Com.waveset.util.WSAuthorizationException: Modify access denied to Subject

Similar Messages

• WSAuthorizationException: Create access denied to Subject......

  I am running a Flat File Active Sync process using FlatFileSync Adapter to load users with custom FlatFileActive Sync Form and using a custom pre-poll Create User Workflow process .
  Do anybody give some tips on this exception.
  2007-01-29T15:13:40.988-0500: result from submit (blank means no errors):
  2007-01-29T15:13:40.991-0500: Create access denied to Subject Requestor on User: PaulA.
  ThankYou.
  G

  If it's easy for you to do so, I would recommend installing the latest 8.1.0.x patch (8.1.0.14) and test again. I know there are bugs that relate to this functionality so I would advise you to rule those out first.
  8.1.0.14 can be obtained from My Oracle Support (MOS): http://support.oracle.com under the patches and updates tab.

• View access denied to Subject Reset on Policy

  Hi, there.
  I created a custom workflow so that anonymous user can launch the workflow, then start creating an account.
  During the workflow activity, the first form is asking user to enter the accountID of his/her choice, and the form has a validation logic to catch any conflict with the accountId policy. (for example, the accountID must be at least 4 character long)
  <Rule name='Validate String With AccountId Policy'>
  <Description>returns "true" if validation succeeded. returns error message if validation failed.
  </Description>
  <RuleArgument name='string'/>
  <block trace="true">
  <invoke name='checkStringQualityPolicy' class = 'com.waveset.ui.FormUtil'>
  <rule name='getCallerSession'/>
  <s>AccountId Policy</s>
  <ref>string</ref>
  <null/>
  <null/>
  <s>user</s>
  </invoke>
  </block>
  </Rule>
  The validation rule specified above works well if the form is used by the existing IDM admin user, however, this throws an exception when the form is used by the anonymous user.
  XPRESS <invoke> exception:
  com.waveset.util.WavesetException: Can't call method checkStringQualityPolicy on class com.waveset.ui.FormUtil
  ==> com.waveset.util.WSAuthorizationException: View access denied to Subject Reset on Policy: AccountId Policy.
  It seems like the anonymous user does not have any access right to Policy objects.
  Does anyone know how to get around this problem?
  In worst case, I can create another rule that is checking the string length, but I really wish I can take advantage of the built-in policy checking routine.
  Thanks for reading my post. :)

  Can you use the <RunAsUser> functionality within your rule?
  To use it you add this inside the <Rule>
  <RunAsUser>
  <ObjectRef type='User' name='Configurator'/>
  </RunAsUser>
  More information can be found in IDM FAQ.
  HTH..

• Com.waveset.util.JdbcUtil.queryRecords

  Hi,
  I am trying to use the com.waveset.util.JdbcUtil.queryRecords
  method to return a set of rows from a database table.
  The method returns a List of Maps, such as:
  <List>
  <Map>
  <MapEntry key='USERNAME' value='Peter'/>
  <MapEntry key='LAST_CHANGED' value='2007-08-09'/>
  </Map>
  <Map>
  <MapEntry key='USERNAME' value='Paul'/>
  <MapEntry key='LAST_CHANGED' value='2007-05-11'/>
  </Map>
  </List>
  where each <Map>...</Map> is a row from the databse table.
  Is it possible to write and expression to return
  the LAST_CHANGED entry, given the USERNAME?
  So for example, if the <List> above is assigned to a variable
  called 'records', I want to write something like:
  <ref>records[USERNAME=Paul]</ref>
  which would evaluate to:
  <s>2007-05-11</s>
  Does anyone know how to write this?
  The expression <ref>records[USERNAME=Paul]</ref> does not work.
  Thanks,
  John I

  This means that User u1xxx does not have the necessary scope and capabilities to modify user xyz

• Com.waveset.util.WavesetException: Missing view id; Missing Account ID

  Hi,
  I have some users in IDM provisioned to LDAP.
  I am now trying to find users and delete them thru the end user interface.
  When i enter the ID, and click search, i get this error
  "com.waveset.util.WavesetException: Missing view id.
  Missing Account ID"
  Here is my WF:
  <WFProcess name='Find WF' maxSteps='0'>
       <Activity id='1' name='Start'>
  <Transition to='Accept User ID'/>
  <WorkflowEditor x='43' y='10'/>
  </Activity>
  <Activity id='2' name='Accept User ID'>
  <ManualAction id='0' name='Enter User ID' timeout='60' syncExec='true'>
  <Owner>
  <ref>$(WF_CASE_OWNER)</ref>
  </Owner>
  <FormRef>
  <ObjectRef type='UserForm' id='#ID#CB00E29B1B211E5E:5673384:1141A79B1FE:-7FF3' name='Enter User ID Form'/>
  </FormRef>
  </ManualAction>
  <Transition to='getView'/>
  <WorkflowEditor x='191' y='10'/>
  </Activity>
  <Activity id='3' name='getView'>
  <Action id='0' name='getView' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='getView'/>
  <Argument name='id' value='$(accountId)'/>
  <Argument name='type' value='User'/>
  <Argument name='subject' value='configurator'/>
  <Argument name='authorize' value='true'/>
  <Return from='view' to='user'/>
  </Action>
  <Transition to='Delete User'/>
  <WorkflowEditor x='123' y='73'/>
  </Activity>
  <Activity id='4' name='Delete User'>
  <Action id='0' name='Delete' process='TaskDefinition:Delete User'>
  <Argument name='type' value='User'/>
  <Argument name='accountId' value='$(accountId)'/>
  </Action>
  <Transition to='End'/>
  </Activity>
  <Activity id='5' name='End'>
  <WorkflowEditor x='508' y='10'/>
  </Activity>
  Not sure what the mistake it. Can somebody point out pls?
  Thanks,

  cutepaddy
  Thanks for ur reply. However, it was not of much help.
  The problem now is that, i dont get the suspended case workitems error anymore but, the WF is not doing what it's suppoed to do, i.e., delete the users. The dump shows that all activities and actions are being executed correctly, however, the user still is not deleted. Here are my updated forms and WF
  Form 1:
  Configuration id='#ID#CB00E29B1B211E5E:5673384:1141A79B1FE:-7FF3' name='Accept User ID Form' lock='Configurator#1186027075593' creator='Configurator' createDate='1185855280921' lastModifier='Configurator' lastModDate='1186026775578' lastMod='354' wstype='UserForm'>
  <Extension>
  <Form name='Accept User ID Form' baseContext='variables' objectLocationID='objectName=Accept+Store+ID+Form&isBegin=true&objectPath=0&objectType=UserForm'>
  <Display class='EditForm'>
  <Property name='title' value='Find ID Form'/>
  </Display>
  <Field name='view.waveset.accountId'>
  <Display class='Text'>
  <Property name='title' value='Enter User ID'/>
  <Property name='size'>
  <Integer>20</Integer>
  </Property>
  <Property name='maxLength'>
  <Integer>10</Integer>
  </Property>
  </Display>
  <Validation>
  <cond>
  <not>
  <invoke name='testUser' class='com.waveset.ui.FormUtil'>
  <ref>:display.session</ref>
  <ref>view.waveset.accountId</ref>
  </invoke>
  </not>
  <s>Not Exist</s>
  </cond>
  </Validation>
  </Field>
  <Field name=':complete'>
  <Default>
  <s>true</s>
  </Default>
  </Field>
  </Form>
  </Extension>
  <MemberObjectGroups>
  <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
  </MemberObjectGroups>
  <Properties>
  <Property name='editorOriginalName' value='Accept User ID Form'/>
  </Properties>
  </Configuration>
  Form 2:
  <Configuration id='' name='Search Results Form' lock='Configurator#1186027075593' creator='Configurator' createDate='1185855280921' lastModifier='Configurator' lastModDate='1186026775578' lastMod='354' wstype='UserForm'>
  <Extension>
  <Form name='Seach Results Form' baseContext='variables' noDefaultButtons='true'>
  <Display class='EditForm'/>
  <Field name='MatchTable'>
  <Display class='SimpleTable'>
  <Property name='columns'>
  <List>
  <String>Title</String>
  </List>
  </Property>
  </Display>
  <FieldLoop for='accountId' in='view.waveset.accountId'>
  <Field name='XYZ'>
  <Display class='Checkbox'>
  <Property name='Label' value='$(accountId)'/>
  </Display>
  </Field>
  </FieldLoop>
  <Field name='deleteuserbutton'>
  <Field name=':complete'>
  <Default>
  <s>true</s>
  </Default>
  </Field>
  <Field name=':formButton' button='true'>
  <Display class='Button'>
  <Property name='command' value='Save'/>
  <Property name='value' value='Continue'/>
  <Property name='label' value='Delete'/>
  </Display>
  </Field>
  <Field name='formButton'>
  <Expansion>
  <ref>:formButton</ref>
  </Expansion>
  </Field>
  </Field>
  </Field>
  </Form>
  </Extension>
  <MemberObjectGroups>
  <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
  </MemberObjectGroups>
  <Properties>
  <Property name='editorOriginalName' value='Accept User ID Form'/>
  </Properties>
  </Configuration>
  WF:
  <TaskDefinition id='#ID#CB00E29B1B211E5E:5673384:1141A79B1FE:-7FDC' name='Find User WF' lock='Configurator#1186881293625' creator='Configurator' createDate='1185857988234' lastModifier='Configurator' lastModDate='1186880993625' lastMod='185' taskType='Workflow' executor='com.waveset.workflow.WorkflowExecutor' suspendable='true' syncControlAllowed='true' execMode='sync' execLimit='0' resultLimit='0' resultOption='delete' visibility='runschedule' progressInterval='0'>
  <Extension>
  <WFProcess name='Find User WF' maxSteps='0'>
  <Activity id='0' name='Start'>
  <Transition to='Accept User ID'/>
  <WorkflowEditor x='99' y='47'/>
  </Activity>
  <Activity id='1' name='Accept User ID'>
  <ManualAction id='0' name='Enter User ID' timeout='60' syncExec='true'>
  <Owner>
  <ref>$(WF_CASE_OWNER)</ref>
  </Owner>
  <FormRef>
  <ObjectRef type='UserForm' id='#ID#CB00E29B1B211E5E:5673384:1141A79B1FE:-7FF3' name='Accept User ID Form'/>
  </FormRef>
  </ManualAction>
  <Transition to='Display Results'/>
  <WorkflowEditor x='183' y='45'/>
  </Activity>
  <Activity id='2' name='Display Results'>
  <ManualAction id='0' name='Results' timeout='60' syncExec='true'>
  <Owner>
  <ref>$(WF_CASE_OWNER)</ref>
  </Owner>
  <FormRef>
  <ObjectRef type='UserForm' id='#ID#CB00E29B1B211E5E:-435E4C45:114554237BF:-7F8B' name='Search Results Form'/>
  </FormRef>
  </ManualAction>
  <Transition to='Delete User'/>
  <WorkflowEditor x='266' y='99'/>
  </Activity>
  <Activity id='3' name='Delete User'>
  <Action id='0' name='Delete' process='TaskDefinition:Delete User'>
  <Argument name='type' value='User'/>
  <Argument name='accountId' value='$(view.waveset.accountId)'/>
  </Action>
  <Action id='1'>
  <expression>
  <block name='dump2'>
  <invoke name='dumpFile'>
  <invoke name='getTask'>
  <ref>WF_CONTEXT</ref>
  </invoke>
  <s>c:\dump.xml</s>
  </invoke>
  </block>
  </expression>
  </Action>
  <Transition to='End'/>
  <WorkflowEditor x='411' y='101'/>
  </Activity>
  <Activity id='4' name='End'>
  <WorkflowEditor x='529' y='121'/>
  </Activity>
  </WFProcess>
  </Extension>
  <MemberObjectGroups>
  <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
  </MemberObjectGroups>
  <Properties>
  <Property name='editorOriginalName' value='Find User WF'/>
  </Properties>
  </TaskDefinition>
  Thanks in advance for ur help

• Com.waveset.util.WavesetException: User object null has no cache

  In the anonymous context i receive this error when i try and run the PasswordGenerator.
  com.waveset.provision.PasswordGenerator com.waveset.util.WavesetException: User object null has no cache, it cannot resolve the reference to ObjectGroup object Top.
  It works fine when i run it logged in as an end user or admin. Any ideas

  Yes you are correct i am in as an anonymous user trying to create a forgot password workflow. I was having issues with the password Generator because it required a WSUser object and in other posts it stated you could pass in a null object. However, in the anonymous context you cannot do that so once i discovered the account id in my workflow i had to call getObject for type User with the account id and pass that into the generate password method.
  Then it worked.
  Thanks

• Com.waveset.util.configurationerror :..

  hi..
  i get an error while instaling the IDM 7.1
  with oracle repo ...
  com.waveset.util.configurationerror :.. network adapter could not establish connection : sql exception
  any suggestions as how to proceed and wats the error??

  Your oracle configuration is incorrect. The service isn't running or you some wrong information specified somewhere.
  See http://forum.java.sun.com/thread.jspa?threadID=512566

• Com.waveset.util.ConfigurationError: Cannot find columns for table 'object'

  I am trying to install IDM on my own laptop and use MS SQL Server 2000 as the repository. I run the create table scripts, copy all the jar files to C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\Idm\WEB-INF\lib. But I still got the following error message:
  com.waveset.util.ConfigurationError: Cannot find columns for table 'object' ==>com.microsoft.sqlserver.jdbc.SQLServerException: Invalid object name 'object'
  Does anyone have any idea of what may cause this problem?
  THANKS!

  I found the solution to this issue.. is that the Database user ID must be set to the schema .. this is the statment that probably did not work:
  CREATE USER <username> FOR LOGIN <login name> with DEFAULT_SCHEMA = <database name>
  In sql 2005 expand the database... open security .. find the user.. right click and select properties.. in the default schema box.. select the SunSync database .. in the schemas owned by this user select the sunsync schema database..
  good luck

• View access denied to Subject .. on ProvisioningTask: Worflow

  Good Morning!
  I am using Identity Manager 8.1, I am creating a Workflow for end users but I have the next error when I am ejecuting the work flow, "View access denied to Subject .. on ProvisioningTask: Worflow".
  The next is the activity:
  <Activity id='1' name='Get Requester View'>
  <Action id='0' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='getView'/>
  <Argument name='type' value='User'/>
  <Argument name='id'>
  <ref>accountId</ref>
  </Argument>
  <Argument name='authorized' value='true'/>
  <Argument name='options'>
  <Map>
  <MapEntry key='noFetch' value='true'/>
  </Map>
  </Argument>
  <Variable name='view'/>
  <Return from='view' to='user'/>
  </Action>
  <Transition to='Is Requestor a Manager'/>
  <WorkflowEditor x='62' y='21'/>
  </Activity>
  Any body can help me? Where is the error?.
  ATTE: Felipe Forero

  Have you added you new workflow to end user tasks ?

• View access denied to Subject  on TaskDefinition:

  I cloned an existing workflow and just changed the name of the task definition and imported into IDM.
  when I tried to execute it I am getting the following error message
  View access denied to Subject xxxxxon TaskDefinition: DSRS - New Request-new2.
  Any ideas?

  If you are trying to run a workflow in the User Interface, you'll need to add your workflow into the End User Tasks configuration file.
  Best,
  Aidy
  httpp://www.waveset.allidm.com

• URGENT - ACTIVESYNC - Create access denied to Subject XYZ

  I am running a flatfile activeSync. Adapter stautus indicates .. Executing. When i look at the ActiveSync log file all, I can see all the mapped attributes being pulled in correctly. But no user is created in IDM. The log file shows 'Create Access Denied to Subject Configurator on User:<accountid>.
  I have tried to run activesync using other activesync proxy users with all admin rights and Configurator. Still the same error.
  Why? How do I fix it?
  Thank you in advance for your help.

  when u choose "assign resource" option, you will see this problem.
  Usually the active Sync Polled accounts does not require a resouce name in user objects.
  Hope I am making sence
  --sFred                                                                                                                                                                                                                                                                                                                                                                                           

• SIM 7.1 Trouble... "View access denied to Subject Configurator"

  I am getting "View Acces denied to Subject Configurator on Configuration: Tree Table Library" in the Admin user interface when navigating to the "Accounts" tab, and the "Resources" tab. Other Configuration objects in the Admin User Interface are also giving me a similar error (same error just a different Configuration object). This started happening after a server restart. The app server is Sun Java System Application Server 9.1_02. Let me know if anyone has come across this before or if more info is needed. Thanks.

  I can't imagine how that would cause such a change. Something else that was done previously must have finally committed when the app server was finally restarted.
  Generally speaking I would really recommend that you upgrade to IDM 7.1.1 and then apply the latest patch, which is 25, for a resulting 7.1.1.25.
  Specifically, that error usually relates to some kind of organizational control issue surrounding Top - but I am not sure off the top of my head.

• When will we get a com.waveset.util.smtp interface?

  Hellos.
  Are there plans to expose smtp methods to the XPRESS invoke?
  Many times is there a need to fire off an email from a FORM rather than a WorkFlow. At present it is impossible. Dont forget, a WorkFlow may also use these methods.
  Sending email is quite straightforward, just writing bytes to a Socket. However, writing own code and adding it to IDM is NOT the way forwards. The fundamental methods should be available within the IDM product.. jdbc is, why not smtp?
  GF

  I put your postcode in link below however if this was right I don’t think
  you would be posting, if you have current problem you may like to post your
  router stats and BT speed test for others to offer some advice.
  https://www.btwholesale.com/pages/static/Community/Broadband_Community/Coverage/ADSL_Availibility_Ch...#
  Mortgage Advisor 2000-2008
  Green Energy Advisor 2008-2010
  Charity Health Care Provider Advisor 2010-
  I'm alright Jack....

• View access denied to Subject  on a Rule error: - what does it mean?

  I get this red error message when I attempt to validate a field on a form.
  I am logged in as mailadmin and I am using his default form. When I edit and save a user, I want to ensure that the mail username is unique.
  I wrote a rule which compares the username entered on the form against all present IdM accountIds (queriable attribute 'name'). The rule has a <RunAsUser> section and the rule runs as id 'Configurator'
  What is the trick here to allow mailadmin View access?
  I want an admin (not Configurator) to be able to list all IdM objects so I can apply the Attribute condition startswith for all present IdM accountIds. I believe it should be possible.
  Any hints gratefully accepted

  I've had problems with a rule that was unaccessible to end users. here is what I had to change in the rule :
  <Rule authType='EndUserRule'
  <ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
  now it works

• Checkout view  method- access denied error

  It works fine, When tried to get the user view and can print the values. When tried to checkout view it throws error
  com.waveset.util.WSAuthorizationException: View access denied to Subject unit1manager1 on User: unit1user1.
  com.waveset.util.WSAuthorizationException: Modify access denied to Subject unit1manager1 on User: unit1user1.
  <Action id='1' name='checkoutView' application='com.waveset.session.WorkflowServices'>
    <Argument name='op' value='checkoutView'/>
    <Argument name='type' value='User'/>
    <Argument name='id'>
      <ref>selectedCCEmp</ref>
    </Argument>
    <Argument name='authorized' value='true'/>
    <Return from='view' to='employee'/>
  </Action>
  Also tried with and with "authorized" argument
  I tried giving all the capabilities to the manager via admin role still same error. All the users are in the top level of the firm. The controlled organization rule (edit org) and user member rules (edit admin role) dictates the organization structure and members with then the org.
  Thanks in advance
  Sasanka

  I think you want to add the subject argument. Example set subject to Configurator and it should work.