Hyperion Security User Group
Hello,
We are looking for a "user group" which consists of people who have a lot of experience in the area of application security for the Hyperion applications (HFM, Essbase primarily). If you have some suggestions, please share. Thank you for your consideration.
Peace,
John Klaassen
Hi, mainly Interactive Users=Planners+form design option. So if they don't have to create/change data foms Planners role is guite enough.
According to your description you should provision Planners role to All Group and read/write access to scenario.
You can asign specific access rights or additional provisioning directly to individual group if needed. It's up to your business requirments
For detailed role description see also http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200/ch10s04s05.html
Edited by: Vladimir Vipirailo on Jul 3, 2012 9:51 AM
Similar Messages
-
Built-In Users-group is suddenly gone on folder security tab.
Dear forum-members,
I have got a problem with folder-permissions (acl) on a Windows 2003 Server with Terminal Services (Citrix).
The application "Sybase" is installed on the D-drive (disk). A thrid party application needs Sybase to communicate through the sql.ini with the database. All terminal server users needs read permissions on the Sybase install directory to
use the sql.ini.
Normally every new folder on a server has the Builtin Administrators-group and System account "Full-Control" permissions and the Builtin Users-group had "Read en List" permissions. Now on the Sybase folder only the Builtin Administrators-group
en System account are at the security tab, but
not the Builtin Users-group.
When I manually set the Builtin Users-group with read permissions it okay, but after a while the Builtin Users-group is gone/deleted/removed. There is no signal that a person, proces or action removes the permissions for the Builtin Users-group. I set
Auditing on the folder, but with no result. I know for sure there is no GPO (Group Policy) that removes this group.
For now I have a dirty solution to run a scheduled task every 10 minutes that run xcalcs to set the permissions. A tried a GPO to set the permissions, after a reboot the group policy doesn't apply (only after a gpupdate /force).
Does some one of you has another proper/nice solution to force the read permissions on the Sybase folder for the Builtin Users-group?
Thanks in advance.
Greetings, SidneyHi Shaon,
Thank you for your reply.
The 'third party app' is APP-V sequenced and not in production yet, so only some test users are using the app.
I did a test today to use Domain Users instead of Builtin Users, but the same problem. After a reboot only the Builtin Administrators and SYSTEM has permission on the Sybase installation folder and Domain Users (& Builtin Users) were automatically
removed again.
We have 6 terminal (citrix) servers and all of them has the same problem, so it's not server related.
Could it be an issue with the way how Sybase is packaged (it's a silence install through our deployment application)?
Before I do the next test: Will it help to force the rights (replace permissons) from the upper folder to the sub-folder(s)? (force the inheritance)
Greetings, Sidney -
Morning All,
We are in the process of setting up our SCCM 2012 infrastructure and are experiencing issues with our device collection querys based on AD security groups.
I can see the security groups are being updated per adsgdis.log - i can see the computers that are members of the groups in AD are being recorded in the same log. Issue is when we build the device collection query - click the value button for the string,
only 2 of the 18 AD security groups are displayed. These are 2 AD groups we setup initially to test.
We have since added several additional yet they only appear to populate as user groups in config manager.
The same goes for additional OUs that we have created with AD.
When i click the value button only the initial 10 OUs that were created are populating in the list of applicable OUs.
We have the discovery methods Group Discovery & System Discovery enabled and set to search the parent OU recursively
I'm wondering if there might be an SQL issue with this as it initially worked but stopped...
Additionally we added an OU recently that now appears in in the Values options in the query but the ones added previously and additionally after are not showing up....
Any help is appreciated.
Thanks,
JeffGiven the adsgdis.log lists the new pc and the group it's assigned to it appears the AD group discovery is working.
Have the following excert from the adsgdis.log
INFO: Processing discovered group object with ADsPath = 'LDAP://************.****.COM/CN=Software - Microsoft Project Professional 2010 x64,OU=Software,OU=US-West,DC=*****,DC=com' SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT 10/4/2012 7:08:13 AM 8180
(0x1FF4)
INFO: DDR was written for group '*****\Software - Microsoft Project Professional 2010 x64' - E:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box\userddrsonly\asg8ud94.DDR at 10/4/2012 7:8:12. SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT 10/4/2012
7:08:13 AM 8180 (0x1FF4)
INFO: DDR was written for system 'THURMANWIN7VM' - E:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box\adhh8419.DDR at 10/4/2012 7:8:12. SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT 10/4/2012 7:08:13 AM 8180 (0x1FF4)
Here you can see it processes the new members in the Software - Microsoft Project Professional 2010 x64 group and captures Thurmanwin7vm as a member.
I did find some log entries that reference permission issues with objects in the SQL database and have opened a case with MS to get that looked into. Hopefully that will be where the issue lies. -
Cannot view the folder security after removed the default "users" group from folder
Hi guys
Due to the domain change, I am doing a windows 2003 server migration to windows 2012 for a file server.
Tones of data have been copied from the old 2003 server to the new setup 2012 server.
We need remove the "builtin\users" group from the folder security to maintain correct rights access of user to network folder.
Once the "builtin\users" group has been removed, the account in domain admin group can no longer read the folder security.
Has anyone faced the similar situation?
Or, is there any change in folder security rights of Windows 2012?
Thanks in advance
KC@ITLHi,
Glad to hear that the issue has been resolved.
If you need any assistance in the future, please do not hesitate to post in our forum.
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
LDAP- When importing a Group it goes into Security Users and not Groups.
Hello,
I created a new LDAP Server
cn=GroupBI,OU=Groups,OU=Systems,OU=Milan,OU=Italy,OU=Countries,DC=u,DC=a,DC=g
Connection Test was ok.
The problem is on importing members of my group, on Security Import window instead of having the group drop-down list populated I have the user drop-down list populated with "GroupBI".
If I import this group (considered as a user by BI) it goes into Security > Users and not Security > Groups.
This does not make sense.
I'm sure this "GroupBI" is a group and not a user and the atribute type used is sAMAccountname
Any help?
CheersLet me tell how we did Authentication using LDAP
I havent imported any groups or users once the LDAP is set up and connection was successfull. I simply created the session variables USER DISPLAYNAME EMAIL and mapped to LDAP Variables uid, displayname, mail.
Authentication is done in this way by mapping the OBIEE variables to LDAP variables instead of importing the groups.
Now for Authorization I created the groups populated using some db tables and captured the group name and loglevel and applied filters on the group in the rpd for data level and permissions on the group in webcat for object level.
So just for Authentication purposes I think we can authenticate with out really importing groups as long as you map OB variables to LDAP
hope it helps
Prash -
Hi,
When a user is attached to multiple User groups (User group 1, User group 2), if User group 1 has access to change premise and User group 2 does not have access to change premise then the User has no access to change Premise. This is the current behavior of CC&B. Anyway to change this ? User group 1 has Change access to Premise application service and User group 2 does not have change access to Premise application service. User is linked to both User group 1 and User group 2
it appears to be only when there is custom security
Requirement is to set up like even if one User group has access then allow the user to make changes in premise. How to accomplish this ? Suggestions please
Edited by: user8861524 on Jun 3, 2013 4:31 PMHi
First have you maintained the usergroup authorisations for that Z table? first do that.
Then in the at selection-screen event you have to write the code:
If R1 = 'X'. " when one of the radiobutton is selected
if R_main = 'X'. " when pressed the Maintain button
<write a select or other check for User group authrisation for Z table>
endif.
endif.
Reward points if useful
Regards
Anji -
Interesting Information about Hyperion User Groups and Conferences
Ed Roske has an interesting post on his blog, including a letter from John Kopcke (SVP of EPM at Oracle). There is a lot of content discussing the disbandment of the Hyperion User Groups and the absorption by OAUG with the new Hyperion SIG (Special Interest Group). In addition there is discussion of conference's focusing on Hyperion content.
Take a look at http://looksmarter.blogspot.com/2008/06/john-kopckes-letter-to-hyperion.html
Best Regards,Gary,
Thanks for nice post -
Forms security - "Not Available" user / group
Hi,
In form security I have a user / group with the name "Not Available". I don't know how it got there and I can't remove it (An error occurred while processing this page. Check the log for details.) I have very restricted access so I can't run tomcat in window mode to check the log.
Any tips to remove this users? (Planning 9.2)
RegardsI have found whats causing this problem. When I use the deprovisioning option in HSS on this users they become "Not Available" in the Assign Access option of the form. Why, I don't know. I thought they would be automaticaly removed. The planning database was copied from development environment to production environment while the Planning service was stopped and then started after database copy, after that do I have to make any kind of registration?
-
Security permission to user Group for menuitem in ax 2012
Hi experts,I have a query,
Query is that i want to give menu item level permission to user group,for e.g i want to show accounts Payable
all set up parameter to Finance Group,so how it can be done? i don't want to use Roles--->Duties------->Privileges method,
I want to just create two groups for one ACount Payable set up parameters will be showed on main ,and for
other group it was disable?
is that possible with out creating new roles ,duties and then privileges procedure?Hi Munsifuv. You might get more help on this and your other AX questions on an AX-specific forum. We can help with connecting Power Query to data sources, but aren't necessarily experts on configuring those sources.
Thanks,
Ehren -
Restricting certain users groups to read only for certain folders
Hi
I'm not sure if this is the correct forum, but hey, hopefully someone might now the answer or direct me to the correct one.
I'm writing a VB program to amend ACLs for specific user groups.
Effectively, I make all prior year folders read only, whereas the default for the group is Modify, Delete etc. This means they can continue to work in the "new year folders", but historic years is List/read only.
I've got to the point the program does everything I want, i.e. stops folder creation7deletion, file & folder name changes, copying for the historic years, but does not prevent deletion of files in the folder. Effectively I set Deny access on the
historic folders.
Testing using the Windows GUI would appear to resolve the problem is I change the Deny Special Permission (for the group) from "This folder only" to "This folder & files".
Question then is how to I set this in VB, the default appearing to be "This folder only"
Here's extract of my code
Thanks
IfvarDirectoryName.IndexOf("\"&
Date.Now.Year) = -1
Then
FileAcl3.AddAccessRule(
NewFileSystemAccessRule(GroupAdmin(0),
FileSystemRights.Modify,
AccessControlType.Deny))
FileAcl3.AddAccessRule(
NewFileSystemAccessRule(GroupAdmin(0),
FileSystemRights.DeleteSubdirectoriesAndFiles,
AccessControlType.Deny))
FileAcl3.RemoveAccessRule(
NewFileSystemAccessRule(GroupAdmin(0),
FileSystemRights.ReadAndExecute,
AccessControlType.Deny))
FileAcl3.RemoveAccessRule(
NewFileSystemAccessRule(GroupAdmin(0),
FileSystemRights.ListDirectory,
AccessControlType.Deny))
Dim FileInfo3 As IO.FileInfo = New IO.FileInfo(varDirectoryName)
Dim FileAcl3 As New FileSecurity
If varDirectoryName.IndexOf("\" & Date.Now.Year) = -1 Then
FileAcl3.AddAccessRule(New FileSystemAccessRule(GroupAdmin(0), FileSystemRights.Modify, AccessControlType.Deny))
FileAcl3.AddAccessRule(New FileSystemAccessRule(GroupAdmin(0), FileSystemRights.DeleteSubdirectoriesAndFiles, AccessControlType.Deny))
FileAcl3.RemoveAccessRule(New FileSystemAccessRule(GroupAdmin(0), FileSystemRights.ReadAndExecute, AccessControlType.Deny))
FileAcl3.RemoveAccessRule(New FileSystemAccessRule(GroupAdmin(0), FileSystemRights.ListDirectory, AccessControlType.Deny))
FileInfo3.SetAccessControl(FileAcl3)
End IfHo Rohn
Your right, when I added the flags I got the following error at execution
{"No flags can be set. Parameter name: inheritanceFlags"}
I've developed a work around, which gives me exactly - subject to further testing - what I want. I simply mark each file in the relevant folders with a Deny Delete option.
I will however explore the DirectorySecurity class option, but initial review of the www seems a little shy on VB examples.
Thanks
Perry
You should be able to use FileSecurity and DirectorySecurity the same way (they have identical methods). Since this is a scripting forum, I'll provide a PowerShell example (which is fairly close to C# and VB; they all use the exact same classes):
$varDirectoryName = "c:\folder"
$GroupAdmin = "Admin Group"
$FileInfo3 = New-Object System.IO.DirectoryInfo $varDirectoryName
$FileAcl3 = $FileInfo3.GetAccessControl()
$FileAcl3.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule (
$GroupAdmin,
[System.Security.AccessControl.FileSystemRights]::Modify,
([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit),
[System.Security.AccessControl.PropagationFlags]::None,
[System.Security.AccessControl.AccessControlType]::Allow
$FileInfo3.SetAccessControl($FileAcl3)
I could have taken a lot of shortcuts when using the enumerations, but I think keeping it verbose helps show how similar the code can be.
Does that make sense? -
What is the Advantage of creation of user group through SUGR?
Hello Masters,
As per audit requirement I have maintained user groups for different sets of users through SUGR, but I am not getting except differenciating users (based on group), is there any other advantage? Can we assign role to a user group instead of assigning to list of users or can we do any mass changes to an user group by giving only user group name.
Regards,
Nilutpal.Dear Neels,
Apart from maintaining user group for Differnciation purpose you can also take the advantage on the following sectors:
1. Follow the http://help.sap.com/saphelp_nw04/helpdata/en/ce/17533e5ff4d064e10000000a114084/content.htm link . From this you will come to know the use of user group in the authorisation area.
2. User Groups also allow segregation of user maintenance, this is especially useful in a large organisation as you can control who your user admin team can maintain - an example would be giving a team leader the authority to change passwords for users in their team.
3. The authorization user group is used in conjunction with S_USER_GROUP authorization object. It allows to create security management authorization by user group. e.g. you can have a local security administrator only able to manage users in his groups, Help-Desk to reset password for all users except users in group SUPER, etc...
In case any issue, please feel free to reply.
Regards,
Nilutpal. -
ISE / Active Directory: issue to get users group
Hello,
We have a strange issue:
- ISE 1.2 patch 8
- no WLC, autonomous AP
In authentication, we check Wireless IEEE 802.11 (radius) and cisco-av-pair (ssid), then we use AD.
We have 3 SSIDs, so 3 rules, one DATA, one GUEST, one for TOIP.
In one more rules to grant authentication from APs to register in WDS: user in local database.
In authorization, we check cisco-av-pair (ssid) and AD user group, then we permit access.
(so 3 rules), and one more to authorise the internal base for WDS.
We have something strange:
- sometimes users can connect but later they can't: in the logs, the authorization rejects the user because the AD Group is not seen.
Exemple:
1- OK:
Authentication Details
Source Timestamp
2014-05-15 11:43:19.064
Received Timestamp
2014-05-15 11:43:19.065
Policy Server
radius
Event
5200 Authentication succeeded
All the GROUPS of user are seen:
false
AD ExternalGroups
xx/users/admexch
AD ExternalGroups
xx/users/glkdp
AD ExternalGroups
x/users/gl revue écriture
AD ExternalGroups
xx/users/pcanywhere
AD ExternalGroups
xx/users/wifidata
AD ExternalGroups
xx/informatique/campus/destinataires/aa informatique
AD ExternalGroups
xx/informatique/campus/destinataires/aa entreprises et cités
AD ExternalGroups
xx/informatique/campus/destinataires/aa campus
AD ExternalGroups
xx/users/aiga_creches
AD ExternalGroups
xx/users/admins du domaine
AD ExternalGroups
xx/users/utilisa. du domaine
AD ExternalGroups
xx/users/groupe de réplication dont le mot de passe rodc est refusé
AD ExternalGroups
xx/microsoft exchange security groups/exchange view-only administrators
AD ExternalGroups
xx/microsoft exchange security groups/exchange public folder administrators
AD ExternalGroups
xx/users/certsvc_dcom_access
AD ExternalGroups
xx/builtin/administrateurs
AD ExternalGroups
xx/builtin/utilisateurs
AD ExternalGroups
xx/builtin/opérateurs de compte
AD ExternalGroups
xx/builtin/opérateurs de serveur
AD ExternalGroups
xx/builtin/utilisateurs du bureau à distance
AD ExternalGroups
xx/builtin/accès dcom service de certificats
RADIUS Username
xx\cennelin
Device IP Address
172.25.2.87
Called-Station-ID
00:3A:98:A5:3E:20
CiscoAVPair
ssid=CAMPUS
ssid
campus
2- NO OK later:
Authentication Details
Source Timestamp
2014-05-15 16:17:35.69
Received Timestamp
2014-05-15 16:17:35.69
Policy Server
radius
Event
5434 Endpoint conducted several failed authentications of the same scenario
Failure Reason
15039 Rejected per authorization profile
Resolution
Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule. Check the appropriate Authorization policy rule-results.
Root cause
Selected Authorization Profile contains ACCESS_REJECT attribute
Only 3 Groups of the user are seen:
Other Attributes
ConfigVersionId
5
Device Port
1645
DestinationPort
1812
RadiusPacketType
AccessRequest
UserName
host/xxxxxxxxxxxx
Protocol
Radius
NAS-IP-Address
172.25.2.80
NAS-Port
51517
Framed-MTU
1400
State
37CPMSessionID=b0140a6f0000C2E15374CC7F;32SessionID=radius/189518899/49890;
cisco-nas-port
51517
IsEndpointInRejectMode
false
AcsSessionID
radius/189518899/49890
DetailedInfo
Authentication succeed
SelectedAuthenticationIdentityStores
AD1
ADDomain
xxxxxxxxxxx
AuthorizationPolicyMatchedRule
Default
CPMSessionID
b0140a6f0000C2E15374CC7F
EndPointMACAddress
00-xxxxxxxxxxxx
ISEPolicySetName
Default
AllowedProtocolMatchedRule
MDP-PC-PEAP
IdentitySelectionMatchedRule
Default
HostIdentityGroup
Endpoint Identity Groups:Profiled:Workstation
Model Name
Cisco
Location
Location#All Locations#Site-MDP
Device Type
Device Type#All Device Types#Cisco-Bornes
IdentityAccessRestricted
false
AD ExternalGroups
xx/users/ordinateurs du domaine
AD ExternalGroups
xx/users/certsvc_dcom_access
AD ExternalGroups
xx/builtin/accès dcom service de certificats
Called-Station-ID
54:75:D0:DC:5B:7C
CiscoAVPair
ssid=CAMPUS
If you have an idea, thanks so much,
Regards,To configure debug logs via the Cisco ISE user interface, complete the following steps
:Step 1 Choose Administration > System > Logging > Debug Log Configuration. The Node List page appears, which contains a list of nodes and their personas.
You can use the Filter button to search for a specific node, particularly if the node list is large.
www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_logging.html#wp1059750 -
OIM 10g Event Handler : Integrated with User Groups.User Members
I have created custom event handler and integrated it with User Groups.User Members data object.
here is my code od event handler class:
public class GroupEventHandler extends tcBaseEvent {
public GroupEventHandler() {
this.setEventName("Event Handler Sample");
protected void implementation() throws Exception {
System.out.println("============@@@@@@@@ IN EVENT HANDLER ");
try
String groupKey = this.getDataObject().getString("Groups.Key");
writeToFile(groupKey);
catch (Exception e)
e.printStackTrace();
But I am getting this exception :
ERROR [ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)' XELLERATE.SERVER - Class/Method: tcTableDataObj/getString encounter some problems: Column 'GROUPS.KEY' not found
com.thortech.xl.dataaccess.tcDataSetException: Column 'GROUPS.KEY' not found
at com.thortech.xl.dataaccess.tcDataSet.getColumnIndex(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.getString(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.getString(Unknown Source)
at oim.GroupEventHandler.implementation(GroupEventHandler.java:19)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcUSG.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcGroupOperationsBean.addMemberUsers(Unknown Source)
at com.thortech.xl.ejb.beans.tcGroupOperationsSession.addMemberUsers(Unknown Source)
at com.thortech.xl.ejb.beans.tcGroupOperations_ejm77u_EOImpl.addMemberUsers(tcGroupOperations_ejm77u_EOImpl.java:1671)
at Thor.API.Operations.tcGroupOperationsClient.addMemberUsers(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy66.addMemberUsers(Unknown Source)
at com.thortech.xl.webclient.actions.UserGroupMembersAction.assignMemberUsers(Unknown Source)
at com.thortech.xl.webclient.actions.UserGroupMembersAction.assignGroupMembers(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)Anyone have idea about why "Groups.Key" not found exception thrown here..
I have assigned this event handler at postinsert event of User Groups.User Members Data Object. -
LDAP user groups not visible for configuring a Group Portal
Hi,
We have created a Custom Security Realm(myRealm) on WebLogic 7.0 SP2 in which
I've added the Novell LDAP Authentication provider as the authentication provider
and then set "myRealm" as the default realm for the domain. I am able to start
the WLS server instance and login to portalAppTools with the "administrator" account.
We would like to configure a Group Portal. In Portal Administration interfaces,
when I click on Group Administartion, I am unable to see any of my external LDAP
groups. I know that we cannot create/delete users or groups in the external LDAP
repository thru the Admin UI but the documentation says that I should be able
to view the users/groups in the Admin UI. Authentication against the external
LDAP repository works fine. Can anybody suggest the reason why we are unable to
view any of the Users or Groups in our external LDAP repository thru the User
Administration interfactes.
Appreciate any feedback.
Thanks
VikramHi Jim,
I've configured a default LDAP V2 Compatibility Realm by modifying the Config.xml
file. I was able to restart Weblogic and see the LDAP Groups and Users thru the
WLS console. In our project we've a unique requirement wherein all Application
Groups and User Accounts would be stored in an LDAP repository and all BEA SERVICE
level accounts and groups are stored in a Database (groups like AdminEligible,
Administrators etc.). We need to be able to look at the groups in both the Database
and LDAP repositories in order to administer and configure a Group Portal. On
the outset it looks like we will not be able to do what we want to with the current
portal framework. Please suggest if there are any alternatives in order to implement
this solution. I am sure there are lot of other Clients who cannot create groups
like Administrators, AdminEligible etc in their LDAP repositories and will be
forced to think of alternatives.
I would appreciate if you can reply back at your earliest convenience.
Thanks
Vikram
Jim Litton <replyto@newsgroup> wrote:
The Weblogic 7.0 Authentication Providers (new JAAS Framework) is not
supported with Portal 7.0. You will need to configure the Compatibility
Security CustomRealm for Novell to try to get Portal working.
see defaultLDAPRealmForNovellDirectoryServices at
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1083149
In addition, remember to test functionality through the Weblogic
Console. If you can see groups and users there okay it is very likely
that Portal will operate.
-- Jim
Vikram wrote:
Hi,
We have created a Custom Security Realm(myRealm) on WebLogic 7.0 SP2in which
I've added the Novell LDAP Authentication provider as the authenticationprovider
and then set "myRealm" as the default realm for the domain. I am ableto start
the WLS server instance and login to portalAppTools with the "administrator"account.
We would like to configure a Group Portal. In Portal Administrationinterfaces,
when I click on Group Administartion, I am unable to see any of myexternal LDAP
groups. I know that we cannot create/delete users or groups in theexternal LDAP
repository thru the Admin UI but the documentation says that I shouldbe able
to view the users/groups in the Admin UI. Authentication against theexternal
LDAP repository works fine. Can anybody suggest the reason why we areunable to
view any of the Users or Groups in our external LDAP repository thruthe User
Administration interfactes.
Appreciate any feedback.
Thanks
Vikram -
How to set user/group in BIEE11G by the information stored in DB
Hi everyone,
I'm using OBIEE11.1.1.6,
I'd like to ask are there any way to achive this requirment:
I have stored user/group information in DB,the format as follow:
ID USER GROUP
1 A G1
2 B G2
so can we obtain the information from DB,then we set these information into BIEE security?
i.e we can access BIEE by the USER stored in DB. and the GROUP can be used in BIEE security.
thank you in advance!Hi,
I am able to open the below link.
http://www.varanasisaichand.com/2011/09/external-table-authenticationorder-of.html
Follow the steps:
Order of Authentication:
The Oracle BI Server populates session variables using the initialization blocks in the desired order that are specified by the dependency rules defined in the initialization blocks.
If the server finds the session variable USER, it performs authentication against an LDAP server or an external database table, depending on the configuration of the initialization block with which the USER variable is associated.
Authentication against the identity store configured in Oracle WebLogic Server Administration Console occurs first, and if that fails, then initialization block authentication occurs.
If you configure your external table authentication as in OBIEE 10g when the session variable USER is associated to the initialization block and LDAP server fails to get the respective user then the user's will authenticate(Identify store) over database(table).
Dont forgot to create Catalog group as we do normally in 10g
In 11g Analytics - Administration- Security - Manage Catalog groups -- (+) to add new groups and set permissions to the catalog folders w.r.t groups/users.
Please refer this link you will get more information
http://www.orastudy.com/oradoc/selfstu/fusion/bi.1111/e10543/legacy.htm
Award points it is useful.
Thanks,
satya
Edited by: Satya Ranki Reddy on May 3, 2012 12:53 PM
Maybe you are looking for
-
Problems opening project in CS5
Hi all, I've been working on a CS5 project for 6 months. 2 weeks ago I tried to open the project and Premiere hanged when loading media. I have load the project closing the the opened sequences while loading the media files, but when I try to open an
-
Spry Accordian 2nd Panel Does Not Work in IE 8
Anyone have a suggestion on this. I created a two tabbed according panel to show content below and image using the XML data set feed to dynamically insert content. The content for the first panel shows up nicely and so does the tab for the second ite
-
Why is aperture 3.4 crashing during import after upgrade?
After running a typical upgrade from Software update on my mac I have had the problem of importing files into Aperture. Exactly what happened and equipment used. Used SD 45mbs 16gb SD card to import RAW images after a shoot. This has been working a
-
Mail triggering for material received in inbound side using ale/idoc's
hi, i have an issue iam sending a material from sending system to reciving system upto now it is working fine,now the reciving side end user has know that material is received and creted in inbound side.. here for enduser they doesn't go and check in
-
How to use html pages as links on portal
Hi, I have uploaded some html files in KM. Now i want to create an iview and add these uploaded html files as hyperlinks in that iview. Can i know the solution for these? Awaiting for your respose. Regards, Raju