. I'm sure the 5 of us suddently experiencing this issue aren't the only ones. Apple will figure it out. Thanks.
-
Multiprovider and Authorizations
Multiprovider and Authorizations:
The challenge is to ensure you do not have more access trough the multiprovider then you have trough the sourcecubes.
example:
Multiprovider, Joining sourcecube 1 + 2 ( Heterogeneous MP combining data from different infoareas)
Sourcecube 1: Authorizations for company code X+Y
Sourcecube 2: Authorizations for company code Y+Z
What company codes in which source cubes will you have access to report on trough the multiprovider?
1) XYZ from both cubes ?
2) X from cube 1 , Y from cube 1+2, Z from cube 1
3) only the common Y from cube 1 +2
The expected results is scenario 2. Basically the same access/restriction you would get, if reporting directly on the sourcecube's.
This can of course be tested with a test user with limited authorizations. The obstacle here though is that the authorization setup is defined with roles and a business unit hierarchy authorization object (consisting of several company codes) that is not fully in place yet. Hence the test will not give you a 100 % liable verification.
Has anyone else faced the same question, or can verify the expected results? I have not found any good documentation on authorization and multiprovider .
(PS, With Support package 2 for BW 3.0B a new authorization object is available used to define authorizations on a Multiprovider level. S_RS_MPRO - Multiprovider. This gives more flexibility , but is not the answer to the general question)
Best regards Per RoarIt depends. When you create an authorization object you decide on which InfoProviders the authorization object is valid. So if it's valid on Cube 1 it doesn't say anything about authorization on the Multiprov.
Best regards
Dirk -
How can I remove the Apple ID authorization only on one computer and authorize another in his place?
how can I remove the Apple ID authorization only on one computer and authorize another in his place?
De-authorize the computer in question.
Then authorize the new computer.
Or de-authorize all computers and authorize only the ones that actually exist. -
Can i display My application iview and transaction iview in single page ?
Hi,
I am new in web dynpro and portal. i am doing one approval application through web dynpro. Now i need to attache sap inbox to application. For that some budy suggested me about transaction view. So my questions are as folloes.
1.> How i attached my application to iview ?
2.> How i created Transaction iview ?
3.> Can i attache my application iview with transaction iview if it is possible then how ?
4.> Can i display My application iview and transaction iview in single page ?
Please guide me in this procesure.
Regards,
Gurprit BhatiaHi Gurprit,
1.> How i attached my application to iview ?
You can attach your application to web Dynpro IView, for this login into portal, in the Content Management tab right click on a folder, then New --> IView. Select WD java Application. Select your application and create an Iview.
2.> How i created Transaction iview ?
Similarly, instead of selecting WD java Application, select iView template, you will get a list of available templates, and in this you will find template for Transaction Iview, in this template define the Tx for which you want to create the template.
3.> Can i attache my application iview with transaction iview if it is possible then how ?
No, I dont think you can attach your application to transaction Iview. but, you can attach both IViews on single page.
4.> Can i display My application iview and transaction iview in single page ?
Yes, you can attach both IViews on single page. Again in Content Management tab, crate a PAGE; Then right click on created IViews and select add IView to Page ßß: Delta Link.
Hope this helps.
Regards,
Amit -
I have old email address's I used for iTune music purchases and cannot change password on several old accounts. Now some of the music I purchased I can not download and authorize it on my device. What can I do password security does not match my birthdate on two of the accounts. Apple can not send me email with a password authorization on several current accounts that I have with them. How can I contact Apple with this annoying problem I can not fix.
settings - app/iTunes store - sign out and sign back in with your new id.
Note - if your older apps needs an update it will use your old apple id and password, as Apps are tied to the apple id that was used to purchase it.
You can't merge apple id. -
When i attempt to sync my iphone it continues to say this computer is no longer authorized for apps and they will be deleted?? I don't understand?? I put my password and authorize but same message comes up. What to do??
I found the solution in another post. By deleting all my apps, I was able to sync the phone. I hope I don't have to delete all my apps every time I want to sync my phone, but at least now I am able to sync my phone.
-
How to get ADF authentication and authorization working on server
I am having an issue with deployment & ADF authentication and authorization.
From the below testing results, you can see that I am unable to log in when I have deployed my app to my standalone server with both ADF security authentication and authorization turned on. I have included web.xml, jazn-data.xml and the page/server error I am receiving.
When making an attempt to log in I get the following results:
Running Locally with ADF Authentication: Works Fine
Running Locally with ADF Authentication & Authorization: Works Fine
Deployed to server with ADF Authentication: Works Fine
Deployed to server with ADF Authentication & Authorization: Doesn’t Work
What I have already tried: Removed all anonymous grants, using the same database credentials as the app user, deploying app twice (on the redeploy not including the login credentials & app policies at the application properties). Various modifications to web.xml e.g. welcomefilelist etc
JDeveloper Version: 11.1.2.4
Server Web Logic: 10.3.6
Server ADF: 11.1.1.16
Page Error when trying to log in:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.
Server error when trying to log in:
Servlet failed with Exception oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'wpd.mobility.view.pageDefs.homePagePageDef' 'VIEW'.
at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:182)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:162)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:116)
at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:663)
at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:700)
at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:531)
at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:59)
at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:530)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:131)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:74)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:447)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:202)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:508)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:125)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:293)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:199)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
<param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
<param-value>differentOrigin</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_XML_INSTRUCTIONS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_DECORATORS</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfTagDecorator</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_RESOURCE_RESOLVER</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfFaceletsResourceResolver</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>adfAuthentication</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGAUGESERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>MapProxyServlet</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/Pages/homePage.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGAUGESERVLET</servlet-name>
<url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MapProxyServlet</servlet-name>
<url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/bi/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>swf</extension>
<mime-type>application/x-shockwave-flash</mime-type>
</mime-mapping>
<mime-mapping>
<extension>amf</extension>
<mime-type>application/x-amf</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/faces/pages/*.</url-pattern>
<url-pattern>/faces/*.</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
Jazn-data.xml
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data.xsd">
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
<users>
<user>
<name>*****</name>
<display-name>*******</display-name>
<description>******</description>
<credentials>********<credentials>
</user>
</users>
<roles>
<role>
<name>support</name>
<display-name>support</display-name>
<members>
<member>
<type>user</type>
<name>mobile</name>
</member>
</members>
</role>
</roles>
</realm>
</jazn-realm>
<policy-store>
<applications>
<application>
<name> myapp </name>
<app-roles>
<app-role>
<name>mob_mobile_support</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<display-name>mob_mobile_support</display-name>
<description>support role</description>
<members>
<member>
<name>mobile</name>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
</member>
</members>
</app-role>
</app-roles>
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<name>SUPPORT</name>
<class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.*</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<name>mob_mobile_support</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.addapplicationPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.addappmsgtypPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.addoperationPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.homePagePageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.loggingSearchPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>myapp.view.pageDefs.workHistoryPageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
</jazn-policy>
</application>
</applications>
</policy-store>
</jazn-data>Read Frank's article http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html
Then you have to check if the user use use to login are defined in the stand alone server. If you server is running in production mode there is no automatic user or role migration. You have to to this by yourself.
Once you have check that the users are present, you have to check if the enterprise roles are mapped to the corresponding application roles.
Timo -
FIRST there are some games and music in ITunes on the VIAO. When I try to sync them to the ITOUCH or the IPAD I get a message that I am not authorized….Go to the ITunes Store and Authorize this computer. I have completed this procedure several times and receive back the message you are authorized on this computer and I have authorized 2 of 5 devices allowed.
Why am I not able access the games and music on my machine? How can I sync these items to my ITOUCH and MY IPAD
SECOND How do I move my music and Games from ITUNES on the G5 to TUNES on the PC so I am able to sync those items to my devices.
I have inherited my wife’s Laptop a:
SONY VIAO
MS Windows XP Home edition V 2002
Service Pack 3
ACPI Uniprocessor PC
Owner dvkpqpg2.
ITunes 11.01.1.12 updated 12/8/12
I am both a PC and ITunes Rookie.
I have some MAC experience and presently use a:
Mac Dual PowerPC G5
OS 10.4.11
2.5GB DDR SDRAM
ITunes 9.2.1
ITOUCH MC011LL
64 GB----57 GB avail
iOS 5.11
IPAD MC954LL
iOS 6.0.1
16 GB----37 GB availIf you want the ability to add music from multiple libraries see this thread.
If you no longer have access to the computer that has your original library then see Recover your iTunes library from your iPod or iOS device.
tt2 -
Using iView and iPhoto together
I know I'm not supposed to rename photos etc outside of iPhoto; so I haven't. I like the ease of use (auto-start when a camera is connected, sharing over Bonjour/Rendezvouz etc) but batch renaming 0f actual photos, adding comments etc are all done better in iView (I have the pro version due to several update offers).
Can they be run simultaneously?
Can I share a catalog(ue) as easily as with iPhoto?
Is there a way to rename etc then dump back into iP, preserving some kind of structure - I only have about 2.5GB so far, but ...
I have read several threads on similar matters (eg Frederic Rasio, "iPhoto alternative?", 04:29am Aug 14, 2005 CDT) but none really answer my questions)
Thanks in advance
MarkFirst, read my post in this thread: Old Toad, "using iphoto with iview" #1, 02:19pm Aug 15, 2005 CDT.
They can be run simultaneously but I would be very careful editing with both. I' did it once on a test library as my other post mentions. iView is so powerful and you can do so much that there may be a high potential of really messing up the iPhoto side of the pair. iView would still work but iPhoto may not. That's why i keep the two separated and use iPhoto primarily for books. With available plugins iView can do everything iPhoto can except make books and the KB effect in slideshows. Slideshows are easier to generate in iPhoto.
In response to your renaming question, my other posts describes how I do that first in iView and then import those photos into iPhoto. You'll just have to work out your own work flow. You might consider an external HD - see A Tale of Woe and a Lesson to be Learned. -
When I go to move a song from my library I got the message "this computer is not authorized"... if I go to the store pop down and authorize the compter is says "this computer is already authorized".... what's going on?
If a small number of your iTunes purchases are affected, delete and redownload them if doing so is free in your country. If you get that message for every item, click here and follow the instructions.
(69023) -
MDM Custom Iview and Standard Iview Portal Eventing
Hi
I'm trying to develop a custom iview which updates a Standard MDM Result Set iview:
I found this documentation:
http://help.sap.com/saphelp_mdm550/helpdata/en/45/c87cfd43e56f75e10000000a1553f6/frameset.htm
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/12195312-0e01-0010-a392-debbd32e39d4
So i created an iview which raises this event
WDPortalEventing.fire("urn:com.sap.pct.mdm.appl.masteriviews","updateSearch","ID=115551&RefreshSearch=True");
Then i upladed my code in the portal, created a new iview and put it in the same page with a Result Set iview. During testing when i rise the event form the custom iview, the standard Result Set catch this event but instead of update it gives the following error:
Error occurred: Error performing search. com.sap.mdm.internal.protocol.manual.ServerException: Illegal value for parameter, com.sap.mdm.internal.protocol.manual.ServerException: Illegal value for parameter (see log for details)
In SDN there is a thread with the same problem (Search Standard iView + Search Custom iView) which is not solved.
Can somebody help me ?sorry, I have same task and tried same code for my alias, table and field.
WDPortalEventing.fire("urn:com.sap.pct.mdm.appl.masteriviews",
"updateSearch",
"MDMSystemAlias=NSI_PRODUCTION_ALIAS&MDMTableName=Assets&R3Code=411000000000000006&RefreshSearch=True");
I fire event (for my alias, table and field)
but not any resultset or Current Search on page is catching this search.
please provide which options must be set made for views on page so that result set to be updated,
I hope this may help
does it need to add some custom event to result set?
thanks
Edited by: Ivan Ivanov on Aug 21, 2009 3:49 PM -
SAP Portal Network - WebDynpro iView and SAP Application iView sharing
Hello All,
I've read about the restrictions in SAP Portal supporting the WSRP standard for application sharing. Mainly WebDynpro iViews and SAP application iViews sharing is not supported. That is in the case of a SAP Portal as producer and Non-SAPPortal as consumer.
I'm interested in a WebDynpro iViews and SAP application iViews sharing in a only-SAP Portals Network, where SAP Portals act as producer and consumer.
I've heard about the Remote Role Assignment and Remote Content Copy that are used in such case. I would like to ask if anyone knows if these can help overcome the restriction in sharing WebDynpro iViews and SAP application iViews that is present with WSRP? And if the advantage of WSPR, that is the application execution and rendering on the producer side, and as follows decreasing of bandwidth usage, is remaining in the case of the Remote Role Assignment and Remote Content Copy.
Thanks,
MladenHi Manish,
for sharing content between SAP and non-SAP Portals, your case, refer to
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/23fb36cad10d23e10000000a1553f7/frameset.htm
All the possibilities and restrictions of WSPR in the case of SAP EP are explaind there.
For sharing content between only SAP Portals refer to my other thread:
Portal Network - Content Sharing
Hope it helps you!
Mladen -
Authentication and Authorization question.
Hi All,
I require your help in getting validated my understanding on Authentication and Authorization. This is wrt to WebLogic Server and WebLogic Portal.
Authentication.
1. The custom authentication provider can authenticate(user and group) against any datastore(LDAP OR DB). The LoginModule is a kind of blockbox and it can return true/false depending on authentication.
2. The end result of this process is true/false.
Authorization.
1. The custom authorization providers can authorize the authenticated user based on role. All these entities ie(user,group,role) can be either in LDAP OR DB.
2. The end result of this process is true/false.
Role mapping.
1. The custom role mapper can put all the roles that a user belongs and returns all Role. This can happen agaist LDAP OR DB.
2. The end result is list of roles for a user.
Security policy configuration.
Is it mandatory that a user/group/role should be existing in WebLogic Server LDAP server(OR Portal LDAP server) to create these policies and authorization rules. What i mean by is that can user,group,role can exist in application specific database and still can be used for creatiing security policies??
Thanks,
Prashanth Bhat.The Security Providers are useful/can be used for developing a standard j2ee application , which will be deployed as standard j2ee application.
The DA means Delegated Administrator, which is way how portal components are restricted to different types of administrators.
The VE means Visitor Entitlemens, which is way how portal components are restricted to end users.
My question is whether thess(DAs and VEs) can also be put
our datastore for access rights??
Thanks,
Prashanth Bhat.
Maybe you are looking for
-
Unable to run Memory profiling, help please
Hi there, I installed the lastest version of JDeveloper 10 and created a very simple project(only have one class with Main()method) for testing purpose. I configure the Profiler in Project Properties page, setting the class as included instance, howe
-
I want to setup family sharing on my macbook pro
I have a Macbook pro running 10.9.5 and i was invited for family sharing from one of my family members, i got the email and everything and when I click View Invitation it takes me to this website https://www.icloud.com/family_sharing/ and it doesnt g
-
Printing with xsql and css or xsl and fop
How to incorporate css or css2 with xsql? I want some sample files. What is FOP? How can we use it for printing and print view
-
Problem related to the start of the application servers
Hello, I have a WebLogic 12c domain composed of an administration server, an soa/bpm managed server and an OSB managed server. They aren't clustered. In order to start the servers I'm using Node Manager. So, I thought to start the admin server and, a
-
Multiple UUT Testing Over Temp - Which Thread or Process Should Control the Chamber?
I am using TestStand 3.5 to write an automated system that can test up to 4 UUTs inside a temperature chamber. If any of the UUT's fail, the user will have the option to abort the UUT test and either leave the test socket empty or add a new UUT in i