Error -- User doesnot belong to required Roles
Hi All,
When I am trying to loginto Infoview or CMC I get Error "User does not belong to any of the required roles -- DX1003@SAP_J2EE_ADMIN;QB1142@SAP_J2EE_ADMIN(EAS 10005)"
I am using BOXIR.3.1, SAP 7.1
Pls. let me know what are the exact roles in which user needs to be added for removing this error.
Thanks,
Nisha
Hi,
when you want to logon with your SAP credentials to your SAP BusinessObjects system at least one role which is assigned to the user that wants to logon needs to be part of the imported roles.
Ingo
Similar Messages
-
I created a custom security extension following the steps listed in the Readme_Security Extension Sample. It works fine if I login as the user that is specified AdminConfiguration section of the rsreportserver.config file but if I
log in as another user, I get this error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed. I've added the user to both System Administrator
and System User roles to try to get it to work but still no luck.
Does anyone know how to fix this?
Thanks.Hi MetronM,
The issue is due to that user have no permission to access the report server. In report manager, Reporting Services includes predefined roles that we can assign to users and groups to provide immediate access to a report server. Each role defines a collection
of related tasks.
You can refer to the following steps to assign corresponding role to the user.
Open report manager.
Click “Folder Setting” button.
Click “New Role Assignment” icon.
Type the user name and select the corresponding role.
There is an article about Granting Permissions on a Native Mode Report Server, you can refer to it.
http://technet.microsoft.com/en-us/library/ms156014.aspx
Regards,
Alisa Tang
Alisa Tang
TechNet Community Support -
SIngle riole that belong to composite role with user
HI,
There is option when user are belong to single role and also belong to composite roles (that include the single role ) ?
BR
NinaThere is option when user are belong to single role and also belong to composite roles (that include the single role ) ?
SIngle role is created by pfcg where you assign the role name n safe it as single role n then after t codes been provided the user has been assigned accordingly
Composite role is same just it contains many roleson to one and similarly the user has been assigned
Thx
Mysterious -
Hi guys, i have a problem with a Server Windows 2008 SP1 Standar x86, when i tried to reinstall the role of WSUS 3.1 the ServerManager show this Error and i could install again the role.
Thanks for your help:
The Error of the event viewer is the nexT:
Log Name: Setup
Source: Microsoft-Windows-ServerManager
Date: 27/03/2009 05:53:21 p.m.
Event ID: 1617
Task Category: None
Level: Error
Keywords:
User: DOMAIN\Administrator
Computer: SOOB.DOMAIN.COM
Description:
Installation failed. A restart is required.
Roles:
Web Server (IIS)
Error: The server needs to be restarted to undo the changes.
Windows Server Update Services
Error: Installation failed because a required role service or feature could not be installed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ServerManager" Guid="{8c474092-13e4-430e-9f06-5b60a529bf38}" />
<EventID>1617</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-03-28T00:53:21.056Z" />
<EventRecordID>23</EventRecordID>
<Correlation />
<Execution ProcessID="1100" ThreadID="2736" />
<Channel>Setup</Channel>
<Computer>SOOB.DOMAIN.COM</Computer>
<Security UserID="S-1-5-21-696557799-1245526101-3093723089-500" />
</System>
<UserData>
<EventXML xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="Event_NS">
<message>
Roles:
Web Server (IIS)
Error: The server needs to be restarted to undo the changes.
Windows Server Update Services
Error: Installation failed because a required role service or feature could not be installed.
</message>
<identifiers>WsusRole, WebServerRole, WebServerComponent, CommonHttpFeatures, StaticContent, DefaultDocument, Performance, DynamicContentCompression, ApplicationDevelopment, AspNetPages, InternetServiceApiExtensions, InternetServiceApiFilters, NetFxExtensibility, SecurityComponents, RequestFiltering, WindowsAuthentication, WebServerManagementTools, InternetInformationServices6ManagementCompatibility, InternetInformationServices6DatabaseCompatibility</identifiers>
</EventXML>
</UserData>
</Event>
AlbertoThe above suggestions did not resolve issue in my case;
I did the below to resolve this after lot of research and same worked for me in 3 servers;
1)
Disable UAC by Disabling the setting "User Account Control: Run all administrators in Admin Approval Mode", under Computer
Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options. And reboot the server
2)
Remove all existing installed features of dotnet 3.5 and reboot the server
3)
Install Windows Process activation service using add features and reboot the server
4) NowInstalled Web(IIS)
role features which resulted in successfull installation -
Hi Experts,
I am getting error message (Some required roles have not been granted to user SAPSUPPORT (ID: MANAGED.DUAL.SAPSUPPORT_J)) and (Some required roles have not been granted to user SM_COLL_SOL (ID: MANAGED.JAVA.SM_COLL) ) in step 10 "check configuration" in managed configuration phase through solman_setup.I have created these two user ids in ABAP through SU01 and then assigned UME role in java stack.However I could not find the role type "J" in java stack. I am also not getting option to create these user ids automatically in step 7 (create users).Here if I use (provide existing user) from drop down and choose execute after giving password I get error message (User solman_admin is not
allowed to perform this request. Check SAP Note 1647157.) I have checked the suggested note and followed it but error still persists. Please suggest.
Refer screen shot for more clarity.
Thanks
Aditya RoushanHi Aditya,
Check if the below SAP Notes are helpful -
1934057 - SPML check error for JAVA managed system
1758186 - Check Configuration Error when user manually maintained
1953221 - User SOLMAN.DUAL.SAPSUPPORT is not defined in table AGSSISE_ACT_USER
1925088 - SOLMAN_SETUP: Measurement Platform Set Up - issue with users
My guess is that the 3rd one should be helpful in your case.
Best Regards,
Tanmeya -
Protected WebResource access granted even though user doesn't have the required role
Apologies in advance - this must be a real newbie question, but I've read thru
alot of documentation/newsgroup info and haven't found the answer.
I'm using WL 7.0 SP1, and deploying an exploded web-app. (contents in attached
Login.zip). The web.xml defines a single protected web-resource (/yeslogin.jsp)
and a single role (PortalUser).
I've got a realm configured with all the Default* providers, and have defined
a user, a group, and the PortalUser role that hooks them together.
If I do not check the Security->Realms->myrealm->General->"Ignore security data
in deployment descriptors" checkbox, my user never seems to be associated with
the role I've defined. (I can see this from the output of the DefaultAuditor set
to INFORMATION severity) when access control checks are done - so I always get
a 403 (Access denied).
If I do check the "Ignore security data in deployment descriptors" box, reboot
WL and re-deploy my web-application then the audit trail does show that my user
is associated with my role, and I am able to run the application.
The problem is, when configured this way if I have another user who does not have
that role, they are also able to use the application. The DefaultAuditRecorder.log
file show that the "Role Manager Audit Event" for checking access to the protected
resource has been invoked, but then the status is SUCCEED!?!?!
Any pointer to what I've done wrong, or the docs that tell me how to do this right
would be WAY appreciated.
This same web-application works across a range of various J2EE 1.3 compliant web-containers,
but I have not figured out how to configure WL 7.0 to let it work.
[Login.zip]I tried your web app and it worked for me. I hit the URL that you protected:
http://localhost:7001/login/login_page.jsp
Logging in as a bad users popped up your error page.
Logging in as a users in the PortalUser role ( I changed that to a role I
already had) let me hit the
your login page.
One thing. Usually, you let the users hit your protected page and you let
the web container do the work and pop
up your login form instead of you programmatically sending them to the login
page. If you change web.xml to:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
It will just pop up the browsers dialog.
Also, don't check the "ignore security data in deployment descriptors". In
your case you ARE using the deployment
descriptor.
BTW. I can ONLY get web app deployment descriptor security to work in WLS
7.0 sp1 and CAN NOT get the
console web app security policy to work! I have an unanswered post on this.
See the post:
Console based web app security
"Dave Clegg" <[email protected]> wrote in message
news:[email protected]...
>
Apologies in advance - this must be a real newbie question, but I've readthru
alot of documentation/newsgroup info and haven't found the answer.
I'm using WL 7.0 SP1, and deploying an exploded web-app. (contents inattached
Login.zip). The web.xml defines a single protected web-resource(/yeslogin.jsp)
and a single role (PortalUser).
I've got a realm configured with all the Default* providers, and havedefined
a user, a group, and the PortalUser role that hooks them together.
If I do not check the Security->Realms->myrealm->General->"Ignore securitydata
in deployment descriptors" checkbox, my user never seems to be associatedwith
the role I've defined. (I can see this from the output of theDefaultAuditor set
to INFORMATION severity) when access control checks are done - so I alwaysget
a 403 (Access denied).
If I do check the "Ignore security data in deployment descriptors" box,reboot
WL and re-deploy my web-application then the audit trail does show that myuser
is associated with my role, and I am able to run the application.
The problem is, when configured this way if I have another user who doesnot have
that role, they are also able to use the application. TheDefaultAuditRecorder.log
file show that the "Role Manager Audit Event" for checking access to theprotected
resource has been invoked, but then the status is SUCCEED!?!?!
Any pointer to what I've done wrong, or the docs that tell me how to dothis right
would be WAY appreciated.
This same web-application works across a range of various J2EE 1.3compliant web-containers,
but I have not figured out how to configure WL 7.0 to let it work. -
How to map the bulk users with the required roles in portal at one time
Hi,
Would anyone tell me how to map the bulk users with the required roles in portal at one time?Thanks for all the reply.
<b>I need to assign 1 or 2 group to n((eg) 1000)number of users</b>
I tried the first option like
[group]
gid=
gdesc=
user=
Thr problem with this is I could n't put more no of users in the notepad.
I would be able to put only 150 users in the single line of notepad. If it goes to next line it is not working.
I tried creating seperate notepad but in Import it says "exists"
I'm not sure about LDAP. Would anyone explain me the best approach to do this. -
Error: There are gaps in assignment of required role ZVLPP Vendor - Landlor
Hello everyone,
I did create a new BP role with vendor integration. I have done all the settings including the syncronization settings between the vendor and BP. Now when i want to edin an old contract i get error message:
There are gaps in assignment of required role ZVLPP Vendor - Landlord Companies
Message no. REBPBP011
Diagnosis
Either a business partner has not been assigned in role ZVLPP Vendor - Landlord Companies for the current object/contract or
A business partner is not assigned in this role at all times in which the object is valid (period 01.11.2008 - 31.10.2009).
However, the Customizing settings specify that role ZVLPP Vendor - Landlord Companies is mandatory for the current object/contract.
System Response
Depending on the object, you may be able to save the object despite the fact that there is no business partner. However you will not be able to activate the contract if you have not assigned a business partner.
Procedure
Assign a business partner in role ZVLPP Vendor - Landlord Companies for the entire period 01.11.2008 - 31.10.2009.
My problem is in the step where i make assignment of applications/objects to my business roles, I havent set any of the two roles as madatory for a RE contract.
I ve gone through all the steps for BP in Customizing and searched through all OSS notes and forums but didnt find anything on that problem.
Does anyone have an idea what the problem might be?
Any input would be appreciated
Thanks
SeverinaHi,
The message is not an error message. but for me it is just a warning message. Inspite of the warning, you can still save the contract.
However, you cannot activate the contract because, Customer / Vendor Business Partner are not attached to the Real estate contract. By default, you must assign a Business partner with Customer role / Vendor role to a contract. This is to ensure FI postings to Customers / Vendors.
So, choose a Business partner with vendor role and save the contract and activate it.
Cheers !!!
Siva -
Hi
I have an SCCM 2012 SP1 CU3 installation on a Server 2008 R2 + SQL 2008 R2.
I'm having trouble delegating Reporting Services Web Access to a standard domain user.
I have followed the instructions from these blogs:
http://blog.coretech.dk/kea/creating-the-reporting-user-role-in-configmgr-2012/
http://www.wolffhaven45.com/blog/sccm/assigning-users-to-configmgr-reportusers-group-in-sccm-2012/
No matter how I try, I cannot get the reports to show for a standard domain user. In the console no reports are showing and in the web access I get
"User domain\user does not have required permissions........"
The only thing that is consistenly working when I test is to put the AD Group on the Security Role "Full Administrator".
Then everything will show up.
Any ideas on how to troubleshoot this?Thanks everyone for helping me with tips. I have now solved the problem. It was the permissions from SCCM that did not replicate to the Reporting Server.
In srsrp.log I got these error messages:
Could not retrieve the reporting service name for instance 'MSSQLSERVER'
Invalid class
Could not stop the reporting serviceAfter googling a litte I found these 2 sites with similiar problems:http://social.technet.microsoft.com/Forums/en-US/d4a7f93a-506f-4e3f-b5fc-bd2b087277da/ssrs-permissions-do-not-add?forum=configmanagergeneral
http://www.microtom.net/microsoft-system-center/software-distribution/sccm-2012-reporting-services-do-not-install
So I ran the command for SQL 2008 R2: mofcomp.exe C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof
and BAAM, everything started to work =)
/ALX -
Hello, I am working on a SAP CRM 7 Sales implementation and we are implementing leads and opportunity scenarios. The current business organization model is that there multiple vertical and horizontal departments. This is typical matrix structure. This organization has done the segregation of its clients based on the verticals so every clients belongs to at least one or more Vertical department but Horizontal departments can contact all the clients. In the same way sales executives are also either belonging to one or more Verticals or Horizontal departments? Horizontal sales executive can create leads for any clients available in the system but a Vertical sales executive can only create lead only for the client belongs to his vertical and assigned to him. This can be achieved by creating organization structure and business partner relationship.
Now the problem statement is that few sales executives need work for both some Verticals and Horizontals at the same time. But requirement is that they should be able to do the both roles with single user id but multiple roles. So when sales executive is creating leads his vertical department, he should only be able to select clients assigned to his Vertical only but when he is creating lead for Horizontal department, he should be able to select any clients.
So Can I determine the business partners linked to user based on the assigned role and org. structure?
Please let me know if this is not clear also note we are only using CRM WebUI no SAP ePortal.
Thanks a lot your help in advance.
Regards
Sudesh SharmaThanks, Tahir
my problem has solved
Kind Regards,
Faisal -
Managed system configuration: Some required roles have not been granted
Hi experts,
I face a strange problem in my SolMan 7.1 SPS 4:
In the configuration of managed system everything is green except the last step "Check configuration" => "Configuration Check".
The error is:
Some required roles have not been granted to user SAPSUPPORT (ID: MANAGED.DUAL.SAPSUPPORT)
Action: Execute step Managed System Configurationn / Create Users
Check Context: Managed systems users/roles | Managed users/roles | SYSTEM =LSM~ABAP
and the same for SMDAGENT_xyz (ID: MANAGED.ABAP.WILYAGT).
The funny thing is that the step no. 7 (Create users) is done successfully. I have also deleted SAPSUPPORT manually and have reexecuted step 7 but no success.
Any ideas? Thanks and best regards, BastiHello,
Just a thought... it could be due to a UME role that is not assigned to the user. Have you checked the security guide?? There are a couple of steps to do in Visual Admin for this use as per the guide.
Cheers,
Diego. -
Error : User master comparison incomplete
Dear All,
I am working on a CUA system. I have modified an existing role(it was a requirement to change Material Mvt typ) and transported to QA system. then run PFCG_TIME_DEPENDENCY.
But when I check user -> and roles using SU01, I see the role I transported is in RED color. but then when I try to do a user comparison I got new error user "Maximum profile exceeded for user ABCXX" , because of this error I cannot complete user comparison.
I also tried PFUD -> Cleanups first, then Profile matching unfortunately it still gives User master comparison incomplete.
Is there a alternative way to compare users except "ABCXX" which has "Maximum profile exceeded for user" or how do I skip this message and complete user comparison ?Souyee,
If user needs access,then remove unimportant tcodes from the user menu.
or
If you have similar user id , without profile issues,then you can copy that id .(i.e if it is happening for only one user id)
NOTE:
even if you are able to do the user comparsion,Some of our users are not able to execute some transaction codes, even though the required roles are granted. these type of problems will occur.
Other option is:
you need to identify the profiles assigned and ensure that they are below 312, as you canu2019t assign more than 312 profiles to a SAP User ID.
If the issue happens even with very few profiles, verify the Number of authorizations in User Buffers value in the Instance profile. The value for Auth/authnum ber_in_userbuffer parameter can be increased_. The size of the buffer must always exceed the maximum number of authorizations as authorization checks are made only against those in the buffer. The default value is 800, but this can be set to a value which is between 1u20132000.
What happens when an instance profile parameter is set outside it's range ?
Note: Take the help of basis guys,if at all you need to change the Instance value.
Thanks,
Sri -
NWA 7.1 - User Administration with regards to Roles/Groups
Hello,
Environment = NWA 7.1 , Java Stack Only , No Central User Administration
Situation = One group of individuals responsible for developing and maintaining Java Roles & Groups
(Permissions). Another group of individuals responsible for maintaining Users and
allocating the above Roles & Groups to the Users.
In accordance with various documentation (ie. http://help.sap.com/saphelp_nwpi711/helpdata/en/4a/e06f429c789041e10000000a1550b0/frameset.htm) I have set up a Role which includes the actions: UME.Manage_Roles, UME.Manage_Groups, UME.Manage_Users, UME.Manage_All_User_Passwords & UME.Read_All. This Role is intended for the second group of individual mentioned above.
The problem is however that with the mentioned actions they can not only allocate an user to a Role or Group but also delete the Role/Group from the system. Without the above actions in the Role it is not possible to assign Users to a Role/Group.
This leads me to the question if it is possible to split these two various areas of responibility or does NWA 7.1 view both activities as residing in only group (documentation to this effect would be helpful). If not, which actions will ensure that only Users can be administered but the rights to the system (Roles/Groups) can not be tampered with.
Many thanks in advance,
JayHi Jay,
UME.Manage_All Provides permissions required by an overall user administrator.
These include:
u2022 Administration of users belonging to any company and
possibility of assigning users to companies
(In a multitenant portal, even if a tenant user is assigned this
action, he or she will still only have access to users, groups,
and roles in his or her tenant.)
u2022 Group management
u2022 Role assignment
u2022 User mapping
u2022 Import and export of user data
u2022 Manual replication of user data
To set up delegated user administration, overall user administrators
must belong to a role to which the UME.Manage_All action is
assigned.
In portal installations, any role that includes the UME.Manage_All
action automatically has Role Assigner permissions on all portal roles in the portal installation.
Try this.
Regards,
Gowrinadh -
How to find out by MDX that the current users is member of a role - Default member issue
Hi,
just imagine you have a dimension with a few members (A, B, C...). I defined a role which gives some users only rights to "B". On the other hand the default member for the dimension is set to "A". Now users part of the role get an error
that the member "A" is not found. So while
https://msdn.microsoft.com/en-us/library/ms175626.aspx says the default member setting in the role "overrides" the overall default member this is not completely true because first the general default member is selected and after that the role
specific one.
So the solution might be that I explicitly define the default member in all roles. This might be possible but there is one issue: you can't define a role specific default member for users part of the adminstrator role. So all admins don't have a default
member which is quite some restriction for some users...
So the question is how to solve that problem. An idea would be that I use some MDX to determine the default member in the dimension based on the actual user's role membership. But how to do that? Or any better idea?
Thanks,
Thomas PagelHi Thomas,
According to your description, you want to have a role-specific default member for different roles. Right?
In Analysis Services, when granting access to dimension, a connection will fail if a role restricts access to a default measure. As you mentioned, the best solution is specify a default member for each role. But for administrator role(full control),
it can't set the default member. All tabs except General and Membership are disabled. And the system can determines the default member of current user automatically. It's not supported to get the default member in MDX either.
However, SSAS has additive design for role security. So in this scenario, we just need to create another role for those members of administrator role and specify a default member for this role. SSAS will take that role-specific default member
for these users. And it will not effect the administration permission for them.
Reference:
Default members, MDX Scripts, Security, KPIs and Perspectives
The Additive Design of SSAS Role Security
If you have any question, please feel free to ask.
Best Regards,
Simon Hou
TechNet Community Support -
Error - G/L account 407350 requires a valid tax codeu201D.
I am getting error "G/L account 407350 requires a valid tax codeu201D, while executing F-28 transaction.
IF there are any User-exit available to resole this issue ?Rather than the use-exit, I suggest you to discuss this with configuration consultant who can make some change on the configuration and eliminate the error.
>
batramanish wrote:
> I am getting error "G/L account 407350 requires a valid tax codeu201D, while executing F-28 transaction.
> IF there are any User-exit available to resole this issue ?
Maybe you are looking for
-
WSUS script for pending reboot possible addition - How
Hi, I am found script for pending reboot and script work perfectly. My problem is that script generate only pending computers reboot for master wsus server not for replica servers. Can I modify this script to generate pending reboot for all replica s
-
How do I get Firefox to import ALL my bookmarks from Internet Explorer?
I've recently installed Firefox on my WXP computer, to replace IE. During installation, Firefox automatically put up a dialog offering to import all my bookmarks (i.e. Favourites) from IE, and I accepted. The resulting page confirmed that my bookmark
-
Why admin user cannot create Business Rules ?
Hi All, Why admin user can't create Business Rules. We've to create other userID and give the required roles and then we create Busines rules right ? Pls. advice
-
In different places the OS seems to default to the date of 5/1/10 - I assume that is 5th Jan 2010. For instance, I have turned on parental controls. When I view the logs and want to show activity for 1 month or week and group by website, every entry
-
What does this mean? Thanks for any cure response Henry "The SMTP server "mail.starstream.net" doesn't support MDS Challenge-Response authentication. Verify your account settings and try again. Select a different mail server from the list below or t