Error in Role assignment

Similar Messages

• Srm User interface - change settings : Error in role assignment

  Hi Gurus,
  Users are facing issue when they are changing settings in the SRM user interface site .
  Go to SRM user interface SIte --> Change my settings --> change date format or decimal format .
  When they save it --> Gets an error - error in role assignment .
  What can be the issue. It's same in Dev and qa .
  Waiting for your reply.
  Points will be rewared .
  Thanks
  Munish Kumar

  Hello Munish,
  Laurent Burtaire wrote:
  If you do a where-used for message number i gave you, you will find two message calls in methods from /SAPSRM/CL_PDO_MO_USER_ACCOUNT class.
  Put a break-point to check if one of them is done. Problem cannot be due to missing authorization as there is no data in SU53 for concerned user.
  Regards.
  Laurent.

• FPN - error trying to lookup object - remote role assignment not working

  Hello everyone,
  We have implemented a Federated Portal Network connection in our landscape between our portals.
  We use only remote role assignment functionality.
  Everything was working fine, but since 2 days we encounter the following error in the Default trace.
  Error trying to lookup object: alias: <role name>
  It is possible to open the producer portal in the Portal Content Administration and also searching for the Producer portal roles is possible in User administration. But when we assign the remote role the tab is not displayed in the portal only the above mentioned error is shown in the default trace. Our portals run SP 12 and BI Java SP14.
  Is there a solution or workaround for this issue ?
  Martin

  Hi,
  I have the same issue as you, I cannot see role tabs in Consumer portal and I get the same error in the defaulttrace as you.
  What did you do to resolve this issue?
  Many thanks
  Gordon

• Background job fails for BDC profile creation and role assignment

  Hi Experts,
  I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
  Below is the process of job
     1. ZMIS_AUTH_OBJECT_CREATE
         Variant : auth-create
     2. ZMIS_AUTH_ASSIGN_TO_ROLE
         Variant : auth-assign
  The problem is in second program, runs in foreground but fails in background.
  Code which i have written in my second program
  ***BDC for Profile creation and assignment to Roles
      CALL FUNCTION 'ZROLE'
        EXPORTING
         ctu                     = 'X'
         mode                    = p_mode
         UPDATE                  = 'L'
  *   GROUP                   =
  *   USER                    =
  *   KEEP                    =
  *   HOLDDATE                =
         nodata                  = '/'
          agr_name_neu_001        = wa_role-role_name
          text_002                = wa_role-desc
          text_003                = wa_role-desc
          text_004                = wa_role-desc
         value_01_005            = 'T-ML330881'
          h_fval_low_01_006       = wa_role-auth
          profn_007               = lv_profile
          ptext_008               = lv_text1
  * IMPORTING
  *   SUBRC                   =
       TABLES
         messtab                 = temp_message.
  ***Generation of Profile created
  CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
       EXPORTING
         activity_group                      = wa_role-role_name
  *     PROFILE_NAME                        =
  *     PROFILE_TEXT                        =
        no_dialog                           = ' '
        rebuild_auth_data                   = ''
        org_levels_with_star                = ' '
        fill_empty_fields_with_star         = 'X'
        template                            = ' '
        check_profgen_tables                = 'X'
        generate_profile                    = 'X'
        authority_check_pfcg                = 'X'
     EXCEPTIONS
       activity_group_does_not_exist       = 1
       activity_group_enqueued             = 2
       profile_name_exists                 = 3
       profile_not_in_namespace            = 4
       no_auth_for_prof_creation           = 5
       no_auth_for_role_change             = 6
       no_auth_for_auth_maint              = 7
       no_auth_for_gen                     = 8
       no_auths                            = 9
       open_auths                          = 10
       too_many_auths                      = 11
       profgen_tables_not_updated          = 12
       error_when_generating_profile       = 13
       OTHERS                              = 14  .
  Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
  Regards,
  Chetan

  Hi Praveen,
  Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
  To achieve this i have written two programs
  1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
  "" Creation of Authorization Object
  CALL FUNCTION 'ZAUTHOBJ'
          EXPORTING
           ctu                    = 'X'
           mode                   = p_mode
           UPDATE                 = 'L'
  *   GROUP                  =
  *   USER                   =
  *   KEEP                   =
  *   HOLDDATE               =
           nodata                 = '/'
           g_authname_001         = 'ZDUMMY_MIS'
            g_targetauth_002       = wa_tab-auth
            g_authtxt_003          = wa_tab-short_desc
            g_authtxtmd_004        = wa_tab-med_desc
           marked_04_005          = 'X'
            g_authtxt_006          = wa_tab-short_desc
            g_authtxtmd_007        = wa_tab-med_desc
           tctiobjnm_04_008       = 'ZBUS_UNIT'
            g_authtxt_009          = wa_tab-short_desc
            g_authtxtmd_010        = wa_tab-med_desc
           marked_05_011          = ''
           opt_01_012             = 'EQ'
            low_01_013             = wa_tab-bu
            g_authtxt_014          = wa_tab-short_desc
            g_authtxtmd_015        = wa_tab-med_desc
           marked_04_016          = 'X'
            g_authtxt_017          = wa_tab-short_desc
            g_authtxtmd_018        = wa_tab-med_desc
           tctiobjnm_04_019       = 'ZCONTRCT'
            g_authtxt_020          = wa_tab-short_desc
            g_authtxtmd_021        = wa_tab-med_desc
           marked_05_022          = ''
           opt_01_023             = 'EQ'
            low_01_024             = lv_contract
            g_authtxt_025          = wa_tab-short_desc
            g_authtxtmd_026        = wa_tab-med_desc
            g_authtxt_027          = wa_tab-short_desc
            g_authtxtmd_028        = wa_tab-med_desc
            g_authname_029         = wa_tab-auth
  * IMPORTING
  *   SUBRC                  =
         TABLES
           messtab                = temp_message.
  "" Creation of role
  LOOP AT it_role INTO wa_role.
        CLEAR wa_text.
        wa_text-text = wa_role-desc.
        wa_text-langu = 'E'.
        APPEND wa_text TO it_text.
        wa_jobrole-agr_name = wa_role-role_name.
        wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
        wa_method-usmethod = 'CHANGE'.
        CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
          EXPORTING
            jobrole          = wa_jobrole
           parent           = wa_parentrole
           method           = wa_method
         TABLES
  *   RETURN           =
           shorttext     = it_text
  *   LONGTEXT         =
  *   MENU_NODES       =
  *   MENU_TEXTS       =.
      ENDLOOP.
  2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
    ""*BDC for Profile creation and assignment to Roles
      CALL FUNCTION 'ZROLE'
        EXPORTING
         ctu                     = 'X'
         mode                    = p_mode
         UPDATE                  = 'L'
  *   GROUP                   =
  *   USER                    =
  *   KEEP                    =
  *   HOLDDATE                =
         nodata                  = '/'
          agr_name_neu_001        = wa_role-role_name
          text_002                = wa_role-desc
          text_003                = wa_role-desc
          text_004                = wa_role-desc
         value_01_005            = 'T-ML330881'
          h_fval_low_01_006       = wa_role-auth
          profn_007               = lv_profile
          ptext_008               = lv_text1
  * IMPORTING
  *   SUBRC                   =
       TABLES
         messtab                 = temp_message .
     COMMIT WORK AND WAIT.
  ""*Generation of Profile created
    LOOP AT it_role INTO wa_role.
      CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
       EXPORTING
         activity_group                      = wa_role-role_name
  *     PROFILE_NAME                        =
  *     PROFILE_TEXT                        =
        no_dialog                           = ' '
        rebuild_auth_data                   = ''
        org_levels_with_star                = ' '
        fill_empty_fields_with_star         = 'X'
        template                            = ' '
        check_profgen_tables                = 'X'
        generate_profile                    = 'X'
        authority_check_pfcg                = 'X'
     EXCEPTIONS
       activity_group_does_not_exist       = 1
       activity_group_enqueued             = 2
       profile_name_exists                 = 3
       profile_not_in_namespace            = 4
       no_auth_for_prof_creation           = 5
       no_auth_for_role_change             = 6
       no_auth_for_auth_maint              = 7
       no_auth_for_gen                     = 8
       no_auths                            = 9
       open_auths                          = 10
       too_many_auths                      = 11
       profgen_tables_not_updated          = 12
       error_when_generating_profile       = 13
       OTHERS                              = 14
      IF sy-subrc <> 0.
        MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
                WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
      ENDIF.
    ENDLOOP.
  For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
  i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
  Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
  Regards,
  Chetan

• Role Assignment Discovery Issue for Files and Folders through Sharepoint REST services

  To preface, I am a decided Sharepoint newbie in every sense. I am trying to use the Sharepoint REST services (Sharepoint 2013) to walk the folder and file structure of my Sharepoint server and, determine as I go, the Role Assignments (and subsequently
  Permissions) on those folders and files. I'm using an Administrator credentials and I'm actually able to successfully do it but I've run into some caveats. All the caveats begin with this; when I'm examining a folder, for example:
  /_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/ListItemAllFields
  I receive either an empty list or an error response doc when following the link supplied for ListItemAllFields.  When following that kind of link for folders, I either get:
  <d:ListItemAllFields
  m:null="true"
  />
  or an error response document that says "The object specified does not belong to a list." When I hit the /ListItemAllFields endpoint for files, I receive a response with a link for Role Assignments which subsequently also works and I get the
  info I need. So, is this a bug? Why does the link returned from Sharepoint work for files and not folders? So, google, google, google, and I discover that there is another possible way to get at the Role Assignments (and that the object does, indeed, belong
  to a list!).
  If I know the Title (or the guid) of the folder in question, I can use the following endpoint:
  /_api/Web/Lists/GetByTitle('Development')
  If I use that endpoint, I get the information I would have expected to get from following /ListItemAllFields and the subsequent Role Assignments links all work and I get what I need. If there's a bug and this is how I have to work around it, that's fine
  but I have yet to discover how to dynamically determine the Title of a given folder nor am I sure if all Titles are supposed to be unique within a given Sharepoint server. I'm assuming that the folder name as represented in the server relative URL and the
  Title may be different and this is where my newbishness may start to shine if I'm misunderstanding what a "List" is supposed to be in Sharepoint. Anyway, I did find that I could use the Properties endpoint to perhaps get the Title, for example:
  /_api/Web/GetFolderByServerRelativeUrl('/sites/cmisdev/Development')/Properties
  gives me:
  <d:vti_x005f_listtitle>Development</d:vti_x005f_listtitle>
  whose value I assume I could then supply to the /GetByTitle endpoint and be golden. However, "vti_x005f_listtitle" just sounds a little too deep to be something I should be relying on but maybe that's kosher. That's part of what I'm trying to
  find out. Also, if there is a way to use the Sharepoint REST API to discover the guid of a given object, then I could look it up in that way.
  So, in summary:
  1. Am I going about getting folder Role Assignment information in the wrong way? Based on the CSOM examples I've seen, I believe I'm doing it correctly and that the answer to #2 below is a resounding "Yes!" :)
  2. Is it a bug if I'm not able to use /ListItemAllFields on folders using the server relative url?
  3. If I'm supposed to use GetByTitle as a workaround, am I discovering that Title correctly through /Properties? Seems quite circuitous and awkward. Are Titles required to be unique throughout a given Sharepoint server?
  4. If I'm supposed to use the guid, how can I use the REST interface to discover an object's guid? Once we get down to the Role Assignments and other links, the guid appears in those links but I don't know how to discover it independently if that's the
  path I should use to get the data I described above.

  Upon further research, I'll answer my own question for the benefit of some other potential future newbie.  The answer to question number 1 above is "Not exactly.".  The server relative URLs I was using corresponded to lists (which are
  returned as a collection through /_api/web/lists).  I was treating them mentally like regular folders.  That, coupled with the fact that accessing their data as I showed above returns a ListItemAllFields link, made me think that was the way to get
  the Role Assignments just as I would for files and, as it turns out, "real" folders and sub-folders created under these lists.  That was the other problem with thinking of these lists as regular folders.  So, ListItemAllFields works on
  all files and folders in a list.  However, if you want Role Assignments for the lists themselves, you can keep track of the Titles and\or Guids from the /_api/web/lists that you're interested in (in my case, all non-hidden "document library"
  type lists) and then access those Role Assignments as I discussed in questions 3 and 4 above.  For example, from the /_api/web/lists collection from my test server, the "Development" document library Role Assignments are accessable via /_api/Web/Lists(guid'cd242eeb-aafa-4efa-aecc-9bbdf8e3d459')/RoleAssignments
  or /_api/Web/Lists/GetByTitle('Development')/RoleAssignments.

• Role info not appearing once role assignment request is submitted from UI

  Hi Everyone,
  We have a strange problem in our project in IDM 7.2 SP8 where IDM role concept is used which contains privileges (could be role/profile) of backend systems.
  Usually when ever a role (i.e IDM role) assignment request is submitted from UI, the activity with the associated info (like user details, role details, audit ID) should be stored in MXI_LINK table from where the info will be fetched and used in next stages of the processing
  Even though the information is getting available for most of the cases for all users but some times for few users once the role assignment request is initiated from UI there is no info is getting available in MXI_LINK table corresponding to this activity which is strange.
  Because of this problem even though user submits role assignment request no role info getting passed to IDM, set to pending state for the user which is getting meaning of user not submitted any role assignment request at all.
  Can any one suggest what are the things that gets involved between these two steps and any troubleshooting hints are highly appreciable.
  Regards,
  Venkata Bavirisetty

  Is this a situation you recreate at will? In other words, is it always happening on the same users? If so, you could put a trace on that user's account then try to add the role and see what that trace log shows. Additionally, you could just follow the links in the chain of the various tasks that kick off when you do a role assignment and check each task / job's job log and see what that tells you. There's got to be an error somewhere along the way that's preventing this from executing properly.

• Role Assignment does not get distributed from CUA

  Hi all.
  I create user and role in CUA client.
  There is no error in role generation.
  When I try to find my role in SU01 by pressing F4 of my role (Y*), system give me message role not found. But that's not my biggest problem.
  I can assign my role by typing manually.
  My biggest problem is only SAP ID get distributed into target system, not the role assignment.
  So in the target system I can see my user id without role assign to it.
  I checked my user id from SCUL. User and profile does not contain any error message in target client.
  I tried with transaction RSCCUSND, still my user id does not contain role.
  I checked my SCUM transaction, profiles and roles has Global settings.
  Does someone can give me a clue why this happens and how to solve this issue.
  Many thanks

  Lets try to simplify the thing in layman language.
  CUA is to manage user ids of different SAP systems (client level) centrally from one system without logging into each of those child systems. To do so, the Central system stores the information of the Roles (and their Text and Generated Profile Name ONLY) and Profiles (standard or non-generated profiles) in few of it's tables like: USLA04, USRSYSACT, USRSYSACTT, USRSYSPRF, USRSYSPRFT etc.
  It doesn't mean that the Roles for the corresponding child system is present in the central system and no need of creating (or making available) such roles in the Child systems. The physical existence of the Role for each system doesn't get transferred in the Central system when you do the Text comparison rather the identity only against the corresponding system.
  So the Roles has to be there in the corresponding Child systems and the Assignment (not physical assignment  -  only linking the name for that child system) of them to the user ids can be done from Central system.
  Also you have got the idea of Text comparison and requirement of keeping or creating roles in each system based on it's nature from the other posts.
  Let us know any more questions you have.
  regards,
  Dipanjan

• SAP CRM 2007 Business role assignment

  Hi all,
  We are using CRM 2007. and we are trying to assign Business roles to users using the PFCG ROLE ID attribute.
  1- We create a PFCG role : "pfcgrole1"
  2- We create a Business Role "Businessrole1" and put PFCG Role id = "pfcgrole1"
  3- assign the user to the PFCG role "pfcgrole1"
  We have two cases :
  CASE 1:The user is assigned to a position in Org management but the position does not have any Business roles assigned.
  RESULT : The user logs in  to CRM, the user gets error message  "Logon is not possible because you have not been assigned a business role"
  CASE 2:The user is not assigned to any  position in Org management.
  RESULT : The user logs in to CRM, everything works fine
  my interpretation : org management has precedence over business role assignment using PFCG roles and blocks Business role assignment even if the position has no Business roles assigned
  Anyone has any idea how to assign business roles using PFCG ROle ID even if the user is assigned to a position without any business roles
  Thanks in advance.

  Please review these old threads first:
  Re: Reg: Business Role
  Assignment pfcg-role to user and assignment pfcg-role to business role
  There is a lot of technical background on how business role to PFCG role assignment works.
  Thank you,
  Stephen
  CRM Forum Moderator

• Fix Business Role / Technical Role assignment in Pending or Failed status

  Hi,
  We are facing issues with few users where Business role assignment or technical role assignment is going into Pending or failed status.
  None of the jobs are failing or throwing any error related with the changes.
  We are running IdM 7.2 version with SP8.
  Is there a way to fix this issue other than removing and reassigning or recreating ID.
  Regards,
  Manish

  Hi Manish,
  If technical role (priv) in failed status, please check Tero's reply in the below post. You can set a periodic job to read users and privs in failed status and use uRetryPrivilegeAdd() function to retry the assignment.
  Failed AD privileges
  I was able to find a document on how to set up the periodic job.
  Retry failed assignments (Privilege)
  You should try searching the forum and wiki for answers. Most of the issues are addressed by our community experts already. Thanks.
  Kind regards,
  Jai
  Message was edited by: Jai Suryan

• Error on role import for SAP integration with BO in CMC (3.1)

  Hello,
  We are trying to integrate existing BO environment in our company with existing BW installation.
  BO Environment - 3.1
  BW/ECC Environment - (BW - BI 7.0 SP20, ECC 6.0)
  So got the pre-requisites completed and the transports imported into both BW and ECC environments. Upon these steps we went ahead and installed the integration kit for 3.1 system.
  There were no error messages, after we completed the installation went into infoview and in the authentication drop down checked to see if I can get "SAP" in there....which it did. So, I am assuming there were no issues till this point which we might have missed out.
  Upon this, when I went into SAP authentication in CMC and double clicked on SAP and in the next screen clicked on "NEW" and added in the application server, system number, id and password and updated it...this automatically updated the logical system.
  But when I go into the role import, it gives me the following error message....
  Exception in JSP: /jsp/auth/sapsec_import_role.jsp:22:19:20: <%21:string context::secSAPR3ImportRoleBean.getContextPath():22: secSAPR3ImportRoleBean.init(request):23:response.setHeader("Expires","0"):24: 5> Stacktrace:
  The only thing is we have not assigned the CRYSTAL_ENTITLEMENT role to it as we are at this point only trying to see if we can log into webi...
  So, is it required to assign this role to an existing user id role in order for me to import the roles into BO CMC screen in order to be assigned to a group.
  Can you please help me out on this.
  Thanks
  Dharma.

  Hello Ingo,
  Thanks a lot for looking into the question.
  Yes, we are taking about the SAP Authentication part where I am trying to import roles in SAP into BO after I provide the login information in the Entitlement systems tab.
  I confirmed that all parts of Java Connector configuration were taken care of as mentioned in the installation manual and from your blog.
  The only piece left off is the CRYSTAL_ENTITLEMENT role assignment to the id which is used within the entitlement systems tab in CMC. I will get this configured and try it one more time.
  Just to confirm,
  1. The new user id to be created (should it be a RFC user or dialog user)
  2. Is the only role to be assigned to the new user is CRYSTAL_ENTITLEMENT with the authorization mentioned in the installation manual
  3. What are the roles to be imported into BO within CMC (are these the roles which we want for data access)
  4. When a user tries to login with any other user id other than the one listed in Entitlement systems tab, does it use the roles assigned to that person in SAP to retrieve the data or would it be dependent on the roles imported into BO within CMC in earlier step.
  Please let me know.
  Thanks
  Dharma.

• GPEngineException: Error filling role when invoking GP from within webdynpr

  Hi
  I am trying to invoke a guided procedure process (the example Time-Off-process) from within a webdynpro-application. For this, I used the code given here: http://help.sap.com/saphelp_nw2004s/helpdata/en/43/fcdf77fc6510b3e10000000a11466f/frameset.htm. The process can be invoked and starts running if I configure the roles in the design time environment such that the role type is set to "Initiator". However, if I change the role type to "Instantiation defined", I get the following error:
  "Error filling role role.overseer of role type 3 during instantiation".
  The stack trace shows that a GPEngineException has been thron:
  com.sap.caf.eu.gp.exception.api.GPEngineException: Error filling role role.overseer of role type 3 during instantiation
       at com.sap.caf.eu.gp.process.rt.impl.GPRuntimeManager.checkRoleList(GPRuntimeManager.java:307)
       at com.sap.caf.eu.gp.process.rt.impl.GPRuntimeManager.startProcess(GPRuntimeManager.java:125)
  In my code, I assign roles to users exactly as described in the above mentioned document. Here's the code snippet:
       //Assign users to each role:                         
       IGPRuntimeManager rtm = GPProcessFactory.getRuntimeManager();
       IGPProcessRoleInstanceList roles =
       rtm.createProcessRoleInstanceList();
       int rolenum = process.getRoleInfoCount();
       for (int i = 0; i < rolenum; i++) {
            String roleName = process.getRoleInfo(i).getRoleName();
            //create a new role instance by specifying the role's unique name
            IGPProcessRoleInstance roleInstance =
            roles.createProcessRoleInstance(roleName);
            //add the new role to the assignment list
            roles.addProcessRoleInstance(roleInstance);
  What could be the problem here? I have searched all over the forum, but didn't find any hint. It might as well be that the error doesn't mean anything. I got a similar problem earlier which was solved by activating the process in the GP-Designtime. It would be great if anybody had an idea as to what I could do here. Anything could be a helpful suggestion!
  Thanks very much!
  Best regards
  Bettina Hepp

  This error is thrown if the role configuration in the guided procedure design time doesn't correspond to the role assignment during process instantiation:
  1. If role should be assigned at process instantiation, tick "overwritable at runtime", set role to "Initiation defined" and do assign a user to the role when you invoke the process.
  2. If role should be the process initiator, set role to "Initiator". In this case it is not possible to assign a user to this role when invoking the process.
  3. There is a third role type: "Runtime defined", haven't tried that so far.

• The security-role-assignment references an invalid security-role: Certifica

  In Oracle Enterprise Pack for Eclipse, I failed to deploy an application in debug mode. The error I noticed in my domain log is:
  weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: Certificate.
       at weblogic.servlet.security.internal.WebAppSecurity.setRoleMapping(WebAppSecurity.java:180)
       at weblogic.servlet.security.internal.WebAppSecurity.registerSecurityRoles(WebAppSecurity.java:155)
       at weblogic.servlet.internal.WebAppServletContext.prepareFromDescriptors(WebAppServletContext.java:1181)
       at weblogic.servlet.internal.WebAppServletContext.prepare(WebAppServletContext.java:1120)
       at weblogic.servlet.internal.HttpServer.doPostContextInit(HttpServer.java:449)
       at weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:424)
       at weblogic.servlet.internal.WebAppModule.registerWebApp(WebAppModule.java:910)
       at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:364)
       at weblogic.application.internal.flow.ScopedModuleDriver.prepare(ScopedModuleDriver.java:176)
       at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:93)
       at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:387)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
       at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:58)
       at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:42)
       at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:615)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
       at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
       at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:16)
       at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:155)
       at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
       at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:197)
       at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:89)
       at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
       at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:723)
       at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1190)
       at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:248)
       at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:159)
       at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:157)
       at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:12)
       at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:45)
       at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  What I do not understand is that this error remains even though I modified weblogic.xml to remove the following lines:
  <wls:security-role-assignment>
  <wls:role-name>Certificate</wls:role-name>
  <wls:externally-defined/>
  </wls:security-role-assignment>
  I also deleted <MYDOMAIN_HOME>/servers/AdminServer/cache and <MYDOMAIN_HOME>/servers/AdminServer/tmp but this error still showed up when I attempted to deploy the application in Eclipse.
  If I exported the EAR file and deployed it using Admin Console, the application was deployed successfully. But when I deleted it in Admin Console and attempted to deploy it in Eclipse again, the same error occurred and the deployment failed. What could be the reason for this behavior? Is there anything cached somewhere when deploying it in Eclipse? Thanks in advance for your help.

  Hi,
  I know that is an old thread, but just in case... Maybe you could try setting up the DEBUG_OPTIONS in your startManagedWeblogic script and configure a remote debug in Eclipse:
  DEBUG_OPTIONS="-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=8003,server=y,suspend=n"
  Hope it helps,
  Luis

• Ran CATT Script for the role assignment to users

  Hi All,
  I have ran ECATT script for doing role assignment in QAS and completed successfully. I did this through CUA. What is the next step after running catt script? Do I need to doing anything with PFUD in each child system? Because I checked in the child systems many derived single roles are not generated in QAS.(RED). Is it because of running catt script or it might have came like that only from development? Please advise..
  Regards,
  Masood

  >
  Salman123 wrote:
  > Please let me know how should I proceed from here
  Hi,
  I have told you why the error message is there.  What do you not understand about the resolution? Your parent roles are out of sync with the child roles so you need to re-sync them.   An example of how do do this is to "adjust derived" from the master role.  Only when you have done this will your roles be in sync again.

• Role assignment did not work during migration

  We just finished a QA migration from EP60 to NW04 SPS14.
  Everything went OK with the exception of the following:
  Users who had customer defined roles assigned in the source system (EP60) did not get the roles assigned in the target system.(NW04) For example, if I had a few out of the box SAP roles assigned to a user in the source system, they were assigned to that user in the migrated NW04 system. The customer assinged roles did not get attached to the same users users.
  Has anybody run into similar findings ???

  Some more info.
  We may have figured out that during the migration the NW portal inititaed a connection to our LDAP server and failed. We have MSADS with a multi LDAP configuration and have configured SSL for the connection to LDAP.
  Any Ideas ???
  I pulled this out of the trace file:
  #1.5#005056B171CC00560000000C00000FE8000405C779F98BF4#1132254209877#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_28##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
  #1.5#005056B171CC00610000000600000FE8000405C779FA37A6#1132254209924#/System/Security##com.sap.engine.services.keystore#Administrator#389####d73f3750579c11da8ea8005056b171cc#SAPEngine_Application_Thread[impl:3]_32##0#0#Warning#1#com.sap.engine.services.keystore#Java###Source: java.lang.NullPointerException; Description: ; Consequences: ; Countermeasures:##
  #1.5#005056B171CC001D00000001000011D0000405C7DA2B657E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###No connection to the ldap server, recheck configuration or availability of directory server##
  #1.5#005056B171CC001D00000004000011D0000405C7DA2B6F70#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Server not available,recheck configuration or availability of directory server##
  #1.5#005056B171CC001D00000007000011D0000405C7DA2B7443#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Initialisation of a connection pool failed for UACC please check the configuration or availability of the directory server##
  #1.5#005056B171CC001D00000009000011D0000405C7DA2B78C2#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Fatal#1#com.sap.security.core.persistence#Java###Please recheck the LDAP configuration Initialisation of connection pool failed for UACC
       poolname qadc2.app.csa-group.qa:636_UACC
       java.naming.factory.initial= com.sun.jndi.ldap.LdapCtxFactory
       java.naming.security.principal= cn=epqadm2,ou=PortalUsers,dc=app,dc=csa-group,dc=qa
       java.naming.ldap.version= 3
       connection_pool_name= qadc2.app.csa-group.qa:636_UACC
       java.naming.provider.url= ldap://qadc2.app.csa-group.qa:636/ou%3DPortalUsers%2Cdc%3Dapp%2Cdc%3Dcsa-group%2Cdc%3Dqa
       java.naming.security.protocol= ssl
       java.naming.ldap.factory.socket= com.sap.security.ssl.SSLSocketFactory
       java.naming.security.authentication= simple
       java.naming.security.credentials= ******
       [EXCEPTION: no connection to the ldap server:null]##
  #1.5#005056B171CC001D0000000D000011D0000405C7DA2B8C9E#1132255823810#/System/Security/Usermanagement##com.sap.security.core.persistence#######SAPEngine_System_Thread[impl:5]_23##0#0#Error#1#com.sap.security.core.persistence#Java###DataSource : Initialisation of connection manager failed, due to SSL configuration lazy initialisation#1#CORP_LDAP2#

• No Portal Roles assigned issue

  Hi Experts ,
  We had recently integrated CRM with portal , but some users inspite of having the portal roles assigned to their id were getting an Access Denied page (we had customized the "no portal roles assigned " error page ) . Knowing the dependency of portal on IE and browser settings , this issue is sometimes resolved by clearing cache , cookies , and changing a few browser settings etc on IE 6.0 . If this doesn't work then upgrading to IE 7.0 definetly helps . Since this is just a workaround , I would like to know if anyone has experienced such a thing before and has a solution for this . Your inputs will be highly appreciated .
  Regards
  Mayank

  Hi Mayank,
  This is an error which happens when there is No roles assigned to the user. I am not sure how your systems are designed for User Management. Say for example in some cases LDAP is used to maintain Group to User Relationships and Portal Roles are connected to Groups therfore all users in the group is assigned to the Role. In some cases UME is used.
  Having said that you can disable the cache for the browser. You have to compromise with the performance however, this will ensure that everytime the user logs in, the request will always go to the server.
  Regards
  Avik