Extending security privileges

Similar Messages

• Your request was cancelled. The necessary security privileges

  I downloaded this example and ran it against the BusinessObjects server I got where
  http://www.sdn.sap.com/irj/boc/go/portal/prtroot/docs/library/uuid/809d64c6-461c-2c10-f4bd-e499c25d6a38?quicklink=index&overridelayout=true
  I tried to view a simple report and I got this message. This message appears with any of the reports ones that were already created or ones that we created. The user I am running on is a administrator and if I login to actual server through a web 
  browser the report works fine.
  Your request was cancelled. The necessary security privileges could not be verified. Please contact your system administrator.
  BusinessObjects Version XI 2.0
  .Net Framework 4.0
  Anyone have any ideas ?

  1. try passing the non encoded token e.g. BOToken = enterpriseSession.getLogonTokenMgr().createLogonToken("", 120, 100);
  2. try using getDefaultToken() and see if that works.
  3. Have you tried usign openDocument.jsp instread?
  4. are you redirecting to this url? 'http://[server]:8080/BOE/CrystalReports/viewrpt.cwr?id='repId'&apstoken=[token]';
  Java uses double quote " rather than single quote ' for string declaration.

• Object failed to run due to insufficient security privileges

  Recently migrated from BO XI and Crystal XI to bo 4.1sp2 and Crystal 2013.The recurring crystal reports were migared to new environemnt and schulded to run 1st of the month.There are 300+ reports.The report detail says all these reports are schduled by Adminisatrtor because It was migrated by administartor account.
  First of the month all reports failed and error is 'object failed to run due to insufficient security privileges.
  And In the event viewer, there were warning from source BusinessObject_cms
  "The security for the object identified by 41173 could not be verified during schedule attempt."
  Can someone help me to find out the root cause of this issue.thanks.

  Hello,
  There are many possible root causes.
  First check that the migration was complete successfully using the Import Wizard or UMT.
  Otherwise, this may occur if the owner was not migrated properly or if the universe contains some row level security..
  I hope this helps.
  Thanks & Regards,
  Insaf

• The necessary security privileges could not be verified.

  Hi,
  We have a crystal report reporting off information integrator with sql server in the backend.
  This report uses a universe as a datasource.
  We are getting the following error while trying to run the report on demand:
  "Error A request was cancelled. The necessary security privileges could not be verified. This indicates a problem with the security server."
  If we schedule the report the following error msg can be found in the reportjobserver logs:
  " trace message: CrpeMgrPEGetHandleStringEx() out returns [1], buffer is [Database Connector Error: ''^MFailed
  to retrieve data from the database.^MError in File /usr/lpp/businessobjects/boe/bobje/data/reportjobserver01/~tmpad0d85852f0c7061d.rpt:
  The query when submitted through qwest returns back data, but is failing to run on the server.
  I am not sure what is going wrong, timeouts for page server has been set to 60 mins, but this error is returned within 10 mins of refreshing or scheduling the report.
  Any ideas?
  Thanks,
  Sumit

  Hi,
  I ran a test.
  I used the sql from the report, created a new report off that sql and published it to the server.
  It seems to be working. The report ran successfully.
  Thus I have seen that the report fails only when it is using an universe.
  I restarted the report job server along with Webi report server/page server multiple times but that didn't help much.
  I will be opening a message with SAP regarding the problem.
  Thanks,
  Sumit

• OS 10.7, SMB Connection, Change to Unicode with Extended Security on Windows Server 2008 Standard

  Hi All,  I've searched Google, and I've also contacted Apple Support with no luck:  I want to implement unicode with extended security on Windows Server 2008 Standard server shared folders so that Lion can connect normally (i.e. Finder->Go->Connect to Server->IP Address or server name) to SMB shares and access files.  I'm lacking information; has anyone actually implemented unicode with extended security?  If so, how?
  Thanks in advance.
  Tom

  Thanks for the reply aorlich. Do you mean enable file sharing on my Mac? With file sharing enabled, I still cannot get to my Windows 7 shares, although the files on my Mac do become available to Windows. Thanks again.

• HR Intelligence message: Data cannot be displayed due to security privilege

  Dear Gurus,
  I have setup HR intelligence and following messages are appearing for all new users who are viewing graphs:
  Information: Data cannot be displayed due to security privileges_
  I know it is something to do with with security issues but i dont know from where to allow the users and make changes to security .
  any help would be highly appreciated,
  regards,
  Muhammad Noman Shafique

  Did you check below -
  HR DBI Dashboard Shows Data Cannot be Displayed Due to Security Privileges For a Particular User [ID 423070.1]
  Data Cannot be Displayed Due to Security Privileges on DBI Portlets/Dashboards [ID 395066.1]

• (SunMC agent: Mx000)Insufficient security privilege to load console info!!!

  I create a user "smcuser" on SMC server, it is in group "platadmn" and "dom0adm",
  In SMC console, it can monitor a M4000 agent, but it cannot monitor M5000 agent.
  PS: i have created "smcuser" on XSCF of M4000/M5000 server.
  When i click "Platform View", there is a error info "Insufficient security privilege to load console info!!!"

  This is usually caused by incorrectly seeding the agents or when a user does not have the appropriate access to the system.
  Was the agent seeded with the same seed value used on the Sun MC server?
  Is the smcid userid in the /var/opt/SUNWsymon/cfg/esuers file and part of the esadm group?
  Can you create a esmaster user account in UNIX and try logging in using that userid. Note: this is the Sun MC superuser account.
  regards,
  bobby
  www.HalcyonInc.com
  forums.HalcyonInc.com

• Security privilege

  Hi we are having an error when generate crystal report as "A request was cancelled. The necessary security privileges could not be verified. This indicate a problem  with the security server".
  The exisitng repot is OK but the error appear only to newly report installed

  Hi,
  Increase idle connection timeouts from 1 to 10 minutes for Page and Cache servers. Restart CR server.
  Thanks,
  Sridhar

• Please help - external hard drive security / privileges issue.

  Yesterday while messing around with my mac I stupidly changed a setting I can't seem to remedy.
  I may have somehow selected an obscure security / privileges option, most likely within the 'get info' option and now my external hard drive icon is not visible on my desktop so I can reselect it to unselect the setting. I know its ok because 'disk first aid' can verify its presence but I can't see it.
  Urgently need access as I have data i need to retrieve.
  Please help.
  G4 OS 10.4

  I`m a little confused. Disk First Aid is a utility from MacOS 9.
  Do you mean disk utility ?
  If yes, in the upper line is a button for unmounting a disk. I don`t want to try it, but is it possible that a unmounted disk can be mounted again ?
  I just found out, that when you move the cursor over the button, it says: unmount or mount a disk. Maybe that`s it.
  Message was edited by: Helmut Kaleth
  Message was edited by: Helmut Kaleth

• Insuficient security privilege to load module.Agent in remote server contex

  *"Insuficient security privilege to load module.Agent in remote server contex"*
  This is the text that appears in the window, that is used to load a new module for a monitored host.
  I want to add the module that monitor File System Space.
  I logged whit the root user.
  I added the root user to all the groups, in the /etc/groups,
  and in the file /etc/passwd, ......
  someone can help me????''.......

  Hi Peter,
  PeterSteiner wrote:
  *"Insuficient security privilege to load module.Agent in remote server contex"*This has nothing to do with the security of the root user you're logging in as. Every Agent you install shares security with a single SunMC Server: although out-of-the-box it's visible (read-only) to other SunMC Servers. What that error message is telling you is that the Agent thinks the Server you logged into (i.e. from the Java Console or web interface) isn't the same primary Server the Agent shares security keys with. So it gives you read-only access... so you can see the existing modules but not load new ones.
  Look at the "Info" tab for that Agent in the Console. There's trap and event sections. Those sections show the hostname/IP that the Agent thinks is its primary Server. You likely logged into the wrong Server (if you have more than one) or the Agent is configured incorrectly.
  If the Agent is pointing to the wrong hostname/IP as its server you can re-run setup on that Agent, or edit the trap+event sections of the /var/opt/SUNWsymon/cfg/domain-config.x file and reseed/restart.
  Regards,
  [email protected]
  http://www.HalcyonInc.com
  New !! : http://forums.HalcyonInc.com !!

• Jcifs.smb.SmbException: NTLMv2 requires extended security

  Hi,
  I'm implemeting SSO for my application deployed in tomcat using JCIFS. It was working for some time and after more sessions like > 3 its throwing error like
  jcifs.smb.SmbException: NTLMv2 requires extended security (jcifs.smb.client.useExtendedSecurity must be true if jcifs.smb.lmCompatibility >= 3)
  at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)I'm using jcifs 1.3.7 and jdk 1.5. Also my web.xml is like
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE web-app
  PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
  "http://java.sun.com/dtd/web-app_2_3.dtd">
  <web-app>
  <display-name>Tomcat Documentation</display-name>
  <filter>
  <filter-name>NtlmHttpFilter</filter-name>
  <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
  <init-param>
  <param-name>jcifs.http.domainController</param-name>
  <param-value>10.202.0.41</param-value>
  </init-param>
  <init-param>
  <param-name>jcifs.smb.lmCompatibility</param-name>
  <param-value>1</param-value>
  </init-param>
  <!--
  <init-param>
  <param-name>jcifs.smb.client.useExtendedSecurity</param-name>
  <param-value>false</param-value>
  </init-param>
  -->
  <init-param>
  <param-name>jcifs.util.loglevel</param-name>
  <param-value>3</param-value>
  </init-param>
  <!--
  always needed for preauthentication / SMB signatures
  -->
  <init-param>
  <param-name>jcifs.smb.client.domain</param-name>
  <param-value>DOMAINAME</param-value>
  </init-param>
  <init-param>
  <param-name>jcifs.smb.client.username</param-name>
  <param-value>1233</param-value>
  </init-param>
  <init-param>
  <param-name>jcifs.smb.client.password</param-name>
  <param-value>P@ssw0rd1</param-value>
  </init-param>
  </filter>
  <filter-mapping>
  <filter-name>NtlmHttpFilter</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>
  <description>
  Tomcat Documentation.
  </description>
  <servlet>
  <servlet-name>test1</servlet-name>
  <servlet-class>TestServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>uploadexcel</servlet-name>
  <servlet-class>TestUpload</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>testServlet</servlet-name>
  <servlet-class>SampleTest</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>test1</servlet-name>
  <url-pattern>/test</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>uploadexcel</servlet-name>
  <url-pattern>/uploadexcel</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>testServlet</servlet-name>
  <url-pattern>/testServlet</url-pattern>
  </servlet-mapping>
  <!-- <resource-ref>
  <description>DB Connection</description>
  <res-ref-name>jdbc/reports</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  </resource-ref>
  -->
  <error-page>
  <exception-type>java.lang.NullPointerException</exception-type>
  <location>/error.jsp</location>
  </error-page>
  </web-app>Please let me know whether any cofiguratio settings needs to be made
  Regards,
  Sukuimar

  Hi,
  Thanks for suggestion. After making it true i got below error.
  note: NtlmPasswordAuthentication.java was java class obtanied with JIFS utility
  jcifs.smb.SmbException
  java.lang.NullPointerException
       at jcifs.smb.NtlmPasswordAuthentication.nTOWFv1(NtlmPasswordAuthentication.java:197)
       at jcifs.ntlmssp.Type3Message.<init>(Type3Message.java:177)
       at jcifs.smb.NtlmContext.initSecContext(NtlmContext.java:75)
       at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:347)
       at jcifs.smb.SmbSession.send(SmbSession.java:235)
       at jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
       at jcifs.smb.SmbSession.logon(SmbSession.java:171)
       at jcifs.smb.SmbSession.logon(SmbSession.java:164)
       at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:189)
       at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:121)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
       at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
       at java.lang.Thread.run(Thread.java:595)
       jcifs.smb.NtlmContext.initSecContext(NtlmContext.java:90)
       jcifs.smb.SmbSession.sessionSetup(SmbSession.java:347)
       jcifs.smb.SmbSession.send(SmbSession.java:235)
       jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
       jcifs.smb.SmbSession.logon(SmbSession.java:171)
       jcifs.smb.SmbSession.logon(SmbSession.java:164)
       jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:189)
       jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:121)Even i tried to change it to
  <init-param>
  <param-name>jcifs.smb.lmCompatibility</param-name>
  <param-value>0</param-value>
  </init-param>
  <init-param>
  <param-name>jcifs.smb.client.useExtendedSecurity</param-name>
  <param-value>false</param-value>
  </init-param>
  But still its giving previous error. So, should i upgrade it to 1.3.8. Also am i hitting any bug in 1.3.7 please let me know
  Regards,
  Sukumar
  Edited by: Sukumar-Java-Beginner on Mar 30, 2009 11:39 PM

• UPnP Extended Security? Please Help.

  Hello i was recently trying to complete this turorial:
  http://www.youtube.com/watch?v=o9vJedWSyw8
  as my internet is bad on black ops 2, (strict) and my Bt does not allow me to port forward properly :/
  I have tried it but i got a error, so i got in touch with the author of the video and recieved this message,
  "from the looks of it you are setting up the right ports, but your router isnt allowing you to forward them. This will most likely be caused by a security setting on your router. There should be some option on the games and application sharing page, that disables extended security. That should fiix the problem if you can find it."
  So how can i disable this UPnP Extended Security, or Extended Security?
  I have a Bt Home Hub 2.
  Thanks,

  Elhadi wrote:
  I know how to turn it off, im trying to disable something called extended security so it lets me use portmapper
  On the Home Hub 3 B you get the following screen (distorted by cut and paste)  on the Port Forwarding , UPnP tab
  The Home Hub 2 may not have this facility.
  Wireless Broadband Home Network  Port Forwarding  System  Basic Settings
  Configuration Supported Applications UPnP DMZ Firewall
  UPnP
  Universal Plug and Play (UPnP) enables a wide range of applications, such as games and messaging, and devices to connect to each other and work together.
  UPnP:    On
               Off
  Extended UPnP Security:   On
                                        Off
                                                    ​                                                  ​                         Apply      Cancel  
  It is recommended to keep the Extended UPnP security enabled to ensure the security of your home network.

• Kerberised CIFS / SMB Extended Security

  Does anyone have any info when kerberised CIFS or SMB extended security is likely to be introduced into the S7000 series?
  I had some info from a Sun Engineer that fixes relating to this would be coming in 2009.Q4 (which became 2010.Q1)
  Example CR's related to this are:
  6791642
  6791165
  6791210
  Amongst others.
  Does anyone know if this is on the radar for a future release of the 7000 series appliance kit?
  Alan

  Hi Alan
  I just wondered if the lack of kerberised CIFS or SMB extended security is causing a problem I've been trying to get around.
  We have a share set up on our 7310, to host MSI packages to be deployed via a Windows Server 2008 R2 group policy object, the packages are failing to install with errors pointing to permission problems. I've checked through the permissions and all seems well, with the computer account having full access to the share.
  The packages deploy fine when they are hosted on a Windows based server, from what I've read this could be a kerberos authentication problem or some other missing feature from the CIFS implementation on the Sun. I can connect to the share on the Sun once logged onto the Windows computer and install the packages.
  Thanks
  Matthew

• Extend Security FAQ Example Broken?

  I have been trying out the Extend Seurity example in the Coherence FAQ here http://coherence.oracle.com/pages/viewpage.action?pageId=1343626
  Basically the way it works is that the Extend proxy uses a class scheme that uses a sub-class of com.tangosol.net.cache.WrapperNamedCache to wrap the "real" cache. This sub-class can then override methods you want to secure to do an access check before forwarding the method call to the wrapped cache.
  Now, this all appeared to work fine until I tried to execute queries against the cache. The queries will execute against the "wrapped" cache which resides in the storage enabled nodes of the cluster, as the Extend proxies are storage disabled. I started to get back errors that the methods I was querying on did not exist in the objects I had put into the cache.
  E.G. Missing or inaccessible method: com.tangosol.util.Binary#getIntValue[]
  The reason for this it turns out is that the "put" method of the WrapperNamedCache in the extend proxy gets instances of com.tangosol.util.Binary for its key and value parameters as the Extend Client has POF serialized the values to send over the wire. When WrapperNamedCache calls "put" on the real cache presumably it send these com.tangosol.util.Binary values. It then appears that these are serialized again to go over the wire to the real cache so the underlying real cache ends up containing a serialized value of a serialized value and hence my queries fail.
  Is this "double" serializing due to me mis-configuring the caches, or am I stuck with it?
  Obviously it is pretty impractical to de-serialize the objects in the methods of the WrapperNamedCache sub-class.
  Presumably making the Extend proxies storage enabled nodes of the cluster wouldn't make any difference either.
  I am beginning to give up on ever having a secure Coherence cluster as so many things related to security in Coherence seem broken.
  Banging my head in frustration...
  JK.

  I haven't been able to get this to work, and I'm using Noah's updated code.
  I'm trying to implement row-level security using the EntitledNamedCache, so basically I'll be intercepting calls to get() and checking the client's privileges against the data they're trying to read.
  The problem - as Jonathan experienced - is that inside the EntitledNamedCache the super.get() call to the WrapperNamedCache returns a com.tangosol.util.Binary instead of the actual object that was put() in.
  Is there a way for WrapperNamedCache.get() to return the actual object?

• Access denied to a folder; running as Administrator with backup, restore, takeown, and security privileges

  I am running as an Administrator with SE_BACKUP_NAME, SE_RESTORE_NAME, SE_TAKE_OWNERSHIP_NAME, and SE_SECURITY_NAME enabled on my application. My group information is listed below. The item's path and ACL are
  C:\tests\test_acl_null\src\1d: O:BGG:SYD:P
  where the owner is Built-in Guests, group is Local System, the DACL prevents inheritance, and the DACL itself is empty.
  I would expect that since I have the four above privileges enabled successfully, I would have access to the item regardless of its security descriptor. Why is this not the case?
  whoami /all
  USER INFORMATION
  User Name SID
  ==================== =============================================
  winbuild\engineering S-1-5-21-<machine-id>-1001
  GROUP INFORMATION
  Group Name Type SID Attributes
  ===================================== ================ ============ ===============================================================
  Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
  BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
  BUILTIN\Remote Desktop Users Alias S-1-5-32-555 Mandatory group, Enabled by default, Enabled group
  BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
  NT AUTHORITY\REMOTE INTERACTIVE LOGON Well-known group S-1-5-14 Mandatory group, Enabled by default, Enabled group
  NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
  NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
  NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
  LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
  NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group
  Mandatory Label\High Mandatory Level Label S-1-16-12288 Mandatory group, Enabled by default, Enabled group

  Thank you for your information, Frank, as it clarifies part of my confusion. However, there are a couple more loose ends I'd love to address before I mark your responses as answers.
  Do backup and restore privileges apply at all over a network mount created via "net use"?
  The network mount requires a username and password for the destination machine. Assuming the destination machine is a Windows box with a simple CIFS share, how does this user affect our permissions and access? Do we end up effectively impersonating this
  user, or is the access check still done with our sync process's run-as user?
  We require that both our configured run-as user for our sync process *and* the credentials passed to the network mount be administrator users of the local system and destination system, respectively, meaning they're in of the "BUILTIN\Administrators,
  S-1-5-32-544" group.
  On re-syncs, the destination file will exist and since we don't have the ability to read the ACL in all cases (we're running as one user, the file is owned by another user, and we aren't specified in the ACL in any way), we aren't able to determine if the
  file has changed. Is it possible to determine the owner of this file in this case? Preferably, we'd obtain the entire SDDL.
  My proposed plan is to interpret access denied as a difference requiring re-sync, resulting in us taking ownership of the file, granting ourselves access, determining if there are data differences, and then re-syncing the metadata as appropriate.