CUIC Scheduler user access issue

Similar Messages

• WebLogic 10.3.0 WLI Domain - Microsoft AD administrator user access issue.

  Hi SOA Experts,
  We are facing issue of getting noaccess exception on console (below) when doing datasource testing using Microsoft AD administrator user. The same works fine when testing using WLS embedded LDAP administrator user in WLI domain. In plain WLS 10.3.0 domain (without WLI) with same Microsoft AD configuration they do not see this issue, they are able to successfully test data source using both embedded WLS administrator and Microsoft AD administrator user.
  I enabled security ATN and ATZ debug flags and below is my observation.
  In plain WLS 10.3.0 domain I see that default weblogic administrator user in embedded LDAP is part of administrators group. Microsoft AD administrator user is part of Administrators group from MS AD.
  Whereas in WLI domain I see that default weblogic administrator user is part of Administrators & IntegrationAdministrators groups. In WLI domain Administrators group is again part of IntegrationAdministrators group (below is debug logs).
  Below is Plain WLS Domain Debug log
  ####<Dec 6, 2010 5:20:14 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)
  '> <<WLS Kernel>> <> <> <1291674014123> <BEA-000000> < Subject: 2
  Principal = weblogic.security.principal.WLSUserImpl("weblogic")
  Principal = weblogic.security.principal.WLSGroupImpl("Administrators")
  Below is WLI Domain Debug Log
  <> <1291669863989> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
  ####<Dec 6, 2010 4:11:03 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
  <> <1291669863989> <BEA-000000> < Subject: 3
  Principal = weblogic.security.principal.WLSUserImpl("weblogic")
  Principal = weblogic.security.principal.WLSGroupImpl("Administrators")
  Principal = weblogic.security.principal.WLSGroupImpl("IntegrationAdministrators")
  The issue of Microsoft AD administrator user not able to test datasource in WLI domain seems to be happening because of IntegrationAdministrators group which comes by default with WLI domain (in plain WLS domain we do not have this group). Looks like the datasource which is being created in WLI domain seems to be being treated as WLI resource and user accessing it is being checked if it part of IntegrationAdministrators group. In this case weblogic default administrator user is part of IntegrationAdministrators, for which we do not see issue where as Microsoft AD administrator user which is not part of IntegrationAdministrators seems to be having problem.
  Below is snipper of Microsoft AD administrator user in Debug logs
  ####<Dec 6, 2010 4:13:31 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
  <> <1291670011687> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
  ####<Dec 6, 2010 4:13:31 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
  <> <1291670011687> <BEA-000000> < Subject: 2
  Principal = weblogic.security.principal.WLSUserImpl("MSADAdminUser")
  Principal = weblogic.security.principal.WLSGroupImpl("Administrators")
  Also one more observation about datasource which is created is in plain WLS & WLI domain created datasource resource type is shown as “jdbc” which is expected, but in addition in WLI domain I observe that created datasource resource type is marked as JMX and DS is being considered as application (below), not sure if this has something to do with the issue.
  Below is WLS domain debug log, below you can see that datasource is being treated as JDBC resource which is expected.
  ####<Dec 6, 2010 5:21:03 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1291674063776> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Resource=type=<jdbc>, application=, module=, resourceType=ConnectionPool, resource=testDS, action=reserve>
  Below is WLI domain debug log, below you can see that datasource is being treated as application and it says resource type as JMX
  ####<Dec 6, 2010 4:12:17 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1291669937755> <BEA-000000> < Resource: type=<jmx>, operation=get, application=testDS, mbeanType=weblogic.j2ee.descriptor.wl.JDBCDataSourceBean, target=Name>
  I created user in embedded LDAP in WLI domain with same name as MS AD administrator user and assigned it to Administrators group, that obviously works but is not acceptable solution.
  Below is exception thrown on console when testing datasource using Microsoft AD administrator user.
  weblogic.management.NoAccessRuntimeException: Access not allowed for subject: principals=[MSADAdminUser, Administrators], on Resource weblogic.management.runtime.JDBCDataSourceRuntimeMBean Operation: invoke , Target: testPool at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:205) at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222) at javax.management.remote.rmi.RMIConnectionImpl_1030_WLStub.invoke(Unknown Source) at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978) at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544) at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380) at $Proxy92.testPool(Unknown Source) at com.bea.console.actions.jdbc.datasources.testjdbcdatasource.TestJDBCDataSource.begin(TestJDBCDataSource.java:114) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:870) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306) at
  - BoyelT

  This issue has been resolved.
  The problem of Microsoft active directory administrator user not able to test the datasource in WLI domain is caused because of IntegrationAdministrators group & IntegrationAdmin role which comes in WLI domain. Assigning the Microsoft Administrator group to IntegrationAdmin role from WebLogic console has resolved the issue.
  Below are steps for assigning the MS AD administrator group to IntegrationAdmin role from console in WLI domain.
  ======================================================
  - Login to console and click on "Security Realms" and "myrealm"
  - Go to "Roles and Policies" tab and expand "Global Roles" tree and "Roles" tree view under it.
  - Click on "View Role Conditions" link for "IntegrationAdmin" role.
  - Click on "Add Conditions" button select Group (default) for "Predicate List" drop down box and click Next button.
  - Specify MS AD admin group name for "Group Argument Name" text box and hit on Add button.
  ======================================================
  - BoyelT
  Edited by: BoyelT on Dec 20, 2010 1:36 PM

• New user access issue

  i have one business user which i have added through EAS and this user is in MSAD and added into one of the group in Native directory. This users group has access to planning application provision and i can see him in this group and has access to the planning application. but when he tries to connect through essbase addin he can not connect to the planning databse.
  Thanks in advance for the reply.

  I am using the planning version 9.3.1 and first i tried to add the user from EAS and update the security but when user complained about the access i went to shared service and first remove him from the group refreshed the security and then i add him in the group from the shared service. the other users in the same group dont have any problem and this user can access other database but he can not connect to the specific one database only. Also the error says that user has not permitted access to the database.
  Thanx john.

• LDAP/OID Users granting other users access issue

  Hi,
  I have created 4 users (User1, User2, User3, User4) and 2 groups (Group1 and Group2)
  User1 is the Group1 owner and User2 is a member of Group1
  User3 is the Group2 owner and User4 is a member of Group2
  I have made both groups private.
  I have given User2 manage privilege on a portal page and have logged in as User2 and edited the page.
  When User2 tries to Grant access to the page, they can see all the users in the OID ie User1, User3, User4, Portal etc
  My thoughts were that User2 would only be able to grant access to other users in his group(s).
  Basically, I want to be able to control which users a user can grant access to on a page. Is this possible?
  Thanks
  Joel.

  What about SSL or LDAPS !
  Can't seem to find any java examples which would support services of type:
  ldapbind -U 1,2 for java API !

• SAP Business One 8.81 PL08 Mobile APP CRM Standalone User Access issue

  Dear All
  Is any facing the problem of Mobile application user with CRM Standalone license ,this user always has a permission denied problem (he is assigned all the licenses required .and authorization on the SAP is full .  SSL certificate is installed ). I have installed the troubleshooting (.zip) file which dosent show up the panel .
  Any Idea how to resolve?
  Regards
  Dayal

  Hi Dayal,
  well, it is neither recommended, nor tested or supported. Such installation attempt would go on your own responsibility. Of course you can try if, for example, a newer version from 8.82 works here, but this should be tested extensively, depending on how other processe are based on it.
  Actually your 8.81 PL08 should not have reported problem since B1if version 1.10.0 should have been included in this package and last update action, maybe you can check here again.
  In general, we recommend you upgrade to version 9.1 currently, unlike version 8.81 this version is in maintenance and offers all improvements, new features and bugfixes from the last 3,5 years.
  I'm sure it's worth to consider a general upgrade.
  I wish you success!
  Best, Peter

• Multiple SAP User Access Issue?

  Dear Expert,
  SQL Express 2005
  Wndows Server 2003
  Client PC RAM 1GB
  Server RAM 16GB
  SAP Version 8.8 PL15
  14 Store Procedure
  When multiple user connected with SAP (Logedin) at that time any user add any SAP document then all remaining user hanged approx 2 min after successfully add all user working normally.
  Please Suggest me as early as possible
  Thanks,
  Srujal Patel

  Hi Srujal.......
  This is purely due to heavy customization may be thorugh Addon or through Stored Procedure.
  Try nullifying effect of these 14 Stored Procedures and DC Addons if any and then ask users to add the documents. I am sure they wil work normally. This may happen because of FMS also.......
  Regards,
  Rahul

• SuperUser access issue

  Hi guys,
  Just a critical issue that I'm trying to resolve, but i'm starting to turning in round...need help ...
  After a big crash reinstalling and restoring data on a new SUN Sparc Sol10_patched 118222-30. I've got an Super User access issue.
  Even if I'm logged in Super User I do not have Super User right. As an exemple as I can create files but I cannot move or copy those. When i start some application I cannot managed it because I do not have Super User right.
  Does any one have an idea?
  Tks
  Cheers

  Make sure you able to connect the db using command prompt or just ping <tnsname>
  In connection pool use hostname:port/ServiceName
  if helps mark
  ~ http://cool-bi.com

• Financial reporting 11 1 2 2 Access issue for a user

  Hi All,
  I have a report designer group for Financial reporting 11.1.2.2. I have created a group called FR_GROUP in HSS and provide them the report designer access and added three MSAD users.
  Now as admin we have a created a folder in workspace called FR and gave the group FR_GROUP Full acces to this folder FR.
  Now the issue is the MSAD user who created the repot in FR folder can see the reports and open them and also the admin user but the other two MSAD users cant see the reports.
  Any ideas how to fix this access issue?
  Thanks,

  Hi,
  Try provisioning the FR_GROUP with Explorer role. Just in case here is the whole list of Reporting and Analysis Roles:
  http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200/apas04.html
  Cheers,
  Mehmet

• Multiple simutaneously logged in users accessing AFP home directories?

  Hi,
  Many of our problems are described in this guy's blog:
  http://alblue.blogspot.com/2006/08/rantmac-migrating-from-afp-to-nfs.html
  The basic capability we want is to have multiple simultaneously logged in users to have access to their AFP mounted home directory, which is configured in a sane, out-of-the box setup using WGM and Server Admin.
  Multiple user access could take the form of FUS (fast user switching), or simply allowing a user to SSH into a machine that another user is already logged into and expect to be able to manipulate the contents of her home directory.
  From my extensive searches, I have no reason to believe this is currently possible with 10.4 Server and AFP.
  (here's the official word from apple: http://docs.info.apple.com/article.html?artnum=25581)
  I've read that using NFS home directories will work, though.
  I want to believe that Apple has a solution for this by now (it's been almost a year since we first had difficulty), or at least a sanctioned workaround. If Apple doesn't have one, maybe someone else has come up with something clever. I find it hard to believe that more people haven't wanted this capability! (not being able to easily search the discussion boards doesn't help, though...)
  Thanks for your help!
  Adam

  Parallels Issue. Track at http://forum.parallels.com/showthread.php?p=135585

• Service Desk User access

  Hi Experts,
  I want my service desk users login on Solman and they can update Msg status and ther remarks.
  so what are auth. object needs on there profile, please suggest.
  Can we block users access in such a way , they are not able to do add change on other users issue msg.
  bcoz , if i give access on crm_dno_monitor to any user, he may access and process all issue tickets.
  Thanks
  Andrew

  Andree,
  Actually we provide variants for crm_dno_monitor.
  so they have option of seeing only tickets belonging to themselves only
  For e.g create a variant of crm_dno_monitor by choosing mine and then save it and create a ztcode in se93 for the same.
  assign this tcode for the user menu to the respective role of the user.
  So whn this user logs in and click on the link he sees only mine tickets or tickets belonging to him..he doesnt hav access to crm_dno_monitor.
  Pls assign pts.

• Way to allow the user access to the saved lists of this Z report

  We have a Z report that we want to run at midnight each Sunday and then view the output/layout first thing Monday morning. We can schedule the report to run but it appears that the only way we can save the output as a 'file' for later viewing is by using the "Save with ID" option, which puts the output into a SAP 'saved list'.
  The problem with this is that it doesn't appear to be possible to access that list from the Z-report - it would appear that you have to go into SQ01 and use the 'saved list' button. This means giving the Z- report user access to SQ01 as well as Z-report, which, for security (SOD) reasons we don't want to do.
  We can run the report in foreground with the output option "File store" and save the output as a file to a specified location,. But this option doesn't appear to be available when the report is scheduled as a background job. If this is done, the background job runs but there's no output anywhere, as far as we can tell.
  So what want is to run the report in background but with the output option 'File store' or equivalent (i.e. an output stored somewhere that the report user can view). Is this not possible, or have we missed something in setting up the report run?
  Or is there a way to allow the user access to the saved lists of this Z report without giving them T-code SQ01?
  Thanks

  Hi !
  I just wonder if the answer from Varishtb below did solve your propblem.
  I have exactly the same problem as you. I also want to be able to look at the saved list without using the sq01.
  If you solved it I will be grateful to get the solution.
  regards Lars
  answer:
  You can call the infoset query directly from a transaction code. There's
  no need to copy it as a 'Z-report' (or as a custom report). In fact,
  everytime you're copying an infoset query to a report, you're calling
  for problems the next time you face an upgrade. (That is because SAP
  changes the internal logic used to handle the infosets queries from
  version to version)
  We're using some infoset queries and they work fine this way.

• User Access Code

  I have a new LaserJet 600 M602 networked to Windows 7 64 bit PC.  I have no recollection of setting a user access code on the printer.   How can I get past the User Access Code to check print cartridge status, etc.?  Or is there a factory default code on new printers?  Thanks, Earl-41

  I am sorry, but to get your issue more exposure I would suggest posting it in the commercial forums since this is a commercial printer. You can do this at Printers - LaserJet.
  Click on New Post.
  I hope this helps.
  Thank You.
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
  Gemini02
  I work on behalf of HP

• Missing a User access in the log-on picture

  Lacks a user access to log on picture after start-up in Yosemite. In user administration there has been created two user entries - an administrator and a normal access. The normal access is not visible from the log on picture, and it is only possible to access through the visible user (Adm.) and then switch the user by switching in the upper right corner!!!
  Wish, possible for all users to log on from the boot up image.     (Adm - Normal - Guest access)

  same issue:
  retina MacBookPro mid2012. Clean install of OS X Yosemite 10.10
  I'm randomly missing an account at login screen after reboot.
  Sometimes I can fix it with booting into my initial account 'Kevin' (userid 501) and then changing to different login 'Christina' (userid 502).
  But if I log out from my account, the second account is missing. Same if I do a reboot.. This have me in stitches as I ofcause has the need for privacy from each account.
  Both accounts are set up as admins, guest is deactivated.
  rMBP 16gb sep2012.
  userid 501:
  home directory: /Users/Kevin
  userid 502:
  home directory: /Users/Christina
  apart from that... I have loads of problems with Bluetooth, and hand-off only working 1 way (5s with 8.1) where only iOS -> OS X works, not vice-versa.

• Unable to view pdf created in Live Cycle Designer ES2-initially thought to be a user/OS issue

  Unable to view pdf created in Live Cycle Designer ES2.  I initially thought this was a user / OS issue when I created a document for someone who is new to a MAC laptop.  She could not view the document through email.  Unfortunately, I began seeing the same error in my own document folders when searching for another document showing as icons instead of a list.  I can open the file without a problem although I see the error she sees only while viewing the icons in my folder.  I am using a Windows 7 PC. Now, I also know that if the document is downloaded, it can be viewed.
  Other notes:
  If trying to access the form via the internet, the same error is seen through Chrome, Firefox, and Mozilla but NOT through IE
  Everyone seems to have the latest or a very recent READER
  The form is compatible with Reader versions 7 and up
  Again, downloading from the internet to the computer appears to allow the file to open properly
  Document cannot be viewed on the Galaxy Tab 2 via Chrome or the pre-installed Internet Browser, nor can it be viewed through the Reader after download to tablet. I did not try on an Apple iPad.
  All parties involved are up-to-date with virus protection.
  Below is a link to the exact message received when trying to open the document.
  https://www.dropbox.com/s/wmjqzwyriovg9vi/Adobe%20Error.pdf

  You're on to something KJ!  Yes the form was created in LiveCycle Designer ES2 which came bundled with my Adobe X Pro.  I began creating a new form yesterday and found that I could not preview the form, rendering this same "error" instead.  I ran a repair on my Adobe and at first it seemed to fix the issue but after making some changes to the form I tried to preview again and couldn't.  Here is what I get when I try to preview my forms in Designer ES2: 
  When I click the OK button, it then gives me that single static page as mentioned above in previous posts.
  I searched Adobe yesterday trying to figure out how I could repair the LiveCycle Designer or if there was some sort of patch that I haven't gotten but was not able to find anything.
  (Sorry for the delay in response, I've been on vacation.)
  Message was edited by: AngelaC

• Unable to view pdf - initially thought to be user / OS issue for new user to MAC.

  Unable to view pdf created in Live Cycle Designer ES2.  I initially thought this was a user / OS issue when I created a document for someone who is new to a MAC laptop.  She could not view the document through email.  Unfortunately, I began seeing the same error in my own document folders when searching for another document showing as icons instead of a list.  I can open the file without a problem although I see the error she sees only while viewing the icons in my folder.  I am using a Windows 7 PC. Now, I also know that if the document is downloaded, it can be viewed. 
  Other notes: 
  If trying to access the form via the internet, the same error is seen through Chrome, Firefox, and Mozilla but NOT through IE
  Everyone seems to have the latest or a very recent READER
  The form is compatible with Reader versions 7 and up
  Again, downloading from the internet to the computer appears to allow the file to open properly
  Document cannot be viewed on the Galaxy Tab 2 via Chrome or the pre-installed Internet Browser, nor can it be viewed through the Reader after download to tablet. I did not try on an Apple iPad.
  All parties involved are up-to-date with virus protection.
  Below is a link to the exact message received when trying to open the document.
  https://www.dropbox.com/s/wmjqzwyriovg9vi/Adobe%20Error.pdf

  Sorry, this is a user to user forum and we're just customers who help out when we can, so things don't always happen right away.
  Reader, Regardless of OS or device, is as the name implies, only a Reader.  There are different mail settings between Mac Mail Outlook and Thunderbird as well as Andsroid's mail app, whose name escpoaes me.
  Have you checked in the Live Cycle Forum? There are people there with FAR more experience using LC developed forms. It's part of my Creative Suite, but I've never even opened it myself.