Guest User permission for Federated portal setup

Similar Messages

• Permission problems in Federated Portal Setup

  Hello SDNers,
  I am trying to setup Federation between two portals. Both the portals are in the same domain and use the same LDAP user data source.
  Both the portals are on NW 7.0 EHP1 SP 05.
  I am following the online help and few other links. I have followed all the steps explained.
  SSO and trust between portals is properly setup and is validated.
  The point where I am stuck at is with the permissions on the producer portal for the "Guest" user.
  If I assign Super Admin role to the Guest user in the producer portal, every thing works fine. I can see the roles in Consumer portal for Remote Role Assignment and also I am able to do Remote Delta Links.
  However, this is not anticipated. (We cannot assign super admin to Guest user)
  If I remove the Super Admin role to the Guest user in the producer portal, every thing breaks - I cannot see the remote roles from Consumer portal, I cannot see any content under Netweaver Content Producers for the given producer.
  I have given "Everyone" group - read access to everything below "Portal Content" folder both on producer and consumer portals.
  PCD_Service user is assigned the actions Remote_Producer_Write_Access and Remote_Producer_Read_Access in both portals.
  Log says:
  Call failed
  EXCEPTION
  SOAP Fault Exception (Actor SAPEPP) com.sapportals.portal.prt.service.soap.exception.SoapFaultHandler] : The User Authentification is not correct to access to the Portal Service com.sap.portal.prt.soap.Bridge or the service was not found.
  My Questions are:
  1. What does Guest user have to do in the whole process - Where it is exactly used ?
  2. How can I give Guest user the required permissions (especially to portal service com.sap.portal.prt.soap.Bridge) ?
  Please suggest.
  Thank You ,
  Raj Kumar

  Thank you for your answers.
  Vaibhav -
  I have checked the "End User" option for Everyone group in producer portal.
  How do I assign security zones permission to Everyone group ?
  Can you please throw some light in that area.
  Dao -
  I do not want to use the Guest user any where.
  However, internally some how the "Guest" user is being used for communication between producer and consumer.
  Also, the Guest user we are talking about is the one on the producer portal (not on consumer)
  How can I make use of a different user for FPN purposes and make sure that it has access to all the FPN related services on the producer ?
  Once again - to emphasize -
  If I assign super admin role to Guest user on producer portal - every thing works fine (RRA and RDL)
  If I remove the super admin role to Guest user on producer portal - neither RRA nor RDL will work.
  Kindly suggest.
  Thank You once again for your time.
  -- Raj

• How to provide an exchange user permission for Mailbox Archieve ??

  i want to grant a IT guy access to archive mailboxes. How to provide an exchange user permission for Mailbox Archive ??.
  Regards, h9ck3r.

  Hi,
  Per my known, if you want to access other user's personal archive mailbox, you need to assign full access permissions to primary mailbox first.
  There is no way to grant full access permissions to archive mailbox only.
  Best regards,
  Belinda Ma
  TechNet Community Support

• Test IVIEWS in Consumers for Federal Portal.

  Hi All,
  This is the first time iam establishing Federal Portal and i have done with all the configuration steps ie
  Setting Truct , SSO , creating and registering of Consumers and Producers etc.
  Now i want to check it by creating some iviews etc.. But i dont know and not getting how to create it and test.
  Could any body telthe steps to create I views in Consumers and how to test SSO and how to use COnsumers.
  Points wil be assigned.
  Thanks in Advance.
  Regards,
  Akash..

  Hi Akash,
  Steps you need to take:
  - Setup trust between consumer and producer portal by exchanging certificates and making Visual Administrator entries in the Security Provider Service.
  - Create producer.
  - Register producer.
  See this document for good descriptions of steps to take:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/70191d1e-2bd1-2a10-d9b7-ba19500da527
  Also for remote role assignment in NW 7.0 SP15 you need to add some UME Actions to a role that is aasigned to pcd_service user. See following link for the material:
  http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/frameset.htm
  Please have a look and reward points if helpfull. Good luck!
  Best regards,
  Jan Laros

• How can I access user permission for specific items in Sharepoint 2013 via REST API?

  I want to access user permissions for specific items like lists, documents, folders etc. via the REST API.
  Currently I am hitting the following endpoint:
  http://win-5a8pp4v402g/sharepoint_test/site_1/_api/web/getUserEffectivePermissions('win-5a8pp4v402g\\Sharepoint User 2')
  However the response looks like this:
     "d":
         "GetUserEffectivePermissions":
             "__metadata":
                 "type": "SP.BasePermissions"
             "High": "0",
             "Low": "0"
  I cant understand why high and low are both 0? I have added the user to a specific group. Also this is the same result for each of the users. Another thing to note is that I havent added the "Guest" user in the sharepoint server. So when I hit the endpoint for the Guest user, it still shows the same response. So I know there is something I am doing wrong.I want to access permission of a user for a specific item, say a document using the REST API. Can someone tell me how? What would be the endpoint?

  Thanks for the reply. Although this works for Lists, I need to get permissions of documents too. Here is what I have tried:
  http://win-5a8pp4v402g/sharepoint_test/site_1/_api/web/GetFileByServerRelativeUrl('/sharepoint_test/site_1/Documents/file1.txt')/GetUserEffectivePermissions(@user)?@user='i%3A0%23%2Ew%7Cwin-5a8pp4v402g%5Csharepoint%20user%201'
  And the response is:
     "error":
         "code": "-1, Microsoft.SharePoint.Client.ResourceNotFoundException",
         "message":
             "lang": "en-US",
             "value": "Cannot find resource for the request GetUserEffectivePermissions."
  Clearly this doesnt work for a file. Whats wrong?

• UWL configuration for Federated Portals logging errors in defaultTrace

  Hi everyone,
  I've just finished configuring UWL for Guided Procedures on federated portals using the help provided in the links below:
  [https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/904ca240-63bc-2a10-1c98-de81b6a045bf|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/904ca240-63bc-2a10-1c98-de81b6a045bf]
  [http://help.sap.com/saphelp_nw70/helpdata/EN/43/ef06a7860c7061e10000000a1553f6/content.htm|http://help.sap.com/saphelp_nw70/helpdata/EN/43/ef06a7860c7061e10000000a1553f6/content.htm]
  Everything is running very well except for the fact that exceptions for the GPsystem I created are showing up in the defaultTrace log. The message repeats itself several times:
  03/12/2009 , 15:56:12:234 , GPsystem    | ACCESS.ERROR        | null     |           | Permission=(com.sap.caf.eu.gp.model.permission.GPPermission GP.GET.WORKITEMS) , Error , /System/Security/Audit , com.sap.security.core.util.SecurityAudit , sap.com/cafeugpmodeleap , GPsystem
  These log traces repeat themselves so many times that they seem to be causing an unnecessary load on the system. Other that that, both the Guided Procedure and UWL are working perfectly. Does anyone have any idea as to why this might be happening?
  Thank you very much,
  Luis

  Hi
  UWL Configuration is not  proper so only this happening.
  Refer the [Link1|https://wiki.sdn.sap.com/wiki/x/IwBbAQ ] [Link2|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a3461636-0301-0010-3787-978f5ac8bd45] [Link3|http://help.sap.com/saphelp_nwce10/helpdata/en/05/fe8ef669674991a4205666694b9c85/content.htm] .
  Regards,
  Surjith

• User Permission for RMAN Backups

  Oracle 10g Database Enterprise Edition R 10.2
  I have created a user admin and i want to run backups from admin user. Kindly let me know what user permissions i have to grant for rman successful backups?
  Thanks!

  The rman "client" executable must connect to the Database AS SYSDBA.
  Therefore, technically it doesn't require a separate user account in the target database, although you could setup a user, grant SYSDBA to the user and have remote_login_passwordfile configured to allow connections.
  Hemant K Chitale
  http://hemantoracledba.blogspot.com

• Some programs crash but not in safe mode or for guest user

  Hoping that some talented and kind Mac wizard will help me solve a bizarre problem: Some but not all of my programs have started crashing immediately upon launch, but not in safe mode, nor when I log in as a guest user.
  The problem began on February 5th, right after I installed an update to my OS (bringing it up to version 10.7.3), which included an update to the firmware for my computer, a Mac mini from mid-2010. The programs that began crashing upon launch *may* be those that were open at that time, but I can’t be sure. They include Adobe Reader, Picasa, Word for Mac, and a sweet little utility called uCalendarX.
  Specifically what happens with, say, uCalendarX, is this:  After I launch it, nothing appears on screen for a few seconds, and then comes a message that it is trying restore its windows, with a choice of whether to attempt restoring them or not. After a few more seconds comes the news that it has quit unexpectedly. The first several dozen lines of the crash log appear at the end of this posting.
  So far my troubleshooting has revealed the following:
  (a) When I reboot in safe mode, the programs that crash now work normally.
  (b) When I boot the usual way but log on a guest user, the programs that crash now work normally.
  (c) Fully emptying the trash made no difference.
  (d) The problem was not solved by restoring my hard drive (via Time Machine) to its state the day before I downloaded that update to the OS and the firmware. (This was a drastic step, the intervention of last resort, and I was sure it would work. But no. Perhaps I did not go back far enough for the restoration.)
  (e) Deleting the plist files and plist.lockfiles made no difference.
  (f) Deleting the files for the app under Saved Application States made no difference.
  (g) Disabing the user’s font cache (as happens in safe mode) made no difference.
  (h) Uninstalling Adobe Reader, emptying the trash, downloading the latest version, and installing that made no difference – this latest version newly installed continues to crash (but not for a guest user, nor for me, the administrator, in safe mode).
  (i  ) Repairing permissions on the hard drive made no difference.
  I will be mighty grateful for a solution to this perplexing, vexing problem!
  B.t.w., I don’t know Unix but was able to do all those (fruitless) interventions listed above.
  Gordon Bear
  Ramsey NJ  U S A
  The log from one of the many crashes of uCalendarX begins as follows:
  Process:         uCalendarX [750]
  Path:            /Applications/uCalendarX 3.2.3/uCalendarX 3-2-3.app/Contents/MacOS/uCalendarX
  Identifier:      com.riuz.ucalendarx
  Version:         3.2.3 (3.2.3)
  Code Type:       X86 (Native)
  Parent Process:  launchd [289]
  Date/Time:       2012-02-20 00:38:48.931 -0500
  OS Version:      Mac OS X 10.7.3 (11D50b)
  Report Version:  9
  Interval Since Last Report:          2463 sec
  Crashes Since Last Report:           3
  Per-App Interval Since Last Report:  30 sec
  Per-App Crashes Since Last Report:   3
  Anonymous UUID:                      0CA8DA26-8927-4AC3-B35F-3B2E9FD65A8E
  Crashed Thread:  4
  Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
  Exception Codes: KERN_INVALID_ADDRESS at 0x000000008bcc45ab
  External Modification Warnings:
  Thread creation by external task.
  VM Regions Near 0x8bcc45ab:
       CoreServices           0000000004fd0000-00000000051ee000 [ 2168K] rw-/rwx SM=COW
  -->
       __TEXT                 000000008fe52000-000000008fe85000 [  204K] r-x/rwx SM=COW  /usr/lib/dyld
  Application Specific Information:
  objc[750]: garbage collection is OFF
  Thread 0:: Dispatch queue: com.apple.main-thread
  0   libsystem_kernel.dylib            0x920136e6 __open + 10
  1   libFontParser.dylib               0x9cc5b403 TFileDescriptorContext::TFileDescriptorContext(char const*) + 77
  2   libFontParser.dylib               0x9cc5b1c5 TFileDataReference::TFileDataReference(char const*) + 65
  3   libFontParser.dylib               0x9cc5b056 TFileDataSurrogate::TFileDataSurrogate(char const*, bool) + 136
  4   libFontParser.dylib               0x9cc59af3 TFont::CreateFontEntitiesForFile(char const*, bool, TSimpleArray<TFont*>&, bool, short, char const*) + 2581
  5   libFontParser.dylib               0x9cc58a7a FPFontCreateFontsWithPath + 193
  6   libCGXType.A.dylib                0x950164b0 create_private_data_with_path + 26
  7   com.apple.CoreGraphics            0x95349ecf CGFontCreateFontsWithPath + 33
  8   com.apple.CoreGraphics            0x95349b09 CGFontCreateFontsWithURL + 442
  9   com.apple.CoreText                0x90e1c1aa TCGFont::TCGFont(__CFURL const*, bool) + 90
  10  com.apple.CoreText                0x90e1bfb2 TCGFontCache::CopyFont(__CFURL const*) const + 92
  11  com.apple.CoreText                0x90e1be6c TBaseFont::CopyNativeFont() const + 50
  12  com.apple.CoreText                0x90e1bd6f TTableStore::CopyTable(unsigned int, TCFRetained<__CFData const*>&) + 81
  13  com.apple.CoreText                0x90e1bade TBaseFont::CopyTable(unsigned int) const + 72
  14  com.apple.CoreText                0x90e1ba0f TcmapTable::TcmapTable(TBaseFont const&) + 31
  15  com.apple.CoreText                0x90e1b8fd TBaseFont::GetGlyphsForCharacterRange(CFRange, unsigned short*) const + 27
  16  com.apple.CoreText                0x90e1b79b TASCIIDataCache::TASCIIDataCache(TBaseFont const*) + 83
  17  com.apple.CoreText                0x90e1b70f TBaseFont::CreateASCIIDataCache() const + 47
  18  com.apple.CoreText                0x90e1b690 TFont::InitAdvanceCache() const + 42
  19  com.apple.CoreText                0x90e1b4ad TASCIIEncoder::Encode() + 45
  20  com.apple.CoreText                0x90e4433f TGlyphEncoder::EncodeChars(CFRange, TAttributes const&, TGlyphList<TDeletedGlyphIndex>&, TGlyphEncoder::Fallbacks) + 925
  21  com.apple.CoreText                0x90e19ff6 TTypesetterAttrString::Initialize(__CFAttributedString const*) + 322
  22  com.apple.CoreText                0x90e19b9d CTLineCreateWithAttributedString + 47
  23  com.apple.HIToolbox               0x963d2b2d TCoreTextEngine::LayoutSingleLine(THIThemeTextInfo*, float) + 23
  24  com.apple.HIToolbox               0x963d2a9a TCoreTextEngine::Layout(THIThemeTextInfo*, float, float, TextLayoutType) + 64
  25  com.apple.HIToolbox               0x963ad2c9 TCoreTextEngine::VerifyLayout(THIThemeTextInfo*, float, float, LayoutIntent) + 309
  26  com.apple.HIToolbox               0x96410b0a TCoreTextEngine::GetThemeTextDimensions(float, THIThemeTextInfo*, float*, float*, float*) + 54
  27  com.apple.HIToolbox               0x9640fc51 DataEngine::GetTextDimensions(void const*, float, HIThemeTextInfo*, float*, float*, float*) + 283
  28  com.apple.HIToolbox               0x963d1fc5 HIThemeGetTextDimensions + 187
  29  com.apple.HIToolbox               0x963d1ca3 HIMenuBarView::MeasureMenuTitle(MenuData*, unsigned char, float*, int, unsigned char*) + 451
  30  com.apple.HIToolbox               0x963d1a49 HIMenuBarView::MeasureAppMenus() + 261
  31  com.apple.HIToolbox               0x963abb5d HIMenuBarView::EnsureBarLayout() + 489
  32  com.apple.HIToolbox               0x963ab152 HIMenuBarView::DrawSelf(short, __HIShape const*, CGContext*) + 520
  33  com.apple.HIToolbox               0x963aac22 HIView::DrawCacheOrSelf(short, __HIShape const*, CGContext*) + 86
  34  com.apple.HIToolbox               0x963aaa42 HIView::SendDraw(short, OpaqueGrafPtr*, __HIShape const*, CGContext*) + 124
  35  com.apple.HIToolbox               0x964395c7 HIView::RecursiveDrawComposited(__HIShape const*, __HIShape const*, unsigned long, HIView*, CGContext*, unsigned char, float) + 755
  36  com.apple.HIToolbox               0x964398b9 HIView::RecursiveDrawComposited(__HIShape const*, __HIShape const*, unsigned long, HIView*, CGContext*, unsigned char, float) + 1509
  37  com.apple.HIToolbox               0x9643a86b HIView::DrawComposited(short, OpaqueGrafPtr*, __HIShape const*, unsigned long, HIView*, CGContext*) + 1227
  38  com.apple.HIToolbox               0x9643a9b3 HIView::Draw(short, OpaqueGrafPtr*, unsigned long) + 81
  39  com.apple.HIToolbox               0x9643ad7b HIView::Render(unsigned long, CGContext*) + 45
  40  com.apple.HIToolbox               0x963d084f WindowData::PrepareForVisibility() + 137
  41  com.apple.HIToolbox               0x963cf893 _ShowHideWindows + 355
  42  com.apple.HIToolbox               0x963cf728 ShowHide + 44
  43  com.apple.HIToolbox               0x96399b09 _GetMenuBarWindow + 872
  44  com.apple.HIToolbox               0x96399765 GetMenuBarView(MenuData*, unsigned char) + 74
  45  com.apple.HIToolbox               0x963a2f3a MBarMenuRgn + 26
  46  com.apple.HIToolbox               0x963a2d27 _ZL7ShowBar21MenuBarAnimationStylehhh + 281
  47  com.apple.HIToolbox               0x963cd42a _ZL21UpdateAggregateUIMode21MenuBarAnimationStylehh + 772
  48  com.apple.HIToolbox               0x963e38e5 ShowMenuBar + 163
  49  com.apple.AppKit                  0x001a9cad -[NSApplication finishLaunching] + 1331
  50  com.apple.AppKit                  0x001a9374 -[NSApplication run] + 142
  51  com.apple.AppKit                  0x0043d261 NSApplicationMain + 1054
  52  com.riuz.ucalendarx               0x00001eea _start + 216
  53  com.riuz.ucalendarx               0x00001e11 start + 4

  Thanks for thinking about my problem. I've already experimented with creating a new user, a co-administrator. The programs don't crash when that account is running, just as they don't crash when the guest-user's account runs. So it seems that the problem is limited to the default user's account, which is the one that was running when I installed the updates to the OS and the firmware. Another clue is that the programs that crash as soon as they are launched are *probably* the ones that were open at that time in that account. Yet deleting Saved Application States does not keep the programs from crashing when next launched.
  So the mystery continues, but these additional facts will help with the diagnosis, I hope.
  Thanks again for your suggestion.
  Gordon

• User Store for Portal

  Hello,
  We are implementing a new portal, and having trouble deciding on the user store for the portal.
  Scenario:
  u2022     The main functionality of the Portal is dependent on the SAP Systems (ESS\MSS), and BW System.
  u2022     Currently there is no CUA or SAP Identity management Systems available. 
  u2022     The Usernames in our LDAP and SAP ECC systems are different, so we canu2019t use the LDAP.
  From our preliminary brainstorming, we came up with following decision:
  u2022     Use the ECC ABAP Store for user Base (So we leverage all the ECC users, and their current role assignments in the portal)
  u2022     Later on, once weu2019re ready to install SAP IDM, and then Switch Portalu2019s User Store from ECC ABAP Store to IDM.
  QUESTIONS:
  1.     Is our approach here correct?
  2.     Would it possible to switch portalu2019s user store from ECC ABAP Store to IDM?
  3.     Should we consider installing CUA in the meantime until weu2019re ready to move to IDM?
  Any Help or opinions would be much appreciatedu2026
  Thanks,
  Harman

  Hi,
  Q1 You wrote: " The Usernames in our LDAP and SAP ECC systems are different, so we canu2019t use the LDAP."
  This is not 100% true... take a look at this help document as it explains some possibilities for you:
  http://help.sap.com/saphelp_nw70ehp2/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
  Q2 Not really, see Q1 and in addition IDM is a Management and Provisioning System/Tool. It isn't a userstore on itself.
  In other words IDM contains the single truth but it provisions it to systems (JAVA , ABAP, LDAP etc).
  So it won't be possible to connect your Portal from an ABAP user store to an IDM user store as it doens't exist.
  What theoretically could be possible is to now connect you Portal to an ABAP user store and later Back to its own UME and let this UME be under provisioning by the IDM system. But I can remember that it is not supported to go back from ABAP to UME. See also: http://help.sap.com/saphelp_nw70ehp2/helpdata/en/f5/8fdc3fca21eb06e10000000a1550b0/frameset.htm
  Q3 Personally I think it is a first good step as it helps you to centralize and uniform your users and roles. But If you already decided to go for IDM (lets say next year) then it maybe the Return On Investment for implementing CUA now is nihil.
  Do not hesitate to ask if above answers are unclear.
  Good Luck,
  Benjamin

• Federated portal's, cann't see the roles and portal content from producer

  We are configuring a Federated Portal, with a Producer EP7.0 SP13 and a Consumer EP7.0 SP13. The connection test is successful.
  I can see the producer on the consumer and the consumer on the producer.
  The problem is that I can not see the portal content of the producer in the portal content of the consumer.  The producer roles are also not available on the consumer.  I have selected the producer as the data source in the consumer UME,
  then enter * in the role name field, then select "go", but nothing comes up.
  Can anybody help me?

  Hi J De Voijs
  • Following might be the reason:
  1. User should exist in both user store of Consumer and Producer portal otherwise it won’t work.
  2. Incase if the registration is successful then there might be some problem with your servers (Consumer & Producer) clock timings.
  3. ‘Remote Role Assignment’ may get fail perhaps because user to whom remote role assignment is done doesn’t have “End User” role assigned to him/her at Producer Portal. End-user permission enables business users to run content at runtime. Just as end users require end-user permission to run local content on your portal, they also need end-user permission for local content originating from a remote producer.
  4. You should have Owner permission in the objects to which you want to assign permissions otherwise ‘Remote Role Assignment’ wont work.
  5. In the portal content studio, open the producer under 'NetWeaver content producers'. If it does not contain folders in it, the registration is considered to be unsuccessful even though it stated it was successful while registration.
  6. During the process of Registering (Adding) Producer Portal, while entering the connection parameters of the NetWeaver producer portal use appropriate Host name against “Host Name” input field instead of IP address. Perhaps this might create some problem during execution in later stage.
  e.g. Host Name: use “sapProducerportal02” instead of 172.19.144.155
  7. Also go through the following URLs (w.r.t Permissions):
  1) http://help.sap.com/saphelp_nw2004s/helpdata/en/43/2232580bb93fece10000000a11466f/content.htm
  2) http://help.sap.com/saphelp_nw2004s/helpdata/en/f6/2604e505fd11d7b84200047582c9f7/content.htm
  3) http://help.sap.com/saphelp_nw04/helpdata/en/f6/2604e905fd11d7b84200047582c9f7/frameset.htm
  4)http://help.sap.com/saphelp_nw04/helpdata/en/f6/2604e505fd11d7b84200047582c9f7/frameset.htm
  5)http://help.sap.com/saphelp_nw04/helpdata/en/5b/0fab1b76984ed0944d5c732cfad1b2/frameset.htm
  Points pls if you find it useful...
  Thanks and Regards,

• Checking user permission doubt

  Hi everyone,
  I have posted a question yesterday, but I have no right answer. I want to try again, please help me. It is urgent! I thank in advance.
  I am developing a recursive tree in a Web Dynpro App. My tree has some nodes and sub nodes. Under the sub nodes I have documents. These documents are composed of header, footer, address, content and so on, which are loaded in runtime from Backend system. There is possible that thousand documents can be attached to a node. For accessing the documents we need to check the permission of the user. There are users who may read the whole content of a document. There are users who may only read parts of the document. For example, the information about salary of an employee shouldn't be read by every user. How can I check the user permission? Has someone any Suggestion?
  Regards,
  Hairong

  Hi William,
  thank you very much for your answer.
  I haven't worked with ACL. With your answer, I hava read something about ACL. It is used for checking user permissions for accessing portal content.We have no portal now. Our application is standalone application. Do you know what is a connection between reqular UME permission and UME ACL permission?
  By the way, we use UME to store our user profile. We have already tried to check user permission only for UME role of the user. We have also tried to follow the concept like the Web Dynpro tutorial RentCar APP with Actions and permissions. But all these can't resolve our problem really, because we can't create for every document a role or a permisson.
  here, ich want also to thank Atul who had me an answer to my question.
  Best regards,
  Hairong

• FPN - End user permission

  Namaste all,
  I have followed
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/70191d1e-2bd1-2a10-d9b7-ba19500da527
  for setting up FPN. But I didn't understand how to assign end-user permission for a person at the consumer portal. Can somebody guide me how to search for a consumer portal user in the producer portal?
  Regards,
  Krishna Murthy

  You should just be able to navigate to User Administration tab in either portal to see the user. You can assign permissions via the PCD explorer. Locate the PCD object you wish to assign permissions to and right click and choose open --> permissions.
  This [help guide|http://help.sap.com/saphelp_nw70/helpdata/EN/f6/2604f005fd11d7b84200047582c9f7/frameset.htm] explains it in more details.
  Hope this answers your question.
  BRgds,
  Simon

• Usermapping problem with federated portals

  HI experts,
  We r implimenting FPN functionality for SEM (BI- Integrated Planning) .
  We have installed portal server for Federated portal
  .After installation we have set the ticket evaluation parameter in service provider in Visual admin ..
  we have registered producerer as well as consumer in Fedportal .
  everything is fine . after that we have creaated 1 role in Fed portal .
  we r able to find the role in consumer portal .
  now the thing is
  we r trying to map the user with backend user from federated portals .. (user from LDAP)
  i am unable to save usermapping credentials and getting following error too .... (no SSO for us here )
  User attributes successfully modified
  Verification of user mapping data for system "SEPCLNT900" failed; check the credentials for mistakes.
  Plz help me out from this problem ..
  Thanks & Regards,

  HI Sandeep
  I have gone through the note ...
  Still some confusion is there ..
  we r facing problems with usermapping ....
  we r not creating users by manual .. users from LDAP .
  we r getting users fine ..but problem iswe give the user id & pwd after saving that ..it hasn't got saved first to allow usermapping ..
  while testing the system object it is working fine
  i.e system admin->support -->sapapplication
  there we r testing with transaction  ....itz working fine..
  what could be the problem
  itz working fine in developent server ..
  in development no LDAP.
  Thanks

• Having trouble setting up Guest users account email address

  Hi.I've been using my Macmail with my administrative account for some time now.I recently set up a guest user account for a visiting reletive.I wanted to get the "Macmail" e-mail program up and running as well so they could use the same e-mail address that I use with my administrative account.After clicking on the Macmail icon in the dock and going through the steps to set up the account......I was then able to successfully send out and recieve a test e-mail. However...........after logging out of the guest account and back to my administrative account and then logging back into the guest account again.........when I now click on the Macmail icon in the dock........the e-mail program starts asking me to go through the steps to set an email program up again.It seems to have "forgotten" or disregarded that I already did this the last time I was logged in.I'm wondering why its doing this and how do I permanently set up this email account so that it doesn't disappear every time I log out? Thanks for any assistance.

  Files created while using a guest account are deleted when the user logs out. A temporary home folder is created for the guest’s files. When the they log out, the home folder and it’s contents are deleted.
  Instead create a standard non-admin account...
  Create a new User go to System Preferences > Accounts > "+"
  -mj

• TIMEOUT error from adstrtal.sh -- even after made Guest user password same

  I have migrated E-bus Database from HPTru64 to SunSolaris (Still Object differences are there).
  when I try to start application I got TimeOUT error.
  1)I made GUEST password same in <Context>.xml & $FND_TOP/11.5.0/secure/*.dbc file to ORACLE
  2)ran adautocfg.sh on all apps nodes
  still I get same error...
  SQL> SELECT fnd_web_sec.validate_login('GUEST','ORACLE') FROM dual;
  FND_WEB_SEC.VALIDATE_LOGIN('GUEST','ORACLE')
  N
  SQL>

  Sawwan,
  I got below error...
  I am in the process of migration, I may not be able to use OAM unless I start the application..
  ====================
  SQL> @afgstusr.sql
  PL/SQL procedure successfully completed.
  ERROR: The Profile "Guest User Password" is not set correctly, the current
  value is "GUEST/ORACLE" and failed FND user validation.
  Oracle Applications requires a "GUEST" user account for special restricted
  access functions. The "<GUEST User Name>/<Password>" is stored in the
  profile option "Guest User Password" for Applications program use. In this
  instance the profile option is not set, or does not represent a valid
  User_name/Password combination.
  CORRECTIVE ACTION: The profile needs to be set to a valid User_name/Password
  combination, preferably the combination for the seeded user account "GUEST".
  The profile can be set using the Oracle Forms Interface and the System
  Administrator Responsibility.
  Navigate -> Profile -> System -> Query Site level profile:
  "Guest User Password"
  Alternatively, if the profile value shown above is defined and set to what
  you think should be the correct value, you may need to reset the GUEST user
  account password from the Oracle Forms Interface. Again using the System
  Administrator Responsibility.
  Navigate -> Security -> User -> Define -> Query "User Name":
  Type a temporary password in the "Password" field -> hit the Tab Key
  and confirm the password ... Then log in to Oracle Applications Forms
  Interface as this user and change the password, when prompted to do so,
  to match the value set in the "Guest User Password" profile.
  Finally if the Oracle Forms Interface is not available for some reason you
  can use SQL*Plus and the Applications API - FND_PROFILE.SAVE(). You can use
  the file that generated this message (FND_TOP/patch/115/sql/afgstusr.sql) as
  an example of how to code this function. Set the value to a known good
  User_name/Password combination. Remember to go back and properly set up
  a default GUEST account and to synchronize the profile after your upgrade is
  complete using the appropriate steps shown above.
  DECLARE
  ERROR at line 1:
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at line 15
  Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  $