How to map Application Roles to Enterprise Roles

Hello,
i am having a problem with mapping Application Roles (from ADF Security) to the corresponding Enterprise Roles. I have already seen that it is possible with a tool called Enterprise Manager, but what if i do not have it??
Can i map the roles in WebLogic Server itself? I have searched for such ability and did not found it. Also have not seen any tutorial on the internet. Someone help me pls.
The version i am using is 12.1.2.0.0.

Application roles and permissions defined within WebCenter Portal are stored in its policy store and, consequently, apply to the WebCenter Portal application only.
Application Roles : Application roles control the level of access a user has to information and services in WebCenter Spaces. Specifically, application roles determine what a user can see and do in their personal space.
Application Permissions : Again every application role has specific, defined capabilities known as permissions. These permissions allow individuals to perform specific actions in their personal Portal.
Enterprise roles are different. Enterprise roles are stored within the application's identity store and do not imply any permissions within WebCenter Portal.
2. How and where do we create these 5 Application Roles in WC 11.1.1.8 version ?
You can create an application role from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> Roles -> Create Role
See : Managing Security Across Portals for more info :
http://docs.oracle.com/cd/E29542_01/webcenter.1111/e27738/wcadm_ps_security.htm#WCADM398
3. Last, where and how do we MAP these Application Roles TO Enterprise Roles in 11.1.1.8 version ?
First, You can grant privileges to a specified group (say sales group) of users by granting Enterprise Roles in Enterprise LDAP.
Next, Create custom application roles (say Contributor, Moderator, UIDesigner, Application Specialist, etc) and assign the appropriate permissions as explained above.
Then, You can assign one or more Application Roles to a specified group (say sales group) from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> users & Groups
I hope it helps.

Similar Messages

  • GRC AC 5.3 - Role Expert / Enterprise Role Management Dev Environ Connect

    We are looking to start using Role Expert/Enterprise Role Management.  As I am working through the planning process, I am looking at where to connect our ERM DEV/QA/PROD environments.  We want the ERM Production environment to our R/3 Development environment, so we can transport the roles from R/3 DEV to Q/A to PROD.  So, if our production ERM system is connected to the R/3 DEV, where do I connect the ERM DEV and QA environments?  I still think it's important to have those environments, so we can test support pack upgrades as well as use for the initial deployment/connections.  Any suggestions?  How have others done this?

    Found Answer - SAP provided Access Control Landscape Diagram on SAP.com.

  • How to map business process and enterprise service?

    Recently, I read some documents about ESA. I'm confusing about the relationship between business process and enterprise service. In other word, how to map the business process to enterprise service after the business process is analyzed? Is there any methodology/rule to define business process and wrap them into service in ESA?

    Hi Sherry,
    I like to add some of my thoughts about that discussion. From my point of view ESA is much more than just another BPM or Enterprise BPM. ESA is adresses six key areas and I think all of them are really needed:
    - <b>People Productivity</b> as the word itself describes...it's about portals and productivity.
    - <b>Embedded Analytics</b> has to integrate transactional and analytical content.
    - <b>Service Composition</b> is used for model-driven service composition and services orchestration.
    - <b>Service Enablement</b> is about a Enterprise Services Repository filled with business meaningful Enterprise Services and service patterns for enabled objects. Excactly this is where SAP has years of experiences.
    - <b>Business Process Platform</b> is about service enablement of all application platform objects and engines. This is the place where "BPM" for core business processes resits.
    - <b>Life-Cycle Management</b> has to cover the deployment, configuration, operation and change management for ESA based processes.
    Therefore the term "BPM" is located in serveral layers of an ESA approach. On the level of <u>Business Process Platform</u> BPM is providing the choreography for core business preocesses.
    At <u>Service Enablement</u> BPM needs to compose out of granular services (I would say "atomic" services)
    buiness meaningful services (here we have "molecular" services).
    The third level where BPM could be used is <u>Service Composition</u> because exactly this is the place
    where serveral Enterprise Services could be combined to a process representation.
    To come back to the discussion:
    1. The question should be how to indentify business meaningful services which could represent single process steps. ATP check, Credit card check, ... could be examples. In theory this service could be out-tasked, defined more flexible etc. This means that processes needs to be evaluated for Enterprise Service candidates. Afterwards you can check against SAP's Enterprise Services Repository for already existing Enterprise Services. The evalution for enterprise services candidates will be supported by the metodology mentioned by Kaj and David.
    2. I think domains in this context should be motivated by business and/or functional areas. Depending on the granularity. For example Order Fulfilment Services, Master Data Services, Search Services... These kind of serices can be combined again to services such as "Search of Master Data" (Search Service + Read Master Data Service) etc. or can be used to generate UI to be used in a ESA application.
    Your thoughts?
    Very best regards
    Wulff

  • Upgrade Preparation: How to map applications, DTS packages, SSIS packages and reports to databases

    Hi,
    I am on the initial phase of upgrading SQL Server 2005 to SQL Server 2012. Right now, I'm taking as much inventory as I can from our current server, SQL Server 2005. If anyone could help me, how can I map the following:
    Map applications to databases
    Map DTS packages to databases
    Map SSIS packages to databases
    Map reports to databases
    Thank you!

    Some questions and suggestions:
    How are we planning to upgrade whether in-place\parallel\others?
    Will this be with HA[Clustered one] or with standalone?
    Do you have time to do actual migration from now on and you will need to setup the environment for end to end testing for application validation so that all differences between application or system variables can be known before actual deployment?
    Also, it will be good to check with Upgrade Advisor for below pointers preparedness too.
    Map applications to databases: If you have already need to setup databases and logins for each and every applications then your mapping to database for applications will be lot  easier and you will have less challenge.
    Map DTS packages to databases: Good link to check
    https://www.simple-talk.com/sql/ssis/dts-to-ssis-migration/
    Map SSIS packages to databases: Good link to check
    http://www.experts-exchange.com/Database/MS-SQL-Server/Q_28340818.html http://www.sqlservercentral.com/Forums/Topic1531839-2799-1.aspx
    Map reports to databases -- Good link for Reporting Services if you meant that:
    http://msdn.microsoft.com/en-us/library/ms143747.aspx
    http://www.mssqltips.com/sqlservertip/2627/migrating-sql-reporting-services-to-a-new-server/
    Good link to check other thing as well :
    http://thomaslarock.com/2013/03/upgrading-to-sql-2012-ten-things-you-dont-want-to-miss/
    Santosh Singh

  • How create map application?

    Hi!
    I'm working on a pre-study for a sales support application to run on a PDA containing maps, and displaying/entering sales data (customer data) on map.
    So I would like a mapping application on the bottom and then add my own menues, actions to take when a user clicks on the map, my own data store, etc.
    How is this done? Do I have to create my own application to handle vector maps or are there any commercial products to use that I could extend for my needs?
    What map formats are required? I have looked at some suppliers who create either vector or image maps, guess vector maps are smaller and better?
    On the datastore side, has anyone triede Sybase Ultralight? Or should I go for XML? (sales data might be for 50 000 customers/adresses on a PDA which I guess would be too slow for searching with limited memory/speed)
    Grateful for any comments!
    / El Maco - Ariba!

    By the way,
    does anybody have any books to recommend on this topic?

  • How to create an enterprise role in WLS admin console ?

    HI All,
    we have an ADF application developed using jdev 11.1.2.1.
    we have some web pages that are assigned to the application
    role: users.
    the app role is mapped to the enterprise role: agt_users.
    after deploying to a WLS standalone server, we were able to
    login, but a http 403 error was returned.
    i have tried creating a role in myrealm->global_roles->agt_users,
    and have added the group/user to role.
    we're still getting 403 errors.
    how can we create an enterprise role, so that the pages can
    be returned ?
    thanks very much in advance ...
    sam

    Hi
    I believe that you should look at the Forms functionality for UCM . Under Content Management - Web Form Editor will show up the editor where in you can add buttons and attach functionalities to it . With UCM 11g this is not available thus you might need to use AJAX to build the requirement .
    Thanks
    Srinath

  • How to map roles by using JAAS

    Dear all,
    i am implementing JAAS by using my own custom LoginModule, which will access to my database and get user login and password and do verification myself.
    and i know that i need to set the secruity roles, secruity constraint in web.xml, and i have set Login Configuration to Form-Based Authentication.
    here is part of my web.xml:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>LogonMain</web-resource-name>
    <url-pattern>*.do</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>manager</role-name>
    <role-name>sales</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>LogonMain.jsp</form-login-page>
    <form-error-page>LogonMain.jsp</form-error-page>
    </form-login-config>
    </login-config>
    <security-role>
    <role-name>manager</role-name>
    </security-role>
    <security-role>
    <role-name>sales</role-name>
    </security-role>
    <security-role>
    <role-name>staff</role-name>
    </security-role>
    here is my question, it seems that all data action in my pages are protected, and i dont know how to map a particular user to the role that i define in web.xml.
    so even though i logged in, i still cannot perform data action.
    could anyone nice to tell me what could i do in this case for custom login module which accessing the database to get user login and password ?
    i am appreicated your help !
    thanks
    Kenny

    Hi Matthew,
    so the mapping is defined in orion-application.xml , right ?
    i have something like this
    <?xml version = '1.0' encoding = 'windows-1252'?>
    <!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application runtime 1.2//EN" "http://xmlns.oracle.com/ias/dtds/orion-application.dtd">
    <orion-application>
    <web-module id="dbLoginModule" path="dbLoginModule.war"/>
    <library path="d:\oc4j904\jdbc\lib"/>
    <!-- mapping for DB Login Module -->
         <security-role-mapping name="manager">
              <user name="ITAH01" />
         </security-role-mapping>
    <jazn provider="XML">
    <property name="role.mapping.dynamic" value="true"/>
    </jazn>
    <log>
              <file path="application.log"/>
         </log>
    <data-sources path="./data-sources.xml"/>
         <namespace-access>
              <read-access>
                   <namespace-resource root="">
                        <security-role-mapping name="&lt;jndi-user-role>">
                             <group name="administrators"/>
                        </security-role-mapping>
                   </namespace-resource>
              </read-access>
              <write-access>
                   <namespace-resource root="">
                        <security-role-mapping name="&lt;jndi-user-role>">
                             <group name="administrators"/>
                        </security-role-mapping>
                   </namespace-resource>
              </write-access>
         </namespace-access>
    </orion-application>
    just wondering the library path should point to where ?
    <library path="d:\oc4j904\jdbc\lib"/> this is the default path

  • Mapping SAP R3 role to EP role for WD ABAP Application

    Hi,
    I have a WD ABAP application which uses POWL component.
    I have assigned this application to a role in SAP R3 system.
    Now, I have created an iview in portal for this WD ABAP application.
    I want to map this SAP R/3 role to Portal Role so that only people having that role can see the application on portal.
    How do I handle this?
    Thanks and regards,
    Amey

    Hi,
    Scenario 1:
    You need to maintain 2 roles one from Portal and one from R/3
    On the portal end:
    Assign the role which have the WDA application to all the users who should have access.
    On the R/3 end:
    Assign the R/3 role which you have created to access the WDA application to all the users for whom you have added the Portal Role.
    Scenario 2:
    If using CUA (Central User Administration) as UME for Portal and also R/3 then you can maintain the roles from one place that is from CUA.
    You create a role in CUA and this role is shown as group in Portal now add the Portal role to the group or the CUA role.
    And create another role which gives access to the WDA application. Now add these 2 roles to all the users who are supposed to have access to the application.
    Hope this helps.
    Cheers-
    Pramod

  • How to map the bulk users with the required  roles in portal at one time

    Hi,
    Would anyone tell me how to map the bulk users with the required roles in portal at one time?

    Thanks for all the reply.
    <b>I need to assign 1 or 2 group to n((eg) 1000)number of users</b>
    I tried the first option like
    [group]
    gid=
    gdesc=
    user=
    Thr problem with this is I could n't put more no of users in the notepad.
    I would be able to put only 150 users in the single line of notepad. If it goes to next line it is not working.
    I tried creating seperate notepad but in Import it says "exists"
    I'm not sure about LDAP. Would anyone explain me the best approach to do this.

  • 500   Internal Server Error in GRC 5.3 Enterprise Role Management

    Hi All;
    We've installed Sap GRC Access Control 5.2 on Sap Netweaver 7.0.
    We installed SAP NetWeaver 7.0 (2004s)
    SAP Internet Graphics Service (SAP IGS)
    VIRCC00_0.SCA -SP15
    VIRAE00_0.SCA -SP15
    VIRRE00_0.SCA -SP15
    VIRFF00_0.SCA -SP15
    VIRSANH  -SP15
    VIRACCNTNT.SAR-SP15
    Our sp levels are for abap side;
    SAP_ABA     700     0014
    SAP_BASIS     700     0014
    PI_BASIS     2005_1_700     0014
    SAP_BW     700     0016
    VIRSANH     530_700     0015
    When we started to configure the components according to the Configuration Guide,In Enterprise Role Management part,i want to do the Configuring Risk Analysis Integration with RAR but on the CONFIGURATION tab when i navigate to the Miscellaneous,the page gives me the error message :
    "500   Internal Server Error
      SAP J2EE Engine/7.00 
      Application error occurred during request processing.
      Details:   java.lang.NullPointerException: null
    The logs are;
    #1.5 #0050568C003D006800000011000026540004A12E73AF8A7C#1303120788268#com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager#sap.com/irj#com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.addDefaultAlias#J2EE_GUEST#0##n/a##98478fc069a211e0cef50050568c003d#Thread[ConfigurationEventDispatcher,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error##Plain###
    [BEGIN] Exception -
    javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content [Root exception is javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content]
         at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:407)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookupLink(PcdProxyContext.java:1353)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookup(PcdProxyContext.java:1300)
         at com.sapportals.portal.pcd.gl.PcdProxyContext.lookup(PcdProxyContext.java:1067)
         at com.sapportals.portal.pcd.gl.PcdGlContext.lookup(PcdGlContext.java:68)
         at com.sapportals.portal.pcd.gl.PcdURLContext.lookup(PcdURLContext.java:238)
         at javax.naming.InitialContext.lookup(InitialContext.java:347)
         at com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.addDefaultAlias(SCFSystemManager.java:239)
         at com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.doAliasOperations(SCFSystemManager.java:111)
         at com.sap.ip.collaboration.sync.impl.scf.config.ServiceRegistryConfiguration.refreshCache(ServiceRegistryConfiguration.java:203)
         at com.sap.ip.collaboration.sync.impl.scf.config.ServiceRegistryConfigEventListener.refreshConfigCache(ServiceRegistryConfigEventListener.java:13)
         at com.sap.ip.collaboration.sync.impl.scf.config.AbstractConfigEventListener.configEvent(AbstractConfigEventListener.java:28)
         at com.sapportals.config.event.ConfigEventService.dispatchEvent(ConfigEventService.java:227)
         at com.sapportals.config.event.ConfigEventService.configEvent(ConfigEventService.java:112)
         at com.sapportals.config.event.ConfigEventDispatcher.callConfigListeners(ConfigEventDispatcher.java:308)
         at com.sapportals.config.event.ConfigEventDispatcher.flushEvents(ConfigEventDispatcher.java:251)
         at com.sapportals.config.event.ConfigEventDispatcher.run(ConfigEventDispatcher.java:110)
    Caused by: javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content
         at com.sapportals.portal.pcd.gl.xfs.XfsContext.getChildAtomicName(XfsContext.java:431)
         at com.sapportals.portal.pcd.gl.xfs.XfsContext.lookupAtomicName(XfsContext.java:235)
         at com.sapportals.portal.pcd.gl.xfs.BasicContext.lookup(BasicContext.java:919)
         at com.sapportals.portal.pcd.gl.PcdPersContext.lookup(PcdPersContext.java:387)
         at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:403)
         ... 18 more
    [END] Exception -
    Exception id: [0050568C003D007500000039000026540004A12E88C68DAE]"
    #1.5 #0050568C003D006D000000A7000026540004A12E79B6901C#1303120889408#System.err#sap.com/tc~kw_tc#System.err#J2EE_GUEST#0##n/a##9ea951f069a211e0c6f00050568c003d#SAPEngine_Application_Thread[impl:3]_39##0#0#Error##Plain###Apr 18, 2011 1:01:29 PM      com.sap.kw.framework.FrontController [SAPEngine_Application_Thread[impl:3]_39] Info: FrontController: app init failed ...
    #1.5 #0050568C003D006D000000A8000026540004A12E79B6925E#1303120889408#System.err#sap.com/tckw_tc#System.err#J2EE_GUEST#0##n/a##9ea951f069a211e0c6f00050568c003d#SAPEngine_Application_Thread[impl:3]_39##0#0#Error##Plain###Apr 18, 2011 1:01:29 PM      com.sap.kw.framework.FrontController [SAPEngine_Application_Thread[impl:3]_39] Path: Caught java.lang.NullPointerException: FATAL ERROR: Could not load E:
    usr
    sap
    MGD
    DVEBMGS00
    j2ee
    cluster
    server0
    apps
    sap.com
    tckw_tc
    servlet_jsp
    SAPIKS2
    root
    WEB-INF
    ApplConfig.xml
         at com.sap.kw.framework.XMLConfiguration.<init>(XMLConfiguration.java:53)
         at com.sap.kw.actions.ApplConfig.init(ApplConfig.java:83)
         at com.sap.kw.framework.FrontController.init(FrontController.java:222)
         at com.sap.engine.services.servlets_jsp.server.runtime.context.WebComponents.addServlet(WebComponents.java:139)
         at com.sap.engine.services.servlets_jsp.server.container.ApplicationThreadInitializer.loadServlets(ApplicationThreadInitializer.java:386)
         at com.sap.engine.services.servlets_jsp.server.container.ApplicationThreadInitializer.run(ApplicationThreadInitializer.java:110)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    #1.5 #0050568C003D007200000021000026540004A12E7AD53183#1303120908190#com.sap.slm.exec.message.SLMApplication#sap.com/tcslmslmapp#com.sap.slm.exec.message.SLMApplication#J2EE_GUEST#0##n/a##a061141069a211e0890c0050568c003d#SAPEngine_Application_Thread[impl:3]_32##0#0#Error##Java###"CfgObjectLoadVisitor" cannot load com.sap.slm.util.config.objects.CfgSDTServer from SLM configuration. Cannot read configuration in path ''SLM''##
    #1.5 #0050568C003D001B00000002000026540004A12E7B3058F9#1303120914164#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain### Location :<com.sap.sl.ut> is initialized!#
    #1.5 #0050568C003D001B00000004000026540004A12E7B3059B1#1303120914164#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain### Cotegory :</System/Server> is initialized and bound to Location: <com.sap.sl.ut>#
    #1.5 #0050568C003D001B00000006000026540004A12E7B3076F4#1303120914172#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain###Establishing db connection...#
    #1.5 #0050568C003D002400000297000026540004A12E7CC1E87F#1303120940477#com.sap.portal.prt.sapj2ee.error##com.sap.portal.prt.sapj2ee.error####n/a##39c1422069a211e08b030050568c003d#SAPEngine_System_Thread[impl:5]_86##0#0#Error#1#/System/Server#Java###Exception while starting: sap.com/ccxsysbgear
    [EXCEPTION]
    #1#com.sap.engine.services.deploy.container.DeploymentException: <Localization failed: ResourceBundle='com.sap.engine.services.deploy.DeployResourceBundle', ID='Exception while starting: SAPJ2EE::sap.com/grc~ccxsysejbear', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key Exception while starting: SAPJ2EE::sap.com/grc~ccxsysejbear
         at com.sap.portal.prt.sapj2ee.SAPJ2EEPortalRuntime.getAndStartSAPJ2EEApplicationItem(SAPJ2EEPortalRuntime.java:876)
         at com.sap.portal.prt.sapj2ee.PortalRuntimeContainer.prepareStart(PortalRuntimeContainer.java:511)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationLocalAndWait(DeployServiceImpl.java:4361)
         at com.sap.engine.services.deploy.server.ReferenceResolver.processReferenceToApplication(ReferenceResolver.java:589)
         at com.sap.engine.services.deploy.server.ReferenceResolver.processMakeReference(ReferenceResolver.java:399)
         at com.sap.engine.services.deploy.server.ReferenceResolver.beforeStartingApplication(ReferenceResolver.java:328)
         at com.sap.engine.services.deploy.server.application.StartTransaction.beginCommon(StartTransaction.java:162)
         at com.sap.engine.services.deploy.server.application.StartTransaction.beginLocal(StartTransaction.java:141)
         at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesLocal(ApplicationTransaction.java:356)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:132)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.makeAllPhasesLocalAndWait(ParallelAdapter.java:250)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationLocalAndWait(DeployServiceImpl.java:4450)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationsInitially(DeployServiceImpl.java:2610)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.clusterElementReady(DeployServiceImpl.java:2464)
         at com.sap.engine.services.deploy.server.ClusterServicesAdapter.containerStarted(ClusterServicesAdapter.java:42)
         at com.sap.engine.core.service630.container.ContainerEventListenerWrapper.processEvent(ContainerEventListenerWrapper.java:144)
         at com.sap.engine.core.service630.container.AdminContainerEventListenerWrapper.processEvent(AdminContainerEventListenerWrapper.java:19)
         at com.sap.engine.core.service630.container.ContainerEventListenerWrapper.run(ContainerEventListenerWrapper.java:102)
         at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
         at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:81)
         at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:152)
    Caused by: com.sapportals.portal.prt.runtime.PortalRuntimeException: [ExternalApplicationItem.prepare]: SAPJ2EE::sap.com/grc~ccxsysejbear
         at com.sapportals.portal.prt.core.broker.ExternalApplicationItem.prepare(ExternalApplicationItem.java:188)
         at com.sapportals.portal.prt.core.broker.SAPJ2EEApplicationItem.prepare(SAPJ2EEApplicationItem.java:232)
         at com.sapportals.portal.prt.core.broker.SAPJ2EEApplicationItem.start(SAPJ2EEApplicationItem.java:192)
         at com.sapportals.portal.prt.service.sapj2ee.Mediator.getAndStartExternalApplication(Mediator.java:132)
         at com.sap.portal.prt.sapj2ee.StartPortalApplication.coreRun(StartPortalApplication.java:59)
         at com.sap.portal.prt.sapj2ee.StartPortalApplication.run(StartPortalApplication.java:36)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by: com.sapportals.portal.prt.core.broker.PortalApplicationNotFoundException: Could not find portal application ccxsysbgear
         at com.sapportals.portal.prt.core.broker.PortalApplicationItem.prepare(PortalApplicationItem.java:415)
         at com.sapportals.portal.prt.core.broker.ExternalApplicationItem.prepare(ExternalApplicationItem.java:180)
         ... 9 more
    #1.5 #0050568C003D00750000003B000026540004A12E88C693CF#1303121142088#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/grc~reear#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#J2EE_ADMIN#117##YDSAPGRC_MGD_2172750#J2EE_ADMIN#4bfa377069a311e0b9230050568c003d#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/System/Server/WebRequests#Plain###application [RE] Processing HTTP request to servlet [REController] finished with error.
    The error is: java.lang.NullPointerException: null
    Exception id: [0050568C003D007500000039000026540004A12E88C68DAE]#
    waiting for your responses as soon as possible because the system has to be up and running till wednesday.
    Tahnx in advance

    Hi Bilge,
    did you put your text in a blender before sending it?
    I understood everything works fine except the miscellaneous menu item in the configuration tab of ERM?
    Have you already tried to clear all browser cache, close all browsers and try it again?
    Best,
    Frank

  • Enterprise Role grants in jazn-data fail for AD Provider User Accounts?

    Hello All,
    I have enterprise roles defined within my jazn-data.xml for my 11.1.1.4 web application. We just recently switched user accounts over to an active directory provider for authentication. So, I have user accounts associated with the active directory provider that are assigned to my enterprise roles. This is working fine because all of my EL expressions of the form #{securityContext.userInRole['EnterpriseRoleName']} are working great.
    However, all of the grants in jazn-data.xml for pages that should only be viewable by users with this role are now not working. Users with this role see a "Internal Server 500" error with the message "oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed", rather than the related pages. This all used to work when the user accounts were not coming from the active directory provider.
    As a work around, I've had to grant test-all view access to all pages, but hide controls and portions of pages that non-authorized users should see using EL like what I printed above.
    This can't be right. Why are AD user accounts treated differently by WebLogic Server, when the security context indicates that the user has the proper role?
    Thanks

    Haha... nice one. This is a low-key production app that is internal to this company. I can't have users with AD accounts, who used to have WLS internal accounts when the jazn grants worked, just stop using the application until some solution comes about. It may take days. I don't understand why you would leave such an unhelpful comment and then leave the discussion. Is this a precedence that you want set within your forum? Please help me to understand why this is a bad workaround. I'm just at the beginning of trying to figure out the root cause of this issue. A search didn't reveal any obvious answers, so I thought I'd reach out to my knowledgeable ADF friends on the forum to see if this was something that could easily be fixed.
    Back to your comment -- why is this a mistake? I have always used the rendered attribute value to hide navigation points to pages that are supposed to be accessible to users with the enterprise role (e.g. rendered="#{securityContext.userInRole['EnterpriseRoleName']}"). This still works fine in the context of this problem, because the security context is working properly -- it's picking up user membership to enterprise roles. It's the jazn grants that are not working for the AD provider related users.
    In this context, if some really smart user guesses the URL of a page I don't want them on because they don't have the role, then why can't I simply set rendered="#{securityContext.userInRole['EnterpriseRoleName']}" on the PGL that presents the body of the page? The content of the page isn't rendered. That's the point of the "rendered" attribute, right? Better yet, I could have a nice message that says that aren't authorized to view the page, rather than put a Java stack trace in their face. Why, then, as a temporary workaround, is this such a bad idea?
    Thank you "sameera.sac" for the links. I'd seen the first one before posting and it wasn't pertinent. But I'll certainly research the others you provided.
    Thanks

  • Mapping Roles to LDAP Roles

    Hi all I come with a new problem!!
    I have installed the following
    Oracle Database XE
    Weblogic
    RCU
    JDeveloper
    SOA Suite
    Everything is working fine however Im trying to map the roles I seeded to my SOA server into my application in Jdeveloper but it is not possible. Am I missing something? Do I have to install Webcenter and UCM?
    I can perfectly see I have the groups and roles uploaded in the console however I cannot seem to map them to the lane roles in Jdeveloper.
    Can any body give me some Ideas??
    Regards!!
    Edited by: 887976 on Oct 11, 2011 7:51 PM

    Hi Yasmena,
    Basically you can use the same configuration for an LDAP authentication server as an LDAP lookup servr - the differences are that one is used for authentication (which you are already doing by using AD SSO) and one is for mapping purposes.  So, if you're having problems with the mapping portion, you can duplicate the LDAP server and mappings as an authentication server, and then use the Auth Test to see what you're being mapped to.
    Thanks,
    Lauren

  • Mapping security roles to other roles

    I found the security newsgroup and posted the question there under the same topic. Kindly respond there.
    Message was edited by:
    jheinone

    Hi Sebastian,
    yes, it is possible to do such mapping. And here how it works:
    1. define security roles in the ejb-jar.xml within the <security-role>. For example:
    <security-role>
         <role-name>test</role-name>
    </security-role>
    2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
    <security-permission>
       <security-role-map>
          <role-name>test</role-name>
          <server-role-name>myUMErole</server-role-name>
       </security-role-map>
    </security-permission>
    the myUMErole must be defined in the UME!
    Does this answer your question?

  • WLS Groups and JDeveloper Enterprise Roles

    When there are roles (global, domain, etc.) in the WLS Console, they seem to not have any representation in JDeveloper. It seems that JDeveloper Enterprise Roles correspond to WLS Groups. When I add permissions in the jazn-data.xml, it is Groups that I have to grant to users in the WLS Console, not roles.
    SecurityContext.getUserRoles() also returns a list of WLS Groups assigned to given user.
    Is it some disarray in the terminology, or am I doing something wrong?

    Hi,
    The term "Enterprise Roles" match to WLS groups. Enterprise is a more genric synonym for user groups as on different servers these may have different names otherwise. Note that getUserRoles() shows the enterprise roles and the application roles a user is member of
    Frank

  • How to setup the security based on roles in Organization.

    Hi,
    How to setup the security based on roles in Organization.
    For example:Few users are Manager and a few user are Non Manager .Manager should have access to all work data including Non Manager and Non Manager should access based role.How to setup this? How OBI server identify the user role?
    kindly let me know.
    Regards.,
    CHR

    Hi,
    You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
    And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
    Hope this will solve your problem.
    Regards
    MuRam

Maybe you are looking for

  • ISE Multiple SSIDs using CWA

    I am using ISE 1.2.198 primarily to authenticate guest users. I have 2 types of guest - day visitors and longer term visitors. I am using 2 separate SSIDs on a 5760 controller. On the ISE I have authentication conditions to differentiate between the

  • Down Payment Received - Output Tax Account definition

    Hi, I have defined reconciliation account for down payment received under OBXR, and it works fine. However, the issue comes when we post output tax received along with customer down payment. I get the error "No taxes on sales/purch.are allowed for ac

  • My videos wont show...

    i purchased some videos from itunes a while ago and they were playing fine....but recently everytime i sync something in my ipod, it says SOME OF THE ITEMS IN THE ITUNES LIBRARY, WERE NOT COPIED TO THE IPOD BECAUSE YOU ARE NOT AUTHORIZED TO PLAY THEM

  • Opening External Files using SWF

    Hi all, Is there a way to open external files using swf? I have gone through a number of forums and all seem to tell me to open with a window projector. my problem is, I need to embed the swf into a html to be viewed online... So I need to do it in s

  • Dynamic Selection using Summarization Fields Missing in TCODE CN43N

    If Using TCODE CN43 I can select using Summarization Fiields from PSMERK via Dynamic Selections. However, when I use TCODE CN43N the "Summarization Fields" node is not displayed. Does anyone know if it is possible to activate this option for CN43N.