End User Rule View Access Denied

Similar Messages

• End User Rules

  Hi Experts,
  When I wanted the end users to have access to a Rule, I'm used to add the rule name to the endUserAccess Attributes in the SystemConfiguration object. And it works fine.
  But the FAQ page in Sun IDM partner space says that if you specify ur rule as follows,
  <Rule authType='EndUserRule'.....>that rule will be accessible by the end user. But this does not work for me. I'm getting the same error id. view access denied for subject blah blah.
  Did any body try this ? Or if you have any other idea to give the end users have access to rules please share it.
  Regards,
  Biju

  Make sure to set both the authType as well as the MemberObjectGroups. Here's an example:
  <Rule name='testRule' authType='EndUserRule'>
      <block>
          <s>Test</s>
      </block>
      <MemberObjectGroups>
          <ObjectRef type='ObjectGroup' name='All'/>
      </MemberObjectGroups>
  </Rule>

• View access denied to Reset on task definition

  Hi,
  We are facing a weird issue. We have an end user task which we trigger directly from a web page of a different application. The URL for task launch is something like this : https://mycomany.com/idmcs/user/processLaunch.jsp?id=Self+Service+Password+Reset+Registration&op_appid=csi.
  If we open a new browser window and copy paste this URL and hit enter, it takes to /user/login.jsp. We input the user credentials and submit, it triggers the task.
  But the behavior is different if we do the following:
  1. Open a browser window, access anonmain.jsp (https://mycomany.com/idmcs/user/anonmain.jsp)
  2. It routes to anonlogin.jsp (https://mycomany.com/idmcs/user/anonlogin.jsp) and asks for anononymous user name
  3. We input some junk user name submit. It takes to anonmain.jsp.
  4. Now in the same browser window if we copy past the processLaunch URL (https://mycomany.com/idmcs/user/processLaunch.jsp?id=Self+Service+Password+Reset+Registration&op_appid=csi) and click submit, it ideally should route to login.jsp.
  Instead it throws the view access denied error : "View access denied to Reset on process Self Service Password Reset Registration"
  Any idea what the issue might be?
  Thanks,
  kIDMan.

  Hi
  Normally when this happens you need to add the process "Self Service Password Reset Registration" to the End User Tasks list and Anonymous User Tasks list configuration objects.
  I dont know if this will help in your situation.
  -Mocx

• View access denied to Subject Reset on Policy

  Hi, there.
  I created a custom workflow so that anonymous user can launch the workflow, then start creating an account.
  During the workflow activity, the first form is asking user to enter the accountID of his/her choice, and the form has a validation logic to catch any conflict with the accountId policy. (for example, the accountID must be at least 4 character long)
  <Rule name='Validate String With AccountId Policy'>
  <Description>returns "true" if validation succeeded. returns error message if validation failed.
  </Description>
  <RuleArgument name='string'/>
  <block trace="true">
  <invoke name='checkStringQualityPolicy' class = 'com.waveset.ui.FormUtil'>
  <rule name='getCallerSession'/>
  <s>AccountId Policy</s>
  <ref>string</ref>
  <null/>
  <null/>
  <s>user</s>
  </invoke>
  </block>
  </Rule>
  The validation rule specified above works well if the form is used by the existing IDM admin user, however, this throws an exception when the form is used by the anonymous user.
  XPRESS <invoke> exception:
  com.waveset.util.WavesetException: Can't call method checkStringQualityPolicy on class com.waveset.ui.FormUtil
  ==> com.waveset.util.WSAuthorizationException: View access denied to Subject Reset on Policy: AccountId Policy.
  It seems like the anonymous user does not have any access right to Policy objects.
  Does anyone know how to get around this problem?
  In worst case, I can create another rule that is checking the string length, but I really wish I can take advantage of the built-in policy checking routine.
  Thanks for reading my post. :)

  Can you use the <RunAsUser> functionality within your rule?
  To use it you add this inside the <Rule>
  <RunAsUser>
  <ObjectRef type='User' name='Configurator'/>
  </RunAsUser>
  More information can be found in IDM FAQ.
  HTH..

• View access denied to Subject .. on ProvisioningTask: Worflow

  Good Morning!
  I am using Identity Manager 8.1, I am creating a Workflow for end users but I have the next error when I am ejecuting the work flow, "View access denied to Subject .. on ProvisioningTask: Worflow".
  The next is the activity:
  <Activity id='1' name='Get Requester View'>
  <Action id='0' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='getView'/>
  <Argument name='type' value='User'/>
  <Argument name='id'>
  <ref>accountId</ref>
  </Argument>
  <Argument name='authorized' value='true'/>
  <Argument name='options'>
  <Map>
  <MapEntry key='noFetch' value='true'/>
  </Map>
  </Argument>
  <Variable name='view'/>
  <Return from='view' to='user'/>
  </Action>
  <Transition to='Is Requestor a Manager'/>
  <WorkflowEditor x='62' y='21'/>
  </Activity>
  Any body can help me? Where is the error?.
  ATTE: Felipe Forero

  Have you added you new workflow to end user tasks ?

• View access denied to configurator

  hi all,
  I have created a workflow which contains just one activity other then start and end.This activity is calling a form.Whenever i try to run the workflow from end user menu i get the error "view access denied to configurator".However when i add this workflow name to configuration object's end user tasks the error disappears and i am able to execute the workflow.Can some one explain me why is it so?
  tia

  This is because the end user doesn't have enough rights to execute the workflow. You can add your workflow to "EndUserTasks.xml".
  Get the "EndUserTasks.xml" configuration object from debug/session and add your work flow.
  eg:
  <Extension>
  <List>
  <List>
  <String>ur workflow</String>
  <String>ur workflow</String>
  </List>
  </List>
  </Extension>

• View access denied to Subject  on TaskDefinition:

  I cloned an existing workflow and just changed the name of the task definition and imported into IDM.
  when I tried to execute it I am getting the following error message
  View access denied to Subject xxxxxon TaskDefinition: DSRS - New Request-new2.
  Any ideas?

  If you are trying to run a workflow in the User Interface, you'll need to add your workflow into the End User Tasks configuration file.
  Best,
  Aidy
  httpp://www.waveset.allidm.com

• View Access Denied

  Hi all,
  I created a custom workflow, with form and logic. I link to this custom workflow from the home page in the admin interface. I want to create my own capability for accessing this workflow. I added the capability using the admin UI, then set the the AuthType in the workflow to match this value. However, I still get 'view access denied' errors. Is there something else I need to do here? I did this once before but this time it doesn't seem to be working.... What else do I need to do?
  Thanks!
  Jim

  This is actually only partially working. The workflow I have does a checkout and check in of a user view, and modifies some data. So it is requiring that the user executing the workflow have the Update User capability as well as my custom capability. I don't really want it to have this capability. How can I get around it? I just want them to be able to run my workflow, but not edit a general user view...

• View access denied to Subject  on a Rule error: - what does it mean?

  I get this red error message when I attempt to validate a field on a form.
  I am logged in as mailadmin and I am using his default form. When I edit and save a user, I want to ensure that the mail username is unique.
  I wrote a rule which compares the username entered on the form against all present IdM accountIds (queriable attribute 'name'). The rule has a <RunAsUser> section and the rule runs as id 'Configurator'
  What is the trick here to allow mailadmin View access?
  I want an admin (not Configurator) to be able to list all IdM objects so I can apply the Attribute condition startswith for all present IdM accountIds. I believe it should be possible.
  Any hints gratefully accepted

  I've had problems with a rule that was unaccessible to end users. here is what I had to change in the rule :
  <Rule authType='EndUserRule'
  <ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
  now it works

• SIM 7.1 Trouble... "View access denied to Subject Configurator"

  I am getting "View Acces denied to Subject Configurator on Configuration: Tree Table Library" in the Admin user interface when navigating to the "Accounts" tab, and the "Resources" tab. Other Configuration objects in the Admin User Interface are also giving me a similar error (same error just a different Configuration object). This started happening after a server restart. The app server is Sun Java System Application Server 9.1_02. Let me know if anyone has come across this before or if more info is needed. Thanks.

  I can't imagine how that would cause such a change. Something else that was done previously must have finally committed when the app server was finally restarted.
  Generally speaking I would really recommend that you upgrade to IDM 7.1.1 and then apply the latest patch, which is 25, for a resulting 7.1.1.25.
  Specifically, that error usually relates to some kind of organizational control issue surrounding Top - but I am not sure off the top of my head.

• Checkout view  method- access denied error

  It works fine, When tried to get the user view and can print the values. When tried to checkout view it throws error
  com.waveset.util.WSAuthorizationException: View access denied to Subject unit1manager1 on User: unit1user1.
  com.waveset.util.WSAuthorizationException: Modify access denied to Subject unit1manager1 on User: unit1user1.
  <Action id='1' name='checkoutView' application='com.waveset.session.WorkflowServices'>
    <Argument name='op' value='checkoutView'/>
    <Argument name='type' value='User'/>
    <Argument name='id'>
      <ref>selectedCCEmp</ref>
    </Argument>
    <Argument name='authorized' value='true'/>
    <Return from='view' to='employee'/>
  </Action>
  Also tried with and with "authorized" argument
  I tried giving all the capabilities to the manager via admin role still same error. All the users are in the top level of the firm. The controlled organization rule (edit org) and user member rules (edit admin role) dictates the organization structure and members with then the org.
  Thanks in advance
  Sasanka

  I think you want to add the subject argument. Example set subject to Configurator and it should work.

• Access denied error when Loading document library for "contribute" users : Unknown SPRequest error occurred. More information: 0x80070005

  Hi,
  We are facing a very strange issue on a SharePoint Publishing portal. Domain users (contribute level access) have access to document libraries under specific sub sites. Every morning if they try to access the document library pages, users complain about "Access Denied" issue on document library page. But if a SP Farm admin account login on site, and browse to document library page, access denied issue seems to disappear for end users also. For whole day it works fine. But next day access denied error occurs again. I am not sure why this is happening. I have looked into Event Log and SharePoint Logs, found following information useful, but not sure what to do next.
  Please help.
  Event log Details:
  Server: WFE01
  Event Type: Error
  Event Source: Office SharePoint Server
  Event Category: Publishing
  Event ID: 5169
  Date:  17/11/2009
  Time:  07:47:31
  User:  N/A
  Computer: SPWFE01
  Description:
  Console Configuration File Error: XML Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  SP Log files:
  All logs are for process: w3wp.exe (0x031C)                        0x17F4 Windows SharePoint Services  
  ·     Begin OnLoad of XmlConsoleDataSource from file "EditingMenu".
  ·     Attempting to load XML from config file "EditingMenu".
  ·     PermissionMask check failed. asking for 0x00010000, have 0x00000000
  ·     Unknown SPRequest error occurred. More information: 0x80070005
  ·     Access Denied for /Projects/LFB/03 Bid Stage 1/Forms/AllItems.aspx.
  ·     StackTrace: Microsoft.SharePoint.Utilities.SPUtility:Void HandleAccessDenied(System.Exception), Microsoft.SharePoint.SPGlobal:Void HandleUnauthorizedAccessException(System.UnauthorizedAccessException), Microsoft.SharePoint.Library.SPRequest:Void OpenWeb(System.String, System.String ByRef, System.String ByRef, System.String ByRef, System.Guid ByRef, System.String ByRef, UInt32 ByRef, System.Guid ByRef, UInt32 ByRef, UInt32 ByRef, UInt32 ByRef, UInt16 ByRef, Boolean ByRef, Int16 ByRef, UInt32 ByRef, Int16 ByRef, Int16 ByRef, Int16 ByRef, Boolean ByRef, Int16 ByRef, UInt32 ByRef, Int16 ByRef, Int16 ByRef, Int16 ByRef, Int16 ByRef, Int32 ByRef, Boolean ByRef, System.String ByRef, System.String ByRef, Int32 ByRef, Int16 ByRef, ...
  ...System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.String ByRef, System.Object ByRef, Boolean ByRef, UInt64 ByRef, Boolean ByRef, Boolean ByRef, System.Guid ByRef, System.Guid ByRef, Int32 ByRef, System.DateTime ByRef, System.DateTime ByRef, System.String ByRef), Microsoft.SharePoint.SPWeb:Void InitWeb(), Microsoft.SharePoint.SPWeb:Microsoft.SharePoint.SPSecurableObjectImpl get_SecurableObjectImpl(), Microsoft.SharePoint.SPWeb:Microsoft.SharePoint.SPRoleAssignmentCollection get_RoleAssignments(), Microsoft.SharePoint.Publishing.WebControls.ConsoleXmlUtilities:System.String ConfigurationXml(System.String, Boolean), Microsoft.SharePoint.Publishing.W...
  ...ebControls.ConsoleXmlUtilities:Microsoft.SharePoint.Publishing.WebControls.ConsoleNode GetConsoleNodeCollectionFromXmlFile(System.String, Boolean), Microsoft.SharePoint.Publishing.WebControls.XmlConsoleDataSource:Void LoadTreeFromConfigXml(), Microsoft.SharePoint.Publishing.WebControls.XmlConsoleDataSource:Void OnLoad(System.EventArgs), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Control:Void LoadRecursive(), System.Web.UI.Page:Vo...
  ...id ProcessRequestMain(Boolean, Boolean), System.Web.UI.Page:Void ProcessRequest(Boolean, Boolean), System.Web.UI.Page:Void ProcessRequest(), System.Web.UI.Page:Void ProcessRequestWithNoAssert(System.Web.HttpContext), System.Web.UI.Page:Void ProcessRequest(System.Web.HttpContext), System.Web.HttpApplication+CallHandlerExecutionStep:Void System.Web.HttpApplication.IExecutionStep.Execute(), System.Web.HttpApplication:System.Exception ExecuteStep(IExecutionStep, Boolean ByRef), System.Web.HttpApplication+ApplicationStepManager:Void ResumeSteps(System.Exception), System.Web.HttpApplication:System.IAsyncResult System.Web.IHttpAsyncHandler.BeginProcessRequest(System.Web.HttpContext, System.AsyncCallback, System.Object), System.Web.HttpRuntime:Void ProcessRequestInternal(System.Web.HttpWorkerReque...
  ...st), System.Web.HttpRuntime:Void ProcessRequestNoDemand(System.Web.HttpWorkerRequest), System.Web.Hosting.ISAPIRuntime:Int32 ProcessRequest(IntPtr, Int32),
  ·     Releasing SPRequest with allocation Id {E3BC24ED-F243-4DBD-8625-EE7CF9FDA039}
  ·     Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
  ·     Console Configuration File Error: XML Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
  ·     Releasing SPRequest with allocation Id {D1A87724-6FB6-4009-B6D1-D7E15918E213}
  Pryank Rohilla
  MCTS, MCAD

  Hi pryank,
  From the log, it seems that the users don’t have permission on this page:
  /Projects/LFB/03 Bid Stage 1/Forms/AllItems.aspx
  Does the sub site have unique permission instead of inheriting permission from the parent site? If no, you need to make the sub site to inherit permission from the site collection so that master page also inherits the right. If this is not allowed in your organization, please go to “Site Actions”à “Site Settings” à “Master Pages and Page Layouts” to give users permissions on this document library.
  Hope this helps.
  Lu Zou

• END USER accessing only the Output of report

  Hi,
  I'm creating reports based on queries, right now we are planning to give view access to end users, but my doubt if end user hits view on the report the query runs everytime and produces the report, what I want to achieve is that the we schedule the report before night and end user will only view the PDF output the query produces by the scheduling, How can I achieve this?

  So do we need to give the user access to schedule button as well? and Do you mean run report online option?
  Any update please?
  Edited by: user8937215 on Aug 5, 2010 7:55 AM
  E

• Access Denied creating user accounts through vba

  Hello,
  I have a MS-Access application that runs on a Windows 2012 server. My customer logs into the server using RDP. The MS-Access application is started up automatically by means of the environment variable in the user settings. The customer needs to be able
  to create new windows users for this application, simply by clicking a button.  
  The VBA script to create users works, because when I start up the MS-Access application with my own logged on Administrators account, the new users get created. If my customer tries it, he gets 'Access Denied' error. I have added his user account to
  the Power Users group, but that did not solve the problem. I also tried to make him member of the DCOM Users Group, the 'Access Denied' error remains...
  I do not want to give him administrator priviliges, because he is 'just a customer'...
  What do I need to do for this setup to work? I tried altering some DCom settings, but frankly I do not have enough knowledge to feel comfortable with this. Hope anybody can help me out here...
  best regards, Rob

  Is this a standalone server? Only administrators can create user accounts, so there is no work around for that. You could look at something that has the administrator account/password stored and launch PSEXEC or something else in an elevated session behind
  the scenes but that is a security volunerability because the credentials are stored.
  If the account is being created in an Active Directory environment you could delegate permissions to the appropriate OU for your customer.
  Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years.

• OBIEE access denied for some users only

  Hi All,
  we are using OBIEE 10.1.3.4 version on windows envorinment .The users can access the OBIEE reports using 'PORTALPATH' session varible in RPD.For some of the users are got "access denied" while they are accessing for thir particular dashboard.Eariler these user got access this dashboard with out any errors.We dnt changed in our system anything from last three months.
  We have no idea why we are getting these error for particular users only.Its Prod issue we need to reslove these error ASAP.
  we are getting these error"acess denied for user to path/shared/shared/_test/testdashboard
  Error Codes:09XNZMXB"
  but last one year its working without any issues .From our side we dnt did any changes in production like RPD level,Catalog level and config file changes , we have no idea why suddenly we are getting these kind of error for some users only not for all users.
  Could u please advice me how to reslove this PROD issueASAP.
  Thanks,

  Well its Prod (you have a dashboard called testdashboard in Prod?) anyway - someone might have changed the presentation catalogue permissions on the dashboard. All it takes is for someone to remove 'Everyone' or change a Group permission and it could effect.
  If they changed the Parent folder and cascaded the changes down this might cause this issue.
  You have a folder called 'Shared' - check the groups that the people are in have 'Traverse' , 'Read' or higher. Also chek dashboard permissions themselves from Settings-Manage Interactive Dashboards - Check the Padlock icon.
  Are you users getting allocated into the correct WEBGROUPS ? Is this assisngment done explicitly in the webcat or via an RPD Variable ? Have you checked NQQueryl.log to make sure any init blocks are completing successfully?
  Either persmissions have changed or group memebership is not completing.
  Good luck
  Alastair