Error -- User doesnot belong to required Roles

Similar Messages

• Forms Authentication Error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed

  I created a custom security extension following the steps listed in the Readme_Security Extension Sample. It works fine if I login as the user that is specified AdminConfiguration section of the rsreportserver.config file but if I
  log in as another user, I get this error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.  I've added the user to both System Administrator
  and System User roles to try to get it to work but still no luck.
  Does anyone know how to fix this?
  Thanks.

  Hi MetronM,
  The issue is due to that user have no permission to access the report server. In report manager, Reporting Services includes predefined roles that we can assign to users and groups to provide immediate access to a report server. Each role defines a collection
  of related tasks.
  You can refer to the following steps to assign corresponding role to the user.
  Open report manager.
  Click “Folder Setting” button. 
  Click “New Role Assignment” icon.
  Type the user name and select the corresponding role.
  There is an article about Granting Permissions on a Native Mode Report Server, you can refer to it.
  http://technet.microsoft.com/en-us/library/ms156014.aspx
  Regards,
  Alisa Tang
  Alisa Tang
  TechNet Community Support

• SIngle riole that belong to composite role with user

  HI,
  There is option when user are belong to single role and also belong to composite roles (that include the single role ) ?
  BR
  Nina

  There is option when user are belong to single role and also belong to composite roles (that include the single role ) ?
  SIngle role is created by pfcg where you assign the role name n safe it as single role n then after t codes been provided the user has been assigned accordingly
  Composite role is same just it contains many roleson to one and similarly the user has been assigned
  Thx
  Mysterious

• Installation failed because a required role service or feature could not be installed. WS 2008

  Hi guys, i have a problem with a Server Windows 2008 SP1 Standar x86, when i tried to reinstall the role of WSUS 3.1 the ServerManager show this Error and i could install again the role.
  Thanks for your help:
  The Error of the event viewer is the nexT:
  Log Name:      Setup
  Source:        Microsoft-Windows-ServerManager
  Date:          27/03/2009 05:53:21 p.m.
  Event ID:      1617
  Task Category: None
  Level:         Error
  Keywords:     
  User:          DOMAIN\Administrator
  Computer:      SOOB.DOMAIN.COM
  Description:
  Installation failed. A restart is required.
  Roles:
  Web Server (IIS)
     Error: The server needs to be restarted to undo the changes.
  Windows Server Update Services
     Error: Installation failed because a required role service or feature could not be installed.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-ServerManager" Guid="{8c474092-13e4-430e-9f06-5b60a529bf38}" />
      <EventID>1617</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2009-03-28T00:53:21.056Z" />
      <EventRecordID>23</EventRecordID>
      <Correlation />
      <Execution ProcessID="1100" ThreadID="2736" />
      <Channel>Setup</Channel>
      <Computer>SOOB.DOMAIN.COM</Computer>
      <Security UserID="S-1-5-21-696557799-1245526101-3093723089-500" />
    </System>
    <UserData>
      <EventXML xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="Event_NS">
        <message>
  Roles:
  Web Server (IIS)
     Error: The server needs to be restarted to undo the changes.
  Windows Server Update Services
     Error: Installation failed because a required role service or feature could not be installed.
  </message>
        <identifiers>WsusRole, WebServerRole, WebServerComponent, CommonHttpFeatures, StaticContent, DefaultDocument, Performance, DynamicContentCompression, ApplicationDevelopment, AspNetPages, InternetServiceApiExtensions, InternetServiceApiFilters, NetFxExtensibility, SecurityComponents, RequestFiltering, WindowsAuthentication, WebServerManagementTools, InternetInformationServices6ManagementCompatibility, InternetInformationServices6DatabaseCompatibility</identifiers>
      </EventXML>
    </UserData>
  </Event>
  Alberto

  The above suggestions did not resolve issue in my case;
  I did the below to resolve this after lot of research and same worked for me in 3 servers;
  1)     
  Disable UAC  by Disabling the setting "User Account Control: Run all administrators in Admin Approval Mode", under Computer
  Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options. And reboot the server
  2)     
  Remove all existing installed  features of dotnet 3.5 and reboot the server
  3)     
  Install Windows Process activation service using add features and reboot the server
  4)      NowInstalled Web(IIS)
  role  features which resulted in successfull installation

• Some required roles have not been granted to user SAPSUPPORT (ID: MANAGED.DUAL.SAPSUPPORT_J

  Hi Experts,
  I am getting error message (Some required roles have not been granted to user SAPSUPPORT (ID: MANAGED.DUAL.SAPSUPPORT_J))  and  (Some required roles have not been granted to user SM_COLL_SOL (ID: MANAGED.JAVA.SM_COLL) ) in step 10 "check configuration" in managed configuration phase through solman_setup.I have created these two user ids in ABAP through SU01 and then assigned UME role in java stack.However I could not find the role type "J" in java stack. I am also not getting option to create these user ids automatically in step 7 (create users).Here if I use (provide existing user) from drop down and choose execute after giving password I get error message (User solman_admin is not
  allowed to perform this request. Check SAP Note 1647157.) I have checked the suggested note and followed it but error still persists. Please suggest.
  Refer screen shot for more clarity.
  Thanks
  Aditya Roushan

  Hi Aditya,
  Check if the below SAP Notes are helpful -
  1934057 - SPML check error for JAVA managed system
  1758186 - Check Configuration Error when user manually maintained
  1953221 - User SOLMAN.DUAL.SAPSUPPORT is not defined in table AGSSISE_ACT_USER
  1925088 - SOLMAN_SETUP: Measurement Platform Set Up - issue with users
  My guess is that the 3rd one should be helpful in your case.
  Best Regards,
  Tanmeya

• Protected WebResource access granted even though user doesn't have the required role

  Apologies in advance - this must be a real newbie question, but I've read thru
  alot of documentation/newsgroup info and haven't found the answer.
  I'm using WL 7.0 SP1, and deploying an exploded web-app. (contents in attached
  Login.zip). The web.xml defines a single protected web-resource (/yeslogin.jsp)
  and a single role (PortalUser).
  I've got a realm configured with all the Default* providers, and have defined
  a user, a group, and the PortalUser role that hooks them together.
  If I do not check the Security->Realms->myrealm->General->"Ignore security data
  in deployment descriptors" checkbox, my user never seems to be associated with
  the role I've defined. (I can see this from the output of the DefaultAuditor set
  to INFORMATION severity) when access control checks are done - so I always get
  a 403 (Access denied).
  If I do check the "Ignore security data in deployment descriptors" box, reboot
  WL and re-deploy my web-application then the audit trail does show that my user
  is associated with my role, and I am able to run the application.
  The problem is, when configured this way if I have another user who does not have
  that role, they are also able to use the application. The DefaultAuditRecorder.log
  file show that the "Role Manager Audit Event" for checking access to the protected
  resource has been invoked, but then the status is SUCCEED!?!?!
  Any pointer to what I've done wrong, or the docs that tell me how to do this right
  would be WAY appreciated.
  This same web-application works across a range of various J2EE 1.3 compliant web-containers,
  but I have not figured out how to configure WL 7.0 to let it work.
  [Login.zip]

  I tried your web app and it worked for me. I hit the URL that you protected:
  http://localhost:7001/login/login_page.jsp
  Logging in as a bad users popped up your error page.
  Logging in as a users in the PortalUser role ( I changed that to a role I
  already had) let me hit the
  your login page.
  One thing. Usually, you let the users hit your protected page and you let
  the web container do the work and pop
  up your login form instead of you programmatically sending them to the login
  page. If you change web.xml to:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>myrealm</realm-name>
  </login-config>
  It will just pop up the browsers dialog.
  Also, don't check the "ignore security data in deployment descriptors". In
  your case you ARE using the deployment
  descriptor.
  BTW. I can ONLY get web app deployment descriptor security to work in WLS
  7.0 sp1 and CAN NOT get the
  console web app security policy to work! I have an unanswered post on this.
  See the post:
  Console based web app security
  "Dave Clegg" <[email protected]> wrote in message
  news:[email protected]...
  >
  Apologies in advance - this must be a real newbie question, but I've readthru
  alot of documentation/newsgroup info and haven't found the answer.
  I'm using WL 7.0 SP1, and deploying an exploded web-app. (contents inattached
  Login.zip). The web.xml defines a single protected web-resource(/yeslogin.jsp)
  and a single role (PortalUser).
  I've got a realm configured with all the Default* providers, and havedefined
  a user, a group, and the PortalUser role that hooks them together.
  If I do not check the Security->Realms->myrealm->General->"Ignore securitydata
  in deployment descriptors" checkbox, my user never seems to be associatedwith
  the role I've defined. (I can see this from the output of theDefaultAuditor set
  to INFORMATION severity) when access control checks are done - so I alwaysget
  a 403 (Access denied).
  If I do check the "Ignore security data in deployment descriptors" box,reboot
  WL and re-deploy my web-application then the audit trail does show that myuser
  is associated with my role, and I am able to run the application.
  The problem is, when configured this way if I have another user who doesnot have
  that role, they are also able to use the application. TheDefaultAuditRecorder.log
  file show that the "Role Manager Audit Event" for checking access to theprotected
  resource has been invoked, but then the status is SUCCEED!?!?!
  Any pointer to what I've done wrong, or the docs that tell me how to dothis right
  would be WAY appreciated.
  This same web-application works across a range of various J2EE 1.3compliant web-containers,
  but I have not figured out how to configure WL 7.0 to let it work.

• How to map the bulk users with the required  roles in portal at one time

  Hi,
  Would anyone tell me how to map the bulk users with the required roles in portal at one time?

  Thanks for all the reply.
  <b>I need to assign 1 or 2 group to n((eg) 1000)number of users</b>
  I tried the first option like
  [group]
  gid=
  gdesc=
  user=
  Thr problem with this is I could n't put more no of users in the notepad.
  I would be able to put only 150 users in the single line of notepad. If it goes to next line it is not working.
  I tried creating seperate notepad but in Import it says "exists"
  I'm not sure about LDAP. Would anyone explain me the best approach to do this.

• Error: There are gaps in assignment of required role ZVLPP Vendor - Landlor

  Hello everyone,
  I did create a new BP role with vendor integration. I have done all the settings including the syncronization settings between the vendor and BP. Now when i want to edin an old contract i get error message:
  There are gaps in assignment of required role ZVLPP Vendor - Landlord Companies
  Message no. REBPBP011
  Diagnosis
  Either a business partner has not been assigned in role ZVLPP Vendor - Landlord Companies for the current object/contract or
  A business partner is not assigned in this role at all times in which the object is valid (period 01.11.2008 - 31.10.2009).
  However, the Customizing settings specify that role ZVLPP Vendor - Landlord Companies is mandatory for the current object/contract.
  System Response
  Depending on the object, you may be able to save the object despite the fact that there is no business partner. However you will not be able to activate the contract if you have not assigned a business partner.
  Procedure
  Assign a business partner in role ZVLPP Vendor - Landlord Companies for the entire period  01.11.2008 - 31.10.2009.
  My problem is in the step where i make assignment of applications/objects to my business roles, I havent set any of the two roles as madatory for a RE contract.
  I ve gone through all the steps for BP in Customizing and searched through all OSS notes and forums but didnt find anything on that problem.
  Does anyone have an idea what the problem might be?
  Any input would be appreciated
  Thanks
  Severina

  Hi,
  The message is not an error message. but for me it is just a warning message. Inspite of the warning, you can still save the contract.
  However, you cannot activate the contract because, Customer / Vendor Business Partner are not attached to the Real estate contract. By default, you must assign a Business partner with Customer role / Vendor role to a contract. This is to ensure FI postings to Customers / Vendors.
  So, choose a Business partner with vendor role and save the contract and activate it.
  Cheers !!!
  Siva

• Cannot delegate Reporting Services Web access to domain user / group, User does not have required permissions

  Hi
  I have an SCCM 2012 SP1 CU3 installation on a Server 2008 R2 + SQL 2008 R2.
  I'm having trouble delegating Reporting Services Web Access to a standard domain user.
  I have followed the instructions from these blogs:
  http://blog.coretech.dk/kea/creating-the-reporting-user-role-in-configmgr-2012/
  http://www.wolffhaven45.com/blog/sccm/assigning-users-to-configmgr-reportusers-group-in-sccm-2012/
  No matter how I try, I cannot get the reports to show for a standard domain user. In the console no reports are showing and in the web access I get
  "User domain\user does not have required permissions........"
  The only thing that is consistenly working when I test is to put the AD Group on the Security Role "Full Administrator".
  Then everything will show up.
  Any ideas on how to troubleshoot this?

  Thanks everyone for helping me with tips. I have now solved the problem. It was the permissions from SCCM that did not replicate to the Reporting Server.
  In srsrp.log I got these error messages:
  Could not retrieve the reporting service name for instance 'MSSQLSERVER'
  Invalid class
  Could not stop the reporting serviceAfter googling a litte I found these 2 sites with similiar problems:http://social.technet.microsoft.com/Forums/en-US/d4a7f93a-506f-4e3f-b5fc-bd2b087277da/ssrs-permissions-do-not-add?forum=configmanagergeneral
  http://www.microtom.net/microsoft-system-center/software-distribution/sccm-2012-reporting-services-do-not-install
  So I ran the command for SQL 2008 R2: mofcomp.exe C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof
  and BAAM, everything started to work =)
  /ALX

• So Can I determine the business partners linked to user based on the assigned role and org. structure?

  Hello, I am working on a SAP CRM 7 Sales implementation and we are implementing leads and opportunity scenarios. The current business organization model is that there multiple vertical and horizontal departments. This is typical matrix structure. This organization has done the segregation of its clients based on the verticals so every clients belongs to at least one or more Vertical department but Horizontal departments can contact all the clients. In the same way sales executives are also either belonging to one or more Verticals or Horizontal departments? Horizontal sales executive can create leads for any clients available in the system but a Vertical sales executive can only create lead only for the client belongs to his vertical and assigned to him. This can be achieved by creating organization structure and business partner relationship.
  Now the problem statement is that few sales executives need work for both some Verticals and Horizontals at the same time. But requirement is that they should be able to do the both roles with single user id but multiple roles. So when sales executive is creating leads his vertical department, he should only be able to select clients assigned to his Vertical only but when he is creating lead for Horizontal department, he should be able to select any clients.
  So Can I determine the business partners linked to user based on the assigned role and org. structure?
  Please let me know if this is not clear also  note we are only using CRM WebUI no SAP ePortal.
  Thanks a lot your help in advance.
  Regards
  Sudesh Sharma

  Thanks, Tahir
  my problem has solved
  Kind Regards,
  Faisal

• Managed system configuration: Some required roles have not been granted

  Hi experts,
  I face a strange problem in my SolMan 7.1 SPS 4:
  In the configuration of managed system everything is green except the last step "Check configuration" => "Configuration Check".
  The error is:
  Some required roles have not been granted to user SAPSUPPORT  (ID: MANAGED.DUAL.SAPSUPPORT)
  Action: Execute step Managed System Configurationn / Create Users
  Check Context: Managed systems users/roles | Managed users/roles | SYSTEM =LSM~ABAP
  and the same for SMDAGENT_xyz (ID: MANAGED.ABAP.WILYAGT).
  The funny thing is that the step no. 7 (Create users) is done successfully. I have also deleted SAPSUPPORT manually and have reexecuted step 7 but no success.
  Any ideas? Thanks and best regards, Basti

  Hello,
  Just a thought... it could be due to a UME role that is not assigned to the user. Have you checked the security guide?? There are a couple of steps to do in Visual Admin for this use as per the guide.
  Cheers,
  Diego.

• Error : User master comparison incomplete

  Dear All,
  I am working on a CUA system. I have modified an existing role(it was a requirement to change Material Mvt typ) and transported to QA system. then run PFCG_TIME_DEPENDENCY.
  But when I check user -> and roles using SU01, I see the role I transported is in RED color. but then when I try to do a user comparison I got new error user "Maximum profile exceeded for user ABCXX" , because of this error I cannot complete user comparison.
  I also tried PFUD -> Cleanups first, then Profile matching unfortunately it still gives User master comparison incomplete.
  Is there a alternative way to compare users except "ABCXX" which has "Maximum profile exceeded for user" or how do I skip this message and complete user comparison ?

  Souyee,
  If user needs access,then remove unimportant tcodes from the user menu.
  or
  If you have similar user id , without profile issues,then you can copy that id .(i.e if it is happening for only one user id)
  NOTE:
  even if you are able to do the user comparsion,Some of our users are not able to execute some transaction codes, even though the required roles are granted. these type of problems will occur.
  Other option is:
  you need to identify the  profiles assigned and ensure that they are below 312, as you canu2019t assign more than 312 profiles to a SAP User ID.
  If the issue happens even with very few profiles, verify the Number of authorizations in User Buffers value in the Instance profile. The value for Auth/authnum ber_in_userbuffer parameter can be increased_. The size of the buffer must always exceed the maximum number of authorizations as authorization checks are made only against those in the buffer. The default value is 800, but this can be set to a value which is between 1u20132000.
  What happens when an instance profile parameter is set outside it's range ?
  Note: Take the help of basis guys,if at all you need to change the Instance value.
  Thanks,
  Sri

• NWA 7.1 - User Administration with regards to Roles/Groups

  Hello,
  Environment = NWA 7.1 , Java Stack Only , No Central User Administration
  Situation      = One group of individuals responsible for developing and maintaining Java Roles & Groups
                        (Permissions). Another group of individuals responsible for maintaining Users and
                        allocating the above Roles & Groups to the Users.
  In accordance with various documentation (ie. http://help.sap.com/saphelp_nwpi711/helpdata/en/4a/e06f429c789041e10000000a1550b0/frameset.htm) I have set up a Role which includes the actions: UME.Manage_Roles, UME.Manage_Groups, UME.Manage_Users, UME.Manage_All_User_Passwords & UME.Read_All. This Role is intended for the second group of individual mentioned above.
  The problem is however that with the mentioned actions they can not only allocate an user to a Role or Group but also delete the Role/Group from the system. Without the above actions in the Role it is not possible to assign Users to a Role/Group.
  This leads me to the question if it is possible to split these two various areas of responibility or does NWA 7.1 view both activities as residing in only group (documentation to this effect would be helpful). If not, which actions will ensure that only Users can be administered but the rights to the system (Roles/Groups) can not be tampered with.
  Many thanks in advance,
  Jay

  Hi Jay,
  UME.Manage_All Provides permissions required by an overall user administrator.
  These include:
  u2022 Administration of users belonging to any company and
  possibility of assigning users to companies
  (In a multitenant portal, even if a tenant user is assigned this
  action, he or she will still only have access to users, groups,
  and roles in his or her tenant.)
  u2022 Group management
  u2022 Role assignment
  u2022 User mapping
  u2022 Import and export of user data
  u2022 Manual replication of user data
  To set up delegated user administration, overall user administrators
  must belong to a role to which the UME.Manage_All action is
  assigned.
  In portal installations, any role that includes the UME.Manage_All
  action automatically has Role Assigner permissions on all portal roles in the portal installation.
  Try this.
  Regards,
  Gowrinadh

• How to find out by MDX that the current users is member of a role - Default member issue

  Hi,
  just imagine you have a dimension with a few members (A, B, C...). I defined a role which gives some users only rights to "B". On the other hand the default member for the dimension is set to "A". Now users part of the role get an error
  that the member "A" is not found. So while
  https://msdn.microsoft.com/en-us/library/ms175626.aspx says the default member setting in the role "overrides" the overall default member this is not completely true because first the general default member is selected and after that the role
  specific one.
  So the solution might be that I explicitly define the default member in all roles. This might be possible but there is one issue: you can't define a role specific default member for users part of the adminstrator role. So all admins don't have a default
  member which is quite some restriction for some users...
  So the question is how to solve that problem. An idea would be that I use some MDX to determine the default member in the dimension based on the actual user's role membership. But how to do that? Or any better idea?
  Thanks,
  Thomas Pagel

  Hi Thomas,
  According to your description, you want to have a role-specific default member for different roles. Right?
  In Analysis Services, when granting access to dimension, a connection will fail if a role restricts access to a default measure. As you mentioned, the best solution is specify a default member for each role. But for administrator role(full control),
  it can't set the default member. All tabs except General and Membership are disabled. And the system can determines the default member of current user automatically. It's not supported to get the default member in MDX either.
  However, SSAS has additive design for role security. So in this scenario, we just need to create another role for those members of administrator role and specify a default member for this role. SSAS will take that role-specific default member
  for these users. And it will not effect the administration permission for them.
  Reference:
  Default members, MDX Scripts, Security, KPIs and Perspectives
  The Additive Design of SSAS Role Security
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou
  TechNet Community Support

• Error - G/L account 407350 requires a valid tax codeu201D.

  I am getting error "G/L account 407350 requires a valid tax codeu201D, while executing F-28 transaction.
  IF there are any User-exit available to resole this issue ?

  Rather than the use-exit, I suggest you to discuss this with configuration consultant who can make some change on the configuration and eliminate the error.
  >
  batramanish wrote:
  > I am getting error "G/L account 407350 requires a valid tax codeu201D, while executing F-28 transaction.
  > IF there are any User-exit available to resole this issue ?